package com.amazon.sos.credentials;

import androidx.work.PeriodicWorkRequest;
import com.amazon.sos.BuildConfig;
import com.amazon.sos.backend.FederatedTokenGetter;
import com.amazon.sos.services.ServiceLocator;
import com.amazonaws.auth.AnonymousAWSCredentials;
import com.amazonaws.mobileconnectors.cognitoauth.util.ClientConstants;
import com.amazonaws.regions.Region;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import io.reactivex.Single;
import io.reactivex.SingleEmitter;
import io.reactivex.SingleOnSubscribe;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CredentialsGenerator.kt */
@Metadata(d1 = {"\u00004\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0002\b\u0007\u0018\u0000 \u00122\u00020\u0001:\u0001\u0012B\u000f\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\u0010\u0010\u0006\u001a\u00020\u00072\b\b\u0002\u0010\b\u001a\u00020\tJ\u0012\u0010\n\u001a\u0004\u0018\u00010\u000b2\b\b\u0002\u0010\b\u001a\u00020\tJ(\u0010\f\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\u000b0\r2\u0006\u0010\u000e\u001a\u00020\t2\u0006\u0010\u000f\u001a\u00020\t2\b\b\u0002\u0010\b\u001a\u00020\tJ\u0010\u0010\u0010\u001a\u00020\u00112\b\b\u0002\u0010\b\u001a\u00020\t¨\u0006\u0013"}, d2 = {"Lcom/amazon/sos/credentials/CredentialsGenerator;", "", "federatedTokenGetter", "Lcom/amazon/sos/backend/FederatedTokenGetter;", "<init>", "(Lcom/amazon/sos/backend/FederatedTokenGetter;)V", "isCredentialsExpired", "", "roleArn", "", "getCachedCredentials", "Lcom/amazonaws/services/securitytoken/model/Credentials;", "generateCredentials", "Lio/reactivex/Single;", ClientConstants.TOKEN_TYPE_ID, "regionName", "resetCredentials", "", "Companion", "app_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class CredentialsGenerator {
    public static final int $stable = 0;
    private static final int MAX_ATTEMPTS = 3;
    public static final int STS_EXPIRATION_BUFFER = 900000;
    private static final HashMap<String, Credentials> credentialsMap = new HashMap<>();

    public CredentialsGenerator(FederatedTokenGetter federatedTokenGetter) {
        Intrinsics.checkNotNullParameter(federatedTokenGetter, "federatedTokenGetter");
    }

    public static /* synthetic */ Single generateCredentials$default(CredentialsGenerator credentialsGenerator, String str, String str2, String str3, int i, Object obj) {
        if ((i & 4) != 0) {
            str3 = BuildConfig.IAM_ROLE_ARN;
        }
        return credentialsGenerator.generateCredentials(str, str2, str3);
    }

    public static final void generateCredentials$lambda$1$lambda$0(AWSSecurityTokenServiceClient stsClient, AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest, String roleArn, SingleEmitter emitter) {
        Intrinsics.checkNotNullParameter(stsClient, "$stsClient");
        Intrinsics.checkNotNullParameter(assumeRoleWithWebIdentityRequest, "$assumeRoleWithWebIdentityRequest");
        Intrinsics.checkNotNullParameter(roleArn, "$roleArn");
        Intrinsics.checkNotNullParameter(emitter, "emitter");
        try {
            Credentials credentials = stsClient.assumeRoleWithWebIdentity(assumeRoleWithWebIdentityRequest).getCredentials();
            credentialsMap.put(roleArn, credentials);
            emitter.onSuccess(credentials);
        } catch (Exception e) {
            emitter.tryOnError(e);
        }
    }

    public static /* synthetic */ Credentials getCachedCredentials$default(CredentialsGenerator credentialsGenerator, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = BuildConfig.IAM_ROLE_ARN;
        }
        return credentialsGenerator.getCachedCredentials(str);
    }

    public static /* synthetic */ boolean isCredentialsExpired$default(CredentialsGenerator credentialsGenerator, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = BuildConfig.IAM_ROLE_ARN;
        }
        return credentialsGenerator.isCredentialsExpired(str);
    }

    public static /* synthetic */ void resetCredentials$default(CredentialsGenerator credentialsGenerator, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = BuildConfig.IAM_ROLE_ARN;
        }
        credentialsGenerator.resetCredentials(str);
    }

    public final Single<Credentials> generateCredentials(String r4, String regionName, final String roleArn) {
        Single<Credentials> retry;
        Intrinsics.checkNotNullParameter(r4, "idToken");
        Intrinsics.checkNotNullParameter(regionName, "regionName");
        Intrinsics.checkNotNullParameter(roleArn, "roleArn");
        if (!isCredentialsExpired(roleArn)) {
            Single<Credentials> just = Single.just(credentialsMap.get(roleArn));
            Intrinsics.checkNotNullExpressionValue(just, "just(...)");
            return just;
        }
        synchronized (this) {
            final AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials());
            aWSSecurityTokenServiceClient.setRegion(Region.getRegion(regionName));
            String format = String.format(BuildConfig.STS_ENDPOINT, Arrays.copyOf(new Object[]{regionName}, 1));
            Intrinsics.checkNotNullExpressionValue(format, "format(...)");
            aWSSecurityTokenServiceClient.setEndpoint(format);
            final AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
            assumeRoleWithWebIdentityRequest.setRoleArn(roleArn);
            assumeRoleWithWebIdentityRequest.setRoleSessionName(ServiceLocator.INSTANCE.getFederatedTokenGetter().getSub());
            assumeRoleWithWebIdentityRequest.setWebIdentityToken(r4);
            retry = Single.create(new SingleOnSubscribe() { // from class: com.amazon.sos.credentials.CredentialsGenerator$$ExternalSyntheticLambda0
                @Override // io.reactivex.SingleOnSubscribe
                public final void subscribe(SingleEmitter singleEmitter) {
                    CredentialsGenerator.generateCredentials$lambda$1$lambda$0(AWSSecurityTokenServiceClient.this, assumeRoleWithWebIdentityRequest, roleArn, singleEmitter);
                }
            }).retry(3L);
            Intrinsics.checkNotNullExpressionValue(retry, "retry(...)");
        }
        return retry;
    }

    public final Credentials getCachedCredentials(String roleArn) {
        Intrinsics.checkNotNullParameter(roleArn, "roleArn");
        return credentialsMap.get(roleArn);
    }

    public final boolean isCredentialsExpired(String roleArn) {
        Intrinsics.checkNotNullParameter(roleArn, "roleArn");
        HashMap<String, Credentials> hashMap = credentialsMap;
        if (hashMap.get(roleArn) != null) {
            Credentials credentials = hashMap.get(roleArn);
            Intrinsics.checkNotNull(credentials);
            if (credentials.getExpiration().getTime() - new Date().getTime() > PeriodicWorkRequest.MIN_PERIODIC_INTERVAL_MILLIS) {
                return false;
            }
        }
        return true;
    }

    public final void resetCredentials(String roleArn) {
        Intrinsics.checkNotNullParameter(roleArn, "roleArn");
        synchronized (this) {
            credentialsMap.put(roleArn, null);
            Unit unit = Unit.INSTANCE;
        }
    }
}
