package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.mobile.client.AWSMobileClientCognitoIdentityProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentity;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.cognitoidentity.model.ResourceNotFoundException;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public String authRoleArn;
    public AmazonCognitoIdentity cib;
    public ReentrantReadWriteLock credentialsLock;
    public String customRoleArn;
    public final AWSCognitoIdentityProvider identityProvider;
    public int refreshThreshold;
    public final String region;
    public AWSSessionCredentials sessionCredentials;
    public Date sessionCredentialsExpiration;
    public int sessionDuration;
    public String token;
    public String unauthRoleArn;
    public boolean useEnhancedFlow;

    static {
        LogFactory.getLog(AWSCredentialsProviderChain.class);
    }

    public CognitoCredentialsProvider(AWSCognitoIdentityProvider aWSCognitoIdentityProvider, Regions regions) {
        AmazonCognitoIdentityClient amazonCognitoIdentityClient = new AmazonCognitoIdentityClient(new AnonymousAWSCredentials(), new ClientConfiguration());
        amazonCognitoIdentityClient.setRegion(Region.getRegion(regions));
        this.cib = amazonCognitoIdentityClient;
        this.region = amazonCognitoIdentityClient.getRegions().name;
        this.identityProvider = aWSCognitoIdentityProvider;
        this.unauthRoleArn = null;
        this.authRoleArn = null;
        this.sessionDuration = 3600;
        this.refreshThreshold = 500;
        this.useEnhancedFlow = true;
        this.credentialsLock = new ReentrantReadWriteLock(true);
    }

    public void clearCredentials() {
        throw null;
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        this.credentialsLock.writeLock().lock();
        try {
            if (needsNewSession()) {
                startSession();
            }
            return this.sessionCredentials;
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    public String getIdentityId() {
        throw null;
    }

    public Map<String, String> getLogins() {
        return ((AWSMobileClientCognitoIdentityProvider) this.identityProvider).f2261g;
    }

    public String getUserAgent() {
        throw null;
    }

    public boolean needsNewSession() {
        if (this.sessionCredentials == null) {
            return true;
        }
        return this.sessionCredentialsExpiration.getTime() - (System.currentTimeMillis() - ((long) (SDKGlobalConfiguration.getGlobalTimeOffset() * 1000))) < ((long) (this.refreshThreshold * 1000));
    }

    public final GetCredentialsForIdentityResult retryGetCredentialsForIdentity() {
        Map<String, String> logins;
        this.token = retryRefresh();
        String str = this.token;
        if (str == null || str.isEmpty()) {
            logins = getLogins();
        } else {
            logins = new HashMap<>();
            logins.put(Regions.CN_NORTH_1.name.equals(this.region) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", this.token);
        }
        GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
        getCredentialsForIdentityRequest.identityId = getIdentityId();
        getCredentialsForIdentityRequest.logins = logins;
        getCredentialsForIdentityRequest.customRoleArn = this.customRoleArn;
        return ((AmazonCognitoIdentityClient) this.cib).getCredentialsForIdentity(getCredentialsForIdentityRequest);
    }

    public final String retryRefresh() {
        String str = null;
        setIdentityId(null);
        AWSMobileClientCognitoIdentityProvider aWSMobileClientCognitoIdentityProvider = (AWSMobileClientCognitoIdentityProvider) this.identityProvider;
        if (aWSMobileClientCognitoIdentityProvider.isDeveloperAuthenticated) {
            str = aWSMobileClientCognitoIdentityProvider.f2259e;
        } else {
            aWSMobileClientCognitoIdentityProvider.a();
        }
        this.token = str;
        return this.token;
    }

    public void setIdentityId(String str) {
        ((AWSMobileClientCognitoIdentityProvider) this.identityProvider).a(str);
    }

    public void setSessionCredentialsExpiration(Date date) {
        this.credentialsLock.writeLock().lock();
        try {
            this.sessionCredentialsExpiration = date;
        } finally {
            this.credentialsLock.writeLock().unlock();
        }
    }

    public void startSession() {
        Map<String, String> logins;
        GetCredentialsForIdentityResult retryGetCredentialsForIdentity;
        String str;
        try {
            AWSMobileClientCognitoIdentityProvider aWSMobileClientCognitoIdentityProvider = (AWSMobileClientCognitoIdentityProvider) this.identityProvider;
            if (aWSMobileClientCognitoIdentityProvider.isDeveloperAuthenticated) {
                str = aWSMobileClientCognitoIdentityProvider.f2259e;
            } else {
                aWSMobileClientCognitoIdentityProvider.a();
                str = null;
            }
            this.token = str;
        } catch (ResourceNotFoundException unused) {
            this.token = retryRefresh();
        } catch (AmazonServiceException e2) {
            if (!e2.getErrorCode().equals("ValidationException")) {
                throw e2;
            }
            this.token = retryRefresh();
        }
        if (!this.useEnhancedFlow) {
            String str2 = this.token;
            Map<String, String> map = ((AWSMobileClientCognitoIdentityProvider) this.identityProvider).f2261g;
            String str3 = map != null && map.size() > 0 ? this.authRoleArn : this.unauthRoleArn;
            AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
            assumeRoleWithWebIdentityRequest.webIdentityToken = str2;
            assumeRoleWithWebIdentityRequest.roleArn = str3;
            assumeRoleWithWebIdentityRequest.roleSessionName = "ProviderSession";
            assumeRoleWithWebIdentityRequest.durationSeconds = Integer.valueOf(this.sessionDuration);
            assumeRoleWithWebIdentityRequest.requestClientOptions.appendUserAgent(getUserAgent());
            throw null;
        }
        String str4 = this.token;
        if (str4 == null || str4.isEmpty()) {
            logins = getLogins();
        } else {
            logins = new HashMap<>();
            logins.put(Regions.CN_NORTH_1.name.equals(this.region) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", str4);
        }
        GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
        getCredentialsForIdentityRequest.identityId = getIdentityId();
        getCredentialsForIdentityRequest.logins = logins;
        getCredentialsForIdentityRequest.customRoleArn = this.customRoleArn;
        try {
            retryGetCredentialsForIdentity = ((AmazonCognitoIdentityClient) this.cib).getCredentialsForIdentity(getCredentialsForIdentityRequest);
        } catch (ResourceNotFoundException unused2) {
            retryGetCredentialsForIdentity = retryGetCredentialsForIdentity();
        } catch (AmazonServiceException e3) {
            if (!e3.getErrorCode().equals("ValidationException")) {
                throw e3;
            }
            retryGetCredentialsForIdentity = retryGetCredentialsForIdentity();
        }
        Credentials credentials = retryGetCredentialsForIdentity.credentials;
        this.sessionCredentials = new BasicSessionCredentials(credentials.accessKeyId, credentials.secretKey, credentials.sessionToken);
        setSessionCredentialsExpiration(credentials.expiration);
        if (retryGetCredentialsForIdentity.identityId.equals(getIdentityId())) {
            return;
        }
        setIdentityId(retryGetCredentialsForIdentity.identityId);
    }
}
