package software.amazon.awssdk.services.sso.internal;

import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.time.Instant;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.auth.token.credentials.SdkToken;
import software.amazon.awssdk.auth.token.credentials.SdkTokenProvider;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;
import software.amazon.awssdk.services.sso.auth.ExpiredTokenException;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.Validate;

@SdkInternalApi
/* loaded from: input_file:software/amazon/awssdk/services/sso/internal/SsoAccessTokenProvider.class */
public final class SsoAccessTokenProvider implements SdkTokenProvider {
    private static final JsonNodeParser PARSER = JsonNodeParser.builder().removeErrorLocations(true).build();
    private final Path cachedTokenFilePath;

    public SsoAccessTokenProvider(Path path) {
        this.cachedTokenFilePath = path;
    }

    @Override // software.amazon.awssdk.auth.token.credentials.SdkTokenProvider
    public SdkToken resolveToken() {
        return tokenFromFile();
    }

    private SdkToken tokenFromFile() {
        try {
            InputStream newInputStream = Files.newInputStream(this.cachedTokenFilePath, new OpenOption[0]);
            try {
                SdkToken tokenFromJson = getTokenFromJson(IoUtils.toUtf8String(newInputStream));
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return tokenFromJson;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private SdkToken getTokenFromJson(String str) {
        JsonNode parse = PARSER.parse(str);
        String str2 = (String) parse.field("expiresAt").map((v0) -> {
            return v0.text();
        }).orElse(null);
        Validate.notNull(str2, "The SSO session's expiration time could not be determined. Please refresh your SSO session.", new Object[0]);
        if (tokenIsInvalid(str2)) {
            throw ExpiredTokenException.builder().message("The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.").mo1567build();
        }
        return SsoAccessToken.builder().accessToken(parse.asObject().get("accessToken").text()).expiresAt(Instant.parse(str2)).build();
    }

    private boolean tokenIsInvalid(String str) {
        return Instant.now().isAfter(Instant.parse(str));
    }
}
