package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.authentication.OktaCredentialsProvider;
import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.configuration.ConnectionParameters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.regions.Region;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/OktaCredentialsProviderFactory.class */
public class OktaCredentialsProviderFactory implements CredentialsProviderFactory {
    public static final String CREDENTIALS_PROVIDER_NAME = "Okta";
    public static final int OKTA_MFA_WAIT_TIME_MIN = 20;
    private final OktaCredentialsProvider.Builder credentialsProviderBuilder;
    public static final ConnectionParameter<String> OKTA_APP_ID = ConnectionParameter.builder().name("OktaAppId").deprecatedAlias("App_ID").build();
    public static final ConnectionParameter<String> OKTA_APP_NAME = ConnectionParameter.builder().name("OktaAppName").deprecatedAlias("App_Name").build();
    public static final ConnectionParameter<String> OKTA_MFA_TYPE = ConnectionParameter.builder().name("OktaMfaType").deprecatedAlias("okta_mfa_type").build();
    public static final ConnectionParameter<String> OKTA_MFA_WAIT_TIME = ConnectionParameter.builder().name("OktaMfaWaitTime").deprecatedAlias("okta_mfa_wait_time").build();
    public static final ConnectionParameter<String> OKTA_PHONE_NUMBER = ConnectionParameter.builder().name("OktaPhoneNumber").deprecatedAlias("okta_phone_number").build();
    public static final String TOTP_MFA_TYPE = "oktaverifywithtotp";
    public static final String PUSH_MFA_TYPE = "oktaverifywithpush";
    public static final String SMS_MFA_TYPE = "smsauthentication";
    public static final String GOOGLE_AUTHENTICATOR_MFA_TYPE = "googleauthenticator";
    private static final List<String> SUPPORTED_MFA_TYPES = Arrays.asList(TOTP_MFA_TYPE, PUSH_MFA_TYPE, SMS_MFA_TYPE, GOOGLE_AUTHENTICATOR_MFA_TYPE);

    public OktaCredentialsProviderFactory() {
        this.credentialsProviderBuilder = OktaCredentialsProvider.builder();
    }

    OktaCredentialsProviderFactory(OktaCredentialsProvider.Builder builder) {
        this.credentialsProviderBuilder = builder;
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public AwsCredentialsProvider create(Map<ConnectionParameter<?>, String> map) {
        Integer stringToInt;
        Optional<String> findValue = ConnectionParameters.USER_PARAMETER.findValue(map);
        Optional<String> findValue2 = ConnectionParameters.PASSWORD_PARAMETER.findValue(map);
        Optional<String> findValue3 = ConnectionParameters.IDP_HOST_NAME.findValue(map);
        Optional<String> findValue4 = OKTA_APP_ID.findValue(map);
        Optional<String> findValue5 = OKTA_APP_NAME.findValue(map);
        Optional<String> findValue6 = OKTA_MFA_TYPE.findValue(map);
        Optional<String> findValue7 = OKTA_MFA_WAIT_TIME.findValue(map);
        Optional<String> findValue8 = OKTA_PHONE_NUMBER.findValue(map);
        Optional<String> findValue9 = ConnectionParameters.PREFERRED_ROLE_PARAMETER.findValue(map);
        Optional<Integer> findValue10 = ConnectionParameters.ROLE_SESSION_DURATION_PARAMETER.findValue(map);
        Optional<Region> findValue11 = ConnectionParameters.REGION_PARAMETER.findValue(map);
        Optional<Boolean> findValue12 = ConnectionParameters.LAKE_FORMATION_ENABLED_PARAMETER.findValue(map);
        ArrayList arrayList = new ArrayList();
        if (!findValue.isPresent()) {
            arrayList.add(String.format("The %s parameter must be specified when using the %s credentials provider", ConnectionParameters.USER_PARAMETER.name(), CREDENTIALS_PROVIDER_NAME));
        }
        if (!findValue2.isPresent()) {
            arrayList.add(String.format("The %s parameter must be specified when using the %s credentials provider", ConnectionParameters.PASSWORD_PARAMETER.name(), CREDENTIALS_PROVIDER_NAME));
        }
        if (!findValue3.isPresent()) {
            arrayList.add(String.format("The %s parameter must be specified when using the %s credentials provider", ConnectionParameters.IDP_HOST_NAME.name(), CREDENTIALS_PROVIDER_NAME));
        }
        if (!findValue4.isPresent()) {
            arrayList.add(String.format("The %s parameter must be specified when using the %s credentials provider", OKTA_APP_ID.name(), CREDENTIALS_PROVIDER_NAME));
        }
        if (!findValue5.isPresent()) {
            arrayList.add(String.format("The %s parameter must be specified when using the %s credentials provider", OKTA_APP_NAME.name(), CREDENTIALS_PROVIDER_NAME));
        }
        if (findValue6.isPresent()) {
            if (!SUPPORTED_MFA_TYPES.contains(findValue6.get().toLowerCase())) {
                arrayList.add(String.format("The Okta MFA type \"%s\" is not a supported second factor", findValue6.get()));
            }
            if (findValue6.get().equalsIgnoreCase(SMS_MFA_TYPE) && !findValue8.isPresent()) {
                arrayList.add(String.format("A phone number must be provided when the Okta MFA type is \"SmsAuthentication\"", new Object[0]));
            }
        }
        if (findValue7.isPresent() && ((stringToInt = stringToInt(findValue7.get())) == null || stringToInt.intValue() < 20)) {
            arrayList.add(String.format("Invalid Okta MFA wait time: \"%s\" (expected an integer value of at least 20)", findValue7.get()));
        }
        if (arrayList.isEmpty()) {
            return this.credentialsProviderBuilder.username(findValue.get()).password(findValue2.get()).hostName(findValue3.get()).appId(findValue4.get()).appName(findValue5.get()).mfaType(findValue6.orElse(null)).mfaWaitTime((Integer) findValue7.map(Integer::parseInt).orElse(null)).mfaPhoneNumber(findValue8.orElse(null)).preferredRole(findValue9.orElse(null)).roleSessionDuration(findValue10.orElse(null)).region(findValue11.get()).lakeFormationEnabled(findValue12.get().booleanValue()).connectionParameters(map).build();
        }
        throw new IllegalArgumentException(String.join("; ", arrayList));
    }

    private static Integer stringToInt(String str) {
        try {
            return Integer.valueOf(Integer.parseInt(str));
        } catch (NumberFormatException e) {
            return null;
        }
    }
}
