package com.amazonaws.auth;

import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.internal.SignerConstants;
import com.amazonaws.internal.CredentialsEndpointProvider;
import com.amazonaws.retry.internal.CredentialsEndpointRetryPolicy;
import com.amazonaws.util.CollectionUtils;
import java.net.URI;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-core-1.12.84.jar:com/amazonaws/auth/ContainerCredentialsProvider.class */
public class ContainerCredentialsProvider implements AWSCredentialsProvider {
    static final String ECS_CONTAINER_CREDENTIALS_PATH = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
    static final String CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
    static final String CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
    private static final Set<String> ALLOWED_FULL_URI_HOSTS = allowedHosts();
    private static final String ECS_CREDENTIALS_ENDPOINT = "http://169.254.170.2";
    private final ContainerCredentialsFetcher credentialsFetcher;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-core-1.12.84.jar:com/amazonaws/auth/ContainerCredentialsProvider$ECSCredentialsEndpointProvider.class */
    public static class ECSCredentialsEndpointProvider extends CredentialsEndpointProvider {
        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public URI getCredentialsEndpoint() {
            String str = System.getenv(ContainerCredentialsProvider.ECS_CONTAINER_CREDENTIALS_PATH);
            if (str == null) {
                throw new SdkClientException("The environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is empty");
            }
            return URI.create(ContainerCredentialsProvider.ECS_CREDENTIALS_ENDPOINT + str);
        }

        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public CredentialsEndpointRetryPolicy getRetryPolicy() {
            return ContainerCredentialsRetryPolicy.getInstance();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-core-1.12.84.jar:com/amazonaws/auth/ContainerCredentialsProvider$FullUriCredentialsEndpointProvider.class */
    public static class FullUriCredentialsEndpointProvider extends CredentialsEndpointProvider {
        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public URI getCredentialsEndpoint() {
            String str = System.getenv(ContainerCredentialsProvider.CONTAINER_CREDENTIALS_FULL_URI);
            if (str == null || str.length() == 0) {
                throw new SdkClientException("The environment variable AWS_CONTAINER_CREDENTIALS_FULL_URI is empty");
            }
            URI create = URI.create(str);
            if (ContainerCredentialsProvider.ALLOWED_FULL_URI_HOSTS.contains(create.getHost())) {
                return create;
            }
            throw new SdkClientException("The full URI (" + create + ") contained withing environment variable " + ContainerCredentialsProvider.CONTAINER_CREDENTIALS_FULL_URI + " has an invalid host. Host can only be one of [" + CollectionUtils.join(ContainerCredentialsProvider.ALLOWED_FULL_URI_HOSTS, ", ") + "]");
        }

        @Override // com.amazonaws.internal.CredentialsEndpointProvider
        public Map<String, String> getHeaders() {
            return System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN) != null ? Collections.singletonMap(SignerConstants.AUTHORIZATION, System.getenv(ContainerCredentialsProvider.CONTAINER_AUTHORIZATION_TOKEN)) : new HashMap();
        }
    }

    @Deprecated
    public ContainerCredentialsProvider() {
        this(new ECSCredentialsEndpointProvider());
    }

    public ContainerCredentialsProvider(CredentialsEndpointProvider credentialsEndpointProvider) {
        this.credentialsFetcher = new ContainerCredentialsFetcher(credentialsEndpointProvider);
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSCredentials getCredentials() {
        return this.credentialsFetcher.getCredentials();
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        this.credentialsFetcher.refresh();
    }

    public Date getCredentialsExpiration() {
        return this.credentialsFetcher.getCredentialsExpiration();
    }

    private static Set<String> allowedHosts() {
        HashSet hashSet = new HashSet();
        hashSet.add(SDKGlobalConfiguration.DEFAULT_AWS_CSM_HOST);
        hashSet.add("localhost");
        return Collections.unmodifiableSet(hashSet);
    }
}
