package com.amazon.redshift.plugin;

import com.amazon.redshift.logger.LogLevel;
import com.amazon.redshift.logger.RedshiftLogger;
import com.amazonaws.SdkClientException;
import com.amazonaws.util.IOUtils;
import com.amazonaws.util.StringUtils;
import java.io.Closeable;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/amazon/redshift/plugin/AdfsCredentialsProvider.class */
public class AdfsCredentialsProvider extends SamlCredentialsProvider {
    private static final Pattern SAML_PATTERN = Pattern.compile("SAMLResponse\\W+value=\"([^\"]+)\"");
    private static final String KEY_LOGINTORP = "loginToRp";
    protected String m_loginToRp = "urn:amazon:webservices";

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public void addParameter(String str, String str2) {
        super.addParameter(str, str2);
        if (KEY_LOGINTORP.equalsIgnoreCase(str)) {
            this.m_loginToRp = str2;
            if (RedshiftLogger.isEnable()) {
                this.m_log.logDebug("m_loginToRp: ", this.m_loginToRp);
            }
        }
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public String getPluginSpecificCacheKey() {
        return this.m_loginToRp != null ? this.m_loginToRp : "";
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        if (StringUtils.isNullOrEmpty(this.m_idpHost)) {
            throw new IOException("Missing required property: idp_host");
        }
        return (StringUtils.isNullOrEmpty(this.m_userName) || StringUtils.isNullOrEmpty(this.m_password)) ? windowsIntegratedAuthentication() : formBasedAuthentication();
    }

    private String windowsIntegratedAuthentication() {
        if (!System.getProperty("os.name").toLowerCase(Locale.getDefault()).contains("windows")) {
            throw new SdkClientException("WIA only support Windows platform.");
        }
        InputStream inputStream = null;
        OutputStream outputStream = null;
        File file = null;
        try {
            try {
                try {
                    file = extractExecutable();
                    String[] strArr = {file.getAbsolutePath(), "https://" + this.m_idpHost + ':' + this.m_idpPort + "/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=" + this.m_loginToRp, String.valueOf(Boolean.getBoolean("adfs.insecure"))};
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.logDebug("Command: {0}:{1}:{2}", strArr[0], strArr[1], strArr[2]);
                    }
                    Process exec = Runtime.getRuntime().exec(strArr);
                    inputStream = exec.getInputStream();
                    outputStream = exec.getOutputStream();
                    String iOUtils = IOUtils.toString(inputStream);
                    int waitFor = exec.waitFor();
                    if (waitFor != 0) {
                        throw new SdkClientException("Failed execute adfs command, return: " + waitFor);
                    }
                    IOUtils.closeQuietly(inputStream, (Log) null);
                    IOUtils.closeQuietly(outputStream, (Log) null);
                    if (file != null && !file.delete()) {
                        file.deleteOnExit();
                    }
                    return iOUtils;
                } catch (IOException e) {
                    throw new SdkClientException("Failed execute adfs command.", e);
                }
            } catch (InterruptedException e2) {
                throw new SdkClientException("Failed execute adfs command.", e2);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream, (Log) null);
            IOUtils.closeQuietly(outputStream, (Log) null);
            if (file != null && !file.delete()) {
                file.deleteOnExit();
            }
            throw th;
        }
    }

    private String formBasedAuthentication() throws IOException {
        String str = "https://" + this.m_idpHost + ':' + this.m_idpPort + "/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=" + this.m_loginToRp;
        try {
            try {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("uri: {0}", str);
                }
                CloseableHttpClient httpClient = getHttpClient();
                CloseableHttpResponse execute = httpClient.execute(new HttpGet(str));
                if (execute.getStatusLine().getStatusCode() != 200) {
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.log(LogLevel.DEBUG, "formBasedAuthentication https response:" + EntityUtils.toString(execute.getEntity()), new Object[0]);
                    }
                    throw new IOException("Failed send request: " + execute.getStatusLine().getReasonPhrase());
                }
                String entityUtils = EntityUtils.toString(execute.getEntity());
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("body: {0}", entityUtils);
                }
                ArrayList arrayList = new ArrayList();
                for (String str2 : getInputTagsfromHTML(entityUtils)) {
                    String valueByKey = getValueByKey(str2, "name");
                    String valueByKey2 = getValueByKey(str2, "value");
                    String lowerCase = valueByKey.toLowerCase();
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.logDebug("name: {0}", valueByKey);
                    }
                    if (lowerCase.contains("username")) {
                        arrayList.add(new BasicNameValuePair(valueByKey, this.m_userName));
                    } else if (lowerCase.contains("authmethod")) {
                        if (!valueByKey2.isEmpty()) {
                            arrayList.add(new BasicNameValuePair(valueByKey, valueByKey2));
                        }
                    } else if (lowerCase.contains("password")) {
                        arrayList.add(new BasicNameValuePair(valueByKey, this.m_password));
                    } else if (!valueByKey.isEmpty()) {
                        arrayList.add(new BasicNameValuePair(valueByKey, valueByKey2));
                    }
                }
                String formAction = getFormAction(entityUtils);
                if (!StringUtils.isNullOrEmpty(formAction) && formAction.startsWith("/")) {
                    str = "https://" + this.m_idpHost + ':' + this.m_idpPort + formAction;
                }
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("action uri: {0}", str);
                }
                HttpPost httpPost = new HttpPost(str);
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                CloseableHttpResponse execute2 = httpClient.execute(httpPost);
                if (execute2.getStatusLine().getStatusCode() != 200) {
                    throw new IOException("Failed send request: " + execute2.getStatusLine().getReasonPhrase());
                }
                Matcher matcher = SAML_PATTERN.matcher(EntityUtils.toString(execute2.getEntity()));
                if (!matcher.find()) {
                    throw new IOException("Failed to login ADFS.");
                }
                String group = matcher.group(1);
                IOUtils.closeQuietly(httpClient, (Log) null);
                return group;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed create SSLContext.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) null, (Log) null);
            throw th;
        }
    }

    private File extractExecutable() throws IOException {
        File createTempFile = File.createTempFile("adfs", ".exe");
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            inputStream = AdfsCredentialsProvider.class.getResourceAsStream("adfs.exe");
            fileOutputStream = new FileOutputStream(createTempFile);
            IOUtils.copy(inputStream, fileOutputStream);
            IOUtils.closeQuietly(inputStream, (Log) null);
            IOUtils.closeQuietly(fileOutputStream, (Log) null);
            return createTempFile;
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream, (Log) null);
            IOUtils.closeQuietly(fileOutputStream, (Log) null);
            throw th;
        }
    }
}
