package b.b.c.e;

import b.b.c.e.j;
import b.b.c.e.k0;
import b.b.c.e.s;
import com.bytsh.bytshlib.okhttp.OkHttpUtils;
import com.google.android.gms.measurement.api.AppMeasurementSdk;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* compiled from: AwsCredentials.java */
/* loaded from: classes2.dex */
public class g extends s {
    static final String AWS_IMDSV2_SESSION_TOKEN_HEADER = "x-aws-ec2-metadata-token";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL = "300";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds";
    private final b awsCredentialSource;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: AwsCredentials.java */
    /* loaded from: classes2.dex */
    public class a extends HashMap<String, Object> {
        a() {
            put(g.AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER, g.AWS_IMDSV2_SESSION_TOKEN_TTL);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: AwsCredentials.java */
    /* loaded from: classes2.dex */
    public static class b extends s.c {

        /* renamed from: a, reason: collision with root package name */
        private final String f3972a;

        /* renamed from: b, reason: collision with root package name */
        private final String f3973b;

        /* renamed from: c, reason: collision with root package name */
        private final String f3974c;

        /* renamed from: d, reason: collision with root package name */
        private final String f3975d;

        /* JADX INFO: Access modifiers changed from: package-private */
        public b(Map<String, Object> map) {
            super(map);
            if (!map.containsKey("regional_cred_verification_url")) {
                throw new IllegalArgumentException("A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.");
            }
            Matcher matcher = Pattern.compile("(aws)([\\d]+)").matcher((String) map.get("environment_id"));
            if (!matcher.matches()) {
                throw new IllegalArgumentException("Invalid AWS environment ID.");
            }
            int parseInt = Integer.parseInt(matcher.group(2));
            if (parseInt != 1) {
                throw new IllegalArgumentException(String.format("AWS version %s is not supported in the current build.", Integer.valueOf(parseInt)));
            }
            this.f3972a = (String) map.get("region_url");
            this.f3973b = (String) map.get("url");
            this.f3974c = (String) map.get("regional_cred_verification_url");
            if (map.containsKey("imdsv2_session_token_url")) {
                this.f3975d = (String) map.get("imdsv2_session_token_url");
            } else {
                this.f3975d = null;
            }
        }
    }

    /* compiled from: AwsCredentials.java */
    /* loaded from: classes2.dex */
    public static class c extends s.b {
        c() {
        }

        c(g gVar) {
            super(gVar);
        }

        @Override // b.b.c.e.s.b
        /* renamed from: t, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
        public g f() {
            return new g(this);
        }
    }

    g(c cVar) {
        super(cVar);
        this.awsCredentialSource = (b) cVar.f4089h;
    }

    private String i(i iVar) {
        Map<String, String> b2 = iVar.b();
        ArrayList arrayList = new ArrayList();
        for (String str : b2.keySet()) {
            arrayList.add(j(str, b2.get(str)));
        }
        arrayList.add(j("Authorization", iVar.a()));
        arrayList.add(j("x-goog-cloud-target-resource", getAudience()));
        b.b.b.a.b.b bVar = new b.b.b.a.b.b();
        bVar.i(d0.f3956f);
        bVar.put("headers", arrayList);
        bVar.put("method", iVar.c());
        bVar.put("url", this.awsCredentialSource.f3974c.replace("{region}", iVar.d()));
        return URLEncoder.encode(bVar.toString(), "UTF-8");
    }

    private static b.b.b.a.b.b j(String str, String str2) {
        b.b.b.a.b.b bVar = new b.b.b.a.b.b();
        bVar.i(d0.f3956f);
        bVar.put("key", str);
        bVar.put(AppMeasurementSdk.ConditionalUserProperty.VALUE, str2);
        return bVar;
    }

    private String k(String str, String str2, String str3, Map<String, Object> map, b.b.b.a.a.m mVar) {
        try {
            b.b.b.a.a.t d2 = this.transportFactory.a().c().d(str3, new b.b.b.a.a.i(str), mVar);
            b.b.b.a.a.q f2 = d2.f();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                f2.f(entry.getKey(), entry.getValue());
            }
            return d2.b().o();
        } catch (IOException e2) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e2);
        }
    }

    private String l(String str, String str2, Map<String, Object> map) {
        return k(str, str2, "GET", map, null);
    }

    public static c newBuilder() {
        return new c();
    }

    public static c newBuilder(g gVar) {
        return new c(gVar);
    }

    Map<String, Object> createMetadataRequestHeaders(b bVar) {
        HashMap hashMap = new HashMap();
        if (bVar.f3975d != null) {
            hashMap.put(AWS_IMDSV2_SESSION_TOKEN_HEADER, k(bVar.f3975d, "Session Token", OkHttpUtils.METHOD.PUT, new a(), null));
        }
        return hashMap;
    }

    @Override // b.b.c.e.u
    public u createScoped(Collection<String> collection) {
        c newBuilder = newBuilder(this);
        newBuilder.m(collection);
        return new g(newBuilder);
    }

    String getAwsRegion(Map<String, Object> map) {
        String a2 = getEnvironmentProvider().a("AWS_REGION");
        if (a2 != null) {
            return a2;
        }
        String a3 = getEnvironmentProvider().a("AWS_DEFAULT_REGION");
        if (a3 != null) {
            return a3;
        }
        if (this.awsCredentialSource.f3972a == null || this.awsCredentialSource.f3972a.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return l(this.awsCredentialSource.f3972a, "region", map).substring(0, r3.length() - 1);
    }

    k getAwsSecurityCredentials(Map<String, Object> map) {
        String a2 = getEnvironmentProvider().a("AWS_ACCESS_KEY_ID");
        String a3 = getEnvironmentProvider().a("AWS_SECRET_ACCESS_KEY");
        String a4 = getEnvironmentProvider().a("AWS_SESSION_TOKEN");
        if (a2 != null && a3 != null) {
            return new k(a2, a3, a4);
        }
        if (this.awsCredentialSource.f3973b == null || this.awsCredentialSource.f3973b.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        b.b.b.a.b.b bVar = (b.b.b.a.b.b) d0.f3956f.e(l(this.awsCredentialSource.f3973b + "/" + l(this.awsCredentialSource.f3973b, "IAM role", map), "credentials", map)).c0(b.b.b.a.b.b.class);
        return new k((String) bVar.get("AccessKeyId"), (String) bVar.get("SecretAccessKey"), (String) bVar.get("Token"));
    }

    String getEnv(String str) {
        return System.getenv(str);
    }

    @Override // b.b.c.e.c0
    public b.b.c.e.c refreshAccessToken() {
        k0.b n = k0.n(retrieveSubjectToken(), getSubjectTokenType());
        n.b(getAudience());
        Collection<String> scopes = getScopes();
        if (scopes != null && !scopes.isEmpty()) {
            n.c(new ArrayList(scopes));
        }
        return exchangeExternalCredentialForAccessToken(n.a());
    }

    @Override // b.b.c.e.s
    public String retrieveSubjectToken() {
        Map<String, Object> createMetadataRequestHeaders = createMetadataRequestHeaders(this.awsCredentialSource);
        String awsRegion = getAwsRegion(createMetadataRequestHeaders);
        k awsSecurityCredentials = getAwsSecurityCredentials(createMetadataRequestHeaders);
        HashMap hashMap = new HashMap();
        hashMap.put("x-goog-cloud-target-resource", getAudience());
        j.b g2 = j.g(awsSecurityCredentials, "POST", this.awsCredentialSource.f3974c.replace("{region}", awsRegion), awsRegion);
        g2.b(hashMap);
        return i(g2.a().h());
    }
}
