package com.amazonaws.auth;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceClient;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.handlers.HandlerChainFactory;
import com.amazonaws.handlers.RequestHandler;
import com.amazonaws.handlers.RequestHandler2;
import com.amazonaws.http.UrlHttpClient;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityRequest;
import com.amazonaws.services.cognitoidentity.model.GetCredentialsForIdentityResult;
import com.amazonaws.services.cognitoidentity.model.transform.ConcurrentModificationExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.DeveloperUserAlreadyRegisteredExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.ExternalServiceExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.InternalErrorExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.InvalidIdentityPoolConfigurationExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.InvalidParameterExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.LimitExceededExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.NotAuthorizedExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.ResourceConflictExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.ResourceNotFoundExceptionUnmarshaller;
import com.amazonaws.services.cognitoidentity.model.transform.TooManyRequestsExceptionUnmarshaller;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.transform.JsonErrorUnmarshaller;
import com.google.firebase.messaging.ServiceStarter;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes2.dex */
public abstract class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public final String authRoleArn;
    public final AmazonCognitoIdentityClient cib;
    public final ReentrantReadWriteLock credentialsLock;
    public final AWSAbstractCognitoIdentityProvider identityProvider;
    public final int refreshThreshold;
    public final String region;
    public BasicSessionCredentials sessionCredentials;
    public Date sessionCredentialsExpiration;
    public final int sessionDuration;
    public String token;
    public final String unauthRoleArn;
    public final boolean useEnhancedFlow;

    static {
        LogFactory.getLog(AWSCredentialsProviderChain.class);
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [com.amazonaws.AmazonWebServiceClient, com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityClient] */
    public CognitoCredentialsProvider(Regions regions) {
        Regions fromName;
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        StaticCredentialsProvider staticCredentialsProvider = new StaticCredentialsProvider(new AnonymousAWSCredentials());
        ?? amazonWebServiceClient = new AmazonWebServiceClient(clientConfiguration, new UrlHttpClient(clientConfiguration));
        amazonWebServiceClient.awsCredentialsProvider = staticCredentialsProvider;
        ArrayList arrayList = new ArrayList();
        amazonWebServiceClient.jsonErrorUnmarshallers = arrayList;
        arrayList.add(new ConcurrentModificationExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new DeveloperUserAlreadyRegisteredExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new ExternalServiceExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new InternalErrorExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new InvalidIdentityPoolConfigurationExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new InvalidParameterExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new LimitExceededExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new NotAuthorizedExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new ResourceConflictExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new ResourceNotFoundExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new TooManyRequestsExceptionUnmarshaller());
        amazonWebServiceClient.jsonErrorUnmarshallers.add(new JsonErrorUnmarshaller());
        amazonWebServiceClient.setEndpoint("cognito-identity.us-east-1.amazonaws.com");
        amazonWebServiceClient.endpointPrefix = "cognito-identity";
        HandlerChainFactory handlerChainFactory = new HandlerChainFactory();
        amazonWebServiceClient.requestHandler2s.addAll(handlerChainFactory.createRequestHandlerChain(RequestHandler.class, "/com/amazonaws/services/cognitoidentity/request.handlers"));
        amazonWebServiceClient.requestHandler2s.addAll(handlerChainFactory.createRequestHandlerChain(RequestHandler2.class, "/com/amazonaws/services/cognitoidentity/request.handler2s"));
        amazonWebServiceClient.setRegion(RegionUtils.getRegion(regions.getName()));
        this.cib = amazonWebServiceClient;
        synchronized (amazonWebServiceClient) {
            fromName = Regions.fromName(amazonWebServiceClient.region.name);
        }
        this.region = fromName.getName();
        this.unauthRoleArn = null;
        this.authRoleArn = null;
        this.sessionDuration = 3600;
        this.refreshThreshold = ServiceStarter.ERROR_UNKNOWN;
        this.useEnhancedFlow = true;
        this.identityProvider = new AWSAbstractCognitoIdentityProvider(amazonWebServiceClient);
        this.credentialsLock = new ReentrantReadWriteLock(true);
    }

    public abstract String getIdentityId();

    public final boolean needsNewSession() {
        if (this.sessionCredentials == null) {
            return true;
        }
        return this.sessionCredentialsExpiration.getTime() - (System.currentTimeMillis() - (SDKGlobalConfiguration.GLOBAL_TIME_OFFSET.get() * 1000)) < ((long) (this.refreshThreshold * 1000));
    }

    public final void startSession() {
        HashMap hashMap;
        HashMap hashMap2;
        GetCredentialsForIdentityResult credentialsForIdentity;
        AWSAbstractCognitoIdentityProvider aWSAbstractCognitoIdentityProvider = this.identityProvider;
        try {
            this.token = aWSAbstractCognitoIdentityProvider.refresh();
        } catch (AmazonServiceException e2) {
            if (!e2.errorCode.equals("ValidationException")) {
                throw e2;
            }
            aWSAbstractCognitoIdentityProvider.identityChanged(null);
            this.token = aWSAbstractCognitoIdentityProvider.refresh();
        }
        if (!this.useEnhancedFlow) {
            String str = this.token;
            HashMap hashMap3 = aWSAbstractCognitoIdentityProvider.loginsMap;
            String str2 = (hashMap3 == null || hashMap3.size() <= 0) ? this.unauthRoleArn : this.authRoleArn;
            AssumeRoleWithWebIdentityRequest assumeRoleWithWebIdentityRequest = new AssumeRoleWithWebIdentityRequest();
            assumeRoleWithWebIdentityRequest.webIdentityToken = str;
            assumeRoleWithWebIdentityRequest.roleArn = str2;
            assumeRoleWithWebIdentityRequest.roleSessionName = "ProviderSession";
            assumeRoleWithWebIdentityRequest.durationSeconds = Integer.valueOf(this.sessionDuration);
            assumeRoleWithWebIdentityRequest.requestClientOptions.appendUserAgent(CognitoCachingCredentialsProvider.USER_AGENT);
            throw null;
        }
        String str3 = this.token;
        String str4 = this.region;
        if (str3 == null || str3.isEmpty()) {
            hashMap = aWSAbstractCognitoIdentityProvider.loginsMap;
        } else {
            hashMap = new HashMap();
            hashMap.put(Regions.CN_NORTH_1.getName().equals(str4) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", str3);
        }
        GetCredentialsForIdentityRequest getCredentialsForIdentityRequest = new GetCredentialsForIdentityRequest();
        getCredentialsForIdentityRequest.identityId = getIdentityId();
        getCredentialsForIdentityRequest.logins = hashMap;
        getCredentialsForIdentityRequest.customRoleArn = null;
        try {
            credentialsForIdentity = this.cib.getCredentialsForIdentity(getCredentialsForIdentityRequest);
        } catch (AmazonServiceException e3) {
            if (!e3.errorCode.equals("ValidationException")) {
                throw e3;
            }
            aWSAbstractCognitoIdentityProvider.identityChanged(null);
            String refresh = aWSAbstractCognitoIdentityProvider.refresh();
            this.token = refresh;
            if (refresh == null || refresh.isEmpty()) {
                hashMap2 = aWSAbstractCognitoIdentityProvider.loginsMap;
            } else {
                hashMap2 = new HashMap();
                hashMap2.put(Regions.CN_NORTH_1.getName().equals(str4) ? "cognito-identity.cn-north-1.amazonaws.com.cn" : "cognito-identity.amazonaws.com", this.token);
            }
            GetCredentialsForIdentityRequest getCredentialsForIdentityRequest2 = new GetCredentialsForIdentityRequest();
            getCredentialsForIdentityRequest2.identityId = getIdentityId();
            getCredentialsForIdentityRequest2.logins = hashMap2;
            getCredentialsForIdentityRequest2.customRoleArn = null;
            credentialsForIdentity = this.cib.getCredentialsForIdentity(getCredentialsForIdentityRequest2);
        }
        Credentials credentials = credentialsForIdentity.credentials;
        this.sessionCredentials = new BasicSessionCredentials(credentials.accessKeyId, credentials.secretKey, credentials.sessionToken);
        Date date = credentials.expiration;
        ReentrantReadWriteLock reentrantReadWriteLock = this.credentialsLock;
        reentrantReadWriteLock.writeLock().lock();
        try {
            this.sessionCredentialsExpiration = date;
            reentrantReadWriteLock.writeLock().unlock();
            if (credentialsForIdentity.identityId.equals(getIdentityId())) {
                return;
            }
            aWSAbstractCognitoIdentityProvider.identityChanged(credentialsForIdentity.identityId);
        } catch (Throwable th) {
            reentrantReadWriteLock.writeLock().unlock();
            throw th;
        }
    }
}
