package com.google.auth.oauth2;

import androidx.browser.trusted.sharing.ShareTarget;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.n;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes4.dex */
public class AwsCredentials extends ExternalAccountCredentials {
    private static final long serialVersionUID = -3670131891574618105L;
    private final AwsCredentialSource Q;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class AwsCredentialSource extends ExternalAccountCredentials.CredentialSource {
        private static final long serialVersionUID = -4180558200808134436L;

        /* renamed from: c, reason: collision with root package name */
        private final String f23097c;

        /* renamed from: d, reason: collision with root package name */
        private final String f23098d;

        /* renamed from: p, reason: collision with root package name */
        private final String f23099p;

        /* renamed from: q, reason: collision with root package name */
        private final String f23100q;

        /* JADX INFO: Access modifiers changed from: package-private */
        public AwsCredentialSource(Map<String, Object> map) {
            super(map);
            if (!map.containsKey("regional_cred_verification_url")) {
                throw new IllegalArgumentException("A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.");
            }
            Matcher matcher = Pattern.compile("(aws)([\\d]+)").matcher((String) map.get("environment_id"));
            if (!matcher.matches()) {
                throw new IllegalArgumentException("Invalid AWS environment ID.");
            }
            int parseInt = Integer.parseInt(matcher.group(2));
            if (parseInt != 1) {
                throw new IllegalArgumentException(String.format("AWS version %s is not supported in the current build.", Integer.valueOf(parseInt)));
            }
            this.f23097c = (String) map.get("region_url");
            this.f23098d = (String) map.get("url");
            this.f23099p = (String) map.get("regional_cred_verification_url");
            if (map.containsKey("imdsv2_session_token_url")) {
                this.f23100q = (String) map.get("imdsv2_session_token_url");
            } else {
                this.f23100q = null;
            }
        }
    }

    /* loaded from: classes4.dex */
    public static class a extends ExternalAccountCredentials.a {
        a() {
        }

        a(AwsCredentials awsCredentials) {
            super(awsCredentials);
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.a
        /* renamed from: u, reason: merged with bridge method [inline-methods] */
        public AwsCredentials f() {
            return new AwsCredentials(this);
        }
    }

    AwsCredentials(a aVar) {
        super(aVar);
        this.Q = (AwsCredentialSource) aVar.f23116i;
    }

    private String X(c cVar) {
        Map<String, String> b10 = cVar.b();
        ArrayList arrayList = new ArrayList();
        for (String str : b10.keySet()) {
            arrayList.add(b0(str, b10.get(str)));
        }
        arrayList.add(b0("Authorization", cVar.a()));
        arrayList.add(b0("x-goog-cloud-target-resource", L()));
        l7.b bVar = new l7.b();
        bVar.j(j.f23295f);
        bVar.put("headers", arrayList);
        bVar.put("method", cVar.c());
        bVar.put("url", this.Q.f23099p.replace("{region}", cVar.d()));
        return URLEncoder.encode(bVar.toString(), "UTF-8");
    }

    private boolean Y() {
        Iterator<E> it = ImmutableList.y("AWS_REGION", "AWS_DEFAULT_REGION").iterator();
        while (it.hasNext()) {
            String a10 = M().a((String) it.next());
            if (a10 != null && a10.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    private boolean Z() {
        Iterator<E> it = ImmutableList.y("AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY").iterator();
        while (it.hasNext()) {
            String a10 = M().a((String) it.next());
            if (a10 == null || a10.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    private static l7.b b0(String str, String str2) {
        l7.b bVar = new l7.b();
        bVar.j(j.f23295f);
        bVar.put("key", str);
        bVar.put("value", str2);
        return bVar;
    }

    public static a e0() {
        return new a();
    }

    public static a f0(AwsCredentials awsCredentials) {
        return new a(awsCredentials);
    }

    private String g0(String str, String str2, String str3, Map<String, Object> map, i7.e eVar) {
        try {
            com.google.api.client.http.e c10 = this.M.a().c().c(str3, new i7.b(str), eVar);
            com.google.api.client.http.c e10 = c10.e();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                e10.e(entry.getKey(), entry.getValue());
            }
            return c10.b().l();
        } catch (IOException e11) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e11);
        }
    }

    private String h0(String str, String str2, Map<String, Object> map) {
        return g0(str, str2, ShareTarget.METHOD_GET, map, null);
    }

    Map<String, Object> a0(AwsCredentialSource awsCredentialSource) {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.f23100q != null) {
            hashMap.put("x-aws-ec2-metadata-token", g0(awsCredentialSource.f23100q, "Session Token", "PUT", new HashMap<String, Object>() { // from class: com.google.auth.oauth2.AwsCredentials.1
                {
                    put("x-aws-ec2-metadata-token-ttl-seconds", "300");
                }
            }, null));
        }
        return hashMap;
    }

    String c0(Map<String, Object> map) {
        if (Y()) {
            String a10 = M().a("AWS_REGION");
            return (a10 == null || a10.trim().length() <= 0) ? M().a("AWS_DEFAULT_REGION") : a10;
        }
        if (this.Q.f23097c == null || this.Q.f23097c.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return h0(this.Q.f23097c, "region", map).substring(0, r3.length() - 1);
    }

    e d0(Map<String, Object> map) {
        if (Z()) {
            return new e(M().a("AWS_ACCESS_KEY_ID"), M().a("AWS_SECRET_ACCESS_KEY"), M().a("AWS_SESSION_TOKEN"));
        }
        if (this.Q.f23098d == null || this.Q.f23098d.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        l7.b bVar = (l7.b) j.f23295f.d(h0(this.Q.f23098d + "/" + h0(this.Q.f23098d, "IAM role", map), "credentials", map)).C(l7.b.class);
        return new e((String) bVar.get("AccessKeyId"), (String) bVar.get("SecretAccessKey"), (String) bVar.get("Token"));
    }

    public String i0() {
        Map<String, Object> hashMap = new HashMap<>();
        if (j0()) {
            hashMap = a0(this.Q);
        }
        String c02 = c0(hashMap);
        e d02 = d0(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("x-goog-cloud-target-resource", L());
        return X(d.g(d02, ShareTarget.METHOD_POST, this.Q.f23099p.replace("{region}", c02), c02).b(hashMap2).a().h());
    }

    boolean j0() {
        return (Y() && Z()) ? false : true;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken n() {
        n.b b10 = n.n(i0(), P()).b(L());
        Collection<String> N = N();
        if (N != null && !N.isEmpty()) {
            b10.c(new ArrayList(N));
        }
        return J(b10.a());
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials r(Collection<String> collection) {
        return new AwsCredentials((a) f0(this).m(collection));
    }
}
