package net.jsign.jca;

import com.cedarsoftware.util.io.JsonReader;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.net.HttpURLConnection;
import java.net.SocketException;
import java.net.URL;
import java.net.UnknownServiceException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import org.apache.commons.io.IOUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jsign/jca/AmazonIMDS2Client.class */
public class AmazonIMDS2Client {
    private static final String ROLE_PATTERN = "[-\\w+=,.@]{1,64}";
    private static final String IMDS_ENDPOINT = "http://169.254.169.254";
    private static final int TOKEN_TTL_SECONDS = 21600;

    public String getInstanceProfileName() throws IOException {
        String metaData = getMetaData("iam/security-credentials", 404);
        if (metaData == null) {
            return null;
        }
        String[] split = metaData.trim().split("\n");
        if (split.length == 0 || !split[0].matches(ROLE_PATTERN)) {
            throw new RuntimeException("Unable to read the instance profile name");
        }
        return split[0];
    }

    public AmazonCredentials getCredentials() throws IOException {
        String instanceProfileName = getInstanceProfileName();
        if (instanceProfileName == null) {
            throw new RuntimeException("This EC2 instance seems not to be associated with an instance profile");
        }
        return getCredentials(instanceProfileName);
    }

    public AmazonCredentials getCredentials(String str) throws IOException {
        Map jsonToMaps = JsonReader.jsonToMaps(getMetaData("iam/security-credentials/" + str));
        return new AmazonCredentials((String) jsonToMaps.get("AccessKeyId"), (String) jsonToMaps.get("SecretAccessKey"), (String) jsonToMaps.get("Token"));
    }

    private String getApiToken() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://169.254.169.254/latest/api/token").openConnection();
        httpURLConnection.setConnectTimeout(3000);
        httpURLConnection.setRequestMethod("PUT");
        httpURLConnection.setRequestProperty("X-aws-ec2-metadata-token-ttl-seconds", String.valueOf(TOKEN_TTL_SECONDS));
        try {
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode == 404 || responseCode == 411) {
                throw new UnknownServiceException("IMDSv2 host did not respond as expected; are you in AWS cloud?");
            }
            if (responseCode == 403) {
                throw new UnknownServiceException("IMDSv2 is possibly disabled on this host");
            }
            if (responseCode >= 400) {
                throw handleError(httpURLConnection);
            }
            String iOUtils = IOUtils.toString(httpURLConnection.getInputStream(), StandardCharsets.UTF_8);
            if (iOUtils == null) {
                throw new RuntimeException("Unable to obtain an API token to query the IMDS v2 service");
            }
            return iOUtils;
        } catch (InterruptedIOException | SocketException e) {
            throw ((IOException) new UnknownServiceException("IMDSv2 host was unreachable; check the hop limit if containerized").initCause(e));
        }
    }

    private String getMetaData(String str, int i) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("http://169.254.169.254/latest/meta-data/" + str).openConnection();
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.setRequestProperty("X-aws-ec2-metadata-token", getApiToken());
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode < 400) {
            return IOUtils.toString(httpURLConnection.getInputStream(), StandardCharsets.UTF_8);
        }
        if (i <= 0 || responseCode != i) {
            throw handleError(httpURLConnection);
        }
        return null;
    }

    private String getMetaData(String str) throws IOException {
        return getMetaData(str, -1);
    }

    private IOException handleError(HttpURLConnection httpURLConnection) throws IOException {
        return new IOException("HTTP Error " + httpURLConnection.getResponseCode() + (httpURLConnection.getResponseMessage() != null ? " - " + httpURLConnection.getResponseMessage() : "") + " (" + httpURLConnection.getURL() + ")");
    }
}
