package software.amazon.awssdk.services.ssooidc.internal;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.format.DateTimeFormatter;
import java.util.Locale;
import java.util.Optional;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.internal.token.TokenManager;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;
import software.amazon.awssdk.services.ssooidc.internal.SsoOidcToken;
import software.amazon.awssdk.thirdparty.jackson.core.JsonGenerator;
import software.amazon.awssdk.utils.BinaryUtils;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.UserHomeDirectoryUtils;
import software.amazon.awssdk.utils.Validate;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/ssooidc/internal/OnDiskTokenManager.class */
public final class OnDiskTokenManager implements TokenManager<SsoOidcToken> {
    private static final Path DEFAULT_TOKEN_LOCATION = Paths.get(UserHomeDirectoryUtils.userHomeDirectory(), ".aws", "sso", "cache");
    private final JsonNodeParser jsonParser = JsonNodeParser.builder().removeErrorLocations(true).build();
    private final String sessionName;
    private final Path tokenLocation;

    private OnDiskTokenManager(Path path, String str) {
        Validate.notNull(path, "cacheLocation must not be null", new Object[0]);
        this.sessionName = (String) Validate.notNull(str, "sessionName must not be null", new Object[0]);
        Validate.notBlank(str, "sessionName must not be blank", new Object[0]);
        this.tokenLocation = path.resolve(deriveCacheKey(str) + ".json");
    }

    @Override // software.amazon.awssdk.awscore.internal.token.TokenManager
    public Optional<SsoOidcToken> loadToken() {
        if (!Files.exists(this.tokenLocation, new LinkOption[0])) {
            return Optional.empty();
        }
        try {
            InputStream newInputStream = Files.newInputStream(this.tokenLocation, new OpenOption[0]);
            Throwable th = null;
            try {
                Optional<SsoOidcToken> of = Optional.of(unmarshalToken(IoUtils.toUtf8String(newInputStream)));
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return of;
            } finally {
            }
        } catch (IOException e) {
            throw SdkClientException.create("Failed to load cached token at " + this.tokenLocation, (Throwable) e);
        }
    }

    @Override // software.amazon.awssdk.awscore.internal.token.TokenManager
    public void storeToken(SsoOidcToken ssoOidcToken) {
        try {
            OutputStream newOutputStream = Files.newOutputStream(this.tokenLocation, new OpenOption[0]);
            Throwable th = null;
            try {
                newOutputStream.write(marshalToken(ssoOidcToken));
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            throw SdkClientException.create("Unable to write token to location " + this.tokenLocation, (Throwable) e);
        }
    }

    @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
    }

    public static OnDiskTokenManager create(Path path, String str) {
        return new OnDiskTokenManager(path, str);
    }

    public static OnDiskTokenManager create(String str) {
        return create(DEFAULT_TOKEN_LOCATION, str);
    }

    private SsoOidcToken unmarshalToken(String str) {
        JsonNode parse = this.jsonParser.parse(str);
        SsoOidcToken.Builder builder = SsoOidcToken.builder();
        builder.accessToken(parse.field("accessToken").orElseThrow(() -> {
            return SdkClientException.create("required member 'accessToken' not found");
        }).text());
        builder.expiresAt(Instant.parse(parse.field("expiresAt").orElseThrow(() -> {
            return SdkClientException.create("required member 'expiresAt' not found");
        }).text()));
        Optional<U> map = parse.field("refreshToken").map((v0) -> {
            return v0.text();
        });
        builder.getClass();
        map.ifPresent(builder::refreshToken);
        Optional<U> map2 = parse.field(OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG).map((v0) -> {
            return v0.text();
        });
        builder.getClass();
        map2.ifPresent(builder::clientId);
        Optional<U> map3 = parse.field(OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG).map((v0) -> {
            return v0.text();
        });
        builder.getClass();
        map3.ifPresent(builder::clientSecret);
        Optional map4 = parse.field("registrationExpiresAt").map((v0) -> {
            return v0.text();
        }).map((v0) -> {
            return Instant.parse(v0);
        });
        builder.getClass();
        map4.ifPresent(builder::registrationExpiresAt);
        Optional<U> map5 = parse.field("region").map((v0) -> {
            return v0.text();
        });
        builder.getClass();
        map5.ifPresent(builder::region);
        Optional<U> map6 = parse.field("startUrl").map((v0) -> {
            return v0.text();
        });
        builder.getClass();
        map6.ifPresent(builder::startUrl);
        return builder.build();
    }

    private byte[] marshalToken(SsoOidcToken ssoOidcToken) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JsonGenerator jsonGenerator = null;
        try {
            try {
                jsonGenerator = JsonNodeParser.DEFAULT_JSON_FACTORY.createGenerator(byteArrayOutputStream);
                jsonGenerator.writeStartObject();
                jsonGenerator.writeStringField("accessToken", ssoOidcToken.token());
                jsonGenerator.writeStringField("expiresAt", DateTimeFormatter.ISO_INSTANT.format(ssoOidcToken.expirationTime().get()));
                if (ssoOidcToken.refreshToken() != null) {
                    jsonGenerator.writeStringField("refreshToken", ssoOidcToken.refreshToken());
                }
                if (ssoOidcToken.clientId() != null) {
                    jsonGenerator.writeStringField(OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG, ssoOidcToken.clientId());
                }
                if (ssoOidcToken.clientSecret() != null) {
                    jsonGenerator.writeStringField(OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG, ssoOidcToken.clientSecret());
                }
                if (ssoOidcToken.registrationExpiresAt() != null) {
                    jsonGenerator.writeStringField("registrationExpiresAt", DateTimeFormatter.ISO_INSTANT.format(ssoOidcToken.registrationExpiresAt()));
                }
                if (ssoOidcToken.region() != null) {
                    jsonGenerator.writeStringField("region", ssoOidcToken.region());
                }
                if (ssoOidcToken.startUrl() != null) {
                    jsonGenerator.writeStringField("startUrl", ssoOidcToken.startUrl());
                }
                jsonGenerator.writeEndObject();
                jsonGenerator.close();
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (jsonGenerator != null) {
                    IoUtils.closeQuietly(jsonGenerator, null);
                }
                return byteArray;
            } catch (IOException e) {
                throw SdkClientException.create("Unable to marshal token to JSON", (Throwable) e);
            }
        } catch (Throwable th) {
            if (jsonGenerator != null) {
                IoUtils.closeQuietly(jsonGenerator, null);
            }
            throw th;
        }
    }

    private static String deriveCacheKey(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("sha1");
            messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            return BinaryUtils.toHex(messageDigest.digest()).toLowerCase(Locale.ENGLISH);
        } catch (NoSuchAlgorithmException e) {
            throw SdkClientException.create("Unable to derive cache key", (Throwable) e);
        }
    }
}
