package software.amazon.awssdk.auth.credentials;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;
import software.amazon.awssdk.utils.DateUtils;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.Platform;
import software.amazon.awssdk.utils.SdkAutoCloseable;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
import software.amazon.awssdk.utils.cache.CachedSupplier;
import software.amazon.awssdk.utils.cache.NonBlocking;
import software.amazon.awssdk.utils.cache.RefreshResult;

@SdkPublicApi
/* loaded from: input_file:WEB-INF/lib/auth-2.28.13.jar:software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.class */
public final class ProcessCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable, ToCopyableBuilder<Builder, ProcessCredentialsProvider> {
    private static final String PROVIDER_NAME = "ProcessCredentialsProvider";
    private static final JsonNodeParser PARSER = JsonNodeParser.builder().removeErrorLocations(true).build();
    private final List<String> executableCommand;
    private final Duration credentialRefreshThreshold;
    private final long processOutputLimit;
    private final String staticAccountId;
    private final CachedSupplier<AwsCredentials> processCredentialCache;
    private final String commandFromBuilder;
    private final List<String> commandAsListOfStringsFromBuilder;
    private final Boolean asyncCredentialUpdateEnabled;

    /* loaded from: input_file:WEB-INF/lib/auth-2.28.13.jar:software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider$Builder.class */
    public static class Builder implements CopyableBuilder<Builder, ProcessCredentialsProvider> {
        private Boolean asyncCredentialUpdateEnabled;
        private String command;
        private List<String> commandAsListOfStrings;
        private Duration credentialRefreshThreshold;
        private long processOutputLimit;
        private String staticAccountId;

        private Builder() {
            this.asyncCredentialUpdateEnabled = false;
            this.credentialRefreshThreshold = Duration.ofSeconds(15L);
            this.processOutputLimit = 64000L;
        }

        private Builder(ProcessCredentialsProvider processCredentialsProvider) {
            this.asyncCredentialUpdateEnabled = false;
            this.credentialRefreshThreshold = Duration.ofSeconds(15L);
            this.processOutputLimit = 64000L;
            this.asyncCredentialUpdateEnabled = processCredentialsProvider.asyncCredentialUpdateEnabled;
            this.command = processCredentialsProvider.commandFromBuilder;
            this.commandAsListOfStrings = processCredentialsProvider.commandAsListOfStringsFromBuilder;
            this.credentialRefreshThreshold = processCredentialsProvider.credentialRefreshThreshold;
            this.processOutputLimit = processCredentialsProvider.processOutputLimit;
            this.staticAccountId = processCredentialsProvider.staticAccountId;
        }

        public Builder asyncCredentialUpdateEnabled(Boolean bool) {
            this.asyncCredentialUpdateEnabled = bool;
            return this;
        }

        @Deprecated
        public Builder command(String str) {
            this.command = str;
            return this;
        }

        public Builder command(List<String> list) {
            this.commandAsListOfStrings = list;
            return this;
        }

        public Builder credentialRefreshThreshold(Duration duration) {
            this.credentialRefreshThreshold = duration;
            return this;
        }

        public Builder processOutputLimit(long j) {
            this.processOutputLimit = j;
            return this;
        }

        public Builder staticAccountId(String str) {
            this.staticAccountId = str;
            return this;
        }

        @Override // software.amazon.awssdk.utils.builder.SdkBuilder, software.amazon.awssdk.utils.builder.Buildable
        /* renamed from: build */
        public ProcessCredentialsProvider mo9589build() {
            return new ProcessCredentialsProvider(this);
        }
    }

    private ProcessCredentialsProvider(Builder builder) {
        this.executableCommand = executableCommand(builder);
        this.processOutputLimit = Validate.isPositive(builder.processOutputLimit, "processOutputLimit");
        this.credentialRefreshThreshold = Validate.isPositive(builder.credentialRefreshThreshold, "expirationBuffer");
        this.commandFromBuilder = builder.command;
        this.commandAsListOfStringsFromBuilder = builder.commandAsListOfStrings;
        this.asyncCredentialUpdateEnabled = builder.asyncCredentialUpdateEnabled;
        this.staticAccountId = builder.staticAccountId;
        CachedSupplier.Builder cachedValueName = CachedSupplier.builder(this::refreshCredentials).cachedValueName(toString());
        if (builder.asyncCredentialUpdateEnabled.booleanValue()) {
            cachedValueName.prefetchStrategy(new NonBlocking("process-credentials-provider"));
        }
        this.processCredentialCache = cachedValueName.build();
    }

    private List<String> executableCommand(Builder builder) {
        if (builder.commandAsListOfStrings != null) {
            return Collections.unmodifiableList(builder.commandAsListOfStrings);
        }
        ArrayList arrayList = new ArrayList();
        if (Platform.isWindows()) {
            arrayList.add("cmd.exe");
            arrayList.add("/C");
        } else {
            arrayList.add("sh");
            arrayList.add("-c");
        }
        arrayList.add((String) Validate.paramNotNull(builder.command, "command"));
        return Collections.unmodifiableList(arrayList);
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        return this.processCredentialCache.get();
    }

    private RefreshResult<AwsCredentials> refreshCredentials() {
        try {
            JsonNode parseProcessOutput = parseProcessOutput(executeCommand());
            AwsCredentials credentials = credentials(parseProcessOutput);
            Instant credentialExpirationTime = credentialExpirationTime(parseProcessOutput);
            return RefreshResult.builder(credentials).staleTime(credentialExpirationTime).prefetchTime(credentialExpirationTime.minusMillis(this.credentialRefreshThreshold.toMillis())).mo9589build();
        } catch (InterruptedException e) {
            throw new IllegalStateException("Process-based credential refreshing has been interrupted.", e);
        } catch (Exception e2) {
            throw new IllegalStateException("Failed to refresh process-based credentials.", e2);
        }
    }

    private JsonNode parseProcessOutput(String str) {
        JsonNode parse = PARSER.parse(str);
        if (!parse.isObject()) {
            throw new IllegalStateException("Process did not return a JSON object.");
        }
        JsonNode orElse = parse.field("Version").orElse(null);
        if (orElse != null && orElse.isNumber() && orElse.asNumber().equals("1")) {
            return parse;
        }
        throw new IllegalStateException("Unsupported credential version: " + orElse);
    }

    private AwsCredentials credentials(JsonNode jsonNode) {
        String text = getText(jsonNode, "AccessKeyId");
        String text2 = getText(jsonNode, "SecretAccessKey");
        String text3 = getText(jsonNode, "SessionToken");
        String text4 = getText(jsonNode, "AccountId");
        Validate.notEmpty(text, "AccessKeyId cannot be empty.", new Object[0]);
        Validate.notEmpty(text2, "SecretAccessKey cannot be empty.", new Object[0]);
        String str = text4 == null ? this.staticAccountId : text4;
        return text3 != null ? AwsSessionCredentials.builder().accessKeyId(text).secretAccessKey(text2).sessionToken(text3).expirationTime(credentialExpirationTime(jsonNode)).accountId(str).providerName(PROVIDER_NAME).mo9589build() : AwsBasicCredentials.builder().accessKeyId(text).secretAccessKey(text2).accountId(str).providerName(PROVIDER_NAME).mo9589build();
    }

    private Instant credentialExpirationTime(JsonNode jsonNode) {
        String text = getText(jsonNode, "Expiration");
        return text != null ? DateUtils.parseIso8601Date(text) : Instant.MAX;
    }

    private String getText(JsonNode jsonNode, String str) {
        return (String) jsonNode.field(str).map((v0) -> {
            return v0.text();
        }).orElse(null);
    }

    private String executeCommand() throws IOException, InterruptedException {
        ProcessBuilder processBuilder = new ProcessBuilder(this.executableCommand);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Process start = processBuilder.start();
        try {
            IoUtils.copy(start.getInputStream(), byteArrayOutputStream, this.processOutputLimit);
            start.waitFor();
            if (start.exitValue() != 0) {
                try {
                    throw new IllegalStateException(String.format("Command returned non-zero exit value (%s) with error message: %s", Integer.valueOf(start.exitValue()), IoUtils.toUtf8String(start.getErrorStream())));
                } finally {
                }
            }
            String str = new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
            start.destroy();
            return str;
        } catch (Throwable th) {
            start.destroy();
            throw th;
        }
    }

    @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        this.processCredentialCache.close();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // software.amazon.awssdk.utils.builder.ToCopyableBuilder
    /* renamed from: toBuilder */
    public Builder mo10184toBuilder() {
        return new Builder();
    }

    public String toString() {
        return ToString.builder(PROVIDER_NAME).add("cmd", this.executableCommand).build();
    }
}
