package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.authentication.http.BrowserAuthenticationServer;
import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.support.AuthenticationException;
import com.amazon.athena.logging.AthenaLogger;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.apache.http.NameValuePair;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.lakeformation.LakeFormationClientBuilder;
import software.amazon.awssdk.services.lakeformation.model.AssumeDecoratedRoleWithSamlRequest;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/BrowserSamlCredentialsProvider.class */
public class BrowserSamlCredentialsProvider extends SamlCredentialsProvider {
    private static final AthenaLogger logger = AthenaLogger.of(BrowserSamlCredentialsProvider.class);
    private static final String SAML_RESPONSE_PARAM_NAME = "SAMLResponse";
    private String loginUrl;
    private final int idpResponseTimeout;
    private final Desktop desktop;
    private final BrowserAuthenticationServer server;

    /* loaded from: input_file:com/amazon/athena/jdbc/authentication/BrowserSamlCredentialsProvider$Builder.class */
    public static class Builder {
        private String loginUrl;
        private String preferredRole;
        private Integer roleSessionDuration;
        private Integer idpResponseTimeout;
        private Integer listenPort;
        private Desktop desktop;
        private Region region;
        private BrowserAuthenticationServer server;
        private boolean lakeFormationEnabled;
        private AssumeRoleWithSamlRequest.Builder stsAssumeRoleFactory;
        private AssumeDecoratedRoleWithSamlRequest.Builder lfAssumeRoleFactory;
        private StsClientBuilder stsClientFactory;
        private LakeFormationClientBuilder lfClientFactory;
        private Map<ConnectionParameter<?>, String> parameters;

        public Builder preferredRole(String str) {
            this.preferredRole = str;
            return this;
        }

        public Builder roleSessionDuration(Integer num) {
            this.roleSessionDuration = num;
            return this;
        }

        public Builder loginUrl(String str) {
            this.loginUrl = str;
            return this;
        }

        public Builder idpResponseTimeout(Integer num) {
            this.idpResponseTimeout = num;
            return this;
        }

        public Builder listenPort(Integer num) {
            this.listenPort = num;
            return this;
        }

        public Builder region(Region region) {
            this.region = region;
            return this;
        }

        public Builder lakeFormationEnabled(boolean z) {
            this.lakeFormationEnabled = z;
            return this;
        }

        public Builder connectionParameters(Map<ConnectionParameter<?>, String> map) {
            this.parameters = map;
            return this;
        }

        Builder assumeRoleWithSamlRequestFactory(AssumeRoleWithSamlRequest.Builder builder) {
            this.stsAssumeRoleFactory = builder;
            return this;
        }

        Builder assumeDecoratedRoleWithSamlRequestFactory(AssumeDecoratedRoleWithSamlRequest.Builder builder) {
            this.lfAssumeRoleFactory = builder;
            return this;
        }

        Builder stsClientBuilder(StsClientBuilder stsClientBuilder) {
            this.stsClientFactory = stsClientBuilder;
            return this;
        }

        Builder lakeFormationClientBuilder(LakeFormationClientBuilder lakeFormationClientBuilder) {
            this.lfClientFactory = lakeFormationClientBuilder;
            return this;
        }

        Builder server(BrowserAuthenticationServer browserAuthenticationServer) {
            this.server = browserAuthenticationServer;
            return this;
        }

        Builder browser(Desktop desktop) {
            this.desktop = desktop;
            return this;
        }

        public BrowserSamlCredentialsProvider build() {
            return new BrowserSamlCredentialsProvider(this.loginUrl, this.preferredRole, this.roleSessionDuration, this.region, this.stsAssumeRoleFactory, this.stsClientFactory, this.lfAssumeRoleFactory, this.lfClientFactory, this.lakeFormationEnabled, this.idpResponseTimeout.intValue(), this.listenPort.intValue(), this.desktop, this.server, this.parameters);
        }
    }

    private BrowserSamlCredentialsProvider(String str, String str2, Integer num, Region region, AssumeRoleWithSamlRequest.Builder builder, StsClientBuilder stsClientBuilder, AssumeDecoratedRoleWithSamlRequest.Builder builder2, LakeFormationClientBuilder lakeFormationClientBuilder, boolean z, int i, int i2, Desktop desktop, BrowserAuthenticationServer browserAuthenticationServer, Map<ConnectionParameter<?>, String> map) {
        super(builder, builder2, stsClientBuilder, lakeFormationClientBuilder, null, null, str2, num, region, z, map);
        this.loginUrl = str;
        this.idpResponseTimeout = i;
        this.desktop = desktop == null ? Desktop.getDesktop() : desktop;
        this.server = browserAuthenticationServer == null ? new BrowserAuthenticationServer(i2) : browserAuthenticationServer;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider
    protected String getSamlAssertion() {
        try {
            validateSsoURL(this.loginUrl);
            return authenticate();
        } catch (IOException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private String authenticate() throws IOException {
        Future<List<NameValuePair>> listenForResponse = this.server.listenForResponse();
        try {
            try {
                this.desktop.browse(URI.create(this.loginUrl));
                Optional<String> findValueInNameValuePairs = findValueInNameValuePairs(SAML_RESPONSE_PARAM_NAME, listenForResponse.get(this.idpResponseTimeout, TimeUnit.SECONDS));
                if (!findValueInNameValuePairs.isPresent() || findValueInNameValuePairs.get().isEmpty()) {
                    throw new AuthenticationException("SAML assertion is not found or empty.");
                }
                String str = findValueInNameValuePairs.get();
                logger.trace("Shutdown listening server.", new Object[0]);
                this.server.shutdownServer();
                return str;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                logger.debug("Main thread got interrupted: {}", e.getMessage());
                throw new AuthenticationException("Main thread got interrupted.", e);
            } catch (ExecutionException e2) {
                logger.debug("Server thread throw an exception: {}", e2.getMessage());
                throw new AuthenticationException(e2.getMessage());
            } catch (TimeoutException e3) {
                listenForResponse.cancel(true);
                throw new AuthenticationException("Couldn't fetch code within timeout window.");
            }
        } catch (Throwable th) {
            logger.trace("Shutdown listening server.", new Object[0]);
            this.server.shutdownServer();
            throw th;
        }
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider, software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public /* bridge */ /* synthetic */ AwsCredentials resolveCredentials() {
        return super.resolveCredentials();
    }
}
