package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.logging.Log;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.cognitoidentity.model.ResourceNotFoundException;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes2.dex */
public abstract class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public static final int DEFAULT_DURATION_SECONDS = 3600;
    public static final int DEFAULT_THRESHOLD_SECONDS = 500;
    private static final Log log = LogFactory.b(AWSCredentialsProviderChain.class);
    protected String authRoleArn;
    private AmazonCognitoIdentity cib;
    protected final ReentrantReadWriteLock credentialsLock;
    protected String customRoleArn;
    private final AWSCognitoIdentityProvider identityProvider;
    protected int refreshThreshold;
    private final String region;
    protected AWSSecurityTokenService securityTokenService;
    protected AWSSessionCredentials sessionCredentials;
    protected Date sessionCredentialsExpiration;
    protected int sessionDuration;
    protected String token;
    protected String unauthRoleArn;
    protected final boolean useEnhancedFlow;

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions) {
        this(aWSCognitoIdentityProvider, regions, new ClientConfiguration());
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions, ClientConfiguration clientConfiguration) {
        this(aWSCognitoIdentityProvider, d(clientConfiguration, regions));
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, AmazonCognitoIdentityClient amazonCognitoIdentityClient) {
        this.cib = amazonCognitoIdentityClient;
        this.region = amazonCognitoIdentityClient.w().getName();
        this.identityProvider = aWSCognitoIdentityProvider;
        this.unauthRoleArn = null;
        this.authRoleArn = null;
        this.sessionDuration = DEFAULT_DURATION_SECONDS;
        this.refreshThreshold = 500;
        this.useEnhancedFlow = true;
        this.credentialsLock = new ReentrantReadWriteLock(true);
    }

    private void a(AmazonWebServiceRequest amazonWebServiceRequest, String str) {
        amazonWebServiceRequest.d().a(str);
    }

    private static AmazonCognitoIdentityClient d(ClientConfiguration clientConfiguration, Regions regions) {
        AmazonCognitoIdentityClient amazonCognitoIdentityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials(), clientConfiguration);
        amazonCognitoIdentityClient.a(Region.e(regions));
        return amazonCognitoIdentityClient;
    }

    private void m(String str) {
        Map h10;
        GetCredentialsForIdentityResult q10;
        if (str == null || str.isEmpty()) {
            h10 = h();
        } else {
            h10 = new HashMap();
            h10.put(i(), str);
        }
        try {
            q10 = this.cib.c(new GetCredentialsForIdentityRequest().n(f()).o(h10).m(this.customRoleArn));
        } catch (ResourceNotFoundException unused) {
            q10 = q();
        } catch (AmazonServiceException e10) {
            if (!e10.a().equals("ValidationException")) {
                throw e10;
            }
            q10 = q();
        }
        Credentials a10 = q10.a();
        this.sessionCredentials = new BasicSessionCredentials(a10.a(), a10.c(), a10.d());
        v(a10.b());
        if (q10.b().equals(f())) {
            return;
        }
        t(q10.b());
    }

    private void n(String str) {
        a(new AssumeRoleWithWebIdentityRequest().t(str).r(this.identityProvider.isAuthenticated() ? this.authRoleArn : this.unauthRoleArn).s("ProviderSession").q(Integer.valueOf(this.sessionDuration)), k());
        throw null;
    }

    private GetCredentialsForIdentityResult q() {
        Map h10;
        String r10 = r();
        this.token = r10;
        if (r10 == null || r10.isEmpty()) {
            h10 = h();
        } else {
            h10 = new HashMap();
            h10.put(i(), this.token);
        }
        return this.cib.c(new GetCredentialsForIdentityRequest().n(f()).o(h10).m(this.customRoleArn));
    }

    private String r() {
        t(null);
        String refresh = this.identityProvider.refresh();
        this.token = refresh;
        return refresh;
    }

    public void b() {
        this.credentialsLock.writeLock().lock();
        try {
            c();
            t(null);
            this.identityProvider.setLogins(new HashMap());
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    public void c() {
        this.credentialsLock.writeLock().lock();
        try {
            this.sessionCredentials = null;
            this.sessionCredentialsExpiration = null;
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    /* renamed from: e */
    public AWSSessionCredentials getCredentials() {
        this.credentialsLock.writeLock().lock();
        try {
            if (l()) {
                w();
            }
            AWSSessionCredentials aWSSessionCredentials = this.sessionCredentials;
            this.credentialsLock.writeLock().unlock();
            return aWSSessionCredentials;
        } catch (Throwable th2) {
            this.credentialsLock.writeLock().unlock();
            throw th2;
        }
    }

    public String f() {
        return this.identityProvider.getIdentityId();
    }

    public String g() {
        return this.identityProvider.getIdentityPoolId();
    }

    public Map h() {
        return this.identityProvider.getLogins();
    }

    protected String i() {
        return Regions.CN_NORTH_1.getName().equals(this.region) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com";
    }

    public Date j() {
        this.credentialsLock.readLock().lock();
        try {
            return this.sessionCredentialsExpiration;
        } finally {
            this.credentialsLock.readLock().unlock();
        }
    }

    protected abstract String k();

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean l() {
        if (this.sessionCredentials == null) {
            return true;
        }
        return this.sessionCredentialsExpiration.getTime() - (System.currentTimeMillis() - ((long) (SDKGlobalConfiguration.a() * 1000))) < ((long) (this.refreshThreshold * 1000));
    }

    public void o() {
        this.credentialsLock.writeLock().lock();
        try {
            w();
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    public void p(IdentityChangedListener identityChangedListener) {
        this.identityProvider.registerIdentityChangedListener(identityChangedListener);
    }

    public void s(String str) {
        this.customRoleArn = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void t(String str) {
        this.identityProvider.identityChanged(str);
    }

    public void u(Map map) {
        this.credentialsLock.writeLock().lock();
        try {
            this.identityProvider.setLogins(map);
            c();
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    public void v(Date date) {
        this.credentialsLock.writeLock().lock();
        try {
            this.sessionCredentialsExpiration = date;
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    protected void w() {
        try {
            this.token = this.identityProvider.refresh();
        } catch (ResourceNotFoundException unused) {
            this.token = r();
        } catch (AmazonServiceException e10) {
            if (!e10.a().equals("ValidationException")) {
                throw e10;
            }
            this.token = r();
        }
        if (this.useEnhancedFlow) {
            m(this.token);
        } else {
            n(this.token);
        }
    }

    public AWSCredentialsProvider x(Map map) {
        u(map);
        return this;
    }
}
