package software.amazon.awssdk.services.sso.auth;

import java.nio.file.Paths;
import java.util.Optional;
import software.amazon.awssdk.annotations.SdkProtectedApi;
import software.amazon.awssdk.annotations.SdkTestInternalApi;
import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProviderFactory;
import software.amazon.awssdk.auth.credentials.ProfileProviderCredentialsContext;
import software.amazon.awssdk.auth.token.credentials.ProfileTokenProvider;
import software.amazon.awssdk.auth.token.credentials.SdkToken;
import software.amazon.awssdk.auth.token.credentials.SdkTokenProvider;
import software.amazon.awssdk.auth.token.internal.LazyTokenProvider;
import software.amazon.awssdk.profiles.Profile;
import software.amazon.awssdk.profiles.ProfileFile;
import software.amazon.awssdk.profiles.ProfileProperty;
import software.amazon.awssdk.profiles.internal.ProfileSection;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.sso.SsoClient;
import software.amazon.awssdk.services.sso.SsoClientBuilder;
import software.amazon.awssdk.services.sso.internal.SsoAccessTokenProvider;
import software.amazon.awssdk.services.sso.internal.SsoTokenFileUtils;
import software.amazon.awssdk.services.sso.model.GetRoleCredentialsRequest;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.awssdk.utils.SdkAutoCloseable;
import software.amazon.awssdk.utils.UserHomeDirectoryUtils;
import software.amazon.awssdk.utils.Validate;

@SdkProtectedApi
/* loaded from: input_file:software/amazon/awssdk/services/sso/auth/SsoProfileCredentialsProviderFactory.class */
public class SsoProfileCredentialsProviderFactory implements ProfileCredentialsProviderFactory {
    private static final String TOKEN_DIRECTORY = Paths.get(UserHomeDirectoryUtils.userHomeDirectory(), ".aws", "sso", "cache").toString();
    private static final String MISSING_PROPERTY_ERROR_FORMAT = "'%s' must be set to use role-based credential loading in the '%s' profile.";

    /* loaded from: input_file:software/amazon/awssdk/services/sso/auth/SsoProfileCredentialsProviderFactory$SsoProfileCredentialsProvider.class */
    private static final class SsoProfileCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
        private final SsoClient ssoClient;
        private final SsoCredentialsProvider credentialsProvider;

        private SsoProfileCredentialsProvider(Profile profile, ProfileFile profileFile, SdkTokenProvider sdkTokenProvider) {
            String str = profile.properties().get(ProfileProperty.SSO_ACCOUNT_ID);
            String str2 = profile.properties().get(ProfileProperty.SSO_ROLE_NAME);
            this.ssoClient = ((SsoClientBuilder) ((SsoClientBuilder) SsoClient.builder().credentialsProvider((AwsCredentialsProvider) AnonymousCredentialsProvider.create())).region(Region.of(regionFromProfileOrSession(profile, profileFile)))).mo1291build();
            GetRoleCredentialsRequest getRoleCredentialsRequest = (GetRoleCredentialsRequest) GetRoleCredentialsRequest.builder().accountId(str).roleName(str2).mo1291build();
            SdkToken resolveToken = sdkTokenProvider.resolveToken();
            Validate.paramNotNull(resolveToken, "Token provided by the TokenProvider is null");
            this.credentialsProvider = SsoCredentialsProvider.builder().ssoClient(this.ssoClient).refreshRequest(() -> {
                return (GetRoleCredentialsRequest) getRoleCredentialsRequest.mo1842toBuilder().accessToken(resolveToken.token()).mo1291build();
            }).mo1291build();
        }

        @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
        public AwsCredentials resolveCredentials() {
            return this.credentialsProvider.resolveCredentials();
        }

        @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
        public void close() {
            IoUtils.closeQuietly(this.credentialsProvider, null);
            IoUtils.closeQuietly(this.ssoClient, null);
        }

        private static String regionFromProfileOrSession(Profile profile, ProfileFile profileFile) {
            Optional<String> property = profile.property(ProfileSection.SSO_SESSION.getPropertyKeyName());
            return property.isPresent() ? propertyFromSsoSession(property.get(), profileFile, ProfileProperty.SSO_REGION) : profile.properties().get(ProfileProperty.SSO_REGION);
        }

        private static String propertyFromSsoSession(String str, ProfileFile profileFile, String str2) {
            return requireProperty(SsoProfileCredentialsProviderFactory.ssoSessionInProfile(str, profileFile), str2);
        }

        private static String requireProperty(Profile profile, String str) {
            return profile.property(str).orElseThrow(() -> {
                return new IllegalArgumentException(String.format(SsoProfileCredentialsProviderFactory.MISSING_PROPERTY_ERROR_FORMAT, str, profile.name()));
            });
        }
    }

    @Override // software.amazon.awssdk.auth.credentials.ProfileCredentialsProviderFactory
    public AwsCredentialsProvider create(ProfileProviderCredentialsContext profileProviderCredentialsContext) {
        return new SsoProfileCredentialsProvider(profileProviderCredentialsContext.profile(), profileProviderCredentialsContext.profileFile(), sdkTokenProvider(profileProviderCredentialsContext.profile(), profileProviderCredentialsContext.profileFile()));
    }

    @SdkTestInternalApi
    public AwsCredentialsProvider create(Profile profile, ProfileFile profileFile, SdkTokenProvider sdkTokenProvider) {
        return new SsoProfileCredentialsProvider(profile, profileFile, sdkTokenProvider);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Profile ssoSessionInProfile(String str, ProfileFile profileFile) {
        return profileFile.getSection(ProfileSection.SSO_SESSION.getSectionTitle(), str).orElseThrow(() -> {
            return new IllegalArgumentException("Sso-session section not found with sso-session title " + str + ".");
        });
    }

    private static SdkTokenProvider sdkTokenProvider(Profile profile, ProfileFile profileFile) {
        Optional<String> property = profile.property(ProfileSection.SSO_SESSION.getPropertyKeyName());
        if (!property.isPresent()) {
            return new SsoAccessTokenProvider(SsoTokenFileUtils.generateCachedTokenPath(profile.properties().get(ProfileProperty.SSO_START_URL), TOKEN_DIRECTORY));
        }
        Profile ssoSessionInProfile = ssoSessionInProfile(property.get(), profileFile);
        validateCommonProfileProperties(profile, ssoSessionInProfile, ProfileProperty.SSO_REGION);
        validateCommonProfileProperties(profile, ssoSessionInProfile, ProfileProperty.SSO_START_URL);
        return LazyTokenProvider.create(() -> {
            return ProfileTokenProvider.builder().profileFile(() -> {
                return profileFile;
            }).profileName(profile.name()).build();
        });
    }

    private static void validateCommonProfileProperties(Profile profile, Profile profile2, String str) {
        profile.property(str).ifPresent(str2 -> {
            Validate.isTrue(str2.equalsIgnoreCase(profile2.property(str).get()), "Profile " + profile.name() + " and Sso-session " + profile2.name() + " has different " + str + ".", new Object[0]);
        });
    }
}
