package com.google.auth.oauth2;

import PG.K4;
import androidx.compose.ui.graphics.g0;
import com.google.android.gms.common.api.internal.C8835y;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.common.base.AbstractC8902b;
import com.google.common.collect.ImmutableList;
import com.raizlabs.android.dbflow.sql.language.Operator;
import iq.AbstractC12852i;
import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes8.dex */
public class AwsCredentials extends ExternalAccountCredentials {
    static final String AWS_ACCESS_KEY_ID = "AWS_ACCESS_KEY_ID";
    static final String AWS_DEFAULT_REGION = "AWS_DEFAULT_REGION";
    static final String AWS_IMDSV2_SESSION_TOKEN_HEADER = "x-aws-ec2-metadata-token";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL = "300";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds";
    static final String AWS_REGION = "AWS_REGION";
    static final String AWS_SECRET_ACCESS_KEY = "AWS_SECRET_ACCESS_KEY";
    static final String AWS_SESSION_TOKEN = "AWS_SESSION_TOKEN";
    private static final long serialVersionUID = -3670131891574618105L;
    private final AwsCredentialSource awsCredentialSource;

    /* loaded from: classes8.dex */
    public static class AwsCredentialSource extends ExternalAccountCredentials.CredentialSource {
        private static final long serialVersionUID = -4180558200808134436L;
        private final String imdsv2SessionTokenUrl;
        private final String regionUrl;
        private final String regionalCredentialVerificationUrl;
        private final String url;

        public AwsCredentialSource(Map<String, Object> map) {
            super(map);
            if (!map.containsKey("regional_cred_verification_url")) {
                throw new IllegalArgumentException("A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.");
            }
            Matcher matcher = Pattern.compile("(aws)([\\d]+)").matcher((String) map.get("environment_id"));
            if (!matcher.matches()) {
                throw new IllegalArgumentException("Invalid AWS environment ID.");
            }
            int parseInt = Integer.parseInt(matcher.group(2));
            if (parseInt != 1) {
                throw new IllegalArgumentException(AbstractC12852i.l("AWS version ", parseInt, " is not supported in the current build."));
            }
            this.regionUrl = (String) map.get("region_url");
            this.url = (String) map.get("url");
            this.regionalCredentialVerificationUrl = (String) map.get("regional_cred_verification_url");
            if (map.containsKey("imdsv2_session_token_url")) {
                this.imdsv2SessionTokenUrl = (String) map.get("imdsv2_session_token_url");
            } else {
                this.imdsv2SessionTokenUrl = null;
            }
        }
    }

    public AwsCredentials(C8889e c8889e) {
        super(c8889e);
        this.awsCredentialSource = (AwsCredentialSource) c8889e.f52405i;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [E7.a, com.google.api.client.util.s] */
    public static E7.a h(String str, String str2) {
        ?? sVar = new com.google.api.client.util.s();
        sVar.setFactory(J.f52331d);
        sVar.put("key", str);
        sVar.put("value", str2);
        return sVar;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.e, com.google.auth.oauth2.C] */
    public static C8889e newBuilder() {
        return new C();
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.google.auth.oauth2.e, com.google.auth.oauth2.r] */
    public static C8889e newBuilder(AwsCredentials awsCredentials) {
        return new r(awsCredentials);
    }

    public Map<String, Object> createMetadataRequestHeaders(AwsCredentialSource awsCredentialSource) {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.imdsv2SessionTokenUrl != null) {
            hashMap.put(AWS_IMDSV2_SESSION_TOKEN_HEADER, i(awsCredentialSource.imdsv2SessionTokenUrl, "Session Token", "PUT", new HashMap<String, Object>() { // from class: com.google.auth.oauth2.AwsCredentials.1
                {
                    put(AwsCredentials.AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER, AwsCredentials.AWS_IMDSV2_SESSION_TOKEN_TTL);
                }
            }));
        }
        return hashMap;
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials createScoped(Collection<String> collection) {
        C8889e newBuilder = newBuilder(this);
        newBuilder.f52410o = collection;
        return new AwsCredentials(newBuilder);
    }

    public final boolean f() {
        Iterator<E> it = ImmutableList.of(AWS_REGION, AWS_DEFAULT_REGION).iterator();
        while (it.hasNext()) {
            String env = getEnvironmentProvider().getEnv((String) it.next());
            if (env != null && env.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    public final boolean g() {
        Iterator<E> it = ImmutableList.of(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).iterator();
        while (it.hasNext()) {
            String env = getEnvironmentProvider().getEnv((String) it.next());
            if (env == null || env.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    public String getAwsRegion(Map<String, Object> map) {
        if (f()) {
            String env = getEnvironmentProvider().getEnv(AWS_REGION);
            return (env == null || env.trim().length() <= 0) ? getEnvironmentProvider().getEnv(AWS_DEFAULT_REGION) : env;
        }
        if (this.awsCredentialSource.regionUrl == null || this.awsCredentialSource.regionUrl.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return K4.k(1, 0, i(this.awsCredentialSource.regionUrl, "region", "GET", map));
    }

    public C8890f getAwsSecurityCredentials(Map<String, Object> map) {
        if (g()) {
            return new C8890f(getEnvironmentProvider().getEnv(AWS_ACCESS_KEY_ID), getEnvironmentProvider().getEnv(AWS_SECRET_ACCESS_KEY), getEnvironmentProvider().getEnv(AWS_SESSION_TOKEN));
        }
        if (this.awsCredentialSource.url == null || this.awsCredentialSource.url.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        E7.a aVar = (E7.a) J.f52331d.e(i(AbstractC12852i.q(new StringBuilder(), this.awsCredentialSource.url, Operator.Operation.DIVISION, i(this.awsCredentialSource.url, "IAM role", "GET", map)), "credentials", "GET", map)).r0(E7.a.class);
        return new C8890f((String) aVar.get("AccessKeyId"), (String) aVar.get("SecretAccessKey"), (String) aVar.get("Token"));
    }

    public String getEnv(String str) {
        return System.getenv(str);
    }

    public final String i(String str, String str2, String str3, Map map) {
        try {
            B7.q x10 = this.transportFactory.a().a().x(str3, new B7.h(str), null);
            B7.n nVar = x10.f963b;
            for (Map.Entry entry : map.entrySet()) {
                nVar.j(entry.getValue(), (String) entry.getKey());
            }
            return x10.b().f();
        } catch (IOException e10) {
            throw new IOException(E.d.D("Failed to retrieve AWS ", str2, "."), e10);
        }
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken refreshAccessToken() {
        String retrieveSubjectToken = retrieveSubjectToken();
        String subjectTokenType = getSubjectTokenType();
        String audience = getAudience();
        Collection<String> scopes = getScopes();
        ArrayList arrayList = null;
        if (scopes != null && !scopes.isEmpty()) {
            arrayList = new ArrayList(scopes);
        }
        return exchangeExternalCredentialForAccessToken(new N(retrieveSubjectToken, subjectTokenType, audience, arrayList));
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [E7.a, com.google.api.client.util.s] */
    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String retrieveSubjectToken() {
        q qVar;
        Map<String, Object> hashMap = new HashMap<>();
        if (shouldUseMetadataServer()) {
            hashMap = createMetadataRequestHeaders(this.awsCredentialSource);
        }
        String awsRegion = getAwsRegion(hashMap);
        C8890f awsSecurityCredentials = getAwsSecurityCredentials(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("x-goog-cloud-target-resource", getAudience());
        String str = "{region}";
        String replace = this.awsCredentialSource.regionalCredentialVerificationUrl.replace("{region}", awsRegion);
        if (hashMap2.containsKey("date") && hashMap2.containsKey("x-amz-date")) {
            throw new IllegalArgumentException("One of {date, x-amz-date} can be specified, not both.");
        }
        try {
            if (hashMap2.containsKey("date")) {
                String str2 = (String) hashMap2.get("date");
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
                simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
                qVar = new q(simpleDateFormat.format(new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss z").parse(str2)), str2);
            } else {
                qVar = null;
            }
            if (hashMap2.containsKey("x-amz-date")) {
                String str3 = (String) hashMap2.get("x-amz-date");
                new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'").parse(str3);
                qVar = new q(str3);
            }
            awsSecurityCredentials.getClass();
            URI normalize = URI.create(replace).normalize();
            awsRegion.getClass();
            HashMap hashMap3 = new HashMap(hashMap2);
            if (qVar == null) {
                SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'");
                simpleDateFormat2.setTimeZone(TimeZone.getTimeZone("UTC"));
                qVar = new q(simpleDateFormat2.format(new Date(System.currentTimeMillis())));
            }
            C8835y d10 = C8835y.d(".");
            String host = normalize.getHost();
            host.getClass();
            String str4 = (String) ((AbstractC8902b) ((com.google.common.base.x) d10.f51272d).c(d10, host)).next();
            HashMap hashMap4 = new HashMap();
            hashMap4.put("host", normalize.getHost());
            if (!hashMap3.containsKey("date")) {
                hashMap4.put("x-amz-date", (String) qVar.f52400b);
            }
            String str5 = awsSecurityCredentials.f52374c;
            if (str5 != null && !str5.isEmpty()) {
                hashMap4.put("x-amz-security-token", str5);
            }
            for (String str6 : hashMap3.keySet()) {
                hashMap4.put(str6.toLowerCase(Locale.US), hashMap3.get(str6));
            }
            ArrayList arrayList = new ArrayList();
            Iterator it = hashMap4.keySet().iterator();
            while (it.hasNext()) {
                arrayList.add(((String) it.next()).toLowerCase(Locale.US));
            }
            Collections.sort(arrayList);
            StringBuilder sb2 = new StringBuilder("POST\n");
            sb2.append(normalize.getRawPath().isEmpty() ? Operator.Operation.DIVISION : normalize.getRawPath());
            sb2.append("\n");
            sb2.append(normalize.getRawQuery() != null ? normalize.getRawQuery() : "");
            sb2.append("\n");
            StringBuilder sb3 = new StringBuilder();
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                Iterator it3 = it2;
                String str7 = (String) it2.next();
                sb3.append(str7);
                sb3.append(":");
                sb3.append((String) hashMap4.get(str7));
                sb3.append("\n");
                str = str;
                it2 = it3;
            }
            String str8 = str;
            sb2.append((CharSequence) sb3);
            sb2.append("\n");
            sb2.append(P1.b.f(';').c(arrayList));
            sb2.append("\n");
            Charset charset = StandardCharsets.UTF_8;
            sb2.append(com.bumptech.glide.g.s("".getBytes(charset)));
            String s7 = com.bumptech.glide.g.s(sb2.toString().getBytes(charset));
            StringBuilder sb4 = new StringBuilder();
            String str9 = (String) qVar.f52399a;
            sb4.append(str9.substring(0, 8));
            sb4.append(Operator.Operation.DIVISION);
            String r4 = AbstractC12852i.r(sb4, awsRegion, Operator.Operation.DIVISION, str4, "/aws4_request");
            StringBuilder q10 = g0.q("AWS4-HMAC-SHA256\n", str9, "\n", r4, "\n");
            q10.append(s7);
            String sb5 = q10.toString();
            String c10 = M7.g.f17116c.i().c(com.bumptech.glide.g.G(com.bumptech.glide.g.G(com.bumptech.glide.g.G(com.bumptech.glide.g.G(com.bumptech.glide.g.G(("AWS4" + awsSecurityCredentials.f52373b).getBytes(charset), str9.substring(0, 8).getBytes(charset)), awsRegion.getBytes(charset)), str4.getBytes(charset)), "aws4_request".getBytes(charset)), sb5.getBytes(charset)));
            String c11 = P1.b.f(';').c(arrayList);
            StringBuilder sb6 = new StringBuilder("AWS4-HMAC-SHA256 Credential=");
            K4.B(sb6, awsSecurityCredentials.f52372a, Operator.Operation.DIVISION, r4, ", SignedHeaders=");
            String q11 = AbstractC12852i.q(sb6, c11, ", Signature=", c10);
            HashMap hashMap5 = new HashMap(hashMap4);
            normalize.toString();
            HashMap hashMap6 = new HashMap(hashMap5);
            ArrayList arrayList2 = new ArrayList();
            for (String str10 : hashMap6.keySet()) {
                arrayList2.add(h(str10, (String) hashMap6.get(str10)));
            }
            arrayList2.add(h("Authorization", q11));
            arrayList2.add(h("x-goog-cloud-target-resource", getAudience()));
            ?? sVar = new com.google.api.client.util.s();
            sVar.setFactory(J.f52331d);
            sVar.put("headers", arrayList2);
            sVar.put("method", "POST");
            sVar.put("url", this.awsCredentialSource.regionalCredentialVerificationUrl.replace(str8, awsRegion));
            return URLEncoder.encode(sVar.toString(), "UTF-8");
        } catch (ParseException e10) {
            throw new IllegalArgumentException("The provided date header value is invalid.", e10);
        }
    }

    public boolean shouldUseMetadataServer() {
        return (f() && g()) ? false : true;
    }
}
