package com.amazon.redshift.plugin;

import com.amazon.redshift.plugin.httpserver.RequestHandler;
import com.amazon.redshift.plugin.httpserver.Server;
import com.amazon.redshift.plugin.utils.CheckUtils;
import com.amazon.redshift.plugin.utils.LogUtils;
import com.amazon.redshift.plugin.utils.RandomStateUtil;
import com.amazon.redshift.plugin.utils.ResponseUtils;
import com.amazon.support.LogUtilities;
import com.amazonaws.util.StringUtils;
import com.amazonaws.util.json.Jackson;
import com.fasterxml.jackson.databind.JsonNode;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.function.Function;
import org.apache.commons.codec.Charsets;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:modules/redshift.metabase-driver.jar:com/amazon/redshift/plugin/BrowserAzureCredentialsProvider.class */
public class BrowserAzureCredentialsProvider extends SamlCredentialsProvider {
    public static final String KEY_IDP_RESPONSE_TIMEOUT = "idp_response_timeout";
    public static final String KEY_LISTEN_PORT = "listen_port";
    public static final String KEY_IDP_TENANT = "idp_tenant";
    public static final String KEY_CLIENT_ID = "client_id";
    public static final String OAUTH_STATE_PARAMETER_NAME = "state";
    public static final String OAUTH_REDIRECT_PARAMETER_NAME = "redirect_uri";
    public static final String OAUTH_IDP_CODE_PARAMETER_NAME = "code";
    public static final String OAUTH_CLIENT_ID_PARAMETER_NAME = "client_id";
    public static final String OAUTH_RESPONSE_TYPE_PARAMETER_NAME = "response_type";
    public static final String OAUTH_REQUESTED_TOKEN_TYPE_PARAMETER_NAME = "requested_token_type";
    public static final String OAUTH_GRANT_TYPE_PARAMETER_NAME = "grant_type";
    public static final String OAUTH_SCOPE_PARAMETER_NAME = "scope";
    public static final String OAUTH_RESOURCE_PARAMETER_NAME = "resource";
    public static final String OAUTH_RESPONSE_MODE_PARAMETER_NAME = "response_mode";
    private static final String MICROSOFT_IDP_HOST = "login.microsoftonline.com";
    private static final String CURRENT_INTERACTION_SCHEMA = "https";
    private String m_idp_tenant;
    private String m_clientId;
    private int m_idp_response_timeout = 120;
    private int m_listen_port = 0;
    private String redirectUri;

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        try {
            CheckUtils.checkMissingAndThrows(this.m_idp_tenant, KEY_IDP_TENANT);
            CheckUtils.checkMissingAndThrows(this.m_clientId, "client_id");
            CheckUtils.checkAndThrowsWithMessage(this.m_idp_response_timeout < 10, "idp_response_timeout should be 10 seconds or greater.");
            CheckUtils.checkInvalidAndThrows(this.m_listen_port != 0 && (this.m_listen_port < 1 || this.m_listen_port > 65535), "listen_port");
            if (this.m_listen_port == 0) {
                LogUtilities.logDebug("Listen port set to 0. Will pick random port", LogUtils.getLogger());
            }
            return wrapAndEncodeAssertion(extractSamlAssertion(fetchSamlResponse(fetchAuthorizationToken())));
        } catch (InternalPluginException | URISyntaxException e) {
            throw new IOException(e);
        }
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public void addParameter(String str, String str2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1904089585:
                if (str.equals("client_id")) {
                    z = true;
                    break;
                }
                break;
            case -942824531:
                if (str.equals("idp_response_timeout")) {
                    z = 2;
                    break;
                }
                break;
            case -58504844:
                if (str.equals(KEY_IDP_TENANT)) {
                    z = false;
                    break;
                }
                break;
            case 1331349497:
                if (str.equals("listen_port")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.m_idp_tenant = str2;
                return;
            case true:
                this.m_clientId = str2;
                return;
            case true:
                this.m_idp_response_timeout = Integer.parseInt(str2);
                return;
            case true:
                this.m_listen_port = Integer.parseInt(str2);
                return;
            default:
                super.addParameter(str, str2);
                return;
        }
    }

    private String fetchAuthorizationToken() throws IOException, URISyntaxException {
        final String generateRandomState = RandomStateUtil.generateRandomState();
        RequestHandler requestHandler = new RequestHandler(new Function<List<NameValuePair>, Object>() { // from class: com.amazon.redshift.plugin.BrowserAzureCredentialsProvider.1
            @Override // java.util.function.Function
            public Object apply(List<NameValuePair> list) {
                String findParameter = ResponseUtils.findParameter("state", list);
                if (!generateRandomState.equals(findParameter)) {
                    return new InternalPluginException("Incoming state " + findParameter + " does not match the outgoing state " + generateRandomState);
                }
                String findParameter2 = ResponseUtils.findParameter("code", list);
                return StringUtils.isNullOrEmpty(findParameter2) ? new InternalPluginException("No valid code found") : findParameter2;
            }
        });
        Server server = new Server(this.m_listen_port, requestHandler, Duration.ofSeconds(this.m_idp_response_timeout));
        server.listen();
        int localPort = server.getLocalPort();
        this.redirectUri = "http://localhost:" + localPort + RequestHandler.REDSHIFT_PATH;
        try {
            LogUtilities.logInfo(String.format("Listening for connection on port %d", Integer.valueOf(localPort)), LogUtils.getLogger());
            openBrowser(generateRandomState);
            server.waitForResult();
            Object result = requestHandler.getResult();
            if (result instanceof InternalPluginException) {
                throw ((InternalPluginException) result);
            }
            if (!(result instanceof String)) {
                throw new InternalPluginException("Fail to login during timeout.");
            }
            LogUtilities.logInfo("Got SAML assertion", LogUtils.getLogger());
            return (String) result;
        } catch (IOException | URISyntaxException e) {
            server.stop();
            throw e;
        }
    }

    private String wrapAndEncodeAssertion(String str) {
        return org.apache.commons.codec.binary.StringUtils.newStringUtf8(Base64.encodeBase64(("<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status>" + str + "</samlp:Response>").getBytes()));
    }

    /* JADX WARN: Failed to calculate best type for var: r7v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00e7: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:55:0x00e7 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00eb: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:57:0x00eb */
    /* JADX WARN: Type inference failed for: r7v1, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private String fetchSamlResponse(String str) throws IOException {
        HttpPost createAuthorizationRequest = createAuthorizationRequest(str);
        try {
            try {
                CloseableHttpClient httpClient = getHttpClient();
                Throwable th = null;
                CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) createAuthorizationRequest);
                Throwable th2 = null;
                try {
                    CheckUtils.checkAndThrowsWithMessage(execute.getStatusLine().getStatusCode() != 200, "Unexpected response:  " + execute.getStatusLine().getReasonPhrase());
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (httpClient != null) {
                        if (0 != 0) {
                            try {
                                httpClient.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            httpClient.close();
                        }
                    }
                    return entityUtils;
                } catch (Throwable th5) {
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (GeneralSecurityException e) {
            LogUtilities.logError(e, LogUtils.getLogger());
            throw new InternalPluginException(e);
        }
    }

    private String extractSamlAssertion(String str) {
        JsonNode findValue = Jackson.jsonNodeOf(str).findValue("access_token");
        CheckUtils.checkAndThrowsWithMessage(findValue == null, "Failed to find access_token");
        String textValue = findValue.textValue();
        CheckUtils.checkAndThrowsWithMessage(StringUtils.isNullOrEmpty(textValue), "Invalid access_token value.");
        LogUtilities.logInfo("Successfully got SAML assertion", LogUtils.getLogger());
        return org.apache.commons.codec.binary.StringUtils.newStringUtf8(Base64.decodeBase64(textValue));
    }

    private HttpPost createAuthorizationRequest(String str) {
        String uRIBuilder = new URIBuilder().setScheme("https").setHost(MICROSOFT_IDP_HOST).setPath("/" + this.m_idp_tenant + "/oauth2/token").toString();
        HttpPost httpPost = new HttpPost(uRIBuilder);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("code", str));
        arrayList.add(new BasicNameValuePair(OAUTH_REQUESTED_TOKEN_TYPE_PARAMETER_NAME, "urn:ietf:params:oauth:token-type:saml2"));
        arrayList.add(new BasicNameValuePair(OAUTH_GRANT_TYPE_PARAMETER_NAME, "authorization_code"));
        arrayList.add(new BasicNameValuePair(OAUTH_SCOPE_PARAMETER_NAME, "openid"));
        arrayList.add(new BasicNameValuePair(OAUTH_RESOURCE_PARAMETER_NAME, this.m_clientId));
        arrayList.add(new BasicNameValuePair("client_id", this.m_clientId));
        arrayList.add(new BasicNameValuePair(OAUTH_REDIRECT_PARAMETER_NAME, this.redirectUri));
        httpPost.addHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString());
        httpPost.addHeader("Accept", ContentType.APPLICATION_JSON.toString());
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Charsets.UTF_8));
        LogUtilities.logDebug(String.format("Request token URI: \n%s\nRequest parameters:\n%s", uRIBuilder, Arrays.toString(arrayList.toArray())), LogUtils.getLogger());
        return httpPost;
    }

    private void openBrowser(String str) throws URISyntaxException, IOException {
        URI build = new URIBuilder().setScheme("https").setHost(MICROSOFT_IDP_HOST).setPath("/" + this.m_idp_tenant + "/oauth2/authorize").addParameter(OAUTH_SCOPE_PARAMETER_NAME, "openid").addParameter(OAUTH_RESPONSE_TYPE_PARAMETER_NAME, "code").addParameter(OAUTH_RESPONSE_MODE_PARAMETER_NAME, "form_post").addParameter("client_id", this.m_clientId).addParameter(OAUTH_REDIRECT_PARAMETER_NAME, this.redirectUri).addParameter("state", str).build();
        Desktop.getDesktop().browse(build);
        LogUtilities.logDebug(String.format("Authorization code request URI: \n%s", build.toString()), LogUtils.getLogger());
    }
}
