package com.google.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpContent;
import com.google.api.client.http.HttpHeaders;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.json.GenericJson;
import com.google.auth.oauth2.ExternalAccountCredentials;
import com.google.auth.oauth2.StsTokenExchangeRequest;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import r0.qc.tFXufnue;

/* loaded from: classes2.dex */
public class AwsCredentials extends ExternalAccountCredentials {
    private static final long serialVersionUID = -3670131891574618105L;
    public final AwsCredentialSource F;

    /* loaded from: classes.dex */
    public static class Builder extends ExternalAccountCredentials.Builder {
        public Builder() {
        }

        public Builder(AwsCredentials awsCredentials) {
            super(awsCredentials);
        }

        @Override // com.google.auth.oauth2.ExternalAccountCredentials.Builder
        /* renamed from: u, reason: merged with bridge method [inline-methods] */
        public AwsCredentials f() {
            return new AwsCredentials(this);
        }
    }

    public AwsCredentials(Builder builder) {
        super(builder);
        this.F = (AwsCredentialSource) builder.f21896i;
    }

    public static Builder C4(AwsCredentials awsCredentials) {
        return new Builder(awsCredentials);
    }

    public static GenericJson d4(String str, String str2) {
        GenericJson genericJson = new GenericJson();
        genericJson.h(OAuth2Utils.f22017f);
        genericJson.put("key", str);
        genericJson.put("value", str2);
        return genericJson;
    }

    public static Builder k4() {
        return new Builder();
    }

    @Override // com.google.auth.oauth2.GoogleCredentials
    public GoogleCredentials A(Collection collection) {
        return new AwsCredentials((Builder) C4(this).m(collection));
    }

    public final boolean A3() {
        Iterator<E> it2 = ImmutableList.f1("AWS_REGION", "AWS_DEFAULT_REGION").iterator();
        while (it2.hasNext()) {
            String a10 = X1().a((String) it2.next());
            if (a10 != null && a10.trim().length() > 0) {
                return true;
            }
        }
        return false;
    }

    public final String E4(String str, String str2, String str3, Map map, HttpContent httpContent) {
        try {
            HttpRequest d10 = this.B.a().c().d(str3, new GenericUrl(str), httpContent);
            HttpHeaders f10 = d10.f();
            for (Map.Entry entry : map.entrySet()) {
                f10.k((String) entry.getKey(), entry.getValue());
            }
            return d10.b().m();
        } catch (IOException e10) {
            throw new IOException(String.format("Failed to retrieve AWS %s.", str2), e10);
        }
    }

    public final String L4(String str, String str2, Map map) {
        return E4(str, str2, HttpGet.METHOD_NAME, map, null);
    }

    public String N4() {
        Map hashMap = new HashMap();
        if (P4()) {
            hashMap = V3(this.F);
        }
        String f42 = f4(hashMap);
        AwsSecurityCredentials i42 = i4(hashMap);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("x-goog-cloud-target-resource", P1());
        return y3(AwsRequestSigner.g(i42, HttpPost.METHOD_NAME, this.F.f21782d.replace("{region}", f42), f42).b(hashMap2).a().h());
    }

    public final boolean P3() {
        Iterator<E> it2 = ImmutableList.f1("AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY").iterator();
        while (it2.hasNext()) {
            String a10 = X1().a((String) it2.next());
            if (a10 == null || a10.trim().length() == 0) {
                return false;
            }
        }
        return true;
    }

    public boolean P4() {
        return (A3() && P3()) ? false : true;
    }

    public Map V3(AwsCredentialSource awsCredentialSource) {
        HashMap hashMap = new HashMap();
        if (awsCredentialSource.f21783e != null) {
            hashMap.put("x-aws-ec2-metadata-token", E4(awsCredentialSource.f21783e, "Session Token", HttpPut.METHOD_NAME, new HashMap<String, Object>() { // from class: com.google.auth.oauth2.AwsCredentials.1
                {
                    put("x-aws-ec2-metadata-token-ttl-seconds", "300");
                }
            }, null));
        }
        return hashMap;
    }

    @Override // com.google.auth.oauth2.ExternalAccountCredentials
    public String W1() {
        return "aws";
    }

    public String f4(Map map) {
        if (A3()) {
            String a10 = X1().a("AWS_REGION");
            return (a10 == null || a10.trim().length() <= 0) ? X1().a("AWS_DEFAULT_REGION") : a10;
        }
        String str = this.F.f21780b;
        if (str == null || str.isEmpty()) {
            throw new IOException("Unable to determine the AWS region. The credential source does not contain the region URL.");
        }
        return L4(this.F.f21780b, "region", map).substring(0, r3.length() - 1);
    }

    public AwsSecurityCredentials i4(Map map) {
        if (P3()) {
            return new AwsSecurityCredentials(X1().a("AWS_ACCESS_KEY_ID"), X1().a("AWS_SECRET_ACCESS_KEY"), X1().a("AWS_SESSION_TOKEN"));
        }
        String str = this.F.f21781c;
        if (str == null || str.isEmpty()) {
            throw new IOException("Unable to determine the AWS IAM role name. The credential source does not contain the url field.");
        }
        GenericJson genericJson = (GenericJson) OAuth2Utils.f22017f.f(L4(this.F.f21781c + "/" + L4(this.F.f21781c, "IAM role", map), "credentials", map)).H(GenericJson.class);
        return new AwsSecurityCredentials((String) genericJson.get(tFXufnue.CAGoWsl), (String) genericJson.get("SecretAccessKey"), (String) genericJson.get("Token"));
    }

    @Override // com.google.auth.oauth2.OAuth2Credentials
    public AccessToken w() {
        StsTokenExchangeRequest.Builder b10 = StsTokenExchangeRequest.n(N4(), s2()).b(P1());
        Collection Z1 = Z1();
        if (Z1 != null && !Z1.isEmpty()) {
            b10.d(new ArrayList(Z1));
        }
        return D1(b10.a());
    }

    public final String y3(AwsRequestSignature awsRequestSignature) {
        Map b10 = awsRequestSignature.b();
        ArrayList arrayList = new ArrayList();
        for (String str : b10.keySet()) {
            arrayList.add(d4(str, (String) b10.get(str)));
        }
        arrayList.add(d4("Authorization", awsRequestSignature.a()));
        arrayList.add(d4("x-goog-cloud-target-resource", P1()));
        GenericJson genericJson = new GenericJson();
        genericJson.h(OAuth2Utils.f22017f);
        genericJson.put("headers", arrayList);
        genericJson.put("method", awsRequestSignature.c());
        genericJson.put("url", this.F.f21782d.replace("{region}", awsRequestSignature.d()));
        return URLEncoder.encode(genericJson.toString(), "UTF-8");
    }
}
