package com.hazelcast.aws;

import com.hazelcast.internal.json.Json;
import com.hazelcast.internal.json.JsonObject;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.spi.exception.RestClientException;
import com.hazelcast.spi.utils.RestClient;
import java.time.Instant;
import java.util.Optional;

/* loaded from: input_file:BOOT-INF/lib/hazelcast-5.4.0.jar:com/hazelcast/aws/AwsMetadataApi.class */
class AwsMetadataApi {
    private static final String EC2_METADATA_ENDPOINT = "http://169.254.169.254/latest/meta-data";
    private static final String EC2_METADATA_TOKEN_ENDPOINT = "http://169.254.169.254/latest/api/token";
    private static final String SECURITY_CREDENTIALS_URI = "/iam/security-credentials/";
    private static final long METADATA_TOKEN_TTL_SECONDS = 21600;
    private final String ec2MetadataEndpoint;
    private final String ec2MetadataTokenEndpoint;
    private final String ecsIamRoleEndpoint;
    private final String ecsTaskMetadataEndpoint;
    private final AwsConfig awsConfig;
    private String metadataToken;
    private Instant metadataExpiry;
    private static final ILogger LOGGER = Logger.getLogger(AwsMetadataApi.class);
    private static final String ECS_IAM_ROLE_METADATA_ENDPOINT = "http://169.254.170.2" + System.getenv("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
    private static final String ECS_TASK_METADATA_ENDPOINT = System.getenv("ECS_CONTAINER_METADATA_URI");

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsMetadataApi(AwsConfig awsConfig) {
        this.ec2MetadataEndpoint = EC2_METADATA_ENDPOINT;
        this.ec2MetadataTokenEndpoint = EC2_METADATA_TOKEN_ENDPOINT;
        this.ecsIamRoleEndpoint = ECS_IAM_ROLE_METADATA_ENDPOINT;
        this.ecsTaskMetadataEndpoint = ECS_TASK_METADATA_ENDPOINT;
        this.awsConfig = awsConfig;
    }

    AwsMetadataApi(String str, String str2, String str3, String str4, AwsConfig awsConfig) {
        this.ec2MetadataEndpoint = str;
        this.ec2MetadataTokenEndpoint = str4;
        this.ecsIamRoleEndpoint = str2;
        this.ecsTaskMetadataEndpoint = str3;
        this.awsConfig = awsConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String availabilityZoneEc2() {
        return metadataClient(this.ec2MetadataEndpoint.concat("/placement/availability-zone/"), this.awsConfig).get().getBody();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String availabilityZoneEcs() {
        return getTaskMetadata().get("AvailabilityZone").asString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<String> placementGroupEc2() {
        return getOptionalMetadata(this.ec2MetadataEndpoint.concat("/placement/group-name/"), "placement group");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<String> placementPartitionNumberEc2() {
        return getOptionalMetadata(this.ec2MetadataEndpoint.concat("/placement/partition-number/"), "partition number");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String clusterEcs() {
        return getTaskMetadata().get("Cluster").asString();
    }

    private Optional<String> getOptionalMetadata(String str, String str2) {
        try {
            RestClient.Response response = metadataClient(str, this.awsConfig).expectResponseCodes(200, 404).get();
            int code = response.getCode();
            if (code == 200) {
                return Optional.of(response.getBody());
            }
            if (code != 404) {
                throw new RuntimeException(String.format("Unexpected response code: %d", Integer.valueOf(code)));
            }
            LOGGER.fine(String.format("No %s information is found.", str2));
            return Optional.empty();
        } catch (Exception e) {
            LOGGER.warning(String.format("Could not resolve the %s metadata", str2));
            return Optional.empty();
        }
    }

    private JsonObject getTaskMetadata() {
        return Json.parse(AwsRequestUtils.createRestClient(this.ecsTaskMetadataEndpoint.concat("/task"), this.awsConfig).get().getBody()).asObject();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String defaultIamRoleEc2() {
        return metadataClient(this.ec2MetadataEndpoint.concat(SECURITY_CREDENTIALS_URI), this.awsConfig).get().getBody();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsCredentials credentialsEc2(String str) {
        return parseCredentials(metadataClient(this.ec2MetadataEndpoint.concat(SECURITY_CREDENTIALS_URI).concat(str), this.awsConfig).get().getBody());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsCredentials credentialsEcs() {
        return parseCredentials(AwsRequestUtils.createRestClient(this.ecsIamRoleEndpoint, this.awsConfig).get().getBody());
    }

    private static AwsCredentials parseCredentials(String str) {
        JsonObject asObject = Json.parse(str).asObject();
        return AwsCredentials.builder().setAccessKey(asObject.getString("AccessKeyId", null)).setSecretKey(asObject.getString("SecretAccessKey", null)).setToken(asObject.getString("Token", null)).build();
    }

    RestClient metadataClient(String str, AwsConfig awsConfig) {
        try {
            return AwsRequestUtils.createRestClient(str, awsConfig).withHeader("X-aws-ec2-metadata-token", metadataToken());
        } catch (RestClientException e) {
            return AwsRequestUtils.createRestClient(str, awsConfig);
        }
    }

    String metadataToken() {
        if (!tokenValid()) {
            this.metadataToken = retrieveToken();
        }
        return this.metadataToken;
    }

    String retrieveToken() {
        String body = AwsRequestUtils.createRestClient(this.ec2MetadataTokenEndpoint, this.awsConfig).withHeader("X-aws-ec2-metadata-token-ttl-seconds", Long.toString(METADATA_TOKEN_TTL_SECONDS)).put().getBody();
        this.metadataExpiry = Instant.now().plusSeconds(10800L);
        return body;
    }

    boolean tokenValid() {
        return this.metadataExpiry != null && this.metadataExpiry.isAfter(Instant.now());
    }
}
