package com.amazonaws.auth;

import com.amazonaws.SdkClientException;
import com.amazonaws.internal.CredentialsEndpointProvider;
import com.amazonaws.retry.internal.CredentialsEndpointRetryPolicy;
import com.amazonaws.util.StringUtils;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URI;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/amazonaws/auth/ContainerCredentialsProvider.class */
public class ContainerCredentialsProvider implements AWSCredentialsProvider {
    static final String ECS_CONTAINER_CREDENTIALS_PATH = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
    static final String CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
    static final String AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE = "AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE";
    static final String CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
    static final String CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
    private static final String HTTPS = "https";
    private static final String ECS_CREDENTIALS_ENDPOINT = "http://169.254.170.2";
    private final ContainerCredentialsFetcher credentialsFetcher;
    private static final String ECS_CONTAINER_HOST = "169.254.170.2";
    private static final String EKS_CONTAINER_HOST = "169.254.170.23";
    private static final List<String> VALID_LOOP_BACK_IPV4 = Arrays.asList(ECS_CONTAINER_HOST, EKS_CONTAINER_HOST);
    private static final String EKS_CONTAINER_HOST_IPV6 = "[fd00:ec2::23]";
    private static final List<String> VALID_LOOP_BACK_IPV6 = Arrays.asList(EKS_CONTAINER_HOST_IPV6);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/amazonaws/auth/ContainerCredentialsProvider$ECSCredentialsEndpointProvider.class */
    public static class ECSCredentialsEndpointProvider extends CredentialsEndpointProvider {
        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public URI getCredentialsEndpoint() {
            String str = System.getenv(ContainerCredentialsProvider.ECS_CONTAINER_CREDENTIALS_PATH);
            if (str == null) {
                throw new SdkClientException("The environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is empty");
            }
            return URI.create(ContainerCredentialsProvider.ECS_CREDENTIALS_ENDPOINT + str);
        }

        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public CredentialsEndpointRetryPolicy getRetryPolicy() {
            return ContainerCredentialsRetryPolicy.getInstance();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/amazonaws/auth/ContainerCredentialsProvider$FullUriCredentialsEndpointProvider.class */
    public static class FullUriCredentialsEndpointProvider extends CredentialsEndpointProvider {
        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public URI getCredentialsEndpoint() {
            String str = System.getenv(ContainerCredentialsProvider.CONTAINER_CREDENTIALS_FULL_URI);
            if (str == null || str.length() == 0) {
                throw new SdkClientException("The environment variable AWS_CONTAINER_CREDENTIALS_FULL_URI is empty");
            }
            URI create = URI.create(str);
            if (isHttps(create) || isAllowedHost(create.getHost())) {
                return create;
            }
            throw new SdkClientException("The full URI (" + create + ") contained withing environment variable " + ContainerCredentialsProvider.CONTAINER_CREDENTIALS_FULL_URI + " has an invalid host. Host should resolve to a loopback address or have the full URI be HTTPS.");
        }

        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public Map<String, String> getHeaders() {
            String tokenValue = getTokenValue();
            return StringUtils.isNullOrEmpty(tokenValue) ? new HashMap() : Collections.singletonMap("Authorization", tokenValue);
        }

        private String getTokenValue() {
            if (System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN) != null) {
                return System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN);
            }
            if (System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN_FILE) != null) {
                return readToken(System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN_FILE));
            }
            return null;
        }

        private String readToken(String str) {
            try {
                return new String(Files.readAllBytes(FileSystems.getDefault().getPath(str, new String[0])), StringUtils.UTF8);
            } catch (IOException e) {
                throw new SdkClientException(String.format("Cannot fetch credentials from container - failed to read %s", str));
            }
        }

        private boolean isHttps(URI uri) {
            return Objects.equals(ContainerCredentialsProvider.HTTPS, uri.getScheme());
        }

        /* JADX WARN: Code restructure failed: missing block: B:17:0x003f, code lost:
        
            if (isMetadataServiceEndpoint(r9) != false) goto L15;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private boolean isAllowedHost(java.lang.String r9) {
            /*
                r8 = this;
                r0 = r9
                java.net.InetAddress[] r0 = java.net.InetAddress.getAllByName(r0)     // Catch: java.net.UnknownHostException -> L48
                r10 = r0
                r0 = 1
                r11 = r0
                r0 = r10
                r12 = r0
                r0 = r12
                int r0 = r0.length     // Catch: java.net.UnknownHostException -> L48
                r13 = r0
                r0 = 0
                r14 = r0
            L12:
                r0 = r14
                r1 = r13
                if (r0 >= r1) goto L31
                r0 = r12
                r1 = r14
                r0 = r0[r1]     // Catch: java.net.UnknownHostException -> L48
                r15 = r0
                r0 = r8
                r1 = r15
                boolean r0 = r0.isLoopbackAddress(r1)     // Catch: java.net.UnknownHostException -> L48
                if (r0 != 0) goto L2b
                r0 = 0
                r11 = r0
            L2b:
                int r14 = r14 + 1
                goto L12
            L31:
                r0 = r10
                int r0 = r0.length     // Catch: java.net.UnknownHostException -> L48
                if (r0 <= 0) goto L46
                r0 = r11
                if (r0 != 0) goto L42
                r0 = r8
                r1 = r9
                boolean r0 = r0.isMetadataServiceEndpoint(r1)     // Catch: java.net.UnknownHostException -> L48
                if (r0 == 0) goto L46
            L42:
                r0 = 1
                goto L47
            L46:
                r0 = 0
            L47:
                return r0
            L48:
                r10 = move-exception
                com.amazonaws.SdkClientException r0 = new com.amazonaws.SdkClientException
                r1 = r0
                java.lang.String r2 = "host (%s) could not be resolved to an IP address."
                r3 = 1
                java.lang.Object[] r3 = new java.lang.Object[r3]
                r4 = r3
                r5 = 0
                r6 = r9
                r4[r5] = r6
                java.lang.String r2 = java.lang.String.format(r2, r3)
                r3 = r10
                r1.<init>(r2, r3)
                throw r0
            */
            throw new UnsupportedOperationException("Method not decompiled: com.amazonaws.auth.ContainerCredentialsProvider.FullUriCredentialsEndpointProvider.isAllowedHost(java.lang.String):boolean");
        }

        private boolean isLoopbackAddress(InetAddress inetAddress) {
            return inetAddress.isLoopbackAddress();
        }

        private boolean isMetadataServiceEndpoint(String str) {
            return "IPV6".equalsIgnoreCase(System.getenv(ContainerCredentialsProvider.AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE)) ? ContainerCredentialsProvider.VALID_LOOP_BACK_IPV6.contains(str) : ContainerCredentialsProvider.VALID_LOOP_BACK_IPV4.contains(str);
        }

        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public CredentialsEndpointRetryPolicy getRetryPolicy() {
            return ContainerCredentialsRetryPolicy.getInstance();
        }
    }

    @Deprecated
    public ContainerCredentialsProvider() {
        this(new ECSCredentialsEndpointProvider());
    }

    public ContainerCredentialsProvider(CredentialsEndpointProvider credentialsEndpointProvider) {
        this.credentialsFetcher = new ContainerCredentialsFetcher(credentialsEndpointProvider);
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSCredentials getCredentials() {
        return this.credentialsFetcher.getCredentials();
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        this.credentialsFetcher.refresh();
    }

    public Date getCredentialsExpiration() {
        return this.credentialsFetcher.getCredentialsExpiration();
    }
}
