package com.palantir.foundry.sql.multipass.oauth.store;

import com.palantir.foundry.sql.driver.logging.DriverLoggerFactory;
import com.palantir.foundry.sql.multipass.oauth.store.jna.WinCred;
import com.palantir.logsafe.Arg;
import com.palantir.logsafe.UnsafeArg;
import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import org.slf4j.Logger;
import shadow.palantir.driver.com.palantir.tokens.auth.BearerToken;
import shadow.palantir.driver.com.sun.jna.LastErrorException;
import shadow.palantir.driver.com.sun.jna.Native;
import shadow.palantir.driver.com.sun.jna.ptr.PointerByReference;

/* loaded from: input_file:com/palantir/foundry/sql/multipass/oauth/store/WindowsCredentialStore.class */
final class WindowsCredentialStore implements CredentialStore {
    private static final Logger log = DriverLoggerFactory.getLogger(WindowsCredentialStore.class);
    private static final Charset CREDENTIAL_ENCODING_CHARSET = StandardCharsets.UTF_8;
    private final String credentialName;

    /* JADX INFO: Access modifiers changed from: package-private */
    public WindowsCredentialStore(String str) {
        this.credentialName = str;
    }

    @Override // com.palantir.foundry.sql.multipass.oauth.store.CredentialStore
    public void put(BearerToken bearerToken) {
        try {
            WinCred.INSTANCE.CredWriteW(WinCred.Credential.oauthCredential(this.credentialName, bearerToken.getToken().getBytes(CREDENTIAL_ENCODING_CHARSET)), 0);
            log.debug("Stored OAuth credentials");
        } catch (LastErrorException e) {
            log.error("Failed to write refresh token", (Throwable) e);
            throw e;
        }
    }

    @Override // com.palantir.foundry.sql.multipass.oauth.store.CredentialStore
    public Optional<BearerToken> get() {
        PointerByReference pointerByReference = new PointerByReference();
        try {
            try {
                WinCred.INSTANCE.CredReadW(this.credentialName, 1, 0, pointerByReference);
                WinCred.Credential credential = new WinCred.Credential(pointerByReference.getValue());
                if (credential.credentialBlobSize == 0) {
                    throw new SafeRuntimeException("Stored refresh token is empty", new Arg[0]);
                }
                String str = new String(credential.credentialBlob.getByteArray(0L, credential.credentialBlobSize), CREDENTIAL_ENCODING_CHARSET);
                log.debug("Read OAuth credentials");
                Optional<BearerToken> of = Optional.of(BearerToken.valueOf(str));
                if (pointerByReference.getValue() != null) {
                    WinCred.INSTANCE.CredFree(pointerByReference.getValue());
                }
                return of;
            } catch (LastErrorException e) {
                if (e.getErrorCode() != 1168) {
                    throw e;
                }
                log.debug("Refresh token not found", (Throwable) e);
                Optional<BearerToken> empty = Optional.empty();
                if (pointerByReference.getValue() != null) {
                    WinCred.INSTANCE.CredFree(pointerByReference.getValue());
                }
                return empty;
            }
        } catch (Throwable th) {
            if (pointerByReference.getValue() != null) {
                WinCred.INSTANCE.CredFree(pointerByReference.getValue());
            }
            throw th;
        }
    }

    @Override // com.palantir.foundry.sql.multipass.oauth.store.CredentialStore
    public void clear() {
        if (WinCred.INSTANCE.CredDeleteW(this.credentialName, 1, 0)) {
            log.debug("Deleted stored OAuth credential");
        } else {
            log.warn("Failed to deleted stored OAuth credential - {}", UnsafeArg.of("nativeError", Integer.valueOf(Native.getLastError())));
        }
    }
}
