package org.apache.hadoop.fs.s3a.auth;

import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.AWSCredentialProviderList;
import org.apache.hadoop.fs.s3a.AnonymousAWSCredentialsProvider;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.fs.s3a.SimpleAWSCredentialsProvider;
import org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider;
import org.apache.hadoop.fs.s3a.adapter.AwsV1BindingSupport;
import org.apache.hadoop.fs.s3a.impl.InstantiationIOException;
import org.apache.hadoop.fs.s3a.tools.BucketTool;
import org.apache.hadoop.fs.s3native.S3xLoginHelper;
import org.apache.hadoop.fs.store.LogExactlyOnce;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;

/* loaded from: input_file:org/apache/hadoop/fs/s3a/auth/CredentialProviderListFactory.class */
public final class CredentialProviderListFactory {

    @VisibleForTesting
    public static final String E_FORBIDDEN_AWS_PROVIDER = "AWS provider class cannot be used";
    public static final String ANONYMOUS_CREDENTIALS_V1 = "com.amazonaws.auth.AnonymousAWSCredentials";
    public static final String EC2_CONTAINER_CREDENTIALS_V1 = "com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper";
    public static final String EC2_IAM_CREDENTIALS_V1 = "com.amazonaws.auth.InstanceProfileCredentialsProvider";
    public static final String ENVIRONMENT_CREDENTIALS_V1 = "com.amazonaws.auth.EnvironmentVariableCredentialsProvider";
    public static final String PROFILE_CREDENTIALS_V1 = "com.amazonaws.auth.profile.ProfileCredentialsProvider";
    private static final Logger LOG = LoggerFactory.getLogger(CredentialProviderListFactory.class);
    private static final LogExactlyOnce LOG_REMAPPED_ENTRY = new LogExactlyOnce(LOG);
    public static final List<Class<?>> STANDARD_AWS_PROVIDERS = Collections.unmodifiableList(Arrays.asList(EnvironmentVariableCredentialsProvider.class, IAMInstanceCredentialsProvider.class, SimpleAWSCredentialsProvider.class, TemporaryAWSCredentialsProvider.class));
    public static final String EC2_IAM_CREDENTIALS_V2 = IAMInstanceCredentialsProvider.class.getName();
    public static final String ENVIRONMENT_CREDENTIALS_V2 = EnvironmentVariableCredentialsProvider.class.getName();
    public static final String PROFILE_CREDENTIALS_V2 = ProfileCredentialsProvider.class.getName();
    private static final Map<String, String> V1_V2_CREDENTIAL_PROVIDER_MAP = initCredentialProvidersMap();

    private CredentialProviderListFactory() {
    }

    public static AWSCredentialProviderList createAWSCredentialProviderList(@Nullable URI uri, Configuration configuration) throws IOException {
        S3xLoginHelper.rejectSecretsInURIs(uri);
        AWSCredentialProviderList buildAWSProviderList = buildAWSProviderList(uri, configuration, "fs.s3a.aws.credentials.provider", STANDARD_AWS_PROVIDERS, new HashSet());
        LOG.debug("For URI {}, using credentials {}", uri, buildAWSProviderList);
        return buildAWSProviderList;
    }

    private static Collection<String> loadAWSProviderClasses(Configuration configuration, String str, Class<?>... clsArr) throws IOException {
        Collection<String> trimmedStringCollection = configuration.getTrimmedStringCollection(str);
        return trimmedStringCollection.isEmpty() ? (Collection) Arrays.stream(clsArr).map(cls -> {
            return cls.getName();
        }).collect(Collectors.toList()) : trimmedStringCollection;
    }

    private static Map<String, String> initCredentialProvidersMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(ANONYMOUS_CREDENTIALS_V1, AnonymousAWSCredentialsProvider.NAME);
        hashMap.put(EC2_CONTAINER_CREDENTIALS_V1, EC2_IAM_CREDENTIALS_V2);
        hashMap.put(EC2_IAM_CREDENTIALS_V1, EC2_IAM_CREDENTIALS_V2);
        hashMap.put(ENVIRONMENT_CREDENTIALS_V1, ENVIRONMENT_CREDENTIALS_V2);
        hashMap.put(PROFILE_CREDENTIALS_V1, PROFILE_CREDENTIALS_V2);
        return hashMap;
    }

    /* JADX WARN: Type inference failed for: r22v0, types: [java.lang.Throwable, java.lang.Object, org.apache.hadoop.fs.s3a.impl.InstantiationIOException] */
    /* JADX WARN: Type inference failed for: r23v0, types: [java.lang.Throwable, org.apache.hadoop.fs.s3a.impl.InstantiationIOException] */
    public static AWSCredentialProviderList buildAWSProviderList(@Nullable URI uri, Configuration configuration, String str, List<Class<?>> list, Set<Class<?>> set) throws IOException {
        AwsCredentialsProvider createAWSV1CredentialProvider;
        Collection<String> loadAWSProviderClasses = loadAWSProviderClasses(configuration, str, (Class[]) list.toArray(new Class[list.size()]));
        Map<String, String> trimmedStringCollectionSplitByEquals = S3AUtils.getTrimmedStringCollectionSplitByEquals(configuration, Constants.AWS_CREDENTIALS_PROVIDER_MAPPING);
        Map<String, String> map = V1_V2_CREDENTIAL_PROVIDER_MAP;
        Set set2 = (Set) set.stream().map(cls -> {
            return cls.getName();
        }).collect(Collectors.toSet());
        AWSCredentialProviderList aWSCredentialProviderList = new AWSCredentialProviderList();
        Iterator<String> it = loadAWSProviderClasses.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (map.containsKey(next)) {
                String str2 = map.get(next);
                LOG_REMAPPED_ENTRY.warn("Credentials option {} contains AWS v1 SDK entry {}; mapping to {}", new Object[]{str, next, str2});
                next = str2;
            } else if (trimmedStringCollectionSplitByEquals != null && trimmedStringCollectionSplitByEquals.containsKey(next)) {
                String str3 = trimmedStringCollectionSplitByEquals.get(next);
                LOG_REMAPPED_ENTRY.debug("Credential entry {} is mapped to {}", new Object[]{next, str3});
                next = str3;
            }
            if (set2.contains(next)) {
                throw new InstantiationIOException(InstantiationIOException.Kind.Forbidden, uri, next, str, E_FORBIDDEN_AWS_PROVIDER, null);
            }
            try {
                createAWSV1CredentialProvider = createAWSV2CredentialProvider(configuration, next, uri, str);
            } catch (InstantiationIOException e) {
                if (e.getKind() != InstantiationIOException.Kind.IsNotImplementation) {
                    throw e;
                }
                if (!AwsV1BindingSupport.isAwsV1SdkAvailable()) {
                    LOG.warn("Failed to instantiate {} as AWS v2 SDK credential provider; AWS V1 SDK is not on the classpth so unable to attempt to instantiate as a v1 provider", next, (Object) e);
                    throw e;
                }
                LOG.debug("Failed to create {} as v2 credentials, trying to instantiate as v1", next);
                try {
                    createAWSV1CredentialProvider = AwsV1BindingSupport.createAWSV1CredentialProvider(configuration, next, uri, str);
                    LOG_REMAPPED_ENTRY.warn("Credentials option {} contains AWS v1 SDK entry {}", new Object[]{str, next});
                    LOG.debug("From provider class {} created Aws provider {}", next, createAWSV1CredentialProvider);
                } catch (InstantiationIOException e2) {
                    if (e2.getKind() != InstantiationIOException.Kind.IsNotImplementation) {
                        throw e2;
                    }
                    throw e;
                }
            }
            aWSCredentialProviderList.add(createAWSV1CredentialProvider);
        }
        return aWSCredentialProviderList;
    }

    private static AwsCredentialsProvider createAWSV2CredentialProvider(Configuration configuration, String str, @Nullable URI uri, String str2) throws IOException {
        LOG.debug("Credential provider class is {}", str);
        return (AwsCredentialsProvider) S3AUtils.getInstanceFromReflection(str, configuration, uri, AwsCredentialsProvider.class, BucketTool.CREATE, str2);
    }
}
