package com.amazonaws.auth;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.util.DateUtils;
import com.amazonaws.util.json.Jackson;
import com.fasterxml.jackson.databind.JsonNode;
import java.util.Date;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

@SdkInternalApi
/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-core-1.12.444.jar:com/amazonaws/auth/BaseCredentialsFetcher.class */
abstract class BaseCredentialsFetcher {
    private static final Log LOG = LogFactory.getLog(BaseCredentialsFetcher.class);
    private static final Random JITTER = new Random();
    private static final int REFRESH_THRESHOLD = 3600000;
    private static final int FIFTEEN_MINUTES_IN_MILLIS = 900000;
    private static final int EXPIRATION_THRESHOLD = 900000;
    private static final String ACCESS_KEY_ID = "AccessKeyId";
    private static final String SECRET_ACCESS_KEY = "SecretAccessKey";
    private static final String TOKEN = "Token";
    private final SdkClock clock;
    private final boolean allowExpiredCredentials;
    private volatile AWSCredentials credentials;
    private volatile Date credentialsExpiration;
    private volatile Date credentialExpirationRefreshTime;
    protected volatile Date lastInstanceProfileCheck;

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseCredentialsFetcher(SdkClock sdkClock, boolean z) {
        this.clock = sdkClock;
        this.allowExpiredCredentials = z;
    }

    public AWSCredentials getCredentials() {
        if (needsToLoadCredentials()) {
            fetchCredentials();
        }
        if (this.allowExpiredCredentials || !expired()) {
            return this.credentials;
        }
        throw new SdkClientException("The credentials received have been expired");
    }

    boolean needsToLoadCredentials() {
        return this.credentials == null || isExpiring() || noRecentInstanceProfileCheck();
    }

    private boolean isExpiring() {
        return this.credentialExpirationRefreshTime != null && this.credentialExpirationRefreshTime.getTime() <= this.clock.currentTimeMillis();
    }

    private boolean noRecentInstanceProfileCheck() {
        return this.lastInstanceProfileCheck != null && this.lastInstanceProfileCheck.getTime() + 3600000 <= this.clock.currentTimeMillis();
    }

    abstract String getCredentialsResponse();

    private synchronized void fetchCredentials() {
        if (needsToLoadCredentials()) {
            if (LOG.isDebugEnabled()) {
                if (this.credentialsExpiration != null) {
                    LOG.debug("Updating credentials, because currently-cached credentials expire on " + this.credentialsExpiration);
                } else {
                    LOG.debug("Retrieving credentials.");
                }
            }
            try {
                try {
                    this.lastInstanceProfileCheck = new Date();
                    JsonNode jsonNode = (JsonNode) Jackson.fromSensitiveJsonString(getCredentialsResponse(), JsonNode.class);
                    JsonNode jsonNode2 = jsonNode.get(ACCESS_KEY_ID);
                    JsonNode jsonNode3 = jsonNode.get(SECRET_ACCESS_KEY);
                    JsonNode jsonNode4 = jsonNode.get(TOKEN);
                    if (null == jsonNode2 || null == jsonNode3) {
                        throw new SdkClientException("Unable to load credentials. Access key or secret key are null.");
                    }
                    if (null != jsonNode4) {
                        this.credentials = new BasicSessionCredentials(jsonNode2.asText(), jsonNode3.asText(), jsonNode4.asText());
                    } else {
                        this.credentials = new BasicAWSCredentials(jsonNode2.asText(), jsonNode3.asText());
                    }
                    JsonNode jsonNode5 = jsonNode.get("Expiration");
                    if (null != jsonNode5) {
                        String replaceAll = jsonNode5.asText().replaceAll("\\+0000$", "Z");
                        try {
                            this.credentialsExpiration = DateUtils.parseISO8601Date(replaceAll);
                            this.credentialExpirationRefreshTime = new Date(this.credentialsExpiration.getTime() - 900000);
                            LOG.debug("Successfully retrieved credentials with expiration " + replaceAll);
                        } catch (Exception e) {
                            handleError("Unable to parse credentials expiration date from Amazon EC2 instance", e);
                        }
                    }
                    if (this.allowExpiredCredentials && this.credentials != null && isExpiring()) {
                        long currentTimeMillis = this.clock.currentTimeMillis();
                        long nextInt = ClientConfiguration.DEFAULT_SOCKET_TIMEOUT + JITTER.nextInt(20001);
                        long j = currentTimeMillis + nextInt;
                        if (j > this.credentialsExpiration.getTime() - 15000) {
                            LOG.warn("Credential expiration has been extended due to a credential service availability issue. A refresh of these credentials will be attempted again in " + nextInt + " ms.");
                        }
                        this.credentialExpirationRefreshTime = new Date(j);
                    }
                } catch (Exception e2) {
                    handleError("Unable to load credentials from service endpoint", e2);
                    if (this.allowExpiredCredentials && this.credentials != null && isExpiring()) {
                        long currentTimeMillis2 = this.clock.currentTimeMillis();
                        long nextInt2 = ClientConfiguration.DEFAULT_SOCKET_TIMEOUT + JITTER.nextInt(20001);
                        long j2 = currentTimeMillis2 + nextInt2;
                        if (j2 > this.credentialsExpiration.getTime() - 15000) {
                            LOG.warn("Credential expiration has been extended due to a credential service availability issue. A refresh of these credentials will be attempted again in " + nextInt2 + " ms.");
                        }
                        this.credentialExpirationRefreshTime = new Date(j2);
                    }
                }
            } catch (Throwable th) {
                if (this.allowExpiredCredentials && this.credentials != null && isExpiring()) {
                    long currentTimeMillis3 = this.clock.currentTimeMillis();
                    long nextInt3 = ClientConfiguration.DEFAULT_SOCKET_TIMEOUT + JITTER.nextInt(20001);
                    long j3 = currentTimeMillis3 + nextInt3;
                    if (j3 > this.credentialsExpiration.getTime() - 15000) {
                        LOG.warn("Credential expiration has been extended due to a credential service availability issue. A refresh of these credentials will be attempted again in " + nextInt3 + " ms.");
                    }
                    this.credentialExpirationRefreshTime = new Date(j3);
                }
                throw th;
            }
        }
    }

    private void handleError(String str, Exception exc) {
        if (this.credentials != null && (this.allowExpiredCredentials || !expired())) {
            LOG.warn(str, exc);
        } else {
            if (!(exc instanceof SdkClientException)) {
                throw new SdkClientException(str, exc);
            }
            throw ((SdkClientException) exc);
        }
    }

    public void refresh() {
        this.credentials = null;
    }

    private boolean expired() {
        return this.credentialsExpiration != null && this.credentialsExpiration.getTime() <= this.clock.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Date getCredentialsExpiration() {
        return this.credentialsExpiration;
    }

    public String toString() {
        return "BaseCredentialsFetcher";
    }
}
