package com.amazonaws.auth;

import com.amazonaws.AmazonClientException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.annotation.ThreadSafe;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetSessionTokenRequest;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;

@ThreadSafe
/* loaded from: input_file:com/amazonaws/auth/STSSessionCredentialsProvider.class */
public class STSSessionCredentialsProvider implements AWSSessionCredentialsProvider {
    public static final int DEFAULT_DURATION_SECONDS = 3600;
    private static final int EXPIRY_TIME_MILLIS = 60000;
    private static final long NEW_SESSION_MAX_WAIT_SECONDS = 5;
    private static final long ASYNC_REFRESH_EXPIRATION_IN_MILLIS = TimeUnit.MINUTES.toMillis(NEW_SESSION_MAX_WAIT_SECONDS);
    private final AWSSecurityTokenService securityTokenService;
    private final Lock blockingNewSessionLock;
    private final AtomicReference<SessionCredentialsHolder> sessionCredentials;
    private final AtomicReference<Thread> refreshThread;
    private final AtomicBoolean asyncRefreshing;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/amazonaws/auth/STSSessionCredentialsProvider$SessionCredentialsHolder.class */
    public static final class SessionCredentialsHolder {
        private final AWSSessionCredentials sessionCredentials;
        private final Date sessionCredentialsExpiration;

        private SessionCredentialsHolder(AWSSessionCredentials aWSSessionCredentials, Date date) {
            this.sessionCredentials = aWSSessionCredentials;
            this.sessionCredentialsExpiration = date;
        }

        public int hashCode() {
            return this.sessionCredentials.hashCode();
        }

        public boolean equals(Object obj) {
            if (null == obj || getClass() != obj.getClass()) {
                return false;
            }
            SessionCredentialsHolder sessionCredentialsHolder = (SessionCredentialsHolder) obj;
            return this.sessionCredentials == sessionCredentialsHolder.sessionCredentials || (null != this.sessionCredentials && this.sessionCredentials.equals(sessionCredentialsHolder.sessionCredentials));
        }
    }

    public STSSessionCredentialsProvider(AWSCredentials aWSCredentials) {
        this(aWSCredentials, new ClientConfiguration());
    }

    public STSSessionCredentialsProvider(AWSCredentials aWSCredentials, ClientConfiguration clientConfiguration) {
        this.blockingNewSessionLock = new ReentrantLock();
        this.sessionCredentials = new AtomicReference<>();
        this.refreshThread = new AtomicReference<>();
        this.asyncRefreshing = new AtomicBoolean(false);
        this.securityTokenService = new AWSSecurityTokenServiceClient(aWSCredentials, clientConfiguration);
    }

    public STSSessionCredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider) {
        this.blockingNewSessionLock = new ReentrantLock();
        this.sessionCredentials = new AtomicReference<>();
        this.refreshThread = new AtomicReference<>();
        this.asyncRefreshing = new AtomicBoolean(false);
        this.securityTokenService = new AWSSecurityTokenServiceClient(aWSCredentialsProvider);
    }

    public STSSessionCredentialsProvider(AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration) {
        this.blockingNewSessionLock = new ReentrantLock();
        this.sessionCredentials = new AtomicReference<>();
        this.refreshThread = new AtomicReference<>();
        this.asyncRefreshing = new AtomicBoolean(false);
        this.securityTokenService = new AWSSecurityTokenServiceClient(aWSCredentialsProvider, clientConfiguration);
    }

    public void setSTSClientEndpoint(String str) {
        this.securityTokenService.setEndpoint(str);
        this.sessionCredentials.set(null);
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        if (needsNewSession(this.sessionCredentials.get())) {
            blockingNewSession();
        } else if (shouldAsyncRefresh()) {
            asyncNewSession();
        }
        SessionCredentialsHolder sessionCredentialsHolder = this.sessionCredentials.get();
        if (sessionCredentialsHolder == null || sessionCredentialsHolder.sessionCredentials == null) {
            throw new IllegalStateException("Session credentials should never be null.");
        }
        return sessionCredentialsHolder.sessionCredentials;
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        this.sessionCredentials.set(null);
        blockingNewSession();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void newSession() {
        Credentials credentials = this.securityTokenService.getSessionToken(new GetSessionTokenRequest().withDurationSeconds(3600)).getCredentials();
        this.sessionCredentials.compareAndSet(this.sessionCredentials.get(), new SessionCredentialsHolder(new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()), credentials.getExpiration()));
    }

    private void handleWaitError(String str, Exception exc) {
        Thread thread = this.refreshThread.get();
        if (null != thread) {
            try {
                thread.interrupt();
            } catch (SecurityException e) {
            }
        }
        throw new AmazonClientException(str, exc);
    }

    private void blockingNewSession() {
        try {
        } catch (InterruptedException e) {
            handleWaitError("Interrupted waiting for new session credentials.", e);
        }
        if (!this.blockingNewSessionLock.tryLock(NEW_SESSION_MAX_WAIT_SECONDS, TimeUnit.SECONDS)) {
            newSession();
            return;
        }
        try {
            if (needsNewSession()) {
                newSession();
                this.blockingNewSessionLock.unlock();
            }
        } finally {
            this.blockingNewSessionLock.unlock();
        }
    }

    private void asyncNewSession() {
        if (this.asyncRefreshing.compareAndSet(false, true)) {
            try {
                this.refreshThread.set(new Thread() { // from class: com.amazonaws.auth.STSSessionCredentialsProvider.1
                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        try {
                            STSSessionCredentialsProvider.this.newSession();
                            STSSessionCredentialsProvider.this.asyncRefreshing.set(false);
                        } catch (Throwable th) {
                            STSSessionCredentialsProvider.this.asyncRefreshing.set(false);
                            throw th;
                        }
                    }
                });
                this.refreshThread.get().start();
            } catch (RuntimeException e) {
                this.asyncRefreshing.set(false);
                throw e;
            }
        }
    }

    private boolean shouldAsyncRefresh() {
        Date date = this.sessionCredentials.get().sessionCredentialsExpiration;
        return date != null && date.getTime() - System.currentTimeMillis() < ASYNC_REFRESH_EXPIRATION_IN_MILLIS;
    }

    private static boolean expiring(Date date) {
        return date.getTime() - System.currentTimeMillis() < ClientConfiguration.DEFAULT_CONNECTION_MAX_IDLE_MILLIS;
    }

    private boolean needsNewSession() {
        return needsNewSession(this.sessionCredentials.get());
    }

    private boolean needsNewSession(SessionCredentialsHolder sessionCredentialsHolder) {
        return sessionCredentialsHolder == null || expiring(sessionCredentialsHolder.sessionCredentialsExpiration);
    }
}
