package software.amazon.awssdk.auth.credentials;

import java.net.URI;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.annotations.SdkTestInternalApi;
import software.amazon.awssdk.auth.credentials.HttpCredentialsProvider;
import software.amazon.awssdk.auth.credentials.internal.Ec2MetadataConfigProvider;
import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader;
import software.amazon.awssdk.auth.credentials.internal.StaticResourcesEndpointProvider;
import software.amazon.awssdk.core.SdkSystemSetting;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.core.exception.SdkServiceException;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.profiles.ProfileFileSupplier;
import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
import software.amazon.awssdk.profiles.ProfileProperty;
import software.amazon.awssdk.regions.util.HttpResourcesUtils;
import software.amazon.awssdk.regions.util.ResourcesEndpointProvider;
import software.amazon.awssdk.utils.ComparableUtils;
import software.amazon.awssdk.utils.FunctionalUtils;
import software.amazon.awssdk.utils.Logger;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
import software.amazon.awssdk.utils.cache.CachedSupplier;
import software.amazon.awssdk.utils.cache.NonBlocking;
import software.amazon.awssdk.utils.cache.RefreshResult;

@SdkPublicApi
/* loaded from: input_file:WEB-INF/lib/auth-2.30.33.jar:software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.class */
public final class InstanceProfileCredentialsProvider implements HttpCredentialsProvider, ToCopyableBuilder<Builder, InstanceProfileCredentialsProvider> {
    private static final Logger log = Logger.loggerFor((Class<?>) InstanceProfileCredentialsProvider.class);
    private static final String PROVIDER_NAME = "InstanceProfileCredentialsProvider";
    private static final String EC2_METADATA_TOKEN_HEADER = "x-aws-ec2-metadata-token";
    private static final String SECURITY_CREDENTIALS_RESOURCE = "/latest/meta-data/iam/security-credentials/";
    private static final String TOKEN_RESOURCE = "/latest/api/token";
    private static final String EC2_METADATA_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds";
    private static final String DEFAULT_TOKEN_TTL = "21600";
    private final Clock clock;
    private final String endpoint;
    private final Ec2MetadataConfigProvider configProvider;
    private final HttpCredentialsLoader httpCredentialsLoader;
    private final CachedSupplier<AwsCredentials> credentialsCache;
    private final Boolean asyncCredentialUpdateEnabled;
    private final String asyncThreadName;
    private final Supplier<ProfileFile> profileFile;
    private final String profileName;
    private final Duration staleTime;

    /* loaded from: input_file:WEB-INF/lib/auth-2.30.33.jar:software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider$Builder.class */
    public interface Builder extends HttpCredentialsProvider.Builder<InstanceProfileCredentialsProvider, Builder>, CopyableBuilder<Builder, InstanceProfileCredentialsProvider> {
        Builder profileFile(ProfileFile profileFile);

        Builder profileFile(Supplier<ProfileFile> supplier);

        Builder profileName(String str);

        Builder staleTime(Duration duration);

        @Override // software.amazon.awssdk.utils.builder.SdkBuilder, software.amazon.awssdk.utils.builder.Buildable
        /* renamed from: build */
        InstanceProfileCredentialsProvider mo22117build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SdkTestInternalApi
    /* loaded from: input_file:WEB-INF/lib/auth-2.30.33.jar:software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider$BuilderImpl.class */
    public static final class BuilderImpl implements Builder {
        private Clock clock;
        private String endpoint;
        private Boolean asyncCredentialUpdateEnabled;
        private String asyncThreadName;
        private Supplier<ProfileFile> profileFile;
        private String profileName;
        private Duration staleTime;

        private BuilderImpl() {
            this.clock = Clock.systemUTC();
            asyncThreadName("instance-profile-credentials-provider");
        }

        private BuilderImpl(InstanceProfileCredentialsProvider instanceProfileCredentialsProvider) {
            this.clock = Clock.systemUTC();
            this.clock = instanceProfileCredentialsProvider.clock;
            this.endpoint = instanceProfileCredentialsProvider.endpoint;
            this.asyncCredentialUpdateEnabled = instanceProfileCredentialsProvider.asyncCredentialUpdateEnabled;
            this.asyncThreadName = instanceProfileCredentialsProvider.asyncThreadName;
            this.profileFile = instanceProfileCredentialsProvider.profileFile;
            this.profileName = instanceProfileCredentialsProvider.profileName;
            this.staleTime = instanceProfileCredentialsProvider.staleTime;
        }

        Builder clock(Clock clock) {
            this.clock = clock;
            return this;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.awssdk.auth.credentials.HttpCredentialsProvider.Builder
        public Builder endpoint(String str) {
            this.endpoint = str;
            return this;
        }

        public void setEndpoint(String str) {
            endpoint(str);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.awssdk.auth.credentials.HttpCredentialsProvider.Builder
        public Builder asyncCredentialUpdateEnabled(Boolean bool) {
            this.asyncCredentialUpdateEnabled = bool;
            return this;
        }

        public void setAsyncCredentialUpdateEnabled(boolean z) {
            asyncCredentialUpdateEnabled(Boolean.valueOf(z));
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.awssdk.auth.credentials.HttpCredentialsProvider.Builder
        public Builder asyncThreadName(String str) {
            this.asyncThreadName = str;
            return this;
        }

        public void setAsyncThreadName(String str) {
            asyncThreadName(str);
        }

        @Override // software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.Builder
        public Builder profileFile(ProfileFile profileFile) {
            return profileFile((Supplier<ProfileFile>) Optional.ofNullable(profileFile).map(ProfileFileSupplier::fixedProfileFile).orElse(null));
        }

        public void setProfileFile(ProfileFile profileFile) {
            profileFile(profileFile);
        }

        @Override // software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.Builder
        public Builder profileFile(Supplier<ProfileFile> supplier) {
            this.profileFile = supplier;
            return this;
        }

        public void setProfileFile(Supplier<ProfileFile> supplier) {
            profileFile(supplier);
        }

        @Override // software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.Builder
        public Builder profileName(String str) {
            this.profileName = str;
            return this;
        }

        public void setProfileName(String str) {
            profileName(str);
        }

        @Override // software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.Builder
        public Builder staleTime(Duration duration) {
            this.staleTime = duration;
            return this;
        }

        public void setStaleTime(Duration duration) {
            staleTime(duration);
        }

        @Override // software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider.Builder, software.amazon.awssdk.utils.builder.SdkBuilder, software.amazon.awssdk.utils.builder.Buildable
        /* renamed from: build */
        public InstanceProfileCredentialsProvider mo22117build() {
            return new InstanceProfileCredentialsProvider(this);
        }
    }

    private InstanceProfileCredentialsProvider(BuilderImpl builderImpl) {
        this.clock = builderImpl.clock;
        this.endpoint = builderImpl.endpoint;
        this.asyncCredentialUpdateEnabled = builderImpl.asyncCredentialUpdateEnabled;
        this.asyncThreadName = builderImpl.asyncThreadName;
        this.profileFile = (Supplier) Optional.ofNullable(builderImpl.profileFile).orElseGet(() -> {
            return ProfileFileSupplier.fixedProfileFile(ProfileFile.defaultProfileFile());
        });
        Optional ofNullable = Optional.ofNullable(builderImpl.profileName);
        ProfileFileSystemSetting profileFileSystemSetting = ProfileFileSystemSetting.AWS_PROFILE;
        Objects.requireNonNull(profileFileSystemSetting);
        this.profileName = (String) ofNullable.orElseGet(profileFileSystemSetting::getStringValueOrThrow);
        this.httpCredentialsLoader = HttpCredentialsLoader.create(PROVIDER_NAME);
        this.configProvider = Ec2MetadataConfigProvider.builder().profileFile(this.profileFile).profileName(this.profileName).build();
        this.staleTime = (Duration) Validate.getOrDefault(builderImpl.staleTime, () -> {
            return Duration.ofSeconds(1L);
        });
        if (!Boolean.TRUE.equals(builderImpl.asyncCredentialUpdateEnabled)) {
            this.credentialsCache = CachedSupplier.builder(this::refreshCredentials).cachedValueName(toString()).staleValueBehavior(CachedSupplier.StaleValueBehavior.ALLOW).clock(this.clock).build();
        } else {
            Validate.paramNotBlank(builderImpl.asyncThreadName, "asyncThreadName");
            this.credentialsCache = CachedSupplier.builder(this::refreshCredentials).cachedValueName(toString()).prefetchStrategy(new NonBlocking(builderImpl.asyncThreadName)).staleValueBehavior(CachedSupplier.StaleValueBehavior.ALLOW).clock(this.clock).build();
        }
    }

    public static Builder builder() {
        return new BuilderImpl();
    }

    public static InstanceProfileCredentialsProvider create() {
        return builder().mo22117build();
    }

    @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        return this.credentialsCache.get();
    }

    private RefreshResult<AwsCredentials> refreshCredentials() {
        if (isLocalCredentialLoadingDisabled()) {
            throw SdkClientException.create("IMDS credentials have been disabled by environment variable or system property.");
        }
        try {
            HttpCredentialsLoader.LoadedCredentials loadCredentials = this.httpCredentialsLoader.loadCredentials(createEndpointProvider());
            Instant orElse = loadCredentials.getExpiration().orElse(null);
            log.debug(() -> {
                return "Loaded credentials from IMDS with expiration time of " + orElse;
            });
            return RefreshResult.builder(loadCredentials.getAwsCredentials()).staleTime(staleTime(orElse)).prefetchTime(prefetchTime(orElse)).mo22117build();
        } catch (RuntimeException e) {
            throw SdkClientException.create("Failed to load credentials from IMDS.", (Throwable) e);
        }
    }

    private boolean isLocalCredentialLoadingDisabled() {
        return SdkSystemSetting.AWS_EC2_METADATA_DISABLED.getBooleanValueOrThrow().booleanValue();
    }

    private Instant staleTime(Instant instant) {
        if (instant == null) {
            return null;
        }
        return instant.minus((TemporalAmount) this.staleTime);
    }

    private Instant prefetchTime(Instant instant) {
        Instant instant2 = this.clock.instant();
        if (instant == null) {
            return instant2.plus(60L, (TemporalUnit) ChronoUnit.MINUTES);
        }
        Duration between = Duration.between(instant2, instant);
        if (between.isNegative()) {
            return null;
        }
        return instant2.plus((TemporalAmount) ComparableUtils.maximum(between.dividedBy(2L), Duration.ofMinutes(5L)));
    }

    @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        this.credentialsCache.close();
    }

    public String toString() {
        return ToString.create(PROVIDER_NAME);
    }

    private ResourcesEndpointProvider createEndpointProvider() {
        String imdsEndpoint = getImdsEndpoint();
        String token = getToken(imdsEndpoint);
        return StaticResourcesEndpointProvider.builder().endpoint(URI.create(imdsEndpoint + SECURITY_CREDENTIALS_RESOURCE + getSecurityCredentials(imdsEndpoint, token)[0])).headers(getTokenHeaders(token)).connectionTimeout(Duration.ofMillis(this.configProvider.serviceTimeout())).build();
    }

    private String getImdsEndpoint() {
        return this.endpoint != null ? this.endpoint : this.configProvider.getEndpoint();
    }

    private String getToken(String str) {
        try {
            return HttpResourcesUtils.instance().readResource(StaticResourcesEndpointProvider.builder().endpoint(getTokenEndpoint(str)).headers(Collections.singletonMap(EC2_METADATA_TOKEN_TTL_HEADER, DEFAULT_TOKEN_TTL)).connectionTimeout(Duration.ofMillis(this.configProvider.serviceTimeout())).build(), "PUT");
        } catch (SdkServiceException e) {
            if (e.statusCode() == 400) {
                throw SdkClientException.builder().message("Unable to fetch metadata token.").cause((Throwable) e).mo22117build();
            }
            return handleTokenErrorResponse(e);
        } catch (Exception e2) {
            return handleTokenErrorResponse(e2);
        }
    }

    private URI getTokenEndpoint(String str) {
        String str2 = str;
        if (str2.endsWith("/")) {
            str2 = str2.substring(0, str2.length() - 1);
        }
        return URI.create(str2 + TOKEN_RESOURCE);
    }

    private String handleTokenErrorResponse(Exception exc) {
        if (isInsecureFallbackDisabled()) {
            throw SdkClientException.builder().message(String.format("Failed to retrieve IMDS token, and fallback to IMDS v1 is disabled via the %s system property, %s environment variable, or %s configuration file profile setting.", SdkSystemSetting.AWS_EC2_METADATA_V1_DISABLED.environmentVariable(), SdkSystemSetting.AWS_EC2_METADATA_V1_DISABLED.property(), ProfileProperty.EC2_METADATA_V1_DISABLED)).cause((Throwable) exc).mo22117build();
        }
        log.debug(() -> {
            return "Ignoring non-fatal exception while attempting to load metadata token from instance profile.";
        }, exc);
        return null;
    }

    private boolean isInsecureFallbackDisabled() {
        return this.configProvider.isMetadataV1Disabled();
    }

    private String[] getSecurityCredentials(String str, String str2) {
        StaticResourcesEndpointProvider build = StaticResourcesEndpointProvider.builder().endpoint(URI.create(str + SECURITY_CREDENTIALS_RESOURCE)).headers(getTokenHeaders(str2)).connectionTimeout(Duration.ofMillis(this.configProvider.serviceTimeout())).build();
        String[] split = ((String) FunctionalUtils.invokeSafely(() -> {
            return HttpResourcesUtils.instance().readResource(build);
        })).trim().split("\n");
        if (split.length == 0) {
            throw SdkClientException.builder().message("Unable to load credentials path").mo22117build();
        }
        return split;
    }

    private Map<String, String> getTokenHeaders(String str) {
        return str == null ? Collections.emptyMap() : Collections.singletonMap(EC2_METADATA_TOKEN_HEADER, str);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // software.amazon.awssdk.utils.builder.ToCopyableBuilder
    /* renamed from: toBuilder */
    public Builder mo22779toBuilder() {
        return new BuilderImpl();
    }
}
