package com.hazelcast.aws.impl;

import com.hazelcast.aws.AwsConfig;
import com.hazelcast.aws.exception.AwsConnectionException;
import com.hazelcast.aws.security.EC2RequestSigner;
import com.hazelcast.aws.utility.CloudyUtility;
import com.hazelcast.aws.utility.Environment;
import com.hazelcast.aws.utility.MetadataUtil;
import com.hazelcast.aws.utility.RetryUtils;
import com.hazelcast.aws.utility.StringUtil;
import com.hazelcast.com.eclipsesource.json.JsonObject;
import com.hazelcast.config.InvalidConfigurationException;
import com.hazelcast.nio.IOUtil;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Scanner;
import java.util.TimeZone;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/hazelcast/aws/impl/DescribeInstances.class */
public class DescribeInstances {
    public static final String IAM_TASK_ROLE_ENDPOINT = "http://169.254.170.2";
    private static final int MIN_HTTP_CODE_FOR_AWS_ERROR = 400;
    private static final int MAX_HTTP_CODE_FOR_AWS_ERROR = 600;
    private static final String UTF8_ENCODING = "UTF-8";
    private EC2RequestSigner rs;
    private AwsConfig awsConfig;
    private String endpoint;
    private Map<String, String> attributes = new HashMap();

    public DescribeInstances(AwsConfig awsConfig, String str) throws IOException {
        this.awsConfig = awsConfig;
        this.endpoint = str;
    }

    DescribeInstances(AwsConfig awsConfig) {
        this.awsConfig = awsConfig;
    }

    private static boolean isAwsError(int i) {
        return i >= MIN_HTTP_CODE_FOR_AWS_ERROR && i < 600;
    }

    private static String extractErrorMessage(HttpURLConnection httpURLConnection) {
        InputStream errorStream = httpURLConnection.getErrorStream();
        return errorStream == null ? "" : readFrom(errorStream);
    }

    private static String readFrom(InputStream inputStream) {
        Scanner useDelimiter = new Scanner(inputStream, UTF8_ENCODING).useDelimiter("\\A");
        return useDelimiter.hasNext() ? useDelimiter.next() : "";
    }

    void fillKeysFromIamRoles() throws IOException {
        if (StringUtil.isEmpty(this.awsConfig.getIamRole()) || "DEFAULT".equals(this.awsConfig.getIamRole())) {
            this.awsConfig.setIamRole(getDefaultIamRole());
        }
        if (StringUtil.isNotEmpty(this.awsConfig.getIamRole())) {
            fillKeysFromIamRole();
        } else {
            fillKeysFromIamTaskRole(getEnvironment());
        }
    }

    private String getDefaultIamRole() throws IOException {
        return retrieveRoleFromURI(MetadataUtil.INSTANCE_METADATA_URI.concat(MetadataUtil.IAM_SECURITY_CREDENTIALS_URI));
    }

    private void fillKeysFromIamRole() {
        try {
            parseAndStoreRoleCreds(retrieveRoleFromURI(MetadataUtil.INSTANCE_METADATA_URI.concat(MetadataUtil.IAM_SECURITY_CREDENTIALS_URI.concat(this.awsConfig.getIamRole()))));
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Role: " + this.awsConfig.getIamRole(), e);
        }
    }

    private void fillKeysFromIamTaskRole(Environment environment) throws IOException {
        String envVar = environment.getEnvVar(Constants.ECS_CREDENTIALS_ENV_VAR_NAME);
        if (envVar == null) {
            throw new IllegalArgumentException("Could not acquire credentials! Did not find declared AWS access key or IAM Role, and could not discover IAM Task Role or default role.");
        }
        String str = IAM_TASK_ROLE_ENDPOINT + envVar;
        String str2 = "";
        try {
            str2 = retrieveRoleFromURI(str);
            parseAndStoreRoleCreds(str2);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Task Role. URI: " + str + ". \n HTTP Response content: " + str2, e);
        }
    }

    String retrieveRoleFromURI(String str) {
        return MetadataUtil.retrieveMetadataFromURI(str, this.awsConfig.getConnectionTimeoutSeconds(), this.awsConfig.getConnectionRetries());
    }

    private void parseAndStoreRoleCreds(String str) {
        JsonObject readFrom = JsonObject.readFrom(str);
        this.awsConfig.setAccessKey(readFrom.getString("AccessKeyId", null));
        this.awsConfig.setSecretKey(readFrom.getString("SecretAccessKey", null));
        this.attributes.put("X-Amz-Security-Token", readFrom.getString("Token", null));
    }

    @Deprecated
    public Map<String, String> parseIamRole(BufferedReader bufferedReader) throws IOException {
        HashMap hashMap = new HashMap();
        Pattern compile = Pattern.compile("\"(.*?)\" : ");
        Pattern compile2 = Pattern.compile(" : \"(.*?)\",");
        String readLine = bufferedReader.readLine();
        while (true) {
            String str = readLine;
            if (str == null) {
                return hashMap;
            }
            if (str.contains(":")) {
                Matcher matcher = compile.matcher(str);
                Matcher matcher2 = compile2.matcher(str);
                if (matcher.find() && matcher2.find()) {
                    hashMap.put(matcher.group(1), matcher2.group(1));
                }
            }
            readLine = bufferedReader.readLine();
        }
    }

    private String getFormattedTimestamp() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Constants.DATE_FORMAT);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(new Date());
    }

    private void addFilters() {
        Filter filter = new Filter();
        if (StringUtil.isNotEmpty(this.awsConfig.getTagKey())) {
            if (StringUtil.isNotEmpty(this.awsConfig.getTagValue())) {
                filter.addFilter("tag:" + this.awsConfig.getTagKey(), this.awsConfig.getTagValue());
            } else {
                filter.addFilter("tag-key", this.awsConfig.getTagKey());
            }
        } else if (StringUtil.isNotEmpty(this.awsConfig.getTagValue())) {
            filter.addFilter("tag-value", this.awsConfig.getTagValue());
        }
        if (StringUtil.isNotEmpty(this.awsConfig.getSecurityGroupName())) {
            filter.addFilter("instance.group-name", this.awsConfig.getSecurityGroupName());
        }
        filter.addFilter("instance-state-name", "running");
        this.attributes.putAll(filter.getFilters());
    }

    public Map<String, String> execute() throws Exception {
        if (StringUtil.isNotEmpty(this.awsConfig.getIamRole()) || StringUtil.isEmpty(this.awsConfig.getAccessKey())) {
            fillKeysFromIamRoles();
        }
        InputStream inputStream = null;
        this.attributes.put("X-Amz-Signature", getRequestSigner().sign("ec2", this.attributes));
        try {
            inputStream = callServiceWithRetries(this.endpoint);
            Map<String, String> unmarshalTheResponse = CloudyUtility.unmarshalTheResponse(inputStream);
            IOUtil.closeResource(inputStream);
            return unmarshalTheResponse;
        } catch (Throwable th) {
            IOUtil.closeResource(inputStream);
            throw th;
        }
    }

    private InputStream callServiceWithRetries(final String str) throws Exception {
        return (InputStream) RetryUtils.retry(new Callable<InputStream>() { // from class: com.hazelcast.aws.impl.DescribeInstances.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public InputStream call() throws Exception {
                return DescribeInstances.this.callService(str);
            }
        }, this.awsConfig.getConnectionRetries());
    }

    InputStream callService(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("https", str, -1, "/?" + getRequestSigner().getCanonicalizedQueryString(this.attributes)).openConnection();
        httpURLConnection.setRequestMethod(Constants.GET);
        httpURLConnection.setConnectTimeout((int) TimeUnit.SECONDS.toMillis(this.awsConfig.getConnectionTimeoutSeconds()));
        httpURLConnection.setDoOutput(false);
        httpURLConnection.connect();
        checkNoAwsErrors(httpURLConnection);
        return httpURLConnection.getInputStream();
    }

    void checkNoAwsErrors(HttpURLConnection httpURLConnection) throws IOException {
        int responseCode = httpURLConnection.getResponseCode();
        if (isAwsError(responseCode)) {
            throw new AwsConnectionException(responseCode, extractErrorMessage(httpURLConnection));
        }
    }

    public EC2RequestSigner getRequestSigner() {
        if (null == this.rs) {
            String formattedTimestamp = getFormattedTimestamp();
            this.rs = new EC2RequestSigner(this.awsConfig, formattedTimestamp, this.endpoint);
            this.attributes.put("Action", getClass().getSimpleName());
            this.attributes.put("Version", Constants.DOC_VERSION);
            this.attributes.put("X-Amz-Algorithm", Constants.SIGNATURE_METHOD_V4);
            this.attributes.put("X-Amz-Credential", this.rs.createFormattedCredential());
            this.attributes.put("X-Amz-Date", formattedTimestamp);
            this.attributes.put("X-Amz-SignedHeaders", "host");
            this.attributes.put("X-Amz-Expires", "30");
            addFilters();
        }
        return this.rs;
    }

    Environment getEnvironment() {
        return new Environment();
    }
}
