package com.amazon.redshift.plugin;

import com.amazon.redshift.NativeTokenHolder;
import com.amazon.redshift.RedshiftProperty;
import com.amazon.redshift.logger.LogLevel;
import com.amazon.redshift.logger.RedshiftLogger;
import com.amazonaws.services.ssooidc.AWSSSOOIDC;
import com.amazonaws.services.ssooidc.AWSSSOOIDCClientBuilder;
import com.amazonaws.services.ssooidc.model.AccessDeniedException;
import com.amazonaws.services.ssooidc.model.AuthorizationPendingException;
import com.amazonaws.services.ssooidc.model.CreateTokenRequest;
import com.amazonaws.services.ssooidc.model.CreateTokenResult;
import com.amazonaws.services.ssooidc.model.InternalServerException;
import com.amazonaws.services.ssooidc.model.RegisterClientRequest;
import com.amazonaws.services.ssooidc.model.RegisterClientResult;
import com.amazonaws.services.ssooidc.model.SlowDownException;
import com.amazonaws.services.ssooidc.model.StartDeviceAuthorizationRequest;
import com.amazonaws.services.ssooidc.model.StartDeviceAuthorizationResult;
import com.amazonaws.util.StringUtils;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/amazon/redshift/plugin/BrowserIdcAuthPlugin.class */
public class BrowserIdcAuthPlugin extends CommonCredentialsProvider {
    private static final String KEY_START_URL = "start_url";
    private static final String KEY_IDC_CLIENT_DISPLAY_NAME = "idc_client_display_name";
    private static final String KEY_IDC_REGION = "idc_region";
    private static final String KEY_IDC_RESPONSE_TIMEOUT = "idc_response_timeout";
    private static final String M_CLIENT_TYPE = "public";
    private static final String M_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
    private static final String M_SCOPE = "redshift:connect";
    private static final Map<String, RegisterClientResult> m_register_client_cache = new HashMap();
    protected AWSSSOOIDC m_sdk_client;
    private String m_idcRegion;
    private String m_startUrl;
    public final int REQUEST_CREATE_TOKEN_DEFAULT_INTERVAL = 1;
    public final int DEFAULT_IDC_TOKEN_EXPIRY_IN_SEC = 900;
    private String m_idcClientDisplayName = RedshiftProperty.IDC_CLIENT_DISPLAY_NAME.getDefaultValue();
    private int m_idcResponseTimeout = 120;

    public BrowserIdcAuthPlugin() {
    }

    public BrowserIdcAuthPlugin(AWSSSOOIDC awsssooidc) {
        this.m_sdk_client = awsssooidc;
    }

    @Override // com.amazon.redshift.plugin.CommonCredentialsProvider, com.amazon.redshift.INativePlugin
    public void addParameter(String str, String str2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -2128955374:
                if (str.equals(KEY_START_URL)) {
                    z = false;
                    break;
                }
                break;
            case -1297661845:
                if (str.equals(KEY_IDC_REGION)) {
                    z = true;
                    break;
                }
                break;
            case -865785830:
                if (str.equals(KEY_IDC_RESPONSE_TIMEOUT)) {
                    z = 3;
                    break;
                }
                break;
            case 823966661:
                if (str.equals(KEY_IDC_CLIENT_DISPLAY_NAME)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.m_startUrl = str2;
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("Setting start_url: {0}", this.m_startUrl);
                    return;
                }
                return;
            case true:
                this.m_idcRegion = str2;
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("Setting idc_region: {0}", this.m_idcRegion);
                    return;
                }
                return;
            case true:
                if (!StringUtils.isNullOrEmpty(str2)) {
                    this.m_idcClientDisplayName = str2;
                }
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("Setting idc_client_display_name: {0}", this.m_idcClientDisplayName);
                    return;
                }
                return;
            case true:
                if (StringUtils.isNullOrEmpty(str2)) {
                    return;
                }
                int parseInt = Integer.parseInt(str2);
                if (parseInt <= 10) {
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.logDebug("Setting idc_response_timeout={0}; provided value={1}", Integer.valueOf(this.m_idcResponseTimeout), Integer.valueOf(parseInt));
                        return;
                    }
                    return;
                } else {
                    this.m_idcResponseTimeout = parseInt;
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.logDebug("Setting idc_response_timeout: {0}", Integer.valueOf(this.m_idcResponseTimeout));
                        return;
                    }
                    return;
                }
            default:
                super.addParameter(str, str2);
                return;
        }
    }

    @Override // com.amazon.redshift.plugin.CommonCredentialsProvider, com.amazon.redshift.INativePlugin
    public String getPluginSpecificCacheKey() {
        return this.m_startUrl != null ? this.m_startUrl : "";
    }

    @Override // com.amazon.redshift.plugin.CommonCredentialsProvider
    protected NativeTokenHolder getAuthToken() throws IOException {
        return getIdcToken();
    }

    protected NativeTokenHolder getIdcToken() throws IOException {
        try {
            checkRequiredParameters();
            this.m_sdk_client = (AWSSSOOIDC) AWSSSOOIDCClientBuilder.standard().withRegion(this.m_idcRegion).build();
            RegisterClientResult registerClientResult = getRegisterClientResult(this.m_idcClientDisplayName, M_CLIENT_TYPE);
            StartDeviceAuthorizationResult startDeviceAuthorizationResult = getStartDeviceAuthorizationResult(registerClientResult.getClientId(), registerClientResult.getClientSecret(), this.m_startUrl);
            openBrowser(startDeviceAuthorizationResult.getVerificationUriComplete());
            return processCreateTokenResult(fetchTokenResult(registerClientResult, startDeviceAuthorizationResult, M_GRANT_TYPE, M_SCOPE));
        } catch (InternalPluginException e) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e, "InternalPluginException in getIdcToken", new Object[0]);
            }
            throw new IOException(e.getMessage(), e);
        }
    }

    private void checkRequiredParameters() throws InternalPluginException {
        if (StringUtils.isNullOrEmpty(this.m_startUrl)) {
            this.m_log.logDebug("IdC authentication failed: start_url needs to be provided in connection params", new Object[0]);
            throw new InternalPluginException("IdC authentication failed: The start URL must be included in the connection parameters.");
        }
        if (StringUtils.isNullOrEmpty(this.m_idcRegion)) {
            this.m_log.logDebug("IdC authentication failed: idc_region needs to be provided in connection params", new Object[0]);
            throw new InternalPluginException("IdC authentication failed: The IdC region must be included in the connection parameters.");
        }
    }

    protected RegisterClientResult getRegisterClientResult(String str, String str2) throws IOException {
        String str3 = str + ":" + this.m_idcRegion;
        RegisterClientResult registerClientResult = m_register_client_cache.get(str3);
        if (isCachedRegisterClientResultValid(registerClientResult)) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.logDebug("Using cached register client result", new Object[0]);
            }
            return registerClientResult;
        }
        RegisterClientRequest registerClientRequest = new RegisterClientRequest();
        registerClientRequest.withClientName(str);
        registerClientRequest.withClientType(str2);
        registerClientRequest.withScopes(new String[]{M_SCOPE});
        try {
            RegisterClientResult registerClient = this.m_sdk_client.registerClient(registerClientRequest);
            if (RedshiftLogger.isEnable()) {
                this.m_log.logDebug("registerClient response code: {0}", Integer.valueOf(registerClient.getSdkHttpMetadata().getHttpStatusCode()));
            }
            m_register_client_cache.put(str3, registerClient);
            return registerClient;
        } catch (Exception e) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e, "Error: Unexpected register client error;", new Object[0]);
            }
            throw new IOException("IdC authentication failed : There was an error during authentication.", e);
        } catch (InternalServerException e2) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e2, "Error: Unexpected server error while registering client;", new Object[0]);
            }
            throw new IOException("IdC authentication failed : An error occurred during the request.", e2);
        }
    }

    private boolean isCachedRegisterClientResultValid(RegisterClientResult registerClientResult) {
        return (registerClientResult == null || registerClientResult.getClientSecretExpiresAt() == null || System.currentTimeMillis() >= registerClientResult.getClientSecretExpiresAt().longValue() * 1000) ? false : true;
    }

    protected StartDeviceAuthorizationResult getStartDeviceAuthorizationResult(String str, String str2, String str3) throws IOException {
        StartDeviceAuthorizationRequest startDeviceAuthorizationRequest = new StartDeviceAuthorizationRequest();
        startDeviceAuthorizationRequest.withClientId(str);
        startDeviceAuthorizationRequest.withClientSecret(str2);
        startDeviceAuthorizationRequest.withStartUrl(str3);
        try {
            StartDeviceAuthorizationResult startDeviceAuthorization = this.m_sdk_client.startDeviceAuthorization(startDeviceAuthorizationRequest);
            if (RedshiftLogger.isEnable()) {
                this.m_log.logDebug("startDeviceAuthorization response code: {0}", Integer.valueOf(startDeviceAuthorization.getSdkHttpMetadata().getHttpStatusCode()));
            }
            return startDeviceAuthorization;
        } catch (InternalServerException e) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e, "Error: Server error in start device authorization;", new Object[0]);
            }
            throw new IOException("IdC authentication failed : An error occurred during the request.", e);
        } catch (Exception e2) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e2, "Error: Unexpected error in start device authorization;", new Object[0]);
            }
            throw new IOException("IdC authentication failed : There was an error during authentication.", e2);
        } catch (SlowDownException e3) {
            if (RedshiftLogger.isEnable()) {
                this.m_log.log(LogLevel.ERROR, e3, "Error: Too frequent requests made by client;", new Object[0]);
            }
            throw new IOException("IdC authentication failed : Requests to the IdC service are too frequent.", e3);
        }
    }

    protected void openBrowser(String str) throws IOException {
        validateURL(str);
        Desktop.getDesktop().browse(URI.create(str));
        if (RedshiftLogger.isEnable()) {
            this.m_log.log(LogLevel.DEBUG, String.format("Authorization code request URI: \n%s", str), new Object[0]);
        }
    }

    protected CreateTokenResult getCreateTokenResult(String str, String str2, String str3, String str4, String... strArr) {
        CreateTokenRequest createTokenRequest = new CreateTokenRequest();
        createTokenRequest.withClientId(str);
        createTokenRequest.withClientSecret(str2);
        createTokenRequest.withDeviceCode(str3);
        createTokenRequest.withGrantType(str4);
        createTokenRequest.withScope(strArr);
        return this.m_sdk_client.createToken(createTokenRequest);
    }

    protected CreateTokenResult fetchTokenResult(RegisterClientResult registerClientResult, StartDeviceAuthorizationResult startDeviceAuthorizationResult, String str, String str2) throws IOException {
        long currentTimeMillis = System.currentTimeMillis() + (this.m_idcResponseTimeout * 1000);
        int i = 1;
        if (startDeviceAuthorizationResult.getInterval() != null && startDeviceAuthorizationResult.getInterval().intValue() > 0) {
            i = startDeviceAuthorizationResult.getInterval().intValue();
        }
        while (System.currentTimeMillis() < currentTimeMillis) {
            try {
                CreateTokenResult createTokenResult = getCreateTokenResult(registerClientResult.getClientId(), registerClientResult.getClientSecret(), startDeviceAuthorizationResult.getDeviceCode(), str, str2);
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("createToken response code: {0}", Integer.valueOf(createTokenResult.getSdkHttpMetadata().getHttpStatusCode()));
                }
                if (createTokenResult != null && createTokenResult.getAccessToken() != null) {
                    return createTokenResult;
                }
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logError("Failed to fetch an IdC access token", new Object[0]);
                }
                throw new IOException("IdC authentication failed : The credential token couldn't be created.");
                break;
            } catch (Exception e) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.log(LogLevel.ERROR, e, "Error: Unexpected error in create token;", new Object[0]);
                }
                throw new IOException("IdC authentication failed : There was an error during authentication.", e);
            } catch (AuthorizationPendingException e2) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("Browser authorization pending from user", new Object[0]);
                }
                try {
                    Thread.sleep(i * 1000);
                } catch (InterruptedException e3) {
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.log(LogLevel.ERROR, e3, "Thread interrupted during sleep", new Object[0]);
                    }
                }
            } catch (InternalServerException e4) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.log(LogLevel.ERROR, e4, "Error: Server error in creating token;", new Object[0]);
                }
                throw new IOException("IdC authentication failed : An error occurred during the request.", e4);
            } catch (AccessDeniedException e5) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.log(LogLevel.ERROR, e5, "Error: Access denied, please ensure app assignment is done for the user;", new Object[0]);
                }
                throw new IOException("IdC authentication failed : You don't have sufficient permission to perform the action.", e5);
            } catch (SlowDownException e6) {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.log(LogLevel.ERROR, e6, "Error: Too frequent createToken requests made by client;", new Object[0]);
                }
                throw new IOException("IdC authentication failed : Requests to the IdC service are too frequent.", e6);
            }
        }
        if (RedshiftLogger.isEnable()) {
            this.m_log.logError("Error: Request timed out while waiting for user authentication in the browser", new Object[0]);
        }
        throw new IOException("IdC authentication failed : The request timed out. Authentication wasn't completed.");
    }

    protected NativeTokenHolder processCreateTokenResult(CreateTokenResult createTokenResult) throws IOException {
        return NativeTokenHolder.newInstance(createTokenResult.getAccessToken(), new Date(System.currentTimeMillis() + (((createTokenResult.getExpiresIn() == null || createTokenResult.getExpiresIn().intValue() <= 0) ? 900 : createTokenResult.getExpiresIn().intValue()) * 1000)));
    }
}
