package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.DefaultRequest;
import com.amazonaws.Response;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.http.ExecutionContext;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.cognitoidentity.model.ResourceNotFoundException;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityResult;
import com.amazonaws.services.securitytoken.model.transform.AssumeRoleWithWebIdentityResultStaxUnmarshaller;
import com.amazonaws.util.AWSRequestMetrics;
import com.amazonaws.util.StringUtils;
import com.squareup.picasso.Dispatcher;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public String authRoleArn;
    public AmazonCognitoIdentity cib;
    public final ReentrantReadWriteLock credentialsLock;
    public final AWSCognitoIdentityProvider identityProvider;
    public int refreshThreshold;
    public final String region;
    public AWSSecurityTokenService securityTokenService;
    public AWSSessionCredentials sessionCredentials;
    public Date sessionCredentialsExpiration;
    public int sessionDuration;
    public String token;
    public String unauthRoleArn;
    public final boolean useEnhancedFlow;

    static {
        LogFactory.getLog(AWSCredentialsProviderChain.class);
    }

    public CognitoCredentialsProvider(String str, Regions regions) {
        AmazonCognitoIdentityClient amazonCognitoIdentityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials(), new ClientConfiguration());
        amazonCognitoIdentityClient.setRegion(RegionUtils.getRegion(regions.name));
        this.cib = amazonCognitoIdentityClient;
        this.region = amazonCognitoIdentityClient.getRegions().name;
        this.securityTokenService = null;
        this.unauthRoleArn = null;
        this.authRoleArn = null;
        this.sessionDuration = 3600;
        this.refreshThreshold = Dispatcher.RETRY_DELAY;
        this.useEnhancedFlow = true;
        this.identityProvider = new AWSEnhancedCognitoIdentityProvider(null, str, amazonCognitoIdentityClient);
        this.credentialsLock = new ReentrantReadWriteLock(true);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        this.credentialsLock.writeLock().lock();
        try {
            if (needsNewSession()) {
                startSession();
            }
            AWSSessionCredentials aWSSessionCredentials = this.sessionCredentials;
            this.credentialsLock.writeLock().unlock();
            return aWSSessionCredentials;
        } catch (Throwable th) {
            this.credentialsLock.writeLock().unlock();
            throw th;
        }
    }

    public String getIdentityId() {
        return ((AWSAbstractCognitoIdentityProvider) this.identityProvider).getIdentityId();
    }

    public Map<String, String> getLogins() {
        return ((AWSAbstractCognitoIdentityProvider) this.identityProvider).loginsMap;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public String getUserAgent() {
        throw null;
    }

    public boolean needsNewSession() {
        if (this.sessionCredentials == null) {
            return true;
        }
        return this.sessionCredentialsExpiration.getTime() - (System.currentTimeMillis() - ((long) (SDKGlobalConfiguration.getGlobalTimeOffset() * 1000))) < ((long) (this.refreshThreshold * 1000));
    }

    public final GetCredentialsForIdentityResult retryGetCredentialsForIdentity() {
        Map<String, String> logins;
        String retryRefresh = retryRefresh();
        this.token = retryRefresh;
        if (retryRefresh == null || retryRefresh.isEmpty()) {
            logins = getLogins();
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(Regions.CN_NORTH_1.name.equals(this.region) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", this.token);
            logins = hashMap;
        }
        GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
        getCredentialsForIdentityRequest.identityId = getIdentityId();
        getCredentialsForIdentityRequest.logins = logins;
        getCredentialsForIdentityRequest.customRoleArn = null;
        return ((AmazonCognitoIdentityClient) this.cib).getCredentialsForIdentity(getCredentialsForIdentityRequest);
    }

    public final String retryRefresh() {
        setIdentityId(null);
        String refresh = this.identityProvider.refresh();
        this.token = refresh;
        return refresh;
    }

    public void setIdentityId(String str) {
        ((AWSAbstractCognitoIdentityProvider) this.identityProvider).identityChanged(str);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setSessionCredentialsExpiration(Date date) {
        this.credentialsLock.writeLock().lock();
        try {
            this.sessionCredentialsExpiration = date;
            this.credentialsLock.writeLock().unlock();
        } catch (Throwable th) {
            this.credentialsLock.writeLock().unlock();
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public void startSession() {
        Response<?> response;
        Map<String, String> logins;
        GetCredentialsForIdentityResult retryGetCredentialsForIdentity;
        try {
            this.token = this.identityProvider.refresh();
        } catch (ResourceNotFoundException unused) {
            this.token = retryRefresh();
        } catch (AmazonServiceException e) {
            if (!e.getErrorCode().equals("ValidationException")) {
                throw e;
            }
            this.token = retryRefresh();
        }
        DefaultRequest<?> defaultRequest = null;
        if (this.useEnhancedFlow) {
            String str = this.token;
            if (str == null || str.isEmpty()) {
                logins = getLogins();
            } else {
                HashMap hashMap = new HashMap();
                hashMap.put(Regions.CN_NORTH_1.name.equals(this.region) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", str);
                logins = hashMap;
            }
            GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
            getCredentialsForIdentityRequest.identityId = getIdentityId();
            getCredentialsForIdentityRequest.logins = logins;
            getCredentialsForIdentityRequest.customRoleArn = null;
            try {
                retryGetCredentialsForIdentity = ((AmazonCognitoIdentityClient) this.cib).getCredentialsForIdentity(getCredentialsForIdentityRequest);
            } catch (ResourceNotFoundException unused2) {
                retryGetCredentialsForIdentity = retryGetCredentialsForIdentity();
            } catch (AmazonServiceException e2) {
                if (!e2.getErrorCode().equals("ValidationException")) {
                    throw e2;
                }
                retryGetCredentialsForIdentity = retryGetCredentialsForIdentity();
            }
            Credentials credentials = retryGetCredentialsForIdentity.credentials;
            this.sessionCredentials = new BasicSessionCredentials(credentials.accessKeyId, credentials.secretKey, credentials.sessionToken);
            setSessionCredentialsExpiration(credentials.expiration);
            if (!retryGetCredentialsForIdentity.identityId.equals(getIdentityId())) {
                setIdentityId(retryGetCredentialsForIdentity.identityId);
            }
        } else {
            String str2 = this.token;
            Map<String, String> map = ((AWSAbstractCognitoIdentityProvider) this.identityProvider).loginsMap;
            String str3 = map != null && map.size() > 0 ? this.authRoleArn : this.unauthRoleArn;
            AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
            assumeRoleWithWebIdentityRequest.webIdentityToken = str2;
            assumeRoleWithWebIdentityRequest.roleArn = str3;
            assumeRoleWithWebIdentityRequest.roleSessionName = "ProviderSession";
            assumeRoleWithWebIdentityRequest.durationSeconds = Integer.valueOf(this.sessionDuration);
            assumeRoleWithWebIdentityRequest.requestClientOptions.appendUserAgent(getUserAgent());
            AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = (AWSSecurityTokenServiceClient) this.securityTokenService;
            ExecutionContext createExecutionContext = aWSSecurityTokenServiceClient.createExecutionContext(assumeRoleWithWebIdentityRequest);
            AWSRequestMetrics aWSRequestMetrics = createExecutionContext.awsRequestMetrics;
            aWSRequestMetrics.startEvent(AWSRequestMetrics.Field.ClientExecuteTime);
            try {
                DefaultRequest<?> defaultRequest2 = new DefaultRequest<>(assumeRoleWithWebIdentityRequest, "AWSSecurityTokenService");
                defaultRequest2.parameters.put("Action", "AssumeRoleWithWebIdentity");
                defaultRequest2.parameters.put("Version", "2011-06-15");
                String str4 = assumeRoleWithWebIdentityRequest.roleArn;
                if (str4 != null) {
                    StringUtils.fromString(str4);
                    defaultRequest2.parameters.put("RoleArn", str4);
                }
                String str5 = assumeRoleWithWebIdentityRequest.roleSessionName;
                if (str5 != null) {
                    StringUtils.fromString(str5);
                    defaultRequest2.parameters.put("RoleSessionName", str5);
                }
                String str6 = assumeRoleWithWebIdentityRequest.webIdentityToken;
                if (str6 != null) {
                    StringUtils.fromString(str6);
                    defaultRequest2.parameters.put("WebIdentityToken", str6);
                }
                Integer num = assumeRoleWithWebIdentityRequest.durationSeconds;
                if (num != null) {
                    defaultRequest2.parameters.put("DurationSeconds", StringUtils.fromInteger(num));
                }
                try {
                    defaultRequest2.setAWSRequestMetrics(aWSRequestMetrics);
                    Response<?> invoke = aWSSecurityTokenServiceClient.invoke(defaultRequest2, new AssumeRoleWithWebIdentityResultStaxUnmarshaller(), createExecutionContext);
                    try {
                        AssumeRoleWithWebIdentityResult assumeRoleWithWebIdentityResult = (AssumeRoleWithWebIdentityResult) invoke.response;
                        aWSRequestMetrics.endEvent(AWSRequestMetrics.Field.ClientExecuteTime);
                        aWSSecurityTokenServiceClient.endClientExecution(aWSRequestMetrics, defaultRequest2, invoke, false);
                        com.amazonaws.services.securitytoken.model.Credentials credentials2 = assumeRoleWithWebIdentityResult.credentials;
                        this.sessionCredentials = new BasicSessionCredentials(credentials2.accessKeyId, credentials2.secretAccessKey, credentials2.sessionToken);
                        setSessionCredentialsExpiration(credentials2.expiration);
                    } catch (Throwable th) {
                        defaultRequest = invoke;
                        th = th;
                        response = defaultRequest;
                        defaultRequest = defaultRequest2;
                        aWSRequestMetrics.endEvent(AWSRequestMetrics.Field.ClientExecuteTime);
                        aWSSecurityTokenServiceClient.endClientExecution(aWSRequestMetrics, defaultRequest, response, false);
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (Throwable th3) {
                th = th3;
                response = null;
            }
        }
    }
}
