package software.amazon.awssdk.services.sso.internal;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.core.util.json.JacksonUtils;
import software.amazon.awssdk.services.sso.auth.ExpiredTokenException;
import software.amazon.awssdk.utils.IoUtils;

@SdkInternalApi
/* loaded from: input_file:BOOT-INF/lib/sso-2.16.74.jar:software/amazon/awssdk/services/sso/internal/SsoAccessTokenProvider.class */
public final class SsoAccessTokenProvider {
    private Path cachedTokenFilePath;

    public SsoAccessTokenProvider(Path path) {
        this.cachedTokenFilePath = path;
    }

    public String resolveAccessToken() {
        try {
            InputStream newInputStream = Files.newInputStream(this.cachedTokenFilePath, new OpenOption[0]);
            Throwable th = null;
            try {
                String tokenFromJson = getTokenFromJson(IoUtils.toUtf8String(newInputStream));
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return tokenFromJson;
            } finally {
            }
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private String getTokenFromJson(String str) {
        JsonNode sensitiveJsonNodeOf = JacksonUtils.sensitiveJsonNodeOf(str);
        if (validateToken(sensitiveJsonNodeOf.get("expiresAt").asText())) {
            throw ExpiredTokenException.builder().message("The SSO session associated with this profile has expired or is otherwise invalid. To refresh this SSO session run aws sso login with the corresponding profile.").mo9339build();
        }
        return sensitiveJsonNodeOf.get("accessToken").asText();
    }

    private boolean validateToken(String str) {
        return Instant.now().isAfter(Instant.parse(str).minus(15L, (TemporalUnit) ChronoUnit.MINUTES));
    }
}
