package com.amazon.redshift.plugin;

import com.amazon.redshift.INativePlugin;
import com.amazon.redshift.NativeTokenHolder;
import com.amazon.redshift.logger.LogLevel;
import com.amazon.redshift.logger.RedshiftLogger;
import com.amazon.redshift.plugin.httpserver.RequestHandler;
import com.amazon.redshift.plugin.httpserver.Server;
import com.amazon.redshift.plugin.utils.CheckUtils;
import com.amazon.redshift.plugin.utils.ResponseUtils;
import com.amazon.redshift.util.RedshiftException;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.time.Duration;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import org.apache.http.NameValuePair;

/* loaded from: input_file:com/amazon/redshift/plugin/BrowserOktaSAMLCredentialsProvider.class */
public class BrowserOktaSAMLCredentialsProvider extends IdpCredentialsProvider implements INativePlugin {
    private String m_login_url;
    public static final String KEY_LOGIN_URL = "login_url";
    public static final String KEY_IDP_RESPONSE_TIMEOUT = "idp_response_timeout";
    public static final String KEY_LISTEN_PORT = "listen_port";
    private static final String SAML_RESPONSE_PARAM_NAME = "SAMLResponse";
    private NativeTokenHolder m_lastRefreshCredentials;
    private static final String LOG_PROPERTIES_FILE_NAME = "log-factory.properties";
    private static final String LOG_PROPERTIES_FILE_PATH = "META-INF/services/org.apache.commons.logging.LogFactory";
    private static Map<String, NativeTokenHolder> m_cache = new HashMap();
    private static final ClassLoader CONTEXT_CLASS_LOADER = new ClassLoader(BrowserOktaSAMLCredentialsProvider.class.getClassLoader()) { // from class: com.amazon.redshift.plugin.BrowserOktaSAMLCredentialsProvider.1
        @Override // java.lang.ClassLoader
        public Class<?> loadClass(String str) throws ClassNotFoundException {
            return getParent().loadClass(str);
        }

        @Override // java.lang.ClassLoader
        public Enumeration<URL> getResources(String str) throws IOException {
            return "commons-logging.properties".equals(str) ? Collections.enumeration(Collections.emptyList()) : super.getResources(str);
        }

        @Override // java.lang.ClassLoader
        public URL getResource(String str) {
            return BrowserOktaSAMLCredentialsProvider.LOG_PROPERTIES_FILE_PATH.equals(str) ? BrowserOktaSAMLCredentialsProvider.class.getResource(BrowserOktaSAMLCredentialsProvider.LOG_PROPERTIES_FILE_NAME) : super.getResource(str);
        }
    };
    private int m_idp_response_timeout = 120;
    private int m_listen_port = 7890;
    private int EXPIRY_TIME = 5;
    protected Boolean m_disableCache = false;

    @Override // com.amazon.redshift.INativePlugin
    public void addParameter(String str, String str2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1718941799:
                if (str.equals("login_url")) {
                    z = true;
                    break;
                }
                break;
            case -942824531:
                if (str.equals("idp_response_timeout")) {
                    z = 2;
                    break;
                }
                break;
            case 1331349497:
                if (str.equals("listen_port")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.m_listen_port = Integer.parseInt(str2);
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("m_listen_port: {0}", Integer.valueOf(this.m_listen_port));
                    return;
                }
                return;
            case true:
                this.m_login_url = str2;
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("m_login_url: {0}", this.m_login_url);
                    return;
                }
                return;
            case true:
                this.m_idp_response_timeout = Integer.parseInt(str2);
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("m_idp_response_timeout: {0}", Integer.valueOf(this.m_idp_response_timeout));
                    return;
                }
                return;
            default:
                return;
        }
    }

    @Override // com.amazon.redshift.INativePlugin
    public void setLogger(RedshiftLogger redshiftLogger) {
        this.m_log = redshiftLogger;
    }

    @Override // com.amazon.redshift.INativePlugin
    public String getPluginSpecificCacheKey() {
        return this.m_login_url != null ? this.m_login_url : "";
    }

    @Override // com.amazon.redshift.INativePlugin
    public String getIdpToken() throws RedshiftException {
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        Thread.currentThread().setContextClassLoader(CONTEXT_CLASS_LOADER);
        try {
            try {
                String samlAssertion = getSamlAssertion();
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug(String.format("SAML : %s", samlAssertion), new Object[0]);
                }
                return samlAssertion;
            } catch (Exception e) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logError(e);
                }
                throw new RedshiftException("SAML error: " + e.getMessage(), e);
            }
        } finally {
            currentThread.setContextClassLoader(contextClassLoader);
        }
    }

    @Override // com.amazon.redshift.INativePlugin
    public String getCacheKey() {
        return getPluginSpecificCacheKey();
    }

    @Override // com.amazon.redshift.INativePlugin
    public int getSubType() {
        return 1;
    }

    @Override // com.amazon.redshift.INativePlugin
    public NativeTokenHolder getCredentials() throws RedshiftException {
        NativeTokenHolder nativeTokenHolder = null;
        if (!this.m_disableCache.booleanValue()) {
            nativeTokenHolder = m_cache.get(getCacheKey());
        }
        if (nativeTokenHolder == null || nativeTokenHolder.isExpired()) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.logInfo("SAML getCredentials NOT from cache", new Object[0]);
            }
            synchronized (this) {
                refresh();
                if (this.m_disableCache.booleanValue()) {
                    nativeTokenHolder = this.m_lastRefreshCredentials;
                    this.m_lastRefreshCredentials = null;
                }
            }
        } else {
            nativeTokenHolder.setRefresh(false);
            if (RedshiftLogger.isEnable()) {
                this.m_log.logInfo("SAML getCredentials from cache", new Object[0]);
            }
        }
        if (!this.m_disableCache.booleanValue()) {
            nativeTokenHolder = m_cache.get(getCacheKey());
        }
        if (nativeTokenHolder == null) {
            throw new RedshiftException("Unable to get IDP credentials");
        }
        return nativeTokenHolder;
    }

    @Override // com.amazon.redshift.INativePlugin
    public void refresh() throws RedshiftException {
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        Thread.currentThread().setContextClassLoader(CONTEXT_CLASS_LOADER);
        try {
            try {
                String samlAssertion = getSamlAssertion();
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug(String.format("saml : %s", samlAssertion), new Object[0]);
                }
                NativeTokenHolder newInstance = NativeTokenHolder.newInstance(samlAssertion, new Date(System.currentTimeMillis() + (this.EXPIRY_TIME * 60 * 1000)));
                newInstance.setRefresh(true);
                if (this.m_disableCache.booleanValue()) {
                    this.m_lastRefreshCredentials = newInstance;
                } else {
                    m_cache.put(getCacheKey(), newInstance);
                }
            } catch (Exception e) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logError(e);
                }
                throw new RedshiftException("SAML error: " + e.getMessage(), e);
            }
        } finally {
            currentThread.setContextClassLoader(contextClassLoader);
        }
    }

    protected String getSamlAssertion() throws IOException {
        try {
            CheckUtils.checkMissingAndThrows(this.m_login_url, "login_url");
            CheckUtils.checkAndThrowsWithMessage(this.m_idp_response_timeout < 10, "idp_response_timeout should be 10 seconds or greater.");
            CheckUtils.checkInvalidAndThrows(this.m_listen_port < 1 || this.m_listen_port > 65535, "listen_port");
            validateURL(this.m_login_url);
            return authenticate();
        } catch (InternalPluginException e) {
            throw new IOException(e);
        }
    }

    private String authenticate() throws IOException {
        RequestHandler requestHandler = new RequestHandler(new Function<List<NameValuePair>, Object>() { // from class: com.amazon.redshift.plugin.BrowserOktaSAMLCredentialsProvider.2
            @Override // java.util.function.Function
            public Object apply(List<NameValuePair> list) {
                if (RedshiftLogger.isEnable()) {
                    BrowserOktaSAMLCredentialsProvider.this.m_log.logDebug("nameValuePairs: {0}", list);
                }
                return ResponseUtils.findParameter(BrowserOktaSAMLCredentialsProvider.SAML_RESPONSE_PARAM_NAME, list);
            }
        });
        Server server = new Server(this.m_listen_port, requestHandler, Duration.ofSeconds(this.m_idp_response_timeout), this.m_log);
        server.listen();
        if (RedshiftLogger.isEnable()) {
            this.m_log.log(LogLevel.DEBUG, String.format("Listening for connection on port %d", Integer.valueOf(this.m_listen_port)), new Object[0]);
        }
        try {
            openBrowser();
            server.waitForResult();
            server.waitForResult();
            Object result = requestHandler.getResult();
            if (RedshiftLogger.isEnable()) {
                this.m_log.logDebug("result: {0}", result);
            }
            if (result instanceof InternalPluginException) {
                throw ((InternalPluginException) result);
            }
            if (!(result instanceof String)) {
                throw new InternalPluginException("Fail to login during timeout.");
            }
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.DEBUG, "Got SAML assertion", new Object[0]);
            }
            return (String) result;
        } catch (IOException e) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.logError(e);
            }
            server.stop();
            throw e;
        }
    }

    private void openBrowser() throws IOException {
        URI create = URI.create(this.m_login_url);
        if (RedshiftLogger.isEnable()) {
            this.m_log.log(LogLevel.DEBUG, String.format("SSO URI: \n%s", create), new Object[0]);
        }
        validateURL(create.toString());
        Desktop.getDesktop().browse(create);
    }
}
