package io.minio.credentials;

import E1.h;
import E1.p;
import E1.r;
import com.google.api.client.http.HttpMethods;
import io.minio.messages.ResponseDate;
import j$.util.Objects;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.function.Supplier;
import okhttp3.HttpUrl;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

/* loaded from: classes4.dex */
public class IamAwsProvider extends EnvironmentProvider {

    /* renamed from: a, reason: collision with root package name */
    private final HttpUrl f29550a;

    /* renamed from: b, reason: collision with root package name */
    private final OkHttpClient f29551b;

    /* renamed from: c, reason: collision with root package name */
    private final r f29552c;

    /* renamed from: d, reason: collision with root package name */
    private Credentials f29553d;

    /* loaded from: classes4.dex */
    public static class EcsCredentials {

        /* renamed from: a, reason: collision with root package name */
        private String f29554a;

        /* renamed from: b, reason: collision with root package name */
        private String f29555b;

        /* renamed from: c, reason: collision with root package name */
        private String f29556c;

        /* renamed from: d, reason: collision with root package name */
        private ResponseDate f29557d;

        /* renamed from: e, reason: collision with root package name */
        private String f29558e;

        /* renamed from: f, reason: collision with root package name */
        private String f29559f;

        public String a() {
            return this.f29558e;
        }

        public String b() {
            return this.f29559f;
        }

        public Credentials c() {
            return new Credentials(this.f29554a, this.f29555b, this.f29556c, this.f29557d);
        }
    }

    public IamAwsProvider(String str, OkHttpClient okHttpClient) {
        HttpUrl httpUrl;
        if (str != null) {
            httpUrl = HttpUrl.parse(str);
            Objects.requireNonNull(httpUrl, "Invalid custom endpoint");
        } else {
            httpUrl = null;
        }
        this.f29550a = httpUrl;
        this.f29551b = okHttpClient == null ? new OkHttpClient().newBuilder().protocols(Arrays.asList(Protocol.HTTP_1_1)).build() : okHttpClient;
        r rVar = new r();
        this.f29552c = rVar;
        rVar.m(h.FAIL_ON_UNKNOWN_PROPERTIES, false);
        rVar.n(p.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true);
    }

    private void d(HttpUrl httpUrl) {
        try {
            for (InetAddress inetAddress : InetAddress.getAllByName(httpUrl.host())) {
                if (!inetAddress.isLoopbackAddress()) {
                    throw new ProviderException(httpUrl.host() + " is not loopback only host");
                }
            }
        } catch (UnknownHostException unused) {
            throw new ProviderException("Host in " + httpUrl + " is not loopback address");
        }
    }

    private Credentials e(final String str) {
        String str2;
        HttpUrl httpUrl = this.f29550a;
        if (httpUrl == null) {
            String b10 = b("AWS_REGION");
            if (b10 == null) {
                str2 = "https://sts.amazonaws.com";
            } else {
                str2 = "https://sts." + b10 + ".amazonaws.com";
            }
            httpUrl = HttpUrl.parse(str2);
        }
        Credentials a10 = new WebIdentityProvider(new Supplier() { // from class: io.minio.credentials.b
            @Override // java.util.function.Supplier
            public final Object get() {
                Jwt j10;
                j10 = IamAwsProvider.j(str);
                return j10;
            }
        }, httpUrl.getUrl(), null, null, b("AWS_ROLE_ARN"), b("AWS_ROLE_SESSION_NAME"), this.f29551b).a();
        this.f29553d = a10;
        return a10;
    }

    private Credentials f(HttpUrl httpUrl, String str, String str2) {
        Request.Builder method = new Request.Builder().url(httpUrl).method(HttpMethods.GET, null);
        if (str2 != null && !str2.isEmpty()) {
            method.header(str, str2);
        }
        try {
            Response execute = this.f29551b.newCall(method.build()).execute();
            try {
                if (!execute.isSuccessful()) {
                    throw new ProviderException(httpUrl + " failed with HTTP status code " + execute.code());
                }
                EcsCredentials ecsCredentials = (EcsCredentials) this.f29552c.t(execute.body().charStream(), EcsCredentials.class);
                if (ecsCredentials.a() != null && !ecsCredentials.a().equals("Success")) {
                    throw new ProviderException(httpUrl + " failed with code " + ecsCredentials.a() + " and message " + ecsCredentials.b());
                }
                Credentials c10 = ecsCredentials.c();
                execute.close();
                return c10;
            } finally {
            }
        } catch (IOException e10) {
            throw new ProviderException("Unable to parse response", e10);
        }
    }

    private String g() {
        HttpUrl httpUrl = this.f29550a;
        try {
            Response execute = this.f29551b.newCall(new Request.Builder().url(httpUrl == null ? HttpUrl.parse("http://169.254.169.254/latest/api/token") : new HttpUrl.Builder().scheme(httpUrl.scheme()).host(httpUrl.host()).addPathSegments("latest/api/token").build()).method(HttpMethods.PUT, RequestBody.create(new byte[0], (MediaType) null)).header("X-aws-ec2-metadata-token-ttl-seconds", "21600").build()).execute();
            try {
                String string = execute.isSuccessful() ? execute.body().string() : "";
                execute.close();
                return string;
            } finally {
            }
        } catch (IOException unused) {
            return "";
        }
    }

    private String h(HttpUrl httpUrl, String str) {
        Request.Builder method = new Request.Builder().url(httpUrl).method(HttpMethods.GET, null);
        if (str != null && !str.isEmpty()) {
            method.header("X-aws-ec2-metadata-token", str);
        }
        try {
            Response execute = this.f29551b.newCall(method.build()).execute();
            try {
                if (!execute.isSuccessful()) {
                    throw new ProviderException(httpUrl + " failed with HTTP status code " + execute.code());
                }
                String[] split = execute.body().string().split("\\R");
                execute.close();
                if (split.length != 0) {
                    return split[0];
                }
                throw new ProviderException("No IAM roles attached to EC2 service " + httpUrl);
            } finally {
            }
        } catch (IOException e10) {
            throw new ProviderException("Unable to parse response", e10);
        }
    }

    private HttpUrl i(String str) {
        HttpUrl httpUrl = this.f29550a;
        HttpUrl parse = httpUrl == null ? HttpUrl.parse("http://169.254.169.254/latest/meta-data/iam/security-credentials/") : new HttpUrl.Builder().scheme(httpUrl.scheme()).host(httpUrl.host()).addPathSegments("latest/meta-data/iam/security-credentials/").build();
        return parse.newBuilder().addPathSegment(h(parse, str)).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ Jwt j(String str) {
        Path path;
        byte[] readAllBytes;
        try {
            path = Paths.get(str, new String[0]);
            readAllBytes = Files.readAllBytes(path);
            return new Jwt(new String(readAllBytes, StandardCharsets.UTF_8), 0);
        } catch (IOException e10) {
            throw new ProviderException("Error in reading file " + str, e10);
        }
    }

    @Override // io.minio.credentials.Provider
    public synchronized Credentials a() {
        Credentials credentials = this.f29553d;
        if (credentials != null && !credentials.b()) {
            return this.f29553d;
        }
        HttpUrl httpUrl = this.f29550a;
        String b10 = b("AWS_WEB_IDENTITY_TOKEN_FILE");
        if (b10 != null) {
            Credentials e10 = e(b10);
            this.f29553d = e10;
            return e10;
        }
        String str = "Authorization";
        String b11 = b("AWS_CONTAINER_AUTHORIZATION_TOKEN");
        if (b("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") != null) {
            if (httpUrl == null) {
                httpUrl = new HttpUrl.Builder().scheme("http").host("169.254.170.2").addPathSegments(b("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI")).build();
            }
        } else if (b("AWS_CONTAINER_CREDENTIALS_FULL_URI") != null) {
            if (httpUrl == null) {
                httpUrl = HttpUrl.parse(b("AWS_CONTAINER_CREDENTIALS_FULL_URI"));
            }
            d(httpUrl);
        } else {
            b11 = g();
            str = "X-aws-ec2-metadata-token";
            httpUrl = i(b11);
        }
        Credentials f10 = f(httpUrl, str, b11);
        this.f29553d = f10;
        return f10;
    }
}
