package com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.internal;

import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.AwsCredentialsProviderChain;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.ChildProfileCredentialsProviderFactory;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.ContainerCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.ProcessCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.ProfileCredentialsProviderFactory;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.ProfileProviderCredentialsContext;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
import com.io7m.peixoto.sdk.software.amazon.awssdk.core.internal.util.ClassLoaderHelper;
import com.io7m.peixoto.sdk.software.amazon.awssdk.profiles.Profile;
import com.io7m.peixoto.sdk.software.amazon.awssdk.profiles.ProfileFile;
import com.io7m.peixoto.sdk.software.amazon.awssdk.profiles.ProfileProperty;
import com.io7m.peixoto.sdk.software.amazon.awssdk.profiles.internal.ProfileSection;
import com.io7m.peixoto.sdk.software.amazon.awssdk.utils.Validate;
import java.lang.reflect.InvocationTargetException;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;

/* loaded from: classes4.dex */
public final class ProfileCredentialsUtils {
    private static final String SSO_PROFILE_CREDENTIALS_PROVIDER_FACTORY = "com.io7m.peixoto.sdk.software.amazon.awssdk.services.sso.auth.SsoProfileCredentialsProviderFactory";
    private static final String STS_PROFILE_CREDENTIALS_PROVIDER_FACTORY = "com.io7m.peixoto.sdk.software.amazon.awssdk.services.sts.internal.StsProfileCredentialsProviderFactory";
    private final Function<String, Optional<Profile>> credentialsSourceResolver;
    private final String name;
    private final Profile profile;
    private final ProfileFile profileFile;
    private final Map<String, String> properties;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.internal.ProfileCredentialsUtils$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$software$amazon$awssdk$auth$credentials$internal$CredentialSourceType;

        static {
            int[] iArr = new int[CredentialSourceType.values().length];
            $SwitchMap$software$amazon$awssdk$auth$credentials$internal$CredentialSourceType = iArr;
            try {
                iArr[CredentialSourceType.ECS_CONTAINER.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$software$amazon$awssdk$auth$credentials$internal$CredentialSourceType[CredentialSourceType.EC2_INSTANCE_METADATA.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$software$amazon$awssdk$auth$credentials$internal$CredentialSourceType[CredentialSourceType.ENVIRONMENT.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public ProfileCredentialsUtils(ProfileFile profileFile, Profile profile, Function<String, Optional<Profile>> function) {
        this.profileFile = (ProfileFile) Validate.paramNotNull(profileFile, "profileFile");
        this.profile = (Profile) Validate.paramNotNull(profile, "profile");
        this.name = profile.name();
        this.properties = profile.properties();
        this.credentialsSourceResolver = function;
    }

    private AwsCredentialsProvider basicProfileCredentialsProvider() {
        requireProperties(ProfileProperty.AWS_ACCESS_KEY_ID, ProfileProperty.AWS_SECRET_ACCESS_KEY);
        return StaticCredentialsProvider.create(AwsBasicCredentials.builder().accessKeyId(this.properties.get(ProfileProperty.AWS_ACCESS_KEY_ID)).secretAccessKey(this.properties.get(ProfileProperty.AWS_SECRET_ACCESS_KEY)).accountId(this.properties.get(ProfileProperty.AWS_ACCOUNT_ID)).mo454build());
    }

    private AwsCredentialsProvider credentialProcessCredentialsProvider() {
        requireProperties(ProfileProperty.CREDENTIAL_PROCESS);
        return ProcessCredentialsProvider.builder().command(this.properties.get(ProfileProperty.CREDENTIAL_PROCESS)).staticAccountId(this.properties.get(ProfileProperty.AWS_ACCOUNT_ID)).mo454build();
    }

    private AwsCredentialsProvider credentialSourceCredentialProvider(CredentialSourceType credentialSourceType) {
        int i = AnonymousClass1.$SwitchMap$software$amazon$awssdk$auth$credentials$internal$CredentialSourceType[credentialSourceType.ordinal()];
        if (i == 1) {
            return ContainerCredentialsProvider.builder().mo454build();
        }
        if (i == 2) {
            return InstanceProfileCredentialsProvider.builder().profileFile(this.profileFile).profileName(this.name).mo454build();
        }
        if (i == 3) {
            return AwsCredentialsProviderChain.builder().addCredentialsProvider((AwsCredentialsProvider) SystemPropertyCredentialsProvider.create()).addCredentialsProvider((AwsCredentialsProvider) EnvironmentVariableCredentialsProvider.create()).mo454build();
        }
        throw noSourceCredentialsException();
    }

    private Optional<AwsCredentialsProvider> credentialsProvider(Set<String> set) {
        if (this.properties.containsKey(ProfileProperty.ROLE_ARN) && this.properties.containsKey(ProfileProperty.WEB_IDENTITY_TOKEN_FILE)) {
            return Optional.ofNullable(roleAndWebIdentityTokenProfileCredentialsProvider());
        }
        if (this.properties.containsKey(ProfileProperty.SSO_ROLE_NAME) || this.properties.containsKey(ProfileProperty.SSO_ACCOUNT_ID) || this.properties.containsKey(ProfileProperty.SSO_REGION) || this.properties.containsKey(ProfileProperty.SSO_START_URL) || this.properties.containsKey(ProfileSection.SSO_SESSION.getPropertyKeyName())) {
            return Optional.ofNullable(ssoProfileCredentialsProvider());
        }
        if (this.properties.containsKey(ProfileProperty.ROLE_ARN)) {
            boolean containsKey = this.properties.containsKey(ProfileProperty.SOURCE_PROFILE);
            boolean containsKey2 = this.properties.containsKey(ProfileProperty.CREDENTIAL_SOURCE);
            Validate.validState((containsKey && containsKey2) ? false : true, "Invalid profile file: profile has both %s and %s.", ProfileProperty.SOURCE_PROFILE, ProfileProperty.CREDENTIAL_SOURCE);
            if (containsKey) {
                return Optional.ofNullable(roleAndSourceProfileBasedProfileCredentialsProvider(set));
            }
            if (containsKey2) {
                return Optional.ofNullable(roleAndCredentialSourceBasedProfileCredentialsProvider());
            }
        }
        return this.properties.containsKey(ProfileProperty.CREDENTIAL_PROCESS) ? Optional.ofNullable(credentialProcessCredentialsProvider()) : this.properties.containsKey(ProfileProperty.AWS_SESSION_TOKEN) ? Optional.of(sessionProfileCredentialsProvider()) : this.properties.containsKey(ProfileProperty.AWS_ACCESS_KEY_ID) ? Optional.of(basicProfileCredentialsProvider()) : Optional.empty();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public IllegalStateException noSourceCredentialsException() {
        return new IllegalStateException(String.format("The source profile of '%s' was configured to be '%s', but that source profile has no credentials configured.", this.name, this.properties.get(ProfileProperty.SOURCE_PROFILE)));
    }

    private void requireProperties(String... strArr) {
        Arrays.stream(strArr).forEach(new Consumer() { // from class: com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.internal.ProfileCredentialsUtils$$ExternalSyntheticLambda0
            @Override // java.util.function.Consumer
            public final void accept(Object obj) {
                ProfileCredentialsUtils.this.m290xe76bba3a((String) obj);
            }
        });
    }

    private AwsCredentialsProvider roleAndCredentialSourceBasedProfileCredentialsProvider() {
        requireProperties(ProfileProperty.CREDENTIAL_SOURCE);
        return stsCredentialsProviderFactory().create(credentialSourceCredentialProvider(CredentialSourceType.parse(this.properties.get(ProfileProperty.CREDENTIAL_SOURCE))), this.profile);
    }

    private AwsCredentialsProvider roleAndSourceProfileBasedProfileCredentialsProvider(final Set<String> set) {
        requireProperties(ProfileProperty.SOURCE_PROFILE);
        Validate.validState(!set.contains(this.name), "Invalid profile file: Circular relationship detected with profiles %s.", set);
        Validate.validState(this.credentialsSourceResolver != null, "The profile '%s' must be configured with a source profile in order to use assumed roles.", this.name);
        set.add(this.name);
        return stsCredentialsProviderFactory().create((AwsCredentialsProvider) this.credentialsSourceResolver.apply(this.properties.get(ProfileProperty.SOURCE_PROFILE)).flatMap(new Function() { // from class: com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.internal.ProfileCredentialsUtils$$ExternalSyntheticLambda1
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return ProfileCredentialsUtils.this.m291x27b950ab(set, (Profile) obj);
            }
        }).orElseThrow(new Supplier() { // from class: com.io7m.peixoto.sdk.software.amazon.awssdk.auth.credentials.internal.ProfileCredentialsUtils$$ExternalSyntheticLambda2
            @Override // java.util.function.Supplier
            public final Object get() {
                IllegalStateException noSourceCredentialsException;
                noSourceCredentialsException = ProfileCredentialsUtils.this.noSourceCredentialsException();
                return noSourceCredentialsException;
            }
        }), this.profile);
    }

    private AwsCredentialsProvider roleAndWebIdentityTokenProfileCredentialsProvider() {
        requireProperties(ProfileProperty.ROLE_ARN, ProfileProperty.WEB_IDENTITY_TOKEN_FILE);
        String str = this.properties.get(ProfileProperty.ROLE_ARN);
        return WebIdentityCredentialsUtils.factory().create(WebIdentityTokenCredentialProperties.builder().roleArn(str).roleSessionName(this.properties.get(ProfileProperty.ROLE_SESSION_NAME)).webIdentityTokenFile(Paths.get(this.properties.get(ProfileProperty.WEB_IDENTITY_TOKEN_FILE), new String[0])).build());
    }

    private AwsCredentialsProvider sessionProfileCredentialsProvider() {
        requireProperties(ProfileProperty.AWS_ACCESS_KEY_ID, ProfileProperty.AWS_SECRET_ACCESS_KEY, ProfileProperty.AWS_SESSION_TOKEN);
        return StaticCredentialsProvider.create(AwsSessionCredentials.builder().accessKeyId(this.properties.get(ProfileProperty.AWS_ACCESS_KEY_ID)).secretAccessKey(this.properties.get(ProfileProperty.AWS_SECRET_ACCESS_KEY)).sessionToken(this.properties.get(ProfileProperty.AWS_SESSION_TOKEN)).accountId(this.properties.get(ProfileProperty.AWS_ACCOUNT_ID)).mo454build());
    }

    private ProfileCredentialsProviderFactory ssoCredentialsProviderFactory() {
        try {
            return (ProfileCredentialsProviderFactory) ClassLoaderHelper.loadClass(SSO_PROFILE_CREDENTIALS_PROVIDER_FACTORY, getClass()).getConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (ClassNotFoundException e) {
            throw new IllegalStateException("To use Sso related properties in the '" + this.name + "' profile, the 'sso' service module must be on the class path.", e);
        } catch (IllegalAccessException e2) {
            e = e2;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (InstantiationException e3) {
            e = e3;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (NoSuchMethodException e4) {
            e = e4;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (InvocationTargetException e5) {
            e = e5;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        }
    }

    private AwsCredentialsProvider ssoProfileCredentialsProvider() {
        validateRequiredPropertiesForSsoCredentialsProvider();
        return ssoCredentialsProviderFactory().create(ProfileProviderCredentialsContext.builder().profile(this.profile).profileFile(this.profileFile).build());
    }

    private ChildProfileCredentialsProviderFactory stsCredentialsProviderFactory() {
        try {
            return (ChildProfileCredentialsProviderFactory) ClassLoaderHelper.loadClass(STS_PROFILE_CREDENTIALS_PROVIDER_FACTORY, getClass()).getConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (ClassNotFoundException e) {
            throw new IllegalStateException("To use assumed roles in the '" + this.name + "' profile, the 'sts' service module must be on the class path.", e);
        } catch (IllegalAccessException e2) {
            e = e2;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (InstantiationException e3) {
            e = e3;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (NoSuchMethodException e4) {
            e = e4;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        } catch (InvocationTargetException e5) {
            e = e5;
            throw new IllegalStateException("Failed to create the '" + this.name + "' profile credentials provider.", e);
        }
    }

    private void validateRequiredPropertiesForSsoCredentialsProvider() {
        requireProperties(ProfileProperty.SSO_ACCOUNT_ID, ProfileProperty.SSO_ROLE_NAME);
        if (this.properties.containsKey(ProfileSection.SSO_SESSION.getPropertyKeyName())) {
            return;
        }
        requireProperties(ProfileProperty.SSO_REGION, ProfileProperty.SSO_START_URL);
    }

    public Optional<AwsCredentialsProvider> credentialsProvider() {
        return credentialsProvider(new HashSet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$requireProperties$1$com-io7m-peixoto-sdk-software-amazon-awssdk-auth-credentials-internal-ProfileCredentialsUtils, reason: not valid java name */
    public /* synthetic */ void m290xe76bba3a(String str) {
        Validate.isTrue(this.properties.containsKey(str), "Profile property '%s' was not configured for '%s'.", str, this.name);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$roleAndSourceProfileBasedProfileCredentialsProvider$0$com-io7m-peixoto-sdk-software-amazon-awssdk-auth-credentials-internal-ProfileCredentialsUtils, reason: not valid java name */
    public /* synthetic */ Optional m291x27b950ab(Set set, Profile profile) {
        return new ProfileCredentialsUtils(this.profileFile, profile, this.credentialsSourceResolver).credentialsProvider(set);
    }
}
