package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.logging.Log;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public abstract class CognitoCredentialsProvider implements AWSCredentialsProvider {

    /* renamed from: o, reason: collision with root package name */
    private static final Log f1565o = LogFactory.getLog((Class<?>) AWSCredentialsProviderChain.class);

    /* renamed from: a, reason: collision with root package name */
    private final String f1566a;

    /* renamed from: b, reason: collision with root package name */
    private AmazonCognitoIdentity f1567b;

    /* renamed from: c, reason: collision with root package name */
    private final AWSCognitoIdentityProvider f1568c;

    /* renamed from: d, reason: collision with root package name */
    protected AWSSessionCredentials f1569d;

    /* renamed from: e, reason: collision with root package name */
    protected Date f1570e;

    /* renamed from: f, reason: collision with root package name */
    protected String f1571f;

    /* renamed from: g, reason: collision with root package name */
    protected AWSSecurityTokenService f1572g;

    /* renamed from: h, reason: collision with root package name */
    protected int f1573h;

    /* renamed from: i, reason: collision with root package name */
    protected int f1574i;

    /* renamed from: j, reason: collision with root package name */
    protected String f1575j;

    /* renamed from: k, reason: collision with root package name */
    protected String f1576k;

    /* renamed from: l, reason: collision with root package name */
    protected String f1577l;

    /* renamed from: m, reason: collision with root package name */
    protected final boolean f1578m;

    /* renamed from: n, reason: collision with root package name */
    protected final ReentrantReadWriteLock f1579n;

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions) {
        this(aWSCognitoIdentityProvider, regions, new ClientConfiguration());
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions, ClientConfiguration clientConfiguration) {
        this(aWSCognitoIdentityProvider, b(clientConfiguration, regions));
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, AmazonCognitoIdentityClient amazonCognitoIdentityClient) {
        this.f1567b = amazonCognitoIdentityClient;
        this.f1566a = amazonCognitoIdentityClient.getRegions().getName();
        this.f1568c = aWSCognitoIdentityProvider;
        this.f1575j = null;
        this.f1576k = null;
        this.f1572g = null;
        this.f1573h = 3600;
        this.f1574i = 500;
        this.f1578m = true;
        this.f1579n = new ReentrantReadWriteLock(true);
    }

    public CognitoCredentialsProvider(String str, Regions regions, ClientConfiguration clientConfiguration) {
        this((String) null, str, (String) null, (String) null, regions, clientConfiguration);
    }

    public CognitoCredentialsProvider(String str, String str2, String str3, String str4, Regions regions, ClientConfiguration clientConfiguration) {
        this(str, str2, str3, str4, b(clientConfiguration, regions), (str3 == null && str4 == null) ? null : new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials(), clientConfiguration));
    }

    public CognitoCredentialsProvider(String str, String str2, String str3, String str4, AmazonCognitoIdentityClient amazonCognitoIdentityClient, AWSSecurityTokenService aWSSecurityTokenService) {
        this.f1567b = amazonCognitoIdentityClient;
        this.f1566a = amazonCognitoIdentityClient.getRegions().getName();
        this.f1572g = aWSSecurityTokenService;
        this.f1575j = str3;
        this.f1576k = str4;
        this.f1573h = 3600;
        this.f1574i = 500;
        boolean z2 = str3 == null && str4 == null;
        this.f1578m = z2;
        if (z2) {
            this.f1568c = new AWSEnhancedCognitoIdentityProvider(str, str2, amazonCognitoIdentityClient);
        } else {
            this.f1568c = new AWSBasicCognitoIdentityProvider(str, str2, amazonCognitoIdentityClient);
        }
        this.f1579n = new ReentrantReadWriteLock(true);
    }

    private void a(AmazonWebServiceRequest amazonWebServiceRequest, String str) {
        amazonWebServiceRequest.getRequestClientOptions().appendUserAgent(str);
    }

    private static AmazonCognitoIdentityClient b(ClientConfiguration clientConfiguration, Regions regions) {
        AmazonCognitoIdentityClient amazonCognitoIdentityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials(), clientConfiguration);
        amazonCognitoIdentityClient.setRegion(Region.getRegion(regions));
        return amazonCognitoIdentityClient;
    }

    private void c(String str) {
        Map<String, String> logins;
        GetCredentialsForIdentityResult e2;
        if (str == null || str.isEmpty()) {
            logins = getLogins();
        } else {
            logins = new HashMap<>();
            logins.put(getLoginsKey(), str);
        }
        try {
            e2 = this.f1567b.getCredentialsForIdentity(new GetCredentialsForIdentityRequest().withIdentityId(getIdentityId()).withLogins(logins).withCustomRoleArn(this.f1577l));
        } catch (AmazonServiceException e3) {
            if (!e3.getErrorCode().equals("ValidationException")) {
                throw e3;
            }
            e2 = e();
        }
        Credentials credentials = e2.getCredentials();
        this.f1569d = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretKey(), credentials.getSessionToken());
        setSessionCredentialsExpiration(credentials.getExpiration());
        if (e2.getIdentityId().equals(getIdentityId())) {
            return;
        }
        setIdentityId(e2.getIdentityId());
    }

    private void d(String str) {
        AssumeRoleWithWebIdentityRequest withDurationSeconds = new AssumeRoleWithWebIdentityRequest().withWebIdentityToken(str).withRoleArn(this.f1568c.isAuthenticated() ? this.f1576k : this.f1575j).withRoleSessionName("ProviderSession").withDurationSeconds(Integer.valueOf(this.f1573h));
        a(withDurationSeconds, getUserAgent());
        com.amazonaws.services.securitytoken.model.Credentials credentials = this.f1572g.assumeRoleWithWebIdentity(withDurationSeconds).getCredentials();
        this.f1569d = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
        setSessionCredentialsExpiration(credentials.getExpiration());
    }

    private GetCredentialsForIdentityResult e() {
        Map<String, String> logins;
        String f2 = f();
        this.f1571f = f2;
        if (f2 == null || f2.isEmpty()) {
            logins = getLogins();
        } else {
            logins = new HashMap<>();
            logins.put(getLoginsKey(), this.f1571f);
        }
        return this.f1567b.getCredentialsForIdentity(new GetCredentialsForIdentityRequest().withIdentityId(getIdentityId()).withLogins(logins).withCustomRoleArn(this.f1577l));
    }

    private String f() {
        setIdentityId(null);
        String refresh = this.f1568c.refresh();
        this.f1571f = refresh;
        return refresh;
    }

    public void clearCredentials() {
        this.f1579n.writeLock().lock();
        try {
            this.f1569d = null;
            this.f1570e = null;
        } finally {
            this.f1579n.writeLock().unlock();
        }
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        this.f1579n.writeLock().lock();
        try {
            if (needsNewSession()) {
                startSession();
            }
            AWSSessionCredentials aWSSessionCredentials = this.f1569d;
            this.f1579n.writeLock().unlock();
            return aWSSessionCredentials;
        } catch (Throwable th) {
            this.f1579n.writeLock().unlock();
            throw th;
        }
    }

    public String getIdentityId() {
        return this.f1568c.getIdentityId();
    }

    public String getIdentityPoolId() {
        return this.f1568c.getIdentityPoolId();
    }

    public Map<String, String> getLogins() {
        return this.f1568c.getLogins();
    }

    protected String getLoginsKey() {
        return Regions.CN_NORTH_1.getName().equals(this.f1566a) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com";
    }

    protected abstract String getUserAgent();

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean needsNewSession() {
        if (this.f1569d == null) {
            return true;
        }
        return this.f1570e.getTime() - (System.currentTimeMillis() - (SDKGlobalConfiguration.getGlobalTimeOffset() * 1000)) < ((long) (this.f1574i * 1000));
    }

    public void refresh() {
        this.f1579n.writeLock().lock();
        try {
            startSession();
        } finally {
            this.f1579n.writeLock().unlock();
        }
    }

    public void registerIdentityChangedListener(IdentityChangedListener identityChangedListener) {
        this.f1568c.registerIdentityChangedListener(identityChangedListener);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdentityId(String str) {
        this.f1568c.identityChanged(str);
    }

    public void setSessionCredentialsExpiration(Date date) {
        this.f1579n.writeLock().lock();
        try {
            this.f1570e = date;
        } finally {
            this.f1579n.writeLock().unlock();
        }
    }

    protected void startSession() {
        try {
            this.f1571f = this.f1568c.refresh();
        } catch (AmazonServiceException e2) {
            if (!e2.getErrorCode().equals("ValidationException")) {
                throw e2;
            }
            this.f1571f = f();
        }
        if (this.f1578m) {
            c(this.f1571f);
        } else {
            d(this.f1571f);
        }
    }
}
