package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public abstract class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public final AmazonCognitoIdentityClient cib;
    public final ReentrantReadWriteLock credentialsLock;
    public String customRoleArn;
    public final AWSCognitoIdentityProvider identityProvider;
    public final int refreshThreshold;
    public final String region;
    public BasicSessionCredentials sessionCredentials;
    public Date sessionCredentialsExpiration;
    public final int sessionDuration;
    public String token;
    public final boolean useEnhancedFlow;

    static {
        LogFactory.getLog(AWSCredentialsProviderChain.class);
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions) {
        AmazonCognitoIdentityClient amazonCognitoIdentityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials(), new ClientConfiguration());
        amazonCognitoIdentityClient.setRegion(RegionUtils.getRegion(regions.getName()));
        this.cib = amazonCognitoIdentityClient;
        this.region = amazonCognitoIdentityClient.getRegions().getName();
        this.identityProvider = aWSCognitoIdentityProvider;
        this.sessionDuration = 3600;
        this.refreshThreshold = 500;
        this.useEnhancedFlow = true;
        this.credentialsLock = new ReentrantReadWriteLock(true);
    }

    public abstract String getIdentityId();

    public final boolean needsNewSession() {
        if (this.sessionCredentials == null) {
            return true;
        }
        return this.sessionCredentialsExpiration.getTime() - (System.currentTimeMillis() - (SDKGlobalConfiguration.GLOBAL_TIME_OFFSET.get() * 1000)) < ((long) (this.refreshThreshold * 1000));
    }

    public final void startSession() {
        Map map;
        Map map2;
        GetCredentialsForIdentityResult credentialsForIdentity;
        AWSCognitoIdentityProvider aWSCognitoIdentityProvider = this.identityProvider;
        try {
            this.token = aWSCognitoIdentityProvider.refresh();
        } catch (AmazonServiceException e) {
            if (!e.getErrorCode().equals("ValidationException")) {
                throw e;
            }
            ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).identityChanged(null);
            this.token = aWSCognitoIdentityProvider.refresh();
        }
        if (!this.useEnhancedFlow) {
            String str = this.token;
            Map map3 = ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).loginsMap;
            if (map3 != null) {
                map3.size();
            }
            AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
            assumeRoleWithWebIdentityRequest.withWebIdentityToken(str);
            assumeRoleWithWebIdentityRequest.withRoleArn();
            assumeRoleWithWebIdentityRequest.withRoleSessionName();
            assumeRoleWithWebIdentityRequest.withDurationSeconds(Integer.valueOf(this.sessionDuration));
            String str2 = ((CognitoCachingCredentialsProvider) this).userAgentOverride;
            if (str2 == null) {
                str2 = CognitoCachingCredentialsProvider.USER_AGENT;
            }
            assumeRoleWithWebIdentityRequest.getRequestClientOptions().appendUserAgent(str2);
            throw null;
        }
        String str3 = this.token;
        String str4 = this.region;
        if (str3 == null || str3.isEmpty()) {
            map = ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).loginsMap;
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(Regions.CN_NORTH_1.getName().equals(str4) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", str3);
            map = hashMap;
        }
        GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
        getCredentialsForIdentityRequest.withIdentityId(getIdentityId());
        getCredentialsForIdentityRequest.withLogins(map);
        getCredentialsForIdentityRequest.withCustomRoleArn(this.customRoleArn);
        try {
            credentialsForIdentity = this.cib.getCredentialsForIdentity(getCredentialsForIdentityRequest);
        } catch (AmazonServiceException e2) {
            if (!e2.getErrorCode().equals("ValidationException")) {
                throw e2;
            }
            ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).identityChanged(null);
            String refresh = aWSCognitoIdentityProvider.refresh();
            this.token = refresh;
            if (refresh == null || refresh.isEmpty()) {
                map2 = ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).loginsMap;
            } else {
                HashMap hashMap2 = new HashMap();
                hashMap2.put(Regions.CN_NORTH_1.getName().equals(str4) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", this.token);
                map2 = hashMap2;
            }
            GetCredentialsForIdentityRequest getCredentialsForIdentityRequest2 = new GetCredentialsForIdentityRequest();
            getCredentialsForIdentityRequest2.withIdentityId(getIdentityId());
            getCredentialsForIdentityRequest2.withLogins(map2);
            getCredentialsForIdentityRequest2.withCustomRoleArn(this.customRoleArn);
            credentialsForIdentity = this.cib.getCredentialsForIdentity(getCredentialsForIdentityRequest2);
        }
        Credentials credentials = credentialsForIdentity.getCredentials();
        this.sessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretKey(), credentials.getSessionToken());
        Date expiration = credentials.getExpiration();
        ReentrantReadWriteLock reentrantReadWriteLock = this.credentialsLock;
        reentrantReadWriteLock.writeLock().lock();
        try {
            this.sessionCredentialsExpiration = expiration;
            reentrantReadWriteLock.writeLock().unlock();
            if (credentialsForIdentity.getIdentityId().equals(getIdentityId())) {
                return;
            }
            ((AWSAbstractCognitoIdentityProvider) aWSCognitoIdentityProvider).identityChanged(credentialsForIdentity.getIdentityId());
        } catch (Throwable th) {
            reentrantReadWriteLock.writeLock().unlock();
            throw th;
        }
    }
}
