package io.minio.credentials;

import Hf.C0593a0;
import Hf.C0599d0;
import Hf.Y;
import Hf.Z;
import Hf.j0;
import Hf.l0;
import Hf.n0;
import Hf.o0;
import Hf.p0;
import Hf.u0;
import Hf.x0;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.json.JsonMapper;
import io.minio.messages.ResponseDate;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.ProviderException;
import java.util.Arrays;
import java.util.Objects;
import oauth.signpost.OAuth;
import org.apache.commons.compress.harmony.unpack200.AttributeLayout;
import x4.AbstractC7278a;
import yd.C7551t;

/* loaded from: classes3.dex */
public class IamAwsProvider extends EnvironmentProvider {
    private Credentials credentials;
    private final C0593a0 customEndpoint;
    private final l0 httpClient;
    private final ObjectMapper mapper;

    /* loaded from: classes3.dex */
    public static class EcsCredentials {

        @JsonProperty("AccessKeyID")
        private String accessKey;

        @JsonProperty(AttributeLayout.ATTRIBUTE_CODE)
        private String code;

        @JsonProperty("Expiration")
        private ResponseDate expiration;

        @JsonProperty("Message")
        private String message;

        @JsonProperty("SecretAccessKey")
        private String secretKey;

        @JsonProperty("Token")
        private String sessionToken;

        public String code() {
            return this.code;
        }

        public String message() {
            return this.message;
        }

        public Credentials toCredentials() {
            return new Credentials(this.accessKey, this.secretKey, this.sessionToken, this.expiration);
        }
    }

    public IamAwsProvider(String str, l0 l0Var) {
        C0593a0 c0593a0;
        if (str != null) {
            C0593a0.f7480j.getClass();
            c0593a0 = Z.d(str);
            Objects.requireNonNull(c0593a0, "Invalid custom endpoint");
        } else {
            c0593a0 = null;
        }
        this.customEndpoint = c0593a0;
        if (l0Var == null) {
            j0 a7 = new l0().a();
            a7.d(Arrays.asList(n0.f7603d));
            l0Var = new l0(a7);
        }
        this.httpClient = l0Var;
        this.mapper = JsonMapper.builder().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true).build();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void checkLoopbackHost(C0593a0 c0593a0) {
        try {
            for (InetAddress inetAddress : InetAddress.getAllByName(c0593a0.f7484d)) {
                if (!inetAddress.isLoopbackAddress()) {
                    throw new ProviderException(c0593a0.f7484d + " is not loopback only host");
                }
            }
        } catch (UnknownHostException unused) {
            throw new ProviderException("Host in " + c0593a0 + " is not loopback address");
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private Credentials fetchCredentials(C0593a0 c0593a0, String str, String str2) {
        o0 o0Var = new o0();
        C7551t.f(c0593a0, "url");
        o0Var.f7611a = c0593a0;
        o0Var.c("GET", null);
        if (str2 != null && !str2.isEmpty()) {
            o0Var.b(str, str2);
        }
        try {
            x0 d3 = this.httpClient.b(new p0(o0Var)).d();
            try {
                if (!d3.f7697p) {
                    throw new ProviderException(c0593a0 + " failed with HTTP status code " + d3.f7685d);
                }
                EcsCredentials ecsCredentials = (EcsCredentials) this.mapper.readValue(d3.f7688g.charStream(), EcsCredentials.class);
                if (ecsCredentials.code() != null && !ecsCredentials.code().equals("Success")) {
                    throw new ProviderException(c0593a0 + " failed with code " + ecsCredentials.code() + " and message " + ecsCredentials.message());
                }
                Credentials credentials = ecsCredentials.toCredentials();
                d3.close();
                return credentials;
            } finally {
            }
        } catch (IOException e10) {
            throw new ProviderException("Unable to parse response", e10);
        }
    }

    private Credentials fetchCredentials(String str) {
        C0593a0 c0593a0 = this.customEndpoint;
        if (c0593a0 == null) {
            String property = getProperty("AWS_REGION");
            String j10 = property == null ? "https://sts.amazonaws.com" : L2.a.j("https://sts.", property, ".amazonaws.com");
            C0593a0.f7480j.getClass();
            c0593a0 = Z.d(j10);
        }
        Credentials fetch = new WebIdentityProvider(new a(str, 0), c0593a0.f7489i, null, null, getProperty("AWS_ROLE_ARN"), getProperty("AWS_ROLE_SESSION_NAME"), this.httpClient).fetch();
        this.credentials = fetch;
        return fetch;
    }

    private String fetchImdsToken() {
        C0593a0 d3;
        C0593a0 c0593a0 = this.customEndpoint;
        if (c0593a0 == null) {
            C0593a0.f7480j.getClass();
            d3 = Z.d("http://169.254.169.254/latest/api/token");
        } else {
            Y y10 = new Y();
            y10.i(c0593a0.f7481a);
            y10.e(c0593a0.f7484d);
            y10.g(c0593a0.f7485e);
            y10.b("latest/api/token", false);
            d3 = y10.d();
        }
        o0 o0Var = new o0();
        C7551t.f(d3, "url");
        o0Var.f7611a = d3;
        o0Var.c("PUT", u0.create(new byte[0], (C0599d0) null));
        o0Var.b("X-aws-ec2-metadata-token-ttl-seconds", "21600");
        try {
            x0 d10 = this.httpClient.b(new p0(o0Var)).d();
            try {
                String string = d10.f7697p ? d10.f7688g.string() : "";
                d10.close();
                return string;
            } catch (Throwable th) {
                try {
                    throw th;
                } finally {
                }
            }
        } catch (IOException unused) {
            return "";
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private String getIamRoleName(C0593a0 c0593a0, String str) {
        o0 o0Var = new o0();
        C7551t.f(c0593a0, "url");
        o0Var.f7611a = c0593a0;
        o0Var.c("GET", null);
        if (str != null && !str.isEmpty()) {
            o0Var.b("X-aws-ec2-metadata-token", str);
        }
        try {
            x0 d3 = this.httpClient.b(new p0(o0Var)).d();
            try {
                if (!d3.f7697p) {
                    throw new ProviderException(c0593a0 + " failed with HTTP status code " + d3.f7685d);
                }
                String[] split = d3.f7688g.string().split("\\R");
                d3.close();
                if (split.length != 0) {
                    return split[0];
                }
                throw new ProviderException("No IAM roles attached to EC2 service " + c0593a0);
            } catch (Throwable th) {
                try {
                    throw th;
                } finally {
                }
            }
        } catch (IOException e10) {
            throw new ProviderException("Unable to parse response", e10);
        }
    }

    private C0593a0 getIamRoleNamedUrl(String str) {
        C0593a0 d3;
        C0593a0 c0593a0 = this.customEndpoint;
        if (c0593a0 == null) {
            C0593a0.f7480j.getClass();
            d3 = Z.d("http://169.254.169.254/latest/meta-data/iam/security-credentials/");
        } else {
            Y y10 = new Y();
            y10.i(c0593a0.f7481a);
            y10.e(c0593a0.f7484d);
            y10.g(c0593a0.f7485e);
            y10.b("latest/meta-data/iam/security-credentials/", false);
            d3 = y10.d();
        }
        String iamRoleName = getIamRoleName(d3, str);
        Y g10 = d3.g();
        C7551t.f(iamRoleName, "pathSegment");
        g10.h(iamRoleName, 0, iamRoleName.length(), false, false);
        return g10.d();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static /* synthetic */ Jwt lambda$fetchCredentials$0(String str) {
        try {
            return new Jwt(new String(Files.readAllBytes(Paths.get(str, new String[0])), StandardCharsets.UTF_8), 0);
        } catch (IOException e10) {
            throw new ProviderException(AbstractC7278a.j("Error in reading file ", str), e10);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // io.minio.credentials.Provider
    public synchronized Credentials fetch() {
        try {
            Credentials credentials = this.credentials;
            if (credentials != null && !credentials.isExpired()) {
                return this.credentials;
            }
            C0593a0 c0593a0 = this.customEndpoint;
            String property = getProperty("AWS_WEB_IDENTITY_TOKEN_FILE");
            if (property != null) {
                Credentials fetchCredentials = fetchCredentials(property);
                this.credentials = fetchCredentials;
                return fetchCredentials;
            }
            String str = OAuth.HTTP_AUTHORIZATION_HEADER;
            String property2 = getProperty("AWS_CONTAINER_AUTHORIZATION_TOKEN");
            if (getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI") != null) {
                if (c0593a0 == null) {
                    Y y10 = new Y();
                    y10.i("http");
                    y10.e("169.254.170.2");
                    String property3 = getProperty("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
                    C7551t.f(property3, "pathSegments");
                    y10.b(property3, false);
                    c0593a0 = y10.d();
                }
            } else if (getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI") != null) {
                if (c0593a0 == null) {
                    String property4 = getProperty("AWS_CONTAINER_CREDENTIALS_FULL_URI");
                    C0593a0.f7480j.getClass();
                    c0593a0 = Z.d(property4);
                }
                checkLoopbackHost(c0593a0);
            } else {
                property2 = fetchImdsToken();
                str = "X-aws-ec2-metadata-token";
                c0593a0 = getIamRoleNamedUrl(property2);
            }
            Credentials fetchCredentials2 = fetchCredentials(c0593a0, str, property2);
            this.credentials = fetchCredentials2;
            return fetchCredentials2;
        } catch (Throwable th) {
            throw th;
        }
    }
}
