package com.amazon.athena.jdbc.authentication.datazone;

import com.amazon.athena.jdbc.authentication.CredentialsProviderFactory;
import com.amazon.athena.jdbc.authentication.datazone.helpers.BrowserControlHelper;
import com.amazon.athena.jdbc.authentication.datazone.helpers.DataZoneHelper;
import com.amazon.athena.jdbc.authentication.datazone.helpers.SsoOidcHelper;
import com.amazon.athena.jdbc.authentication.datazone.httpserver.Server;
import com.amazon.athena.jdbc.authentication.datazone.utils.DataZoneEndpointUtils;
import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.configuration.ConnectionParameters;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.core.internal.util.ChunkContentUtils;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.datazone.DataZoneClient;
import software.amazon.awssdk.services.datazone.DataZoneClientBuilder;
import software.amazon.awssdk.services.ssooidc.SsoOidcClient;
import software.amazon.awssdk.services.ssooidc.SsoOidcClientBuilder;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/datazone/DataZoneIdcCredentialsProviderFactory.class */
public class DataZoneIdcCredentialsProviderFactory extends DataZoneCredentialsProviderFactory implements CredentialsProviderFactory {
    public static final ConnectionParameter<String> IDENTITY_CENTER_ISSUER_URL_PARAMETER = ConnectionParameter.builder().name("IdentityCenterIssuerUrl").build();
    public static final ConnectionParameter<Boolean> ENABLE_TOKEN_CACHING = ConnectionParameter.builder().name("EnableTokenCaching").defaultValue(false).valueConverter(DataZoneIdcCredentialsProviderFactory::parseEnableTokenCaching).build();
    private static final List<ConnectionParameter<?>> REQUIRED_PARAMETERS = Arrays.asList(DATAZONE_DOMAIN_ID_PARAMETER, DATAZONE_ENVIRONMENT_ID_PARAMETER, DATAZONE_DOMAIN_REGION_PARAMETER, IDENTITY_CENTER_ISSUER_URL_PARAMETER, ConnectionParameters.REGION_PARAMETER);

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public String name() {
        return "DataZoneIdc";
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public AwsCredentialsProvider create(Map<ConnectionParameter<?>, String> map) {
        validateParameters(map, REQUIRED_PARAMETERS, name());
        String str = DATAZONE_DOMAIN_ID_PARAMETER.findValue(map).get();
        String str2 = DATAZONE_ENVIRONMENT_ID_PARAMETER.findValue(map).get();
        String str3 = DATAZONE_DOMAIN_REGION_PARAMETER.findValue(map).get();
        Region region = ConnectionParameters.REGION_PARAMETER.findValue(map).get();
        String str4 = IDENTITY_CENTER_ISSUER_URL_PARAMETER.findValue(map).get();
        String orElse = DATAZONE_ENDPOINT_OVERRIDE_PARAMETER.findValue(map).orElse(null);
        int intValue = ConnectionParameters.LISTEN_PORT.findValue(map).orElse(8000).intValue();
        int intValue2 = ConnectionParameters.IDP_RESPONSE_TIMEOUT.findValue(map).orElse(120).intValue();
        boolean booleanValue = ENABLE_TOKEN_CACHING.findValue(map).get().booleanValue();
        Server server = new Server(intValue);
        CloseableHttpClient createDefault = HttpClients.createDefault();
        String dataZoneEndpoint = orElse != null ? orElse : DataZoneEndpointUtils.getDataZoneEndpoint(str3);
        return new DataZoneIdcCredentialsProvider(str, str2, str3, region, orElse, str4, intValue2, booleanValue, new SsoOidcHelper(((SsoOidcClientBuilder) SsoOidcClient.builder().region(Region.of(str3))).mo1354build(), intValue, getDataZoneScope(orElse)), new DataZoneHelper(str, str2, str3, dataZoneEndpoint, createDefault, awsCredentialsProvider -> {
            return ((DataZoneClientBuilder) ((DataZoneClientBuilder) ((DataZoneClientBuilder) DataZoneClient.builder().credentialsProvider(awsCredentialsProvider)).endpointOverride(URI.create(dataZoneEndpoint))).region(Region.of(str3))).mo1354build();
        }), new BrowserControlHelper(System.getProperty("os.name")), server, getDataZoneScope(orElse));
    }

    @Override // com.amazon.athena.jdbc.authentication.CredentialsProviderFactory
    public Collection<ConnectionParameter<?>> connectionParameters() {
        return Arrays.asList(DATAZONE_DOMAIN_ID_PARAMETER, DATAZONE_ENVIRONMENT_ID_PARAMETER, DATAZONE_DOMAIN_REGION_PARAMETER, IDENTITY_CENTER_ISSUER_URL_PARAMETER, DATAZONE_ENDPOINT_OVERRIDE_PARAMETER, ENABLE_TOKEN_CACHING, ConnectionParameters.REGION_PARAMETER, ConnectionParameters.LISTEN_PORT, ConnectionParameters.IDP_RESPONSE_TIMEOUT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.athena.jdbc.authentication.datazone.DataZoneCredentialsProviderFactory
    public void validateParameters(Map<ConnectionParameter<?>, String> map, List<ConnectionParameter<?>> list, String str) {
        super.validateParameters(map, list, str);
        Optional<Integer> findValue = ConnectionParameters.IDP_RESPONSE_TIMEOUT.findValue(map);
        if (findValue.isPresent() && findValue.get().intValue() < 1) {
            throw new IllegalArgumentException(String.format("Invalid value for IdpResponseTimeout: %s, must be 1 second or longer", findValue.get()));
        }
    }

    private String getDataZoneScope(String str) {
        return str == null ? "datazone:domain:access" : "datazone_test:domain:access";
    }

    private static Boolean parseEnableTokenCaching(String str) {
        Boolean stringToBoolean = stringToBoolean(str);
        if (stringToBoolean == null) {
            throw new IllegalArgumentException(String.format("Invalid value for enable token caching: \"%s\"", str));
        }
        return stringToBoolean;
    }

    private static Boolean stringToBoolean(String str) {
        if (str != null && (str.equalsIgnoreCase("true") || str.equals("1"))) {
            return true;
        }
        if (str != null) {
            return (str.equalsIgnoreCase("false") || str.equals(ChunkContentUtils.ZERO_BYTE)) ? false : null;
        }
        return null;
    }
}
