package com.google.auth.oauth2;

import com.dominicfeliton.worldwidechat.libs.org.apache.http.client.methods.HttpGet;
import com.dominicfeliton.worldwidechat.libs.org.apache.http.client.methods.HttpPut;
import com.dominicfeliton.worldwidechat.libs.software.amazon.awssdk.core.internal.useragent.UserAgentConstant;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpContent;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.auth.http.HttpTransportFactory;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/google/auth/oauth2/InternalAwsSecurityCredentialsSupplier.class */
public class InternalAwsSecurityCredentialsSupplier implements AwsSecurityCredentialsSupplier {
    private static final long serialVersionUID = 4438370785261365013L;
    static final String AWS_REGION = "AWS_REGION";
    static final String AWS_DEFAULT_REGION = "AWS_DEFAULT_REGION";
    static final String AWS_ACCESS_KEY_ID = "AWS_ACCESS_KEY_ID";
    static final String AWS_SECRET_ACCESS_KEY = "AWS_SECRET_ACCESS_KEY";
    static final String AWS_SESSION_TOKEN = "AWS_SESSION_TOKEN";
    static final String AWS_IMDSV2_SESSION_TOKEN_HEADER = "x-aws-ec2-metadata-token";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER = "x-aws-ec2-metadata-token-ttl-seconds";
    static final String AWS_IMDSV2_SESSION_TOKEN_TTL = "300";
    private final AwsCredentialSource awsCredentialSource;
    private EnvironmentProvider environmentProvider;
    private transient HttpTransportFactory transportFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InternalAwsSecurityCredentialsSupplier(AwsCredentialSource awsCredentialSource, EnvironmentProvider environmentProvider, HttpTransportFactory httpTransportFactory) {
        this.environmentProvider = environmentProvider;
        this.awsCredentialSource = awsCredentialSource;
        this.transportFactory = httpTransportFactory;
    }

    @Override // com.google.auth.oauth2.AwsSecurityCredentialsSupplier
    public AwsSecurityCredentials getCredentials(ExternalAccountSupplierContext externalAccountSupplierContext) throws IOException {
        if (canRetrieveSecurityCredentialsFromEnvironment()) {
            return new AwsSecurityCredentials(this.environmentProvider.getEnv(AWS_ACCESS_KEY_ID), this.environmentProvider.getEnv(AWS_SECRET_ACCESS_KEY), this.environmentProvider.getEnv("AWS_SESSION_TOKEN"));
        }
        Map<String, Object> createMetadataRequestHeaders = createMetadataRequestHeaders(this.awsCredentialSource);
        if (this.awsCredentialSource.url == null || this.awsCredentialSource.url.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        GenericJson genericJson = (GenericJson) OAuth2Utils.JSON_FACTORY.createJsonParser(retrieveResource(this.awsCredentialSource.url + UserAgentConstant.SLASH + retrieveResource(this.awsCredentialSource.url, "IAM role", createMetadataRequestHeaders), "credentials", createMetadataRequestHeaders)).parseAndClose(GenericJson.class);
        return new AwsSecurityCredentials((String) genericJson.get("AccessKeyId"), (String) genericJson.get("SecretAccessKey"), (String) genericJson.get("Token"));
    }

    @Override // com.google.auth.oauth2.AwsSecurityCredentialsSupplier
    public String getRegion(ExternalAccountSupplierContext externalAccountSupplierContext) throws IOException {
        if (canRetrieveRegionFromEnvironment()) {
            String env = this.environmentProvider.getEnv(AWS_REGION);
            return (env == null || env.trim().length() <= 0) ? this.environmentProvider.getEnv(AWS_DEFAULT_REGION) : env;
        }
        Map<String, Object> createMetadataRequestHeaders = createMetadataRequestHeaders(this.awsCredentialSource);
        if (this.awsCredentialSource.regionUrl == null || this.awsCredentialSource.regionUrl.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        String retrieveResource = retrieveResource(this.awsCredentialSource.regionUrl, "region", createMetadataRequestHeaders);
        return retrieveResource.substring(0, retrieveResource.length() - 1);
    }

    private boolean canRetrieveRegionFromEnvironment() {
        Iterator<E> it = ImmutableList.of(AWS_REGION, AWS_DEFAULT_REGION).iterator();
        while (it.hasNext()) {
            String env = this.environmentProvider.getEnv((String) it.next());
            if (env != null && env.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    private boolean canRetrieveSecurityCredentialsFromEnvironment() {
        Iterator<E> it = ImmutableList.of(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY).iterator();
        while (it.hasNext()) {
            String env = this.environmentProvider.getEnv((String) it.next());
            if (env == null || env.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    @VisibleForTesting
    boolean shouldUseMetadataServer() {
        return (canRetrieveRegionFromEnvironment() && canRetrieveSecurityCredentialsFromEnvironment()) ? false : true;
    }

    private String retrieveResource(String str, String str2, Map<String, Object> map) throws IOException {
        return retrieveResource(str, str2, HttpGet.METHOD_NAME, map, null);
    }

    private String retrieveResource(String str, String str2, String str3, Map<String, Object> map, @Nullable HttpContent httpContent) throws IOException {
        try {
            HttpRequest buildRequest = this.transportFactory.create().createRequestFactory().buildRequest(str3, new GenericUrl(str), httpContent);
            HttpHeaders headers = buildRequest.getHeaders();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                headers.set(entry.getKey(), entry.getValue());
            }
            return buildRequest.execute().parseAsString();
        } catch (IOException e) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e);
        }
    }

    @VisibleForTesting
    Map<String, Object> createMetadataRequestHeaders(AwsCredentialSource awsCredentialSource) throws IOException {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.imdsv2SessionTokenUrl != null) {
            hashMap.put(AWS_IMDSV2_SESSION_TOKEN_HEADER, retrieveResource(awsCredentialSource.imdsv2SessionTokenUrl, "Session Token", HttpPut.METHOD_NAME, new HashMap<String, Object>() { // from class: com.google.auth.oauth2.InternalAwsSecurityCredentialsSupplier.1
                {
                    put(InternalAwsSecurityCredentialsSupplier.AWS_IMDSV2_SESSION_TOKEN_TTL_HEADER, InternalAwsSecurityCredentialsSupplier.AWS_IMDSV2_SESSION_TOKEN_TTL);
                }
            }, null));
        }
        return hashMap;
    }
}
