package software.amazon.awssdk.services.sso.auth;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Optional;
import java.util.function.Supplier;
import software.amazon.awssdk.annotations.SdkPublicApi;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
import software.amazon.awssdk.services.sso.SsoClient;
import software.amazon.awssdk.services.sso.internal.SessionCredentialsHolder;
import software.amazon.awssdk.services.sso.model.GetRoleCredentialsRequest;
import software.amazon.awssdk.services.sso.model.RoleCredentials;
import software.amazon.awssdk.utils.SdkAutoCloseable;
import software.amazon.awssdk.utils.Validate;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
import software.amazon.awssdk.utils.cache.CachedSupplier;
import software.amazon.awssdk.utils.cache.NonBlocking;
import software.amazon.awssdk.utils.cache.RefreshResult;

@SdkPublicApi
/* loaded from: input_file:software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider.class */
public final class SsoCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable, ToCopyableBuilder<Builder, SsoCredentialsProvider> {
    private static final Duration DEFAULT_STALE_TIME = Duration.ofMinutes(1);
    private static final Duration DEFAULT_PREFETCH_TIME = Duration.ofMinutes(5);
    private static final String ASYNC_THREAD_NAME = "sdk-sso-credentials-provider";
    private final Supplier<GetRoleCredentialsRequest> getRoleCredentialsRequestSupplier;
    private final SsoClient ssoClient;
    private final Duration staleTime;
    private final Duration prefetchTime;
    private final CachedSupplier<SessionCredentialsHolder> credentialCache;
    private final Boolean asyncCredentialUpdateEnabled;

    /* loaded from: input_file:software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider$Builder.class */
    public interface Builder extends CopyableBuilder<Builder, SsoCredentialsProvider> {
        Builder ssoClient(SsoClient ssoClient);

        Builder asyncCredentialUpdateEnabled(Boolean bool);

        Builder staleTime(Duration duration);

        Builder prefetchTime(Duration duration);

        Builder refreshRequest(GetRoleCredentialsRequest getRoleCredentialsRequest);

        Builder refreshRequest(Supplier<GetRoleCredentialsRequest> supplier);

        @Override // software.amazon.awssdk.utils.builder.SdkBuilder, software.amazon.awssdk.utils.builder.Buildable
        /* renamed from: build */
        SsoCredentialsProvider mo1022build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider$BuilderImpl.class */
    public static final class BuilderImpl implements Builder {
        private Boolean asyncCredentialUpdateEnabled;
        private SsoClient ssoClient;
        private Duration staleTime;
        private Duration prefetchTime;
        private Supplier<GetRoleCredentialsRequest> getRoleCredentialsRequestSupplier;

        BuilderImpl() {
            this.asyncCredentialUpdateEnabled = false;
        }

        public BuilderImpl(SsoCredentialsProvider ssoCredentialsProvider) {
            this.asyncCredentialUpdateEnabled = false;
            this.asyncCredentialUpdateEnabled = ssoCredentialsProvider.asyncCredentialUpdateEnabled;
            this.ssoClient = ssoCredentialsProvider.ssoClient;
            this.staleTime = ssoCredentialsProvider.staleTime;
            this.prefetchTime = ssoCredentialsProvider.prefetchTime;
            this.getRoleCredentialsRequestSupplier = ssoCredentialsProvider.getRoleCredentialsRequestSupplier;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder ssoClient(SsoClient ssoClient) {
            this.ssoClient = ssoClient;
            return this;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder asyncCredentialUpdateEnabled(Boolean bool) {
            this.asyncCredentialUpdateEnabled = bool;
            return this;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder staleTime(Duration duration) {
            this.staleTime = duration;
            return this;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder prefetchTime(Duration duration) {
            this.prefetchTime = duration;
            return this;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder refreshRequest(GetRoleCredentialsRequest getRoleCredentialsRequest) {
            return refreshRequest(() -> {
                return getRoleCredentialsRequest;
            });
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder
        public Builder refreshRequest(Supplier<GetRoleCredentialsRequest> supplier) {
            this.getRoleCredentialsRequestSupplier = supplier;
            return this;
        }

        @Override // software.amazon.awssdk.services.sso.auth.SsoCredentialsProvider.Builder, software.amazon.awssdk.utils.builder.SdkBuilder, software.amazon.awssdk.utils.builder.Buildable
        /* renamed from: build */
        public SsoCredentialsProvider mo1022build() {
            return new SsoCredentialsProvider(this);
        }
    }

    private SsoCredentialsProvider(BuilderImpl builderImpl) {
        this.ssoClient = (SsoClient) Validate.notNull(builderImpl.ssoClient, "SSO client must not be null.", new Object[0]);
        this.getRoleCredentialsRequestSupplier = builderImpl.getRoleCredentialsRequestSupplier;
        this.staleTime = (Duration) Optional.ofNullable(builderImpl.staleTime).orElse(DEFAULT_STALE_TIME);
        this.prefetchTime = (Duration) Optional.ofNullable(builderImpl.prefetchTime).orElse(DEFAULT_PREFETCH_TIME);
        this.asyncCredentialUpdateEnabled = builderImpl.asyncCredentialUpdateEnabled;
        CachedSupplier.Builder cachedValueName = CachedSupplier.builder(this::updateSsoCredentials).cachedValueName(toString());
        if (builderImpl.asyncCredentialUpdateEnabled.booleanValue()) {
            cachedValueName.prefetchStrategy(new NonBlocking(ASYNC_THREAD_NAME));
        }
        this.credentialCache = cachedValueName.build();
    }

    private RefreshResult<SessionCredentialsHolder> updateSsoCredentials() {
        SessionCredentialsHolder updatedCredentials = getUpdatedCredentials(this.ssoClient);
        Instant sessionCredentialsExpiration = updatedCredentials.sessionCredentialsExpiration();
        return RefreshResult.builder(updatedCredentials).staleTime(sessionCredentialsExpiration.minus((TemporalAmount) this.staleTime)).prefetchTime(sessionCredentialsExpiration.minus((TemporalAmount) this.prefetchTime)).mo1022build();
    }

    private SessionCredentialsHolder getUpdatedCredentials(SsoClient ssoClient) {
        GetRoleCredentialsRequest getRoleCredentialsRequest = this.getRoleCredentialsRequestSupplier.get();
        Validate.notNull(getRoleCredentialsRequest, "GetRoleCredentialsRequest can't be null.", new Object[0]);
        RoleCredentials roleCredentials = ssoClient.getRoleCredentials(getRoleCredentialsRequest).roleCredentials();
        return new SessionCredentialsHolder(AwsSessionCredentials.create(roleCredentials.accessKeyId(), roleCredentials.secretAccessKey(), roleCredentials.sessionToken()), Instant.ofEpochMilli(roleCredentials.expiration().longValue()));
    }

    public Duration staleTime() {
        return this.staleTime;
    }

    public Duration prefetchTime() {
        return this.prefetchTime;
    }

    public static BuilderImpl builder() {
        return new BuilderImpl();
    }

    @Override // software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public AwsCredentials resolveCredentials() {
        return this.credentialCache.get().sessionCredentials();
    }

    @Override // software.amazon.awssdk.utils.SdkAutoCloseable, java.lang.AutoCloseable
    public void close() {
        this.credentialCache.close();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // software.amazon.awssdk.utils.builder.ToCopyableBuilder
    /* renamed from: toBuilder */
    public Builder mo1568toBuilder() {
        return new BuilderImpl(this);
    }
}
