package software.amazon.awssdk.auth.credentials;

import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import software.amazon.awssdk.annotations.SdkProtectedApi;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.core.util.json.JacksonUtils;
import software.amazon.awssdk.regions.util.HttpResourcesUtils;
import software.amazon.awssdk.regions.util.ResourcesEndpointProvider;
import software.amazon.awssdk.utils.ComparableUtils;
import software.amazon.awssdk.utils.DateUtils;
import software.amazon.awssdk.utils.SdkAutoCloseable;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.cache.CachedSupplier;
import software.amazon.awssdk.utils.cache.NonBlocking;
import software.amazon.awssdk.utils.cache.RefreshResult;

@SdkProtectedApi
/* loaded from: input_file:software/amazon/awssdk/auth/credentials/HttpCredentialsProvider.class */
public abstract class HttpCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
    private final Optional<CachedSupplier<AwsCredentials>> credentialsCache;

    /* loaded from: input_file:software/amazon/awssdk/auth/credentials/HttpCredentialsProvider$Builder.class */
    public interface Builder<TypeToBuildT extends HttpCredentialsProvider, BuilderT extends Builder> {
        BuilderT asyncCredentialUpdateEnabled(Boolean bool);

        BuilderT asyncThreadName(String str);

        TypeToBuildT build();
    }

    /* loaded from: input_file:software/amazon/awssdk/auth/credentials/HttpCredentialsProvider$BuilderImpl.class */
    protected static abstract class BuilderImpl<TypeToBuildT extends HttpCredentialsProvider, BuilderT extends Builder> implements Builder<TypeToBuildT, BuilderT> {
        private boolean asyncCredentialUpdateEnabled = false;
        private String asyncThreadName;

        @Override // software.amazon.awssdk.auth.credentials.HttpCredentialsProvider.Builder
        public BuilderT asyncCredentialUpdateEnabled(Boolean bool) {
            this.asyncCredentialUpdateEnabled = bool.booleanValue();
            return this;
        }

        public void setAsyncCredentialUpdateEnabled(boolean z) {
            asyncCredentialUpdateEnabled(Boolean.valueOf(z));
        }

        @Override // software.amazon.awssdk.auth.credentials.HttpCredentialsProvider.Builder
        public BuilderT asyncThreadName(String str) {
            this.asyncThreadName = str;
            return this;
        }

        public void setAsyncThreadName(String str) {
            asyncThreadName(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpCredentialsProvider(BuilderImpl<?, ?> builderImpl) {
        this(((BuilderImpl) builderImpl).asyncCredentialUpdateEnabled, ((BuilderImpl) builderImpl).asyncThreadName);
    }

    HttpCredentialsProvider(boolean z, String str) {
        if (isLocalCredentialLoadingDisabled()) {
            this.credentialsCache = Optional.empty();
            return;
        }
        CachedSupplier.Builder builder = CachedSupplier.builder(this::refreshCredentials);
        if (z) {
            builder.prefetchStrategy(new NonBlocking(str));
        }
        this.credentialsCache = Optional.of(builder.build());
    }

    protected abstract ResourcesEndpointProvider getCredentialsEndpointProvider();

    protected boolean isLocalCredentialLoadingDisabled() {
        return false;
    }

    private RefreshResult<AwsCredentials> refreshCredentials() {
        try {
            JsonNode sensitiveJsonNodeOf = JacksonUtils.sensitiveJsonNodeOf(HttpResourcesUtils.instance().readResource(getCredentialsEndpointProvider()));
            JsonNode jsonNode = sensitiveJsonNodeOf.get("AccessKeyId");
            JsonNode jsonNode2 = sensitiveJsonNodeOf.get("SecretAccessKey");
            JsonNode jsonNode3 = sensitiveJsonNodeOf.get("Token");
            JsonNode jsonNode4 = sensitiveJsonNodeOf.get("Expiration");
            Validate.notNull(jsonNode, "Failed to load access key.", new Object[0]);
            Validate.notNull(jsonNode2, "Failed to load secret key.", new Object[0]);
            Object create = jsonNode3 == null ? AwsBasicCredentials.create(jsonNode.asText(), jsonNode2.asText()) : AwsSessionCredentials.create(jsonNode.asText(), jsonNode2.asText(), jsonNode3.asText());
            Instant orElse = getExpiration(jsonNode4).orElse(null);
            if (orElse == null || !Instant.now().isAfter(orElse)) {
                return RefreshResult.builder(create).staleTime(getStaleTime(orElse)).prefetchTime(getPrefetchTime(orElse)).build();
            }
            throw SdkClientException.builder().message("Credentials obtained from metadata service are already expired.").mo4837build();
        } catch (JsonMappingException e) {
            throw SdkClientException.builder().message("Unable to parse response returned from service endpoint.").cause(e).mo4837build();
        } catch (IOException | RuntimeException e2) {
            throw SdkClientException.builder().message("Unable to load credentials from service endpoint.").cause(e2).mo4837build();
        } catch (SdkClientException e3) {
            throw e3;
        }
    }

    private Optional<Instant> getExpiration(JsonNode jsonNode) {
        return Optional.ofNullable(jsonNode).map(jsonNode2 -> {
            try {
                return DateUtils.parseIso8601Date(jsonNode2.asText().replaceAll("\\+0000$", "Z"));
            } catch (RuntimeException e) {
                throw new IllegalStateException("Unable to parse credentials expiration date from metadata service.", e);
            }
        });
    }

    private Instant getStaleTime(Instant instant) {
        if (instant == null) {
            return null;
        }
        return instant.minus((TemporalAmount) Duration.ofMinutes(1L));
    }

    private Instant getPrefetchTime(Instant instant) {
        Instant plus = Instant.now().plus((TemporalAmount) Duration.ofHours(1L));
        return instant == null ? plus : (Instant) ComparableUtils.minimum(plus, instant.minus((TemporalAmount) Duration.ofMinutes(15L)));
    }

    @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        if (isLocalCredentialLoadingDisabled()) {
            throw SdkClientException.builder().message("Loading credentials from local endpoint is disabled. Unable to load credentials from service endpoint.").mo4837build();
        }
        return (AwsCredentials) this.credentialsCache.map((v0) -> {
            return v0.get();
        }).orElseThrow(() -> {
            return SdkClientException.builder().message("Unable to load credentials from service endpoint").mo4837build();
        });
    }

    @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        this.credentialsCache.ifPresent((v0) -> {
            v0.close();
        });
    }
}
