package com.amazonaws.auth;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityService;
import com.amazonaws.services.cognitoidentity.AmazonCognitoIdentityServiceClient;
import com.amazonaws.services.cognitoidentity.model.GetIdRequest;
import com.amazonaws.services.cognitoidentity.model.GetIdResult;
import com.amazonaws.services.cognitoidentity.model.GetOpenIdTokenRequest;
import com.amazonaws.services.cognitoidentity.model.GetOpenIdTokenResult;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithWebIdentityRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* loaded from: classes.dex */
public class CognitoCredentialsProvider implements AWSCredentialsProvider {
    public static final int DEFAULT_DURATION_SECONDS = 3600;
    public static final int DEFAULT_THRESHOLD_SECONDS = 500;
    protected final String accountId;
    protected final String authRoleArn;
    protected final AmazonCognitoIdentityService cib;
    public String identityId;
    protected final String identityPoolId;
    protected Set<IdentityChangedListener> listeners;
    public Map<String, String> logins;
    protected String openIdConnectToken;
    protected int refreshThreshold;
    protected final AWSSecurityTokenService securityTokenService;
    public AWSSessionCredentials sessionCredentials;
    public Date sessionCredentialsExpiration;
    protected int sessionDuration;
    protected final String unAuthRoleArn;

    /* loaded from: classes.dex */
    public interface IdentityChangedListener {
        void identityChanged(String str, String str2);
    }

    public CognitoCredentialsProvider(String str, String str2, String str3, String str4) {
        this(str, str2, str3, str4, new ClientConfiguration());
    }

    public CognitoCredentialsProvider(String str, String str2, String str3, String str4, ClientConfiguration clientConfiguration) {
        this(str, str2, str3, str4, new AmazonCognitoIdentityServiceClient(new AnonymousAWSCredentials(), clientConfiguration), new AWSSecurityTokenServiceClient(new AnonymousAWSCredentials(), clientConfiguration));
    }

    public CognitoCredentialsProvider(String str, String str2, String str3, String str4, AmazonCognitoIdentityService amazonCognitoIdentityService, AWSSecurityTokenService aWSSecurityTokenService) {
        this.cib = amazonCognitoIdentityService;
        this.securityTokenService = aWSSecurityTokenService;
        this.accountId = str;
        this.identityPoolId = str2;
        this.unAuthRoleArn = str3;
        this.authRoleArn = str4;
        this.sessionDuration = 3600;
        this.refreshThreshold = 500;
        this.listeners = new HashSet();
    }

    private void identityChanged(String str) {
        String str2 = this.identityId;
        this.identityId = str;
        Iterator<IdentityChangedListener> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().identityChanged(str2, this.identityId);
        }
    }

    public void clear() {
        this.identityId = null;
        this.sessionCredentials = null;
        this.sessionCredentialsExpiration = null;
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public AWSSessionCredentials getCredentials() {
        if (needsNewSession()) {
            startSession();
        }
        return this.sessionCredentials;
    }

    public String getIdentityId() {
        if (this.identityId == null) {
            GetIdResult id = this.cib.getId(new GetIdRequest().withAccountId(this.accountId).withIdentityPoolId(this.identityPoolId).withLogins(this.logins));
            if (id.getIdentityId() != null) {
                identityChanged(id.getIdentityId());
            }
        }
        return this.identityId;
    }

    public Map<String, String> getLogins() {
        return this.logins;
    }

    public int getRefreshThreshold() {
        return this.refreshThreshold;
    }

    public int getSessionDuration() {
        return this.sessionDuration;
    }

    public boolean needsNewSession() {
        return this.sessionCredentials == null || this.sessionCredentialsExpiration.getTime() - System.currentTimeMillis() < ((long) (this.refreshThreshold * 1000));
    }

    @Override // com.amazonaws.auth.AWSCredentialsProvider
    public void refresh() {
        startSession();
    }

    public void registerIdentityChangedListener(IdentityChangedListener identityChangedListener) {
        this.listeners.add(identityChangedListener);
    }

    public void setLogins(Map<String, String> map) {
        this.logins = map;
        this.sessionCredentials = null;
    }

    public void setRefreshThreshold(int i) {
        this.refreshThreshold = i;
    }

    public void setSessionDuration(int i) {
        this.sessionDuration = i;
    }

    protected void startSession() {
        getIdentityId();
        GetOpenIdTokenResult openIdToken = this.cib.getOpenIdToken(new GetOpenIdTokenRequest().withIdentityId(this.identityId).withLogins(this.logins));
        this.openIdConnectToken = openIdToken.getToken();
        if (!openIdToken.getIdentityId().equals(this.identityId)) {
            identityChanged(openIdToken.getIdentityId());
        }
        String str = this.unAuthRoleArn;
        if (this.logins != null && this.logins.size() > 0) {
            str = this.authRoleArn;
        }
        Credentials credentials = this.securityTokenService.assumeRoleWithWebIdentity(new AssumeRoleWithWebIdentityRequest().withWebIdentityToken(this.openIdConnectToken).withRoleArn(str).withRoleSessionName("ProviderSession").withDurationSeconds(Integer.valueOf(this.sessionDuration))).getCredentials();
        this.sessionCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
        this.sessionCredentialsExpiration = credentials.getExpiration();
    }

    public void unregisterIdentityChangedListener(IdentityChangedListener identityChangedListener) {
        this.listeners.remove(identityChangedListener);
    }

    public CognitoCredentialsProvider withLogins(Map<String, String> map) {
        setLogins(map);
        return this;
    }

    public CognitoCredentialsProvider withRefreshThreshold(int i) {
        setRefreshThreshold(i);
        return this;
    }

    public CognitoCredentialsProvider withSessionDuration(int i) {
        setSessionDuration(i);
        return this;
    }
}
