package software.amazon.awssdk.services.sts.internal;

import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.function.Supplier;
import software.amazon.awssdk.annotations.SdkProtectedApi;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.WebIdentityTokenCredentialsProviderFactory;
import software.amazon.awssdk.auth.credentials.internal.WebIdentityTokenCredentialProperties;
import software.amazon.awssdk.core.retry.RetryPolicyContext;
import software.amazon.awssdk.core.retry.conditions.OrRetryCondition;
import software.amazon.awssdk.core.retry.conditions.RetryCondition;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
import software.amazon.awssdk.services.sts.StsClient;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.auth.StsAssumeRoleWithWebIdentityCredentialsProvider;
import software.amazon.awssdk.services.sts.model.AssumeRoleWithWebIdentityRequest;
import software.amazon.awssdk.services.sts.model.IdpCommunicationErrorException;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.SdkAutoCloseable;

@SdkProtectedApi
/* loaded from: input_file:META-INF/bundled-dependencies/sts-2.10.56.jar:software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory.class */
public final class StsWebIdentityCredentialsProviderFactory implements WebIdentityTokenCredentialsProviderFactory {

    /* loaded from: input_file:META-INF/bundled-dependencies/sts-2.10.56.jar:software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory$AssumeRoleWithWebIdentityRequestSupplier.class */
    private static final class AssumeRoleWithWebIdentityRequestSupplier implements Supplier {
        private final AssumeRoleWithWebIdentityRequest request;
        private final Path webIdentityTokenFile;

        AssumeRoleWithWebIdentityRequestSupplier(AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest, Path path) {
            this.request = assumeRoleWithWebIdentityRequest;
            this.webIdentityTokenFile = path;
        }

        @Override // java.util.function.Supplier
        public Object get() {
            return this.request.mo3489toBuilder().webIdentityToken(getToken(this.webIdentityTokenFile)).mo3203build();
        }

        private String getToken(Path path) {
            try {
                InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
                Throwable th = null;
                try {
                    try {
                        String utf8String = IoUtils.toUtf8String(newInputStream);
                        if (newInputStream != null) {
                            if (0 != 0) {
                                try {
                                    newInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                newInputStream.close();
                            }
                        }
                        return utf8String;
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    /* loaded from: input_file:META-INF/bundled-dependencies/sts-2.10.56.jar:software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory$StsRetryCondition.class */
    private static final class StsRetryCondition implements RetryCondition {
        private StsRetryCondition() {
        }

        @Override // software.amazon.awssdk.core.retry.conditions.RetryCondition
        public boolean shouldRetry(RetryPolicyContext retryPolicyContext) {
            return retryPolicyContext.exception() instanceof IdpCommunicationErrorException;
        }
    }

    /* loaded from: input_file:META-INF/bundled-dependencies/sts-2.10.56.jar:software/amazon/awssdk/services/sts/internal/StsWebIdentityCredentialsProviderFactory$StsWebIdentityCredentialsProvider.class */
    private static final class StsWebIdentityCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
        private final StsClient stsClient;
        private final StsAssumeRoleWithWebIdentityCredentialsProvider credentialsProvider;

        private StsWebIdentityCredentialsProvider(WebIdentityTokenCredentialProperties webIdentityTokenCredentialProperties) {
            String roleSessionName = webIdentityTokenCredentialProperties.roleSessionName();
            String str = roleSessionName != null ? roleSessionName : "aws-sdk-java-" + System.currentTimeMillis();
            OrRetryCondition create = OrRetryCondition.create(new StsRetryCondition(), RetryCondition.defaultRetryCondition());
            this.stsClient = ((StsClientBuilder) ((StsClientBuilder) ((StsClientBuilder) StsClient.builder().applyMutation(this::configureEndpoint)).credentialsProvider(AnonymousCredentialsProvider.create())).overrideConfiguration(builder -> {
                builder.retryPolicy(builder -> {
                    builder.retryCondition(create);
                });
            })).mo3203build();
            this.credentialsProvider = StsAssumeRoleWithWebIdentityCredentialsProvider.builder().stsClient(this.stsClient).refreshRequest(new AssumeRoleWithWebIdentityRequestSupplier((AssumeRoleWithWebIdentityRequest) AssumeRoleWithWebIdentityRequest.builder().roleArn(webIdentityTokenCredentialProperties.roleArn()).roleSessionName(str).mo3203build(), webIdentityTokenCredentialProperties.webIdentityTokenFile())).build();
        }

        @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
        public AwsCredentials resolveCredentials() {
            return this.credentialsProvider.resolveCredentials();
        }

        @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
        public void close() {
            IoUtils.closeQuietly(this.credentialsProvider, null);
            IoUtils.closeQuietly(this.stsClient, null);
        }

        private void configureEndpoint(StsClientBuilder stsClientBuilder) {
            Region region;
            try {
                region = new DefaultAwsRegionProviderChain().getRegion();
            } catch (RuntimeException e) {
                region = null;
            }
            if (region != null) {
                stsClientBuilder.region(region);
            } else {
                stsClientBuilder.region(Region.US_EAST_1);
                stsClientBuilder.endpointOverride(URI.create("https://sts.amazonaws.com"));
            }
        }
    }

    @Override // software.amazon.awssdk.auth.credentials.WebIdentityTokenCredentialsProviderFactory
    public AwsCredentialsProvider create(WebIdentityTokenCredentialProperties webIdentityTokenCredentialProperties) {
        return new StsWebIdentityCredentialsProvider(webIdentityTokenCredentialProperties);
    }
}
