package io.jenkins.plugins.akeyless.cloudid;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:io/jenkins/plugins/akeyless/cloudid/AwsCredentialResolver.class */
public class AwsCredentialResolver {

    /* loaded from: input_file:io/jenkins/plugins/akeyless/cloudid/AwsCredentialResolver$AwsCredentials.class */
    public static class AwsCredentials {
        public final String accessKeyId;
        public final String secretAccessKey;
        public final String sessionToken;

        public AwsCredentials(String str, String str2, String str3) {
            this.accessKeyId = str;
            this.secretAccessKey = str2;
            this.sessionToken = str3;
        }
    }

    public static AwsCredentials resolve() throws Exception {
        String str = System.getenv("AWS_ACCESS_KEY_ID");
        String str2 = System.getenv("AWS_SECRET_ACCESS_KEY");
        String str3 = System.getenv("AWS_SESSION_TOKEN");
        if (str != null && str2 != null) {
            return new AwsCredentials(str, str2, str3);
        }
        String str4 = System.getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
        if (str4 != null) {
            return fetchCredentialsFromMetadataService("http://169.254.170.2" + str4);
        }
        String fetchImdsV2Token = fetchImdsV2Token();
        Map map = (Map) new ObjectMapper().readValue(httpGet("http://169.254.169.254/latest/meta-data/iam/security-credentials/" + httpGet("http://169.254.169.254/latest/meta-data/iam/security-credentials/", fetchImdsV2Token), fetchImdsV2Token), Map.class);
        return new AwsCredentials((String) map.get("AccessKeyId"), (String) map.get("SecretAccessKey"), (String) map.get("Token"));
    }

    private static String fetchImdsV2Token() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://169.254.169.254/latest/api/token").openConnection();
        httpURLConnection.setConnectTimeout(3000);
        httpURLConnection.setReadTimeout(3000);
        httpURLConnection.setRequestMethod("PUT");
        httpURLConnection.setRequestProperty("X-aws-ec2-metadata-token-ttl-seconds", "21600");
        if (httpURLConnection.getResponseCode() != 200) {
            throw new RuntimeException("Failed to fetch IMDSv2 token");
        }
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                String str = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e) {
                    }
                }
                httpURLConnection.disconnect();
                return str;
            } catch (Exception e2) {
                throw new RuntimeException("Failed to read IMDSv2 token response", e2);
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e3) {
                }
            }
            httpURLConnection.disconnect();
            throw th;
        }
    }

    private static String httpGet(String str, String str2) throws Exception {
        HttpURLConnection httpURLConnection = null;
        try {
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection2.setRequestMethod("GET");
            if (str2 != null) {
                httpURLConnection2.setRequestProperty("X-aws-ec2-metadata-token", str2);
            }
            if (httpURLConnection2.getResponseCode() != 200) {
                throw new RuntimeException("Failed to fetch metadata from " + str);
            }
            String sb = Utils.readDataFromStream(httpURLConnection2.getInputStream()).toString();
            if (httpURLConnection2 != null) {
                httpURLConnection2.disconnect();
            }
            return sb;
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private static AwsCredentials fetchCredentialsFromMetadataService(String str) throws Exception {
        HttpURLConnection httpURLConnection = null;
        try {
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection2.setRequestMethod("GET");
            httpURLConnection2.setConnectTimeout(3000);
            httpURLConnection2.setReadTimeout(3000);
            if (httpURLConnection2.getResponseCode() != 200) {
                throw new RuntimeException("Failed to fetch ECS credentials from " + str);
            }
            Map map = (Map) new ObjectMapper().readValue(Utils.readDataFromStream(httpURLConnection2.getInputStream()).toString(), Map.class);
            AwsCredentials awsCredentials = new AwsCredentials((String) map.get("AccessKeyId"), (String) map.get("SecretAccessKey"), (String) map.get("Token"));
            if (httpURLConnection2 != null) {
                httpURLConnection2.disconnect();
            }
            return awsCredentials;
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }
}
