package com.itextpdf.licensing.remote.auth;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.services.cognitoidentity.model.Credentials;
import com.itextpdf.licensing.remote.PortingUtil;
import com.itextpdf.licensing.remote.apigateway.ApiGatewayClient;
import com.itextpdf.licensing.remote.apigateway.ApiGatewayResponse;
import com.itextpdf.licensing.remote.exceptions.LicenseKeyRemoteException;
import com.itextpdf.licensing.remote.exceptions.LicenseKeyRemoteExceptionMessageConstant;

/* loaded from: input_file:com/itextpdf/licensing/remote/auth/AwsSdkCredentialsProvider.class */
public class AwsSdkCredentialsProvider {
    private static final String COGNITO_JWT_PROVIDER = "cognito-identity.amazonaws.com";
    private final Object syncLock = new Object();
    private final ApiGatewayClient apiGatewayClient;
    private final AuthHelper authHelper;
    private volatile AuthData lastObtainedAuthData;
    private volatile AwsCredentialsData lastObtainedCredentials;

    public AwsSdkCredentialsProvider(ApiGatewayClient apiGatewayClient, AuthHelper authHelper) {
        this.apiGatewayClient = apiGatewayClient;
        this.authHelper = authHelper;
    }

    public AwsCredentialsData getCredentialsData() {
        if (this.lastObtainedCredentials == null) {
            refresh();
        }
        return this.lastObtainedCredentials;
    }

    public AWSCredentials getCredentials() {
        return getCredentialsData().getAwsCredentials();
    }

    public void refresh() {
        synchronized (this.syncLock) {
            if (this.lastObtainedAuthData == null) {
                refreshAuthData();
            }
            try {
                refreshSessionCredentials();
            } catch (Exception e) {
                refreshAuthData();
                refreshSessionCredentials();
            }
        }
    }

    private void refreshAuthData() {
        ApiGatewayResponse makePostRequest = this.apiGatewayClient.makePostRequest(this.authHelper.getBodyForAuthRequest());
        if (makePostRequest.getStatus() != 200) {
            throw new LicenseKeyRemoteException(LicenseKeyRemoteExceptionMessageConstant.CANNOT_GET_AUTH_DATA);
        }
        this.lastObtainedAuthData = this.authHelper.parseAuthData(makePostRequest.getBody());
    }

    private void refreshSessionCredentials() {
        Credentials awsCognitoCredentials = PortingUtil.getAwsCognitoCredentials(this.lastObtainedAuthData, COGNITO_JWT_PROVIDER);
        this.lastObtainedCredentials = new AwsCredentialsData(awsCognitoCredentials.getAccessKeyId(), awsCognitoCredentials.getSecretKey(), awsCognitoCredentials.getSessionToken(), this.lastObtainedAuthData.getRegion());
    }
}
