package com.hazelcast.aws.impl;

import com.amazonaws.auth.internal.SignerConstants;
import com.amazonaws.auth.policy.internal.JsonDocumentFields;
import com.hazelcast.aws.security.EC2RequestSigner;
import com.hazelcast.aws.utility.CloudyUtility;
import com.hazelcast.aws.utility.Environment;
import com.hazelcast.com.eclipsesource.json.JsonObject;
import com.hazelcast.config.AwsConfig;
import com.hazelcast.config.InvalidConfigurationException;
import com.hazelcast.nio.IOUtil;
import com.hazelcast.util.StringUtil;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/hazelcast/aws/impl/DescribeInstances.class */
public class DescribeInstances {
    public static final String IAM_ROLE_ENDPOINT = "169.254.169.254";
    public static final String IAM_TASK_ROLE_ENDPOINT = "169.254.170.2";
    private EC2RequestSigner rs;
    private AwsConfig awsConfig;
    private String endpoint;
    private Map<String, String> attributes = new HashMap();

    public DescribeInstances(AwsConfig awsConfig, String str) throws IOException {
        if (awsConfig == null) {
            throw new IllegalArgumentException("AwsConfig is required!");
        }
        this.awsConfig = awsConfig;
        this.endpoint = str;
        checkKeysFromIamRoles(new Environment());
        String formattedTimestamp = getFormattedTimestamp();
        this.rs = new EC2RequestSigner(awsConfig, formattedTimestamp, str);
        this.attributes.put(JsonDocumentFields.ACTION, getClass().getSimpleName());
        this.attributes.put(JsonDocumentFields.VERSION, Constants.DOC_VERSION);
        this.attributes.put(SignerConstants.X_AMZ_ALGORITHM, "AWS4-HMAC-SHA256");
        this.attributes.put(SignerConstants.X_AMZ_CREDENTIAL, this.rs.createFormattedCredential());
        this.attributes.put(SignerConstants.X_AMZ_DATE, formattedTimestamp);
        this.attributes.put(SignerConstants.X_AMZ_SIGNED_HEADER, "host");
        this.attributes.put(SignerConstants.X_AMZ_EXPIRES, "30");
        addFilters();
    }

    DescribeInstances(AwsConfig awsConfig) {
        if (awsConfig == null) {
            throw new IllegalArgumentException("AwsConfig is required!");
        }
        this.awsConfig = awsConfig;
    }

    void checkKeysFromIamRoles(Environment environment) throws IOException {
        if (this.awsConfig.getAccessKey() == null || this.awsConfig.getIamRole() != null) {
            tryGetDefaultIamRole();
            if (this.awsConfig.getIamRole() == null || "".equals(this.awsConfig.getIamRole())) {
                getKeysFromIamTaskRole(environment);
            } else {
                getKeysFromIamRole();
            }
        }
    }

    private void getKeysFromIamTaskRole(Environment environment) throws IOException {
        String envVar = environment.getEnvVar(Constants.ECS_CREDENTIALS_ENV_VAR_NAME);
        if (envVar == null) {
            throw new IllegalArgumentException("Could not acquire credentials! Did not find declared AWS access key or IAM Role, and could not discover IAM Task Role or default role.");
        }
        String str = "http://169.254.170.2" + envVar;
        String str2 = "";
        try {
            str2 = retrieveRoleFromURI(str);
            parseAndStoreRoleCreds(str2);
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Task Role. URI: " + str + ". \n HTTP Response content: " + str2, e);
        }
    }

    String retrieveRoleFromURI(String str) throws IOException {
        StringBuilder sb = new StringBuilder();
        InputStreamReader inputStreamReader = null;
        BufferedReader bufferedReader = null;
        try {
            try {
                inputStreamReader = new InputStreamReader(new URL(str).openStream(), "UTF-8");
                bufferedReader = new BufferedReader(inputStreamReader);
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    sb = sb.append(readLine);
                }
                String sb2 = sb.toString();
                if (inputStreamReader != null) {
                    inputStreamReader.close();
                }
                if (bufferedReader != null) {
                    bufferedReader.close();
                }
                return sb2;
            } catch (IOException e) {
                throw new InvalidConfigurationException("Unable to lookup role in URI: " + str, e);
            }
        } catch (Throwable th) {
            if (inputStreamReader != null) {
                inputStreamReader.close();
            }
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    private void tryGetDefaultIamRole() throws IOException {
        if (this.awsConfig.getIamRole() == null || "".equals(this.awsConfig.getIamRole()) || "DEFAULT".equals(this.awsConfig.getIamRole())) {
            try {
                this.awsConfig.setIamRole(retrieveRoleFromURI("http://169.254.169.254/latest/meta-data/iam/security-credentials/"));
            } catch (IOException e) {
                throw new InvalidConfigurationException("Invalid Aws Configuration", e);
            }
        }
    }

    private void getKeysFromIamRole() {
        try {
            parseAndStoreRoleCreds(retrieveRoleFromURI("http://169.254.169.254/" + ("latest/meta-data/iam/security-credentials/" + this.awsConfig.getIamRole())));
        } catch (Exception e) {
            throw new InvalidConfigurationException("Unable to retrieve credentials from IAM Role: " + this.awsConfig.getIamRole(), e);
        }
    }

    private void parseAndStoreRoleCreds(String str) {
        JsonObject readFrom = JsonObject.readFrom(str);
        this.awsConfig.setAccessKey(readFrom.getString("AccessKeyId", null));
        this.awsConfig.setSecretKey(readFrom.getString("SecretAccessKey", null));
        this.attributes.put(SignerConstants.X_AMZ_SECURITY_TOKEN, readFrom.getString("Token", null));
    }

    @Deprecated
    public Map<String, String> parseIamRole(BufferedReader bufferedReader) throws IOException {
        HashMap hashMap = new HashMap();
        Pattern compile = Pattern.compile("\"(.*?)\" : ");
        Pattern compile2 = Pattern.compile(" : \"(.*?)\",");
        String readLine = bufferedReader.readLine();
        while (true) {
            String str = readLine;
            if (str == null) {
                return hashMap;
            }
            if (str.contains(":")) {
                Matcher matcher = compile.matcher(str);
                Matcher matcher2 = compile2.matcher(str);
                if (matcher.find() && matcher2.find()) {
                    hashMap.put(matcher.group(1), matcher2.group(1));
                }
            }
            readLine = bufferedReader.readLine();
        }
    }

    private String getFormattedTimestamp() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(Constants.DATE_FORMAT);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(new Date());
    }

    private void addFilters() {
        Filter filter = new Filter();
        if (StringUtil.isNullOrEmpty(this.awsConfig.getTagKey())) {
            if (!StringUtil.isNullOrEmpty(this.awsConfig.getTagValue())) {
                filter.addFilter("tag-value", this.awsConfig.getTagValue());
            }
        } else if (StringUtil.isNullOrEmpty(this.awsConfig.getTagValue())) {
            filter.addFilter("tag-key", this.awsConfig.getTagKey());
        } else {
            filter.addFilter("tag:" + this.awsConfig.getTagKey(), this.awsConfig.getTagValue());
        }
        if (!StringUtil.isNullOrEmpty(this.awsConfig.getSecurityGroupName())) {
            filter.addFilter("instance.group-name", this.awsConfig.getSecurityGroupName());
        }
        filter.addFilter("instance-state-name", "running");
        this.attributes.putAll(filter.getFilters());
    }

    public Map<String, String> execute() throws Exception {
        InputStream inputStream = null;
        this.attributes.put(SignerConstants.X_AMZ_SIGNATURE, this.rs.sign("ec2", this.attributes));
        try {
            inputStream = callService(this.endpoint);
            Map<String, String> unmarshalTheResponse = CloudyUtility.unmarshalTheResponse(inputStream, this.awsConfig);
            IOUtil.closeResource(inputStream);
            return unmarshalTheResponse;
        } catch (Throwable th) {
            IOUtil.closeResource(inputStream);
            throw th;
        }
    }

    private InputStream callService(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("https", str, -1, "/?" + this.rs.getCanonicalizedQueryString(this.attributes)).openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setDoOutput(false);
        httpURLConnection.connect();
        return httpURLConnection.getInputStream();
    }
}
