package com.google.auth.oauth2;

import U.J;
import b4.InterfaceC0838e;
import com.google.android.gms.common.internal.ImagesContract;
import com.google.api.client.http.C1017k;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.x;
import com.google.common.collect.ImmutableList;
import com.google.firebase.analytics.FirebaseAnalytics;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes2.dex */
public class AwsCredentials extends ExternalAccountCredentials {

    /* renamed from: j0, reason: collision with root package name */
    public static final String f28400j0 = "AWS_REGION";

    /* renamed from: k0, reason: collision with root package name */
    public static final String f28401k0 = "AWS_DEFAULT_REGION";

    /* renamed from: l0, reason: collision with root package name */
    public static final String f28402l0 = "AWS_ACCESS_KEY_ID";

    /* renamed from: m0, reason: collision with root package name */
    public static final String f28403m0 = "AWS_SECRET_ACCESS_KEY";

    /* renamed from: n0, reason: collision with root package name */
    public static final String f28404n0 = "AWS_SESSION_TOKEN";

    /* renamed from: o0, reason: collision with root package name */
    public static final String f28405o0 = "x-aws-ec2-metadata-token";

    /* renamed from: p0, reason: collision with root package name */
    public static final String f28406p0 = "x-aws-ec2-metadata-token-ttl-seconds";

    /* renamed from: q0, reason: collision with root package name */
    public static final String f28407q0 = "300";

    /* renamed from: r0, reason: collision with root package name */
    public static final long f28408r0 = -3670131891574618105L;

    /* renamed from: i0, reason: collision with root package name */
    public final AwsCredentialSource f28409i0;

    /* loaded from: classes2.dex */
    public static class AwsCredentialSource extends ExternalAccountCredentials.CredentialSource {

        /* renamed from: A, reason: collision with root package name */
        public static final long f28411A = -4180558200808134436L;

        /* renamed from: z, reason: collision with root package name */
        public static final String f28412z = "imdsv2_session_token_url";

        /* renamed from: v, reason: collision with root package name */
        public final String f28413v;

        /* renamed from: w, reason: collision with root package name */
        public final String f28414w;

        /* renamed from: x, reason: collision with root package name */
        public final String f28415x;

        /* renamed from: y, reason: collision with root package name */
        public final String f28416y;

        public AwsCredentialSource(Map<String, Object> map) {
            super(map);
            if (!map.containsKey("regional_cred_verification_url")) {
                throw new IllegalArgumentException("A regional_cred_verification_url representing the GetCallerIdentity action URL must be specified.");
            }
            Matcher matcher = Pattern.compile("(aws)([\\d]+)").matcher((String) map.get("environment_id"));
            if (!matcher.matches()) {
                throw new IllegalArgumentException("Invalid AWS environment ID.");
            }
            int parseInt = Integer.parseInt(matcher.group(2));
            if (parseInt != 1) {
                throw new IllegalArgumentException(String.format("AWS version %s is not supported in the current build.", Integer.valueOf(parseInt)));
            }
            this.f28413v = (String) map.get("region_url");
            this.f28414w = (String) map.get(ImagesContract.URL);
            this.f28415x = (String) map.get("regional_cred_verification_url");
            if (map.containsKey(f28412z)) {
                this.f28416y = (String) map.get(f28412z);
            } else {
                this.f28416y = null;
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class a extends ExternalAccountCredentials.b {
        public a() {
        }

        public a(AwsCredentials awsCredentials) {
            super(awsCredentials);
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.b
        /* renamed from: d, reason: merged with bridge method [inline-methods] */
        public AwsCredentials b() {
            return new AwsCredentials(this);
        }
    }

    public AwsCredentials(a aVar) {
        super(aVar);
        this.f28409i0 = (AwsCredentialSource) aVar.f28505i;
    }

    public static K3.b r0(String str, String str2) {
        K3.b bVar = new K3.b();
        bVar.e(q.f28888j);
        bVar.put(J.f11110j, str);
        bVar.put("value", str2);
        return bVar;
    }

    public static a s0() {
        return new a();
    }

    public static a t0(AwsCredentials awsCredentials) {
        return new a(awsCredentials);
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials C(Collection<String> collection) {
        return new AwsCredentials((a) t0(this).setScopes(collection));
    }

    @InterfaceC0838e
    public String getAwsRegion(Map<String, Object> map) throws IOException {
        if (o0()) {
            String env = getEnvironmentProvider().getEnv(f28400j0);
            return (env == null || env.trim().length() <= 0) ? getEnvironmentProvider().getEnv(f28401k0) : env;
        }
        if (this.f28409i0.f28413v == null || this.f28409i0.f28413v.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return v0(this.f28409i0.f28413v, "region", map).substring(0, r3.length() - 1);
    }

    @InterfaceC0838e
    public e getAwsSecurityCredentials(Map<String, Object> map) throws IOException {
        if (p0()) {
            return new e(getEnvironmentProvider().getEnv(f28402l0), getEnvironmentProvider().getEnv(f28403m0), getEnvironmentProvider().getEnv(f28404n0));
        }
        if (this.f28409i0.f28414w == null || this.f28409i0.f28414w.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        K3.b bVar = (K3.b) q.f28888j.g(v0(this.f28409i0.f28414w + "/" + v0(this.f28409i0.f28414w, "IAM role", map), "credentials", map)).B(K3.b.class);
        return new e((String) bVar.get("AccessKeyId"), (String) bVar.get("SecretAccessKey"), (String) bVar.get(z.h.f44230b));
    }

    @InterfaceC0838e
    public String getEnv(String str) {
        return System.getenv(str);
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String k0() throws IOException {
        Map<String, Object> hashMap = new HashMap<>();
        if (w0()) {
            hashMap = q0(this.f28409i0);
        }
        String awsRegion = getAwsRegion(hashMap);
        e awsSecurityCredentials = getAwsSecurityCredentials(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("x-goog-cloud-target-resource", getAudience());
        return n0(d.e(awsSecurityCredentials, "POST", this.f28409i0.f28415x.replace("{region}", awsRegion), awsRegion).setAdditionalHeaders(hashMap2).a().f());
    }

    public final String n0(c cVar) throws UnsupportedEncodingException {
        Map<String, String> canonicalHeaders = cVar.getCanonicalHeaders();
        ArrayList arrayList = new ArrayList();
        for (String str : canonicalHeaders.keySet()) {
            arrayList.add(r0(str, canonicalHeaders.get(str)));
        }
        arrayList.add(r0("Authorization", cVar.getAuthorizationHeader()));
        arrayList.add(r0("x-goog-cloud-target-resource", getAudience()));
        K3.b bVar = new K3.b();
        bVar.e(q.f28888j);
        bVar.put("headers", arrayList);
        bVar.put(FirebaseAnalytics.Param.METHOD, cVar.getHttpMethod());
        bVar.put(ImagesContract.URL, this.f28409i0.f28415x.replace("{region}", cVar.getRegion()));
        return URLEncoder.encode(bVar.toString(), "UTF-8");
    }

    public final boolean o0() {
        Iterator<E> it = ImmutableList.C(f28400j0, f28401k0).iterator();
        while (it.hasNext()) {
            String env = getEnvironmentProvider().getEnv((String) it.next());
            if (env != null && env.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    public final boolean p0() {
        Iterator<E> it = ImmutableList.C(f28402l0, f28403m0).iterator();
        while (it.hasNext()) {
            String env = getEnvironmentProvider().getEnv((String) it.next());
            if (env == null || env.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    @InterfaceC0838e
    public Map<String, Object> q0(AwsCredentialSource awsCredentialSource) throws IOException {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.f28416y != null) {
            hashMap.put(f28405o0, u0(awsCredentialSource.f28416y, "Session Token", com.google.api.client.http.v.f28125h, new HashMap<String, Object>() { // from class: com.google.auth.oauth2.AwsCredentials.1
                {
                    put(AwsCredentials.f28406p0, AwsCredentials.f28407q0);
                }
            }, null));
        }
        return hashMap;
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken t() throws IOException {
        x.b audience = x.f(k0(), getSubjectTokenType()).setAudience(getAudience());
        Collection<String> scopes = getScopes();
        if (scopes != null && !scopes.isEmpty()) {
            audience.setScopes(new ArrayList(scopes));
        }
        return b0(audience.a());
    }

    public final String u0(String str, String str2, String str3, Map<String, Object> map, @M4.h com.google.api.client.http.o oVar) throws IOException {
        try {
            com.google.api.client.http.w g7 = this.f28488a0.a().c().g(str3, new C1017k(str), oVar);
            com.google.api.client.http.s headers = g7.getHeaders();
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                headers.set(entry.getKey(), entry.getValue());
            }
            return g7.b().k();
        } catch (IOException e7) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e7);
        }
    }

    public final String v0(String str, String str2, Map<String, Object> map) throws IOException {
        return u0(str, str2, "GET", map, null);
    }

    @InterfaceC0838e
    public boolean w0() {
        return (o0() && p0()) ? false : true;
    }
}
