package software.amazon.awssdk.auth;

import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.net.URISyntaxException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import software.amazon.awssdk.SdkClientException;
import software.amazon.awssdk.annotation.SdkInternalApi;
import software.amazon.awssdk.internal.CredentialsEndpointProvider;
import software.amazon.awssdk.internal.EC2CredentialsUtils;
import software.amazon.awssdk.util.ComparableUtils;
import software.amazon.awssdk.util.DateUtils;
import software.amazon.awssdk.util.json.Jackson;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.cache.CachedSupplier;
import software.amazon.awssdk.utils.cache.NonBlocking;
import software.amazon.awssdk.utils.cache.RefreshResult;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/auth/EC2CredentialsProvider.class */
class EC2CredentialsProvider implements AwsCredentialsProvider, AutoCloseable {
    private final CredentialsEndpointProvider credentialsEndpointProvider;
    private final CachedSupplier<AwsCredentials> credentialsCache;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EC2CredentialsProvider(CredentialsEndpointProvider credentialsEndpointProvider, boolean z, String str) {
        this.credentialsEndpointProvider = credentialsEndpointProvider;
        CachedSupplier.Builder builder = CachedSupplier.builder(this::refreshCredentials);
        if (z) {
            builder.prefetchStrategy(new NonBlocking(str));
        }
        this.credentialsCache = builder.build();
    }

    private RefreshResult<AwsCredentials> refreshCredentials() {
        try {
            JsonNode jsonNodeOf = Jackson.jsonNodeOf(EC2CredentialsUtils.getInstance().readResource(this.credentialsEndpointProvider.getCredentialsEndpoint(), this.credentialsEndpointProvider.getRetryPolicy()));
            JsonNode jsonNode = jsonNodeOf.get("AccessKeyId");
            JsonNode jsonNode2 = jsonNodeOf.get("SecretAccessKey");
            JsonNode jsonNode3 = jsonNodeOf.get("Token");
            JsonNode jsonNode4 = jsonNodeOf.get("Expiration");
            Validate.notNull(jsonNode, "Failed to load access key.", new Object[0]);
            Validate.notNull(jsonNode2, "Failed to load secret key.", new Object[0]);
            Object awsCredentials = jsonNode3 == null ? new AwsCredentials(jsonNode.asText(), jsonNode2.asText()) : new AwsSessionCredentials(jsonNode.asText(), jsonNode2.asText(), jsonNode3.asText());
            Instant orElse = getExpiration(jsonNode4).orElse(null);
            if (orElse == null || !Instant.now().isAfter(orElse)) {
                return RefreshResult.builder(awsCredentials).staleTime(getStaleTime(orElse)).prefetchTime(getPrefetchTime(orElse)).build();
            }
            throw new SdkClientException("Credentials obtained from EC2 metadata service are already expired");
        } catch (JsonMappingException e) {
            throw new SdkClientException("Unable to parse response returned from service endpoint.", e);
        } catch (IOException | RuntimeException | URISyntaxException e2) {
            throw new SdkClientException("Unable to load credentials from service endpoint.", e2);
        } catch (SdkClientException e3) {
            throw e3;
        }
    }

    private Optional<Instant> getExpiration(JsonNode jsonNode) {
        return Optional.ofNullable(jsonNode).map(jsonNode2 -> {
            try {
                return DateUtils.parseIso8601Date(jsonNode2.asText().replaceAll("\\+0000$", "Z")).toInstant();
            } catch (RuntimeException e) {
                throw new IllegalStateException("Unable to parse credentials expiration date from Amazon EC2 instance.", e);
            }
        });
    }

    private Instant getStaleTime(Instant instant) {
        if (instant == null) {
            return null;
        }
        return instant.minus((TemporalAmount) Duration.ofMinutes(1L));
    }

    private Instant getPrefetchTime(Instant instant) {
        Instant plus = Instant.now().plus((TemporalAmount) Duration.ofHours(1L));
        return instant == null ? plus : (Instant) ComparableUtils.minimum(plus, instant.minus((TemporalAmount) Duration.ofMinutes(15L)));
    }

    @Override // software.amazon.awssdk.auth.AwsCredentialsProvider
    public AwsCredentials getCredentials() {
        return (AwsCredentials) this.credentialsCache.get();
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.credentialsCache.close();
    }

    public String toString() {
        return getClass().getSimpleName();
    }
}
