package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.authentication.http.BrowserAuthenticationServer;
import com.amazon.athena.jdbc.authentication.utils.AzureAdAuthUtils;
import com.amazon.athena.jdbc.authentication.utils.RandomString;
import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.support.AuthenticationException;
import com.amazon.athena.logging.AthenaLogger;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.function.Supplier;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.lakeformation.LakeFormationClientBuilder;
import software.amazon.awssdk.services.lakeformation.model.AssumeDecoratedRoleWithSamlRequest;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest;
import software.amazon.awssdk.utils.ProxyConfigProvider;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/BrowserAzureCredentialsProvider.class */
public class BrowserAzureCredentialsProvider extends SamlCredentialsProvider {
    private static final AthenaLogger logger = AthenaLogger.of(BrowserAzureCredentialsProvider.class);
    private static final int DEFAULT_STATE_STRING_LENGTH = 10;
    private String tenantId;
    private String clientId;
    private int idpResponseTimeout;
    private final Desktop desktop;
    private final String randomState;
    private final BrowserAuthenticationServer server;
    private final Supplier<CloseableHttpClient> httpClientFactory;

    /* loaded from: input_file:com/amazon/athena/jdbc/authentication/BrowserAzureCredentialsProvider$Builder.class */
    public static class Builder {
        private String tenantId;
        private String clientId;
        private String preferredRole;
        private Integer roleSessionDuration;
        private Integer idpResponseTimeout;
        private Region region;
        private boolean lakeFormationEnabled;
        private Desktop desktop;
        private String randomState;
        private BrowserAuthenticationServer server;
        private Supplier<CloseableHttpClient> httpClientFactory;
        private AssumeRoleWithSamlRequest.Builder stsAssumeRoleFactory;
        private AssumeDecoratedRoleWithSamlRequest.Builder lfAssumeRoleFactory;
        private StsClientBuilder stsClientFactory;
        private LakeFormationClientBuilder lfClientFactory;
        private Map<ConnectionParameter<?>, String> parameters;

        public Builder tenantId(String str) {
            this.tenantId = str;
            return this;
        }

        public Builder clientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder preferredRole(String str) {
            this.preferredRole = str;
            return this;
        }

        public Builder roleSessionDuration(Integer num) {
            this.roleSessionDuration = num;
            return this;
        }

        public Builder idpResponseTimeout(Integer num) {
            this.idpResponseTimeout = num;
            return this;
        }

        public Builder region(Region region) {
            this.region = region;
            return this;
        }

        public Builder lakeFormationEnabled(boolean z) {
            this.lakeFormationEnabled = z;
            return this;
        }

        public Builder connectionParameters(Map<ConnectionParameter<?>, String> map) {
            this.parameters = map;
            return this;
        }

        Builder httpClientFactory(Supplier<CloseableHttpClient> supplier) {
            this.httpClientFactory = supplier;
            return this;
        }

        Builder assumeRoleWithSamlRequestFactory(AssumeRoleWithSamlRequest.Builder builder) {
            this.stsAssumeRoleFactory = builder;
            return this;
        }

        Builder assumeDecoratedRoleWithSamlRequestFactory(AssumeDecoratedRoleWithSamlRequest.Builder builder) {
            this.lfAssumeRoleFactory = builder;
            return this;
        }

        Builder stsClientBuilder(StsClientBuilder stsClientBuilder) {
            this.stsClientFactory = stsClientBuilder;
            return this;
        }

        Builder lakeFormationClientBuilder(LakeFormationClientBuilder lakeFormationClientBuilder) {
            this.lfClientFactory = lakeFormationClientBuilder;
            return this;
        }

        Builder browser(Desktop desktop) {
            this.desktop = desktop;
            return this;
        }

        Builder randomState(String str) {
            this.randomState = str;
            return this;
        }

        Builder server(BrowserAuthenticationServer browserAuthenticationServer) {
            this.server = browserAuthenticationServer;
            return this;
        }

        public BrowserAzureCredentialsProvider build() {
            return new BrowserAzureCredentialsProvider(this.tenantId, this.clientId, this.preferredRole, this.roleSessionDuration, this.region, this.httpClientFactory, this.stsAssumeRoleFactory, this.stsClientFactory, this.lfAssumeRoleFactory, this.lfClientFactory, this.lakeFormationEnabled, this.idpResponseTimeout.intValue(), this.desktop, this.server, this.randomState, this.parameters);
        }
    }

    private BrowserAzureCredentialsProvider(String str, String str2, String str3, Integer num, Region region, Supplier<CloseableHttpClient> supplier, AssumeRoleWithSamlRequest.Builder builder, StsClientBuilder stsClientBuilder, AssumeDecoratedRoleWithSamlRequest.Builder builder2, LakeFormationClientBuilder lakeFormationClientBuilder, boolean z, int i, Desktop desktop, BrowserAuthenticationServer browserAuthenticationServer, String str4, Map<ConnectionParameter<?>, String> map) {
        super(builder, builder2, stsClientBuilder, lakeFormationClientBuilder, null, null, str3, num, region, z, map);
        this.tenantId = str;
        this.clientId = str2;
        this.idpResponseTimeout = i;
        this.desktop = desktop == null ? Desktop.getDesktop() : desktop;
        this.server = browserAuthenticationServer == null ? new BrowserAuthenticationServer(0) : browserAuthenticationServer;
        this.randomState = str4 == null ? RandomString.generateRandomString(10) : str4;
        this.httpClientFactory = supplier == null ? () -> {
            return IdpCredentialsProvider.createHttpClient(map);
        } : supplier;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider
    protected String getSamlAssertion() {
        return AzureAdAuthUtils.wrapAndEncodeAssertion(AzureAdAuthUtils.extractAzureAdSamlAssertion(fetchSamlResponse(fetchAuthorizationToken())));
    }

    private String fetchAuthorizationToken() {
        Future<List<NameValuePair>> listenForResponse = this.server.listenForResponse();
        try {
            try {
                try {
                    URI createCodeRequestUri = createCodeRequestUri(this.randomState, this.server.getServerUrl());
                    logger.info(String.format("Open URI: %s", createCodeRequestUri.toString()), new Object[0]);
                    this.desktop.browse(createCodeRequestUri);
                    List<NameValuePair> list = listenForResponse.get(this.idpResponseTimeout, TimeUnit.SECONDS);
                    String orElseThrow = findValueInNameValuePairs("state", list).orElseThrow(() -> {
                        return new AuthenticationException("State is not found in the response.");
                    });
                    if (!this.randomState.equals(orElseThrow)) {
                        throw new AuthenticationException("State mismatch, incoming: " + orElseThrow + ", generated: " + this.randomState);
                    }
                    String orElseThrow2 = findValueInNameValuePairs("code", list).filter(str -> {
                        return !str.isEmpty();
                    }).orElseThrow(() -> {
                        return new AuthenticationException("Authorization code is not found or empty.");
                    });
                    logger.trace("Shutdown listening server.", new Object[0]);
                    this.server.shutdownServer();
                    return orElseThrow2;
                } catch (IOException | URISyntaxException e) {
                    logger.debug("Server thread throw an exception: {}", e.getMessage());
                    throw new AuthenticationException(e.getMessage());
                } catch (ExecutionException e2) {
                    logger.debug("Server thread throw an exception: {}", e2.getMessage());
                    throw new AuthenticationException(e2.getMessage());
                }
            } catch (InterruptedException e3) {
                Thread.currentThread().interrupt();
                logger.debug("Main thread got interrupted: {}", e3.getMessage());
                throw new AuthenticationException("Main thread got interrupted.", e3);
            } catch (TimeoutException e4) {
                listenForResponse.cancel(true);
                throw new AuthenticationException("Couldn't fetch code within timeout window.");
            }
        } catch (Throwable th) {
            logger.trace("Shutdown listening server.", new Object[0]);
            this.server.shutdownServer();
            throw th;
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r8v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00cc: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:55:0x00cc */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00d0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:57:0x00d0 */
    /* JADX WARN: Type inference failed for: r8v1, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    private String fetchSamlResponse(String str) {
        HttpPost createAuthorizationRequest = createAuthorizationRequest(str);
        try {
            try {
                CloseableHttpClient closeableHttpClient = this.httpClientFactory.get();
                Throwable th = null;
                CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) createAuthorizationRequest);
                Throwable th2 = null;
                try {
                    try {
                        String extractResponseBody = extractResponseBody(execute);
                        if (execute.getStatusLine().getStatusCode() != 200) {
                            AzureAdAuthUtils.throwOnBadAzureAdSamlResponse(extractResponseBody);
                        }
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        if (closeableHttpClient != null) {
                            if (0 != 0) {
                                try {
                                    closeableHttpClient.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                closeableHttpClient.close();
                            }
                        }
                        return extractResponseBody;
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (execute != null) {
                        if (th2 != null) {
                            try {
                                execute.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException("Unable to obtain a SAML assertion from Azure AD.", e);
        }
    }

    private HttpPost createAuthorizationRequest(String str) {
        HttpPost httpPost = new HttpPost(createTokenRequestUri());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("code", str));
        arrayList.add(new BasicNameValuePair("requested_token_type", "urn:ietf:params:oauth:token-type:saml2"));
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("scope", "openid"));
        arrayList.add(new BasicNameValuePair("resource", this.clientId));
        arrayList.add(new BasicNameValuePair("client_id", this.clientId));
        arrayList.add(new BasicNameValuePair("redirect_uri", this.server.getServerUrl()));
        httpPost.addHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString());
        httpPost.addHeader("Accept", ContentType.APPLICATION_JSON.toString());
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, StandardCharsets.UTF_8));
        return httpPost;
    }

    private static String extractResponseBody(CloseableHttpResponse closeableHttpResponse) {
        try {
            return EntityUtils.toString(closeableHttpResponse.getEntity());
        } catch (IOException e) {
            throw new AuthenticationException("An error occurred while processing the response from Azure AD", e);
        }
    }

    private String createTokenRequestUri() {
        return new URIBuilder().setScheme(ProxyConfigProvider.HTTPS).setHost("login.microsoftonline.com").setPath("/" + this.tenantId + "/oauth2/token").toString();
    }

    private URI createCodeRequestUri(String str, String str2) throws URISyntaxException {
        return new URIBuilder().setScheme(ProxyConfigProvider.HTTPS).setHost("login.microsoftonline.com").setPath("/" + this.tenantId + "/oauth2/authorize").addParameter("scope", "openid").addParameter("response_type", "code").addParameter("response_mode", "form_post").addParameter("client_id", this.clientId).addParameter("redirect_uri", str2).addParameter("state", str).build();
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider, software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public /* bridge */ /* synthetic */ AwsCredentials resolveCredentials() {
        return super.resolveCredentials();
    }
}
