package com.amazonaws.auth;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.RefreshableTask;
import com.amazonaws.retry.PredefinedBackoffStrategies;
import com.amazonaws.retry.RetryPolicy;
import com.amazonaws.retry.RetryUtils;
import com.amazonaws.services.s3.internal.Constants;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.services.securitytoken.model.IDPCommunicationErrorException;
import com.amazonaws.services.securitytoken.model.InvalidIdentityTokenException;
import java.io.BufferedReader;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.concurrent.Callable;

/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-sts-1.12.660.jar:com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.class */
public class STSAssumeRoleWithWebIdentitySessionCredentialsProvider implements AWSSessionCredentialsProvider, Closeable {
    private final AWSSecurityTokenService securityTokenService;
    private final String roleArn;
    private final String roleSessionName;
    private final String webIdentityTokenFile;
    private final Callable<SessionCredentialsHolder> refreshCallable;
    private volatile RefreshableTask<SessionCredentialsHolder> refreshableTask;

    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-sts-1.12.660.jar:com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider$Builder.class */
    public static final class Builder {
        private final String roleArn;
        private final String roleSessionName;
        private final String webIdentityTokenFile;
        private AWSSecurityTokenService sts;

        public Builder(String str, String str2, String str3) {
            if (str == null || str2 == null || str3 == null) {
                throw new NullPointerException("You must specify a value for roleArn, roleSessionName and webIdentityTokenFile");
            }
            this.roleArn = str;
            this.roleSessionName = str2;
            this.webIdentityTokenFile = str3;
        }

        public Builder withStsClient(AWSSecurityTokenService aWSSecurityTokenService) {
            this.sts = aWSSecurityTokenService;
            return this;
        }

        public STSAssumeRoleWithWebIdentitySessionCredentialsProvider build() {
            return new STSAssumeRoleWithWebIdentitySessionCredentialsProvider(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-sts-1.12.660.jar:com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider$StsRetryCondition.class */
    public static class StsRetryCondition implements RetryPolicy.RetryCondition {
        StsRetryCondition() {
        }

        @Override // com.amazonaws.retry.RetryPolicy.RetryCondition
        public boolean shouldRetry(AmazonWebServiceRequest amazonWebServiceRequest, AmazonClientException amazonClientException, int i) {
            if ((amazonClientException.getCause() instanceof IOException) || (amazonClientException instanceof InvalidIdentityTokenException) || (amazonClientException.getCause() instanceof InvalidIdentityTokenException) || (amazonClientException instanceof IDPCommunicationErrorException) || (amazonClientException.getCause() instanceof IDPCommunicationErrorException)) {
                return true;
            }
            if (!(amazonClientException instanceof AmazonServiceException)) {
                return false;
            }
            AmazonServiceException amazonServiceException = (AmazonServiceException) amazonClientException;
            return RetryUtils.isRetryableServiceException(amazonServiceException) || RetryUtils.isThrottlingException(amazonServiceException) || RetryUtils.isClockSkewError(amazonServiceException);
        }
    }

    private RefreshableTask<SessionCredentialsHolder> createRefreshableTask() {
        return new RefreshableTask.Builder().withRefreshCallable(this.refreshCallable).withBlockingRefreshPredicate(new ShouldDoBlockingSessionRefresh()).withAsyncRefreshPredicate(new ShouldDoAsyncSessionRefresh()).build();
    }

    private STSAssumeRoleWithWebIdentitySessionCredentialsProvider(Builder builder) {
        this.refreshCallable = new Callable<SessionCredentialsHolder>() { // from class: com.amazonaws.auth.STSAssumeRoleWithWebIdentitySessionCredentialsProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public SessionCredentialsHolder call() throws Exception {
                return STSAssumeRoleWithWebIdentitySessionCredentialsProvider.this.newSession();
            }
        };
        this.roleArn = builder.roleArn;
        this.roleSessionName = builder.roleSessionName;
        this.webIdentityTokenFile = builder.webIdentityTokenFile;
        this.securityTokenService = buildStsClient(builder);
        this.refreshableTask = createRefreshableTask();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static AWSSecurityTokenService buildStsClient(Builder builder) throws IllegalArgumentException {
        if (builder.sts != null) {
            return builder.sts;
        }
        RetryPolicy retryPolicy = new RetryPolicy(new StsRetryCondition(), new PredefinedBackoffStrategies.SDKDefaultBackoffStrategy(), 3, true);
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setRetryPolicy(retryPolicy);
        return ((AWSSecurityTokenServiceClientBuilder) ((AWSSecurityTokenServiceClientBuilder) AWSSecurityTokenServiceClientBuilder.standard().withClientConfiguration(clientConfiguration)).withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()))).build();
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        return this.refreshableTask.getValue().getSessionCredentials();
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        this.refreshableTask.forceGetValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SessionCredentialsHolder newSession() {
        return new SessionCredentialsHolder(this.securityTokenService.assumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest().withRoleArn(this.roleArn).withWebIdentityToken(getWebIdentityToken()).withRoleSessionName(this.roleSessionName)).getCredentials());
    }

    private String getWebIdentityToken() {
        BufferedReader bufferedReader = null;
        try {
            try {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(this.webIdentityTokenFile), Constants.DEFAULT_ENCODING));
                    String readLine = bufferedReader.readLine();
                    try {
                        bufferedReader.close();
                    } catch (Exception e) {
                    }
                    return readLine;
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e2) {
                    }
                    throw th;
                }
            } catch (FileNotFoundException e3) {
                throw new SdkClientException("Unable to locate specified web identity token file: " + this.webIdentityTokenFile);
            }
        } catch (IOException e4) {
            throw new SdkClientException("Unable to read web identity token from file: " + this.webIdentityTokenFile);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.refreshableTask.close();
    }
}
