package com.amazon.athena.jdbc.authentication.utils;

import com.amazon.athena.jdbc.support.AuthenticationException;
import com.amazon.athena.logging.AthenaLogger;
import java.nio.charset.Charset;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import software.amazon.awssdk.core.internal.util.ChunkContentUtils;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/utils/AzureAdAuthUtils.class */
public class AzureAdAuthUtils {
    private static final AthenaLogger logger = AthenaLogger.of(AzureAdAuthUtils.class);

    public static String wrapAndEncodeAssertion(String str) {
        return StringUtils.newStringUtf8(Base64.encodeBase64(("<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status>" + str + "</samlp:Response>").getBytes()));
    }

    public static String extractAzureAdSamlAssertion(String str) {
        String text = JsonNodeParser.create().parse(str).field("access_token").orElseThrow(() -> {
            return new AuthenticationException("Failed to find access_token in response from Azure AD");
        }).text();
        if (software.amazon.awssdk.utils.StringUtils.isEmpty(text)) {
            throw new AuthenticationException("Empty access_token in the response from Azure AD");
        }
        return new String(Base64.decodeBase64(text), Charset.forName("UTF-8"));
    }

    public static void throwOnBadAzureAdSamlResponse(String str) {
        JsonNode parse = JsonNodeParser.create().parse(str);
        String str2 = (String) parse.field("error_description").map((v0) -> {
            return v0.text();
        }).orElse("");
        if (software.amazon.awssdk.utils.StringUtils.isEmpty(str2)) {
            logger.warn("Unexpected response from AzureAD.", str);
            throw new AuthenticationException("Failed to get SAML assertion from Azure AD.");
        }
        throw new AuthenticationException(String.format("AzureAD responded with error. Error: %s, Description: %s", (String) parse.field("error").map((v0) -> {
            return v0.text();
        }).orElse(""), str2.replaceAll(ChunkContentUtils.CRLF, " ")));
    }
}
