package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpContent;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpMethods;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.auth.http.HttpTransportFactory;
import com.google.firebase.sessions.settings.RemoteSettings;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* loaded from: classes.dex */
public class w implements AwsSecurityCredentialsSupplier {
    private static final long serialVersionUID = 4438370785261365013L;
    private final AwsCredentialSource awsCredentialSource;

    /* renamed from: b, reason: collision with root package name */
    public transient HttpTransportFactory f9010b;
    private l environmentProvider;

    /* loaded from: classes.dex */
    public class a extends HashMap {
        public a() {
            put("x-aws-ec2-metadata-token-ttl-seconds", "300");
        }
    }

    public w(AwsCredentialSource awsCredentialSource, l lVar, HttpTransportFactory httpTransportFactory) {
        this.environmentProvider = lVar;
        this.awsCredentialSource = awsCredentialSource;
        this.f9010b = httpTransportFactory;
    }

    public final boolean a() {
        Iterator it2 = com.google.common.collect.s.A("AWS_REGION", "AWS_DEFAULT_REGION").iterator();
        while (it2.hasNext()) {
            String a10 = this.environmentProvider.a((String) it2.next());
            if (a10 != null && a10.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    public final boolean b() {
        Iterator it2 = com.google.common.collect.s.A("AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY").iterator();
        while (it2.hasNext()) {
            String a10 = this.environmentProvider.a((String) it2.next());
            if (a10 == null || a10.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    public Map c(AwsCredentialSource awsCredentialSource) {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.imdsv2SessionTokenUrl != null) {
            hashMap.put("x-aws-ec2-metadata-token", d(awsCredentialSource.imdsv2SessionTokenUrl, "Session Token", HttpMethods.PUT, new a(), null));
        }
        return hashMap;
    }

    public final String d(String str, String str2, String str3, Map map, HttpContent httpContent) {
        try {
            HttpRequest buildRequest = this.f9010b.create().createRequestFactory().buildRequest(str3, new GenericUrl(str), httpContent);
            HttpHeaders headers = buildRequest.getHeaders();
            for (Map.Entry entry : map.entrySet()) {
                headers.set((String) entry.getKey(), entry.getValue());
            }
            return buildRequest.execute().parseAsString();
        } catch (IOException e10) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e10);
        }
    }

    public final String e(String str, String str2, Map map) {
        return d(str, str2, HttpMethods.GET, map, null);
    }

    @Override // com.google.auth.oauth2.AwsSecurityCredentialsSupplier
    public AwsSecurityCredentials getCredentials(ExternalAccountSupplierContext externalAccountSupplierContext) {
        if (b()) {
            return new AwsSecurityCredentials(this.environmentProvider.a("AWS_ACCESS_KEY_ID"), this.environmentProvider.a("AWS_SECRET_ACCESS_KEY"), this.environmentProvider.a("AWS_SESSION_TOKEN"));
        }
        Map c10 = c(this.awsCredentialSource);
        String str = this.awsCredentialSource.url;
        if (str == null || str.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        GenericJson genericJson = (GenericJson) b0.f8945f.createJsonParser(e(this.awsCredentialSource.url + RemoteSettings.FORWARD_SLASH_STRING + e(this.awsCredentialSource.url, "IAM role", c10), "credentials", c10)).parseAndClose(GenericJson.class);
        return new AwsSecurityCredentials((String) genericJson.get("AccessKeyId"), (String) genericJson.get("SecretAccessKey"), (String) genericJson.get("Token"));
    }

    @Override // com.google.auth.oauth2.AwsSecurityCredentialsSupplier
    public String getRegion(ExternalAccountSupplierContext externalAccountSupplierContext) {
        if (a()) {
            String a10 = this.environmentProvider.a("AWS_REGION");
            return (a10 == null || a10.trim().length() <= 0) ? this.environmentProvider.a("AWS_DEFAULT_REGION") : a10;
        }
        Map c10 = c(this.awsCredentialSource);
        String str = this.awsCredentialSource.regionUrl;
        if (str == null || str.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return e(this.awsCredentialSource.regionUrl, "region", c10).substring(0, r3.length() - 1);
    }
}
