package ox;

import android.content.Context;
import android.os.Bundle;
import androidx.annotation.NonNull;
import cc.h;
import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AnonymousAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityResult;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.google.android.gms.tasks.Tasks;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.moovit.auth.DeviceAuthManager;
import com.moovit.aws.credentials.AWSCredentialsInfo;
import com.moovit.commons.request.ServerException;
import com.moovit.env.EnvironmentProvider;
import com.moovit.env.ServerEnvironment;
import com.usebutton.sdk.internal.bridge.BridgeMessageParser;
import iy.e;
import java.io.File;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.atomic.AtomicReference;
import ky.g;
import my.y0;

/* compiled from: SecuredAwsCredentialsProvider.java */
/* loaded from: classes3.dex */
public class d implements AWSCredentialsProvider {

    /* renamed from: d, reason: collision with root package name */
    public static volatile d f58396d;

    /* renamed from: a, reason: collision with root package name */
    @NonNull
    public final Context f58397a;

    /* renamed from: b, reason: collision with root package name */
    @NonNull
    public final AWSSecurityTokenServiceClient f58398b;

    /* renamed from: c, reason: collision with root package name */
    @NonNull
    public final AtomicReference<AWSCredentialsInfo> f58399c;

    /* compiled from: SecuredAwsCredentialsProvider.java */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f58400a;

        static {
            int[] iArr = new int[ServerEnvironment.values().length];
            f58400a = iArr;
            try {
                iArr[ServerEnvironment.PROD.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f58400a[ServerEnvironment.STG.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f58400a[ServerEnvironment.QA.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f58400a[ServerEnvironment.DEV.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    public d(@NonNull Context context) {
        this.f58397a = (Context) y0.l(context, "appContext");
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials());
        this.f58398b = aWSSecurityTokenServiceClient;
        this.f58399c = new AtomicReference<>(null);
        aWSSecurityTokenServiceClient.setRegion(Region.getRegion(Regions.EU_WEST_1));
    }

    public static boolean a(AWSCredentialsInfo aWSCredentialsInfo) {
        return aWSCredentialsInfo != null && aWSCredentialsInfo.g() - System.currentTimeMillis() > 300000;
    }

    @NonNull
    public static AWSCredentialsInfo b(@NonNull Credentials credentials) {
        return new AWSCredentialsInfo(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken(), credentials.getExpiration() != null ? credentials.getExpiration().getTime() : -1L);
    }

    @NonNull
    public static AWSCredentials c(@NonNull AWSCredentialsInfo aWSCredentialsInfo) {
        return new BasicSessionCredentials(aWSCredentialsInfo.e(), aWSCredentialsInfo.i(), aWSCredentialsInfo.j());
    }

    @NonNull
    public static d g(@NonNull Context context) {
        if (f58396d == null) {
            synchronized (d.class) {
                try {
                    if (f58396d == null) {
                        f58396d = new d(context.getApplicationContext());
                    }
                } finally {
                }
            }
        }
        return f58396d;
    }

    @NonNull
    public static String h(@NonNull Context context) {
        int i2 = a.f58400a[EnvironmentProvider.b(context).ordinal()];
        return i2 != 1 ? i2 != 2 ? "arn:aws:iam::254431071183:role/oidc_kinesis_put_record" : "arn:aws:iam::254431071183:role/oidc_kinesis_put_record_stage" : "arn:aws:iam::254431071183:role/oidc_kinesis_put_record_prod";
    }

    private AWSCredentials j(boolean z5) {
        try {
            if (px.b.h(this.f58397a)) {
                return e(z5);
            }
            if (z5) {
                return d();
            }
            AWSCredentialsInfo f11 = f();
            return a(f11) ? c(f11) : d();
        } catch (Exception e2) {
            IOException iOException = e2 instanceof IOException ? (IOException) e2 : new IOException(e2);
            h.b().e(new AmazonClientException("sendAndReadAwsCredentials(" + z5 + ") failure.", e2));
            throw new AmazonClientException("sendAndReadAwsCredentials(" + z5 + ") failure.", iOException);
        }
    }

    @NonNull
    public final AWSCredentials d() throws ExecutionException, InterruptedException, AmazonClientException {
        y0.a();
        try {
            String h6 = h(this.f58397a);
            AssumeRoleWithWebIdentityResult assumeRoleWithWebIdentity = this.f58398b.assumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest().withRoleArn(h6).withRoleSessionName("KinesisRoleSession").withDurationSeconds(43200).withWebIdentityToken((String) Tasks.await(DeviceAuthManager.f29389a.e(this.f58397a))));
            k("assume_role_aws", true);
            AWSCredentialsInfo b7 = b(assumeRoleWithWebIdentity.getCredentials());
            l(b7);
            e.c("SecuredAwsCredentialsProvider", "Successfully fetched AWS credentials.", new Object[0]);
            return c(b7);
        } catch (Throwable th2) {
            e.c("SecuredAwsCredentialsProvider", "Failed to fetch AWS credentials.", new Object[0]);
            k("assume_role_aws", false);
            throw th2;
        }
    }

    public final AWSCredentials e(boolean z5) throws IOException, ServerException {
        y0.a();
        try {
            c H0 = new ox.a(this.f58397a, z5, true).H0();
            k("fetch_anonymous_credentials", true);
            e.c("SecuredAwsCredentialsProvider", "Successfully fetched anonymous credentials.", new Object[0]);
            return H0.j();
        } catch (Throwable th2) {
            e.c("SecuredAwsCredentialsProvider", "Failed to fetch anonymous credentials.", new Object[0]);
            k("fetch_anonymous_credentials", false);
            throw th2;
        }
    }

    public final AWSCredentialsInfo f() {
        y0.a();
        e.c("SecuredAwsCredentialsProvider", "Trying to get credentials from cache", new Object[0]);
        AWSCredentialsInfo aWSCredentialsInfo = this.f58399c.get();
        if (aWSCredentialsInfo == null) {
            synchronized (this.f58399c) {
                try {
                    aWSCredentialsInfo = this.f58399c.get();
                    if (aWSCredentialsInfo == null) {
                        e.c("SecuredAwsCredentialsProvider", "Failed to get credentials from cache", new Object[0]);
                        e.c("SecuredAwsCredentialsProvider", "Trying to get credentials from storage", new Object[0]);
                        aWSCredentialsInfo = i();
                        if (aWSCredentialsInfo != null) {
                            this.f58399c.set(aWSCredentialsInfo);
                        } else {
                            e.c("SecuredAwsCredentialsProvider", "Failed to get credentials from storage", new Object[0]);
                        }
                    }
                } finally {
                }
            }
        }
        if (aWSCredentialsInfo != null) {
            e.c("SecuredAwsCredentialsProvider", "Found credentials.", new Object[0]);
        }
        return aWSCredentialsInfo;
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSCredentials getCredentials() {
        return j(false);
    }

    public final AWSCredentialsInfo i() {
        y0.a();
        try {
            File fileStreamPath = this.f58397a.getFileStreamPath("kinesis_credentials_info.dat");
            if (fileStreamPath.exists()) {
                return (AWSCredentialsInfo) g.e(fileStreamPath, this.f58397a, AWSCredentialsInfo.f29408a);
            }
            return null;
        } catch (Exception e2) {
            e.f("SecuredAwsCredentialsProvider", e2, "Failed to read AWS credentials info.", new Object[0]);
            return null;
        }
    }

    public final void k(@NonNull String str, boolean z5) {
        Bundle bundle = new Bundle(2);
        bundle.putBoolean(BridgeMessageParser.KEY_SUCCESS, z5);
        FirebaseAnalytics.getInstance(this.f58397a).a(str, bundle);
    }

    public final void l(@NonNull AWSCredentialsInfo aWSCredentialsInfo) {
        y0.a();
        try {
            g.k(this.f58397a.getFileStreamPath("kinesis_credentials_info.dat"), this.f58397a, aWSCredentialsInfo, AWSCredentialsInfo.f29408a);
        } catch (Exception e2) {
            e.f("SecuredAwsCredentialsProvider", e2, "Failed to write AWS credentials info.", new Object[0]);
        }
        this.f58399c.set(aWSCredentialsInfo);
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        j(true);
    }
}
