package com.simba.athena.iamsupport.plugin;

import com.simba.athena.amazonaws.SdkClientException;
import com.simba.athena.amazonaws.regions.ServiceAbbreviations;
import com.simba.athena.amazonaws.util.IOUtils;
import com.simba.athena.amazonaws.util.StringUtils;
import com.simba.athena.iamsupport.IamSupport;
import com.simba.athena.iamsupport.model.CredentialsHolder;
import com.simba.athena.iamsupport.plugin.utils.LogUtils;
import com.simba.athena.support.LogUtilities;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.http.HttpHost;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/simba/athena/iamsupport/plugin/PingCredentialsProvider.class */
public class PingCredentialsProvider extends SamlCredentialsProvider {
    private static final Pattern SAML_PATTERN = Pattern.compile("SAMLResponse\\W+value=\"([^\"]+)\"");
    private static final String KEY_PARTNER_SPID = "partner_spid";
    protected String m_partnerSpId;

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider, com.simba.athena.iamsupport.IPlugin
    public void addParameter(String str, String str2) {
        super.addParameter(str, str2);
        if (KEY_PARTNER_SPID.equalsIgnoreCase(str)) {
            this.m_partnerSpId = str2;
        }
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        checkRequiredParameters();
        if (StringUtils.isNullOrEmpty(this.m_partnerSpId)) {
            this.m_partnerSpId = "urn%3Aamazon%3Awebservices";
        } else {
            this.m_partnerSpId = URLEncoder.encode(this.m_partnerSpId, "UTF-8");
        }
        String str = "https://" + this.m_idpHost + ':' + this.m_idpPort + "/idp/startSSO.ping?PartnerSpId=" + this.m_partnerSpId;
        validateURL(str);
        ArrayList arrayList = new ArrayList(5);
        try {
            try {
                CloseableHttpClient httpClient = getHttpClient();
                HttpGet httpGet = new HttpGet(str);
                if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
                    if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                        basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                        httpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                    }
                    httpGet.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
                }
                CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) httpGet);
                if (execute.getStatusLine().getStatusCode() != 200) {
                    throw new IOException("Failed send request: " + execute.getStatusLine().getReasonPhrase());
                }
                String entityUtils = EntityUtils.toString(execute.getEntity());
                for (String str2 : getInputTagsfromHTML(entityUtils)) {
                    String valueByKey = getValueByKey(str2, "name");
                    String valueByKey2 = getValueByKey(str2, "value");
                    if (valueByKey.contains(IamSupport.USERNAME_ALT) || valueByKey.contains(ServiceAbbreviations.Email)) {
                        arrayList.add(new BasicNameValuePair(valueByKey, this.m_userName));
                    } else if (valueByKey.contains("pass")) {
                        arrayList.add(new BasicNameValuePair(valueByKey, this.m_password));
                    } else if (!StringUtils.isNullOrEmpty(valueByKey)) {
                        arrayList.add(new BasicNameValuePair(valueByKey, valueByKey2));
                    }
                }
                String formAction = getFormAction(entityUtils);
                if (!StringUtils.isNullOrEmpty(formAction) && formAction.startsWith("/")) {
                    str = "https://" + this.m_idpHost + ':' + this.m_idpPort + formAction;
                }
                validateURL(str);
                HttpPost httpPost = new HttpPost(str);
                httpPost.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
                    if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                        BasicCredentialsProvider basicCredentialsProvider2 = new BasicCredentialsProvider();
                        basicCredentialsProvider2.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                        httpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider2).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                    }
                    httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
                }
                CloseableHttpResponse execute2 = httpClient.execute((HttpUriRequest) httpPost);
                if (execute2.getStatusLine().getStatusCode() != 200) {
                    throw new IOException("Failed send request: " + execute2.getStatusLine().getReasonPhrase());
                }
                Matcher matcher = SAML_PATTERN.matcher(EntityUtils.toString(execute2.getEntity()));
                if (!matcher.find()) {
                    throw new IOException("Failed to retrieve SAMLAssertion.");
                }
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                String group = matcher.group(1);
                IOUtils.closeQuietly(httpClient, null);
                return group;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed create SSLContext.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected CredentialsHolder performPostSAMLAction(String str, String str2, CredentialsHolder credentialsHolder) throws SdkClientException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return null;
    }
}
