package com.expediagroup.apiary.shaded.com.amazonaws.auth;

import com.expediagroup.apiary.shaded.com.amazonaws.SdkClientException;
import com.expediagroup.apiary.shaded.com.amazonaws.annotation.SdkInternalApi;
import com.expediagroup.apiary.shaded.com.amazonaws.internal.CredentialsEndpointProvider;
import com.expediagroup.apiary.shaded.com.amazonaws.internal.EC2CredentialsUtils;
import com.expediagroup.apiary.shaded.com.amazonaws.util.DateUtils;
import com.expediagroup.apiary.shaded.com.amazonaws.util.json.Jackson;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* JADX INFO: Access modifiers changed from: package-private */
@SdkInternalApi
/* loaded from: input_file:com/expediagroup/apiary/shaded/com/amazonaws/auth/EC2CredentialsFetcher.class */
public class EC2CredentialsFetcher {
    private static final Log LOG = LogFactory.getLog(EC2CredentialsFetcher.class);
    private static final int REFRESH_THRESHOLD = 3600000;
    private static final int EXPIRATION_THRESHOLD = 900000;
    private static final String ACCESS_KEY_ID = "AccessKeyId";
    private static final String SECRET_ACCESS_KEY = "SecretAccessKey";
    private static final String TOKEN = "Token";
    private volatile AWSCredentials credentials;
    private volatile Date credentialsExpiration;
    protected volatile Date lastInstanceProfileCheck;
    private final CredentialsEndpointProvider credentialsEndpointProvider;

    public EC2CredentialsFetcher(CredentialsEndpointProvider credentialsEndpointProvider) {
        this.credentialsEndpointProvider = credentialsEndpointProvider;
    }

    public AWSCredentials getCredentials() {
        if (needsToLoadCredentials()) {
            fetchCredentials();
        }
        if (expired()) {
            throw new SdkClientException("The credentials received have been expired");
        }
        return this.credentials;
    }

    protected boolean needsToLoadCredentials() {
        if (this.credentials == null) {
            return true;
        }
        if (this.credentialsExpiration == null || !isWithinExpirationThreshold()) {
            return this.lastInstanceProfileCheck != null && isPastRefreshThreshold();
        }
        return true;
    }

    private synchronized void fetchCredentials() {
        if (needsToLoadCredentials()) {
            try {
                this.lastInstanceProfileCheck = new Date();
                JsonNode jsonNodeOf = Jackson.jsonNodeOf(EC2CredentialsUtils.getInstance().readResource(this.credentialsEndpointProvider.getCredentialsEndpoint(), this.credentialsEndpointProvider.getRetryPolicy(), this.credentialsEndpointProvider.getHeaders()));
                JsonNode jsonNode = jsonNodeOf.get(ACCESS_KEY_ID);
                JsonNode jsonNode2 = jsonNodeOf.get(SECRET_ACCESS_KEY);
                JsonNode jsonNode3 = jsonNodeOf.get(TOKEN);
                if (null == jsonNode || null == jsonNode2) {
                    throw new SdkClientException("Unable to load credentials.");
                }
                if (null != jsonNode3) {
                    this.credentials = new BasicSessionCredentials(jsonNode.asText(), jsonNode2.asText(), jsonNode3.asText());
                } else {
                    this.credentials = new BasicAWSCredentials(jsonNode.asText(), jsonNode2.asText());
                }
                JsonNode jsonNode4 = jsonNodeOf.get("Expiration");
                if (null != jsonNode4) {
                    try {
                        this.credentialsExpiration = DateUtils.parseISO8601Date(jsonNode4.asText().replaceAll("\\+0000$", "Z"));
                    } catch (Exception e) {
                        handleError("Unable to parse credentials expiration date from Amazon EC2 instance", e);
                    }
                }
            } catch (JsonMappingException e2) {
                handleError("Unable to parse response returned from service endpoint", e2);
            } catch (IOException e3) {
                handleError("Unable to load credentials from service endpoint", e3);
            } catch (URISyntaxException e4) {
                handleError("Unable to load credentials from service endpoint", e4);
            }
        }
    }

    private void handleError(String str, Exception exc) {
        if (this.credentials == null || expired()) {
            throw new SdkClientException(str, exc);
        }
        LOG.debug(str, exc);
    }

    public void refresh() {
        this.credentials = null;
    }

    private boolean isWithinExpirationThreshold() {
        return this.credentialsExpiration.getTime() - System.currentTimeMillis() < 900000;
    }

    private boolean isPastRefreshThreshold() {
        return System.currentTimeMillis() - this.lastInstanceProfileCheck.getTime() > 3600000;
    }

    private boolean expired() {
        return this.credentialsExpiration != null && this.credentialsExpiration.getTime() < System.currentTimeMillis();
    }

    public Date getCredentialsExpiration() {
        return this.credentialsExpiration;
    }

    public String toString() {
        return getClass().getSimpleName();
    }
}
