package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.support.AuthenticationException;
import com.amazon.athena.logging.AthenaLogger;
import io.netty.handler.codec.http.HttpHeaders;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Clock;
import java.time.Instant;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.swing.JOptionPane;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.lakeformation.LakeFormationClientBuilder;
import software.amazon.awssdk.services.lakeformation.model.AssumeDecoratedRoleWithSamlRequest;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest;
import software.amazon.awssdk.utils.Pair;
import software.amazon.awssdk.utils.StringUtils;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/OktaCredentialsProvider.class */
public class OktaCredentialsProvider extends SamlCredentialsProvider {
    private static final String SESSION_TOKEN_URI_TEMPLATE = "https://%s/api/v1/authn";
    private static final String SAML_URI_TEMPLATE = "https://%s/home/%s/%s?onetimetoken=%s";
    private static final String USERNAME_PASSWORD_ENTITY_TEMPLATE = "{\"username\":\"%s\",\"password\":\"%s\"}";
    private static final String OKTA_SMS_FACTOR_TYPE = "sms";
    private static final String OKTA_PUSH_FACTOR_TYPE = "push";
    private static final String OKTA_TOTP_FACTOR_TYPE = "token:software:totp";
    private static final String PROVIDER_OKTA = "OKTA";
    private static final String PROVIDER_GOOGLE = "GOOGLE";
    private static final String OKTA_SESSION_TOKEN = "sessionToken";
    private static final String OKTA_STATE_TOKEN = "stateToken";
    private static final String OKTA_PASS_CODE = "passCode";
    private static final String OKTA_FACTOR_TYPE = "factorType";
    private static final String OKTA_FACTOR_PROVIDER = "provider";
    private static final String OKTA_EMBEDDED_USER_INFO = "_embedded";
    private static final String OKTA_LINKS = "_links";
    private static final String OKTA_VERIFY = "verify";
    private static final String OKTA_HREF = "href";
    private static final String OKTA_SESSION_TOKEN_STATUS = "status";
    private static final String OKTA_SESSION_TOKEN_FACTOR_RESULT = "factorResult";
    private static final String OKTA_SESSION_TOKEN_STATUS_SUCCESS = "SUCCESS";
    private static final String OKTA_SESSION_TOKEN_STATUS_WAITING = "WAITING";
    private static final String OKTA_SESSION_TOKEN_MFA_REQUIRED = "MFA_REQUIRED";
    private static final String OKTA_SESSION_TOKEN_MFA_CHALLENGE = "MFA_CHALLENGE";
    private static final String OKTA_SESSION_TOKEN_MFA_ENROLL = "MFA_ENROLL";
    private static final int OKTA_MFA_WAIT_TIME_SEC = 60;
    private static final int POLL_DELAY_MILLIS = 5000;
    private final String username;
    private final String password;
    private final String hostName;
    private final String appId;
    private final String appName;
    private final String mfaType;
    private final Integer mfaWaitTime;
    private final String phoneNumber;
    private final Supplier<CloseableHttpClient> httpClientFactory;
    private final JsonNodeParser jsonParser;
    private final Supplier<String> passcodeSupplier;
    private final InterruptableConsumer<Integer> threadSleeper;
    private static final AthenaLogger logger = AthenaLogger.of(OktaCredentialsProvider.class);
    private static final Pattern INPUT_TAG_PATTERN = Pattern.compile("<input(.+?)/>", 32);
    private static final Pattern NAME_PATTERN = Pattern.compile("name=\"([^\"]+)\"");
    private static final Pattern VALUE_PATTERN = Pattern.compile("value=\"([^\"]+)\"");
    private static final Map<String, Pair<String, String>> MFA_TYPE_TO_FACTOR_AND_PROVIDER = new HashMap();

    /* loaded from: input_file:com/amazon/athena/jdbc/authentication/OktaCredentialsProvider$Builder.class */
    public static class Builder {
        private String username;
        private String password;
        private String hostName;
        private String appId;
        private String appName;
        private String mfaType;
        private Integer mfaWaitTime;
        private String mfaPhoneNumber;
        private String preferredRole;
        private Integer roleSessionDuration;
        private Region region;
        private boolean lakeFormationEnabled;
        private Supplier<CloseableHttpClient> httpClientFactory;
        private AssumeRoleWithSamlRequest.Builder assumeRoleWithSamlRequestFactory;
        private AssumeDecoratedRoleWithSamlRequest.Builder assumeDecoratedRoleWithSamlRequestFactory;
        private StsClientBuilder stsClientFactory;
        private LakeFormationClientBuilder lakeFormationClientFactory;
        private Clock clock;
        private Integer pollDelay;
        private Supplier<String> passcodeSupplier;
        private InterruptableConsumer<Integer> threadSleeper;
        private Map<ConnectionParameter<?>, String> parameters;

        public Builder username(String str) {
            this.username = str;
            return this;
        }

        public Builder password(String str) {
            this.password = str;
            return this;
        }

        public Builder hostName(String str) {
            this.hostName = str;
            return this;
        }

        public Builder appId(String str) {
            this.appId = str;
            return this;
        }

        public Builder appName(String str) {
            this.appName = str;
            return this;
        }

        public Builder mfaType(String str) {
            this.mfaType = str;
            return this;
        }

        public Builder mfaWaitTime(Integer num) {
            this.mfaWaitTime = num;
            return this;
        }

        public Builder mfaPhoneNumber(String str) {
            this.mfaPhoneNumber = str;
            return this;
        }

        public Builder preferredRole(String str) {
            this.preferredRole = str;
            return this;
        }

        public Builder roleSessionDuration(Integer num) {
            this.roleSessionDuration = num;
            return this;
        }

        public Builder region(Region region) {
            this.region = region;
            return this;
        }

        public Builder lakeFormationEnabled(boolean z) {
            this.lakeFormationEnabled = z;
            return this;
        }

        public Builder connectionParameters(Map<ConnectionParameter<?>, String> map) {
            this.parameters = map;
            return this;
        }

        Builder httpClientFactory(Supplier<CloseableHttpClient> supplier) {
            this.httpClientFactory = supplier;
            return this;
        }

        Builder assumeRoleWithSamlRequestFactory(AssumeRoleWithSamlRequest.Builder builder) {
            this.assumeRoleWithSamlRequestFactory = builder;
            return this;
        }

        Builder assumeDecoratedRoleWithSamlRequestFactory(AssumeDecoratedRoleWithSamlRequest.Builder builder) {
            this.assumeDecoratedRoleWithSamlRequestFactory = builder;
            return this;
        }

        Builder stsClientBuilder(StsClientBuilder stsClientBuilder) {
            this.stsClientFactory = stsClientBuilder;
            return this;
        }

        Builder lakeFormationClientBuilder(LakeFormationClientBuilder lakeFormationClientBuilder) {
            this.lakeFormationClientFactory = lakeFormationClientBuilder;
            return this;
        }

        Builder clock(Clock clock) {
            this.clock = clock;
            return this;
        }

        Builder passcodeSupplier(Supplier<String> supplier) {
            this.passcodeSupplier = supplier;
            return this;
        }

        Builder threadSleeper(InterruptableConsumer<Integer> interruptableConsumer) {
            this.threadSleeper = interruptableConsumer;
            return this;
        }

        public OktaCredentialsProvider build() {
            return new OktaCredentialsProvider(this.username, this.password, this.hostName, this.appId, this.appName, this.mfaType, this.mfaWaitTime, this.mfaPhoneNumber, this.preferredRole, this.roleSessionDuration, this.region, this.httpClientFactory, this.assumeRoleWithSamlRequestFactory, this.stsClientFactory, this.assumeDecoratedRoleWithSamlRequestFactory, this.lakeFormationClientFactory, this.lakeFormationEnabled, this.clock, this.passcodeSupplier, this.threadSleeper, this.parameters);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:com/amazon/athena/jdbc/authentication/OktaCredentialsProvider$InterruptableConsumer.class */
    public interface InterruptableConsumer<T> {
        void accept(T t) throws InterruptedException;
    }

    private OktaCredentialsProvider(String str, String str2, String str3, String str4, String str5, String str6, Integer num, String str7, String str8, Integer num2, Region region, Supplier<CloseableHttpClient> supplier, AssumeRoleWithSamlRequest.Builder builder, StsClientBuilder stsClientBuilder, AssumeDecoratedRoleWithSamlRequest.Builder builder2, LakeFormationClientBuilder lakeFormationClientBuilder, boolean z, Clock clock, Supplier<String> supplier2, InterruptableConsumer<Integer> interruptableConsumer, Map<ConnectionParameter<?>, String> map) {
        super(builder, builder2, stsClientBuilder, lakeFormationClientBuilder, null, clock, str8, num2, region, z, map);
        MFA_TYPE_TO_FACTOR_AND_PROVIDER.put(OktaCredentialsProviderFactory.TOTP_MFA_TYPE, Pair.of(OKTA_TOTP_FACTOR_TYPE, PROVIDER_OKTA));
        MFA_TYPE_TO_FACTOR_AND_PROVIDER.put(OktaCredentialsProviderFactory.PUSH_MFA_TYPE, Pair.of(OKTA_PUSH_FACTOR_TYPE, PROVIDER_OKTA));
        MFA_TYPE_TO_FACTOR_AND_PROVIDER.put(OktaCredentialsProviderFactory.SMS_MFA_TYPE, Pair.of(OKTA_SMS_FACTOR_TYPE, PROVIDER_OKTA));
        MFA_TYPE_TO_FACTOR_AND_PROVIDER.put(OktaCredentialsProviderFactory.GOOGLE_AUTHENTICATOR_MFA_TYPE, Pair.of(OKTA_TOTP_FACTOR_TYPE, PROVIDER_GOOGLE));
        this.username = str;
        this.password = str2;
        this.hostName = str3;
        this.appId = str4;
        this.appName = str5;
        this.mfaType = str6;
        this.mfaWaitTime = Integer.valueOf(num == null ? 60 : num.intValue());
        this.phoneNumber = str7;
        this.httpClientFactory = supplier == null ? () -> {
            return IdpCredentialsProvider.createHttpClient(map);
        } : supplier;
        this.passcodeSupplier = supplier2 == null ? () -> {
            return JOptionPane.showInputDialog("Enter passcode to authenticate with Okta:");
        } : supplier2;
        this.threadSleeper = interruptableConsumer == null ? (v0) -> {
            Thread.sleep(v0);
        } : interruptableConsumer;
        this.jsonParser = null;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider
    protected String getSamlAssertion() {
        String fetchSessionToken = fetchSessionToken(createSessionTokenRequest());
        logger.info("Obtained session token from Okta", new Object[0]);
        String fetchSamlAssertion = fetchSamlAssertion(createSamlRequest(fetchSessionToken));
        logger.info("Obtained SAML assertion from Okta", new Object[0]);
        return fetchSamlAssertion;
    }

    private HttpPost createSessionTokenRequest() {
        try {
            HttpPost httpPost = new HttpPost(new URI(String.format(SESSION_TOKEN_URI_TEMPLATE, this.hostName)));
            StringEntity stringEntity = new StringEntity(String.format(USERNAME_PASSWORD_ENTITY_TEMPLATE, this.username, this.password), HTTP.UTF_8);
            httpPost.addHeader("Content-Type", HttpHeaders.Values.APPLICATION_JSON);
            httpPost.addHeader("Accept", HttpHeaders.Values.APPLICATION_JSON);
            httpPost.setEntity(stringEntity);
            return httpPost;
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(String.format("Could not construct an Okta endpoint from the provided host name (\"%s\"), the URL \"%s\" is invalid", this.hostName, String.format(SESSION_TOKEN_URI_TEMPLATE, this.hostName)), e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r12v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x01b0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:89:0x01b0 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x01b4: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:91:0x01b4 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x017c: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:70:0x017c */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x0181: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:72:0x0181 */
    /* JADX WARN: Type inference failed for: r10v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r12v1, types: [org.apache.http.client.methods.CloseableHttpResponse] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    private String fetchSessionToken(HttpPost httpPost) {
        ?? r12;
        ?? r13;
        logger.debug("Requesting session token from Okta: {}", httpPost.getURI());
        try {
            try {
                CloseableHttpClient closeableHttpClient = this.httpClientFactory.get();
                Throwable th = null;
                try {
                    CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
                    Throwable th2 = null;
                    validateHttpResponse(execute);
                    JsonNode parse = getJsonParser().parse(extractResponseBody(execute));
                    String str = (String) parse.field(OKTA_SESSION_TOKEN_STATUS).map((v0) -> {
                        return v0.text();
                    }).orElseThrow(() -> {
                        return new AuthenticationException("Failed to find status in response from Okta");
                    });
                    if (str.equalsIgnoreCase(OKTA_SESSION_TOKEN_STATUS_SUCCESS)) {
                        String str2 = (String) parse.field(OKTA_SESSION_TOKEN).map((v0) -> {
                            return v0.text();
                        }).orElseThrow(() -> {
                            return new AuthenticationException("Failed to find sessionToken in response from Okta");
                        });
                        if (str2.isEmpty()) {
                            throw new AuthenticationException("Empty sessionToken in the response from Okta");
                        }
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        if (closeableHttpClient != null) {
                            if (0 != 0) {
                                try {
                                    closeableHttpClient.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                closeableHttpClient.close();
                            }
                        }
                        return str2;
                    }
                    if (!str.equalsIgnoreCase(OKTA_SESSION_TOKEN_MFA_REQUIRED)) {
                        if (str.equalsIgnoreCase(OKTA_SESSION_TOKEN_MFA_ENROLL)) {
                            throw new AuthenticationException("It appears that a second authentication factor needs to be enrolled with Okta. Please, do that via your Okta account or contact your Okta admin");
                        }
                        throw new AuthenticationException(String.format("Received an unrecognized status, \"%s\", from Okta in response to request for session token", str));
                    }
                    validateMfaRelatedConnectionParameters();
                    String authenticateEnrolledUserWithSecondFactor = authenticateEnrolledUserWithSecondFactor(closeableHttpClient, parse);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (closeableHttpClient != null) {
                        if (0 != 0) {
                            try {
                                closeableHttpClient.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            closeableHttpClient.close();
                        }
                    }
                    return authenticateEnrolledUserWithSecondFactor;
                } catch (Throwable th7) {
                    if (r12 != 0) {
                        if (r13 != 0) {
                            try {
                                r12.close();
                            } catch (Throwable th8) {
                                r13.addSuppressed(th8);
                            }
                        } else {
                            r12.close();
                        }
                    }
                    throw th7;
                }
            } catch (IOException e) {
                throw new AuthenticationException("Unable to obtain the session token from Okta", e);
            }
            throw new AuthenticationException("Unable to obtain the session token from Okta", e);
        } finally {
        }
    }

    private void validateMfaRelatedConnectionParameters() {
        if (this.mfaType == null) {
            throw new IllegalArgumentException("An Okta MFA type must be provided");
        }
        if (this.mfaType.equalsIgnoreCase(OktaCredentialsProviderFactory.SMS_MFA_TYPE) && this.phoneNumber == null) {
            throw new IllegalArgumentException("A phone number must be provided when the Okta MFA type is \"SmsAuthentication\"");
        }
    }

    private String authenticateEnrolledUserWithSecondFactor(CloseableHttpClient closeableHttpClient, JsonNode jsonNode) {
        URI extractSecondFactorVerificationUri = extractSecondFactorVerificationUri(jsonNode);
        String str = (String) jsonNode.field(OKTA_STATE_TOKEN).map((v0) -> {
            return v0.text();
        }).orElseThrow(() -> {
            return new AuthenticationException("Failed to find a state token in response from Okta");
        });
        return this.mfaType.equalsIgnoreCase(OktaCredentialsProviderFactory.PUSH_MFA_TYPE) ? authenticateWithPushNotification(closeableHttpClient, extractSecondFactorVerificationUri, str) : authenticateWithPasscode(closeableHttpClient, extractSecondFactorVerificationUri, str);
    }

    private String authenticateWithPasscode(CloseableHttpClient closeableHttpClient, URI uri, String str) {
        logger.debug("Authenticating to Okta using one time passcode as a second factor", new Object[0]);
        if (this.mfaType.equalsIgnoreCase(OktaCredentialsProviderFactory.SMS_MFA_TYPE)) {
            sendSmsNotification(closeableHttpClient, uri, str);
        }
        JsonNode sendHttpRequestAndUnpackResponse = sendHttpRequestAndUnpackResponse(closeableHttpClient, createUserPasscodeVerificationRequest(uri, str, obtainPasscodeFromUser()), "Unable to obtain response from Okta for user passcode verification");
        if (((String) sendHttpRequestAndUnpackResponse.field(OKTA_SESSION_TOKEN_STATUS).map((v0) -> {
            return v0.text();
        }).orElseThrow(() -> {
            return new AuthenticationException("Failed to find status in response from Okta to passcode verification request");
        })).equalsIgnoreCase(OKTA_SESSION_TOKEN_STATUS_SUCCESS)) {
            return (String) sendHttpRequestAndUnpackResponse.field(OKTA_SESSION_TOKEN).map((v0) -> {
                return v0.text();
            }).orElseThrow(() -> {
                return new AuthenticationException("Failed to find session token in response from Okta to passcode verification request");
            });
        }
        throw new AuthenticationException("Okta user could not be verified");
    }

    private String obtainPasscodeFromUser() {
        String str = this.passcodeSupplier.get();
        if (str != null) {
            return str;
        }
        throw new AuthenticationException("The user cancelled the authentication process");
    }

    private void sendSmsNotification(CloseableHttpClient closeableHttpClient, URI uri, String str) {
        if (!((String) sendHttpRequestAndUnpackResponse(closeableHttpClient, createSecondFactorVerificationRequest(uri, str), "Unable to obtain response to Okta request for SMS notification").field(OKTA_SESSION_TOKEN_STATUS).map((v0) -> {
            return v0.text();
        }).orElseThrow(() -> {
            return new AuthenticationException("Failed to find status in response from Okta");
        })).equalsIgnoreCase(OKTA_SESSION_TOKEN_MFA_CHALLENGE)) {
            throw new AuthenticationException("SMS challenged failed");
        }
    }

    private String authenticateWithPushNotification(CloseableHttpClient closeableHttpClient, URI uri, String str) {
        logger.debug("Authenticating to Okta using push notification as a second factor", new Object[0]);
        Instant plusSeconds = this.clock.instant().plusSeconds(this.mfaWaitTime.longValue());
        while (plusSeconds.compareTo(this.clock.instant()) >= 0) {
            JsonNode sendHttpRequestAndUnpackResponse = sendHttpRequestAndUnpackResponse(closeableHttpClient, createSecondFactorVerificationRequest(uri, str), "Unable to obtain response to Okta Verify request for push notification");
            String str2 = (String) sendHttpRequestAndUnpackResponse.field(OKTA_SESSION_TOKEN_STATUS).map((v0) -> {
                return v0.text();
            }).orElseThrow(() -> {
                return new AuthenticationException("Failed to find status in response from Okta");
            });
            if (str2.equalsIgnoreCase(OKTA_SESSION_TOKEN_STATUS_SUCCESS)) {
                return (String) sendHttpRequestAndUnpackResponse.field(OKTA_SESSION_TOKEN).map((v0) -> {
                    return v0.text();
                }).orElseThrow(() -> {
                    return new AuthenticationException("Failed to find session token in response from Okta");
                });
            }
            if (str2.equalsIgnoreCase(OKTA_SESSION_TOKEN_MFA_ENROLL)) {
                throw new AuthenticationException("Please enroll a push authentication factor with Okta");
            }
            if (!((String) sendHttpRequestAndUnpackResponse.field(OKTA_SESSION_TOKEN_FACTOR_RESULT).map((v0) -> {
                return v0.text();
            }).orElseThrow(() -> {
                return new AuthenticationException("Failed to find factor result in response from Okta");
            })).equalsIgnoreCase(OKTA_SESSION_TOKEN_STATUS_WAITING)) {
                throw new AuthenticationException("Okta Verify push authentication was rejected");
            }
            try {
                this.threadSleeper.accept(Integer.valueOf(POLL_DELAY_MILLIS));
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new AuthenticationException("Thread was interrupted while polling for the status of Okta Verify push", e);
            }
        }
        logger.warn("Okta Verify push timed out after {} seconds", Integer.valueOf(this.mfaWaitTime.intValue()));
        throw new AuthenticationException("Polling for the status of Okta Verify push timed out");
    }

    private JsonNode sendHttpRequestAndUnpackResponse(CloseableHttpClient closeableHttpClient, HttpPost httpPost, String str) {
        try {
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            Throwable th = null;
            try {
                try {
                    JsonNode parse = getJsonParser().parse(extractResponseBody(execute));
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    return parse;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException(str, e);
        }
    }

    private HttpPost createSecondFactorVerificationRequest(URI uri, String str) {
        HttpPost httpPost = new HttpPost(uri);
        httpPost.addHeader("Accept", HttpHeaders.Values.APPLICATION_JSON);
        httpPost.addHeader("Content-Type", "application/json; charset=utf-8");
        httpPost.addHeader("Cache-Control", "no-cache");
        httpPost.setEntity(new StringEntity("{\"stateToken\":\"" + str + "\"}", HTTP.UTF_8));
        return httpPost;
    }

    private HttpPost createUserPasscodeVerificationRequest(URI uri, String str, String str2) {
        HttpPost httpPost = new HttpPost(uri);
        httpPost.addHeader("Accept", HttpHeaders.Values.APPLICATION_JSON);
        httpPost.addHeader("Content-Type", "application/json; charset=utf-8");
        httpPost.addHeader("Cache-Control", "no-cache");
        httpPost.setEntity(new StringEntity("{\"stateToken\":\"" + str + "\",\"" + OKTA_PASS_CODE + "\":\"" + str2 + "\"}", HTTP.UTF_8));
        return httpPost;
    }

    private URI extractSecondFactorVerificationUri(JsonNode jsonNode) {
        String left = MFA_TYPE_TO_FACTOR_AND_PROVIDER.get(this.mfaType.toLowerCase()).left();
        String right = MFA_TYPE_TO_FACTOR_AND_PROVIDER.get(this.mfaType.toLowerCase()).right();
        for (JsonNode jsonNode2 : (List) jsonNode.field(OKTA_EMBEDDED_USER_INFO).orElseThrow(() -> {
            return new AuthenticationException(String.format("Failed to find %s field in response from Okta", OKTA_EMBEDDED_USER_INFO));
        }).field("factors").map((v0) -> {
            return v0.asArray();
        }).orElseThrow(() -> {
            return new AuthenticationException("Failed to find second authentication factors in response from Okta");
        })) {
            String str = (String) jsonNode2.field(OKTA_FACTOR_TYPE).map((v0) -> {
                return v0.text();
            }).orElseThrow(() -> {
                return new AuthenticationException("Failed to find factor type in response from Okta");
            });
            String str2 = (String) jsonNode2.field(OKTA_FACTOR_PROVIDER).map((v0) -> {
                return v0.text();
            }).orElseThrow(() -> {
                return new AuthenticationException("Failed to find provider in response from Okta");
            });
            if (str.equalsIgnoreCase(left) && str2.equalsIgnoreCase(right)) {
                try {
                    return new URI(jsonNode2.field(OKTA_LINKS).get().field(OKTA_VERIFY).get().field(OKTA_HREF).get().text());
                } catch (URISyntaxException e) {
                    throw new AuthenticationException("The second factor verification URL in response from Okta is not a valid URL", e);
                } catch (NoSuchElementException e2) {
                    throw new AuthenticationException("Failed to find the second factor verification URL in response from Okta", e2);
                }
            }
        }
        throw new AuthenticationException("Failed to find supported MFA authenticators in response from Okta");
    }

    private HttpGet createSamlRequest(String str) {
        try {
            return new HttpGet(new URI(String.format(SAML_URI_TEMPLATE, this.hostName, this.appName, this.appId, str)));
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(String.format("Could not construct an Okta endpoint from the provided host name (\"%s\"), app name (\"%s\") and app id (\"%s\"), the URL is invalid", this.hostName, this.appName, this.appId), e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00e8: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:57:0x00e8 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00ec: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:59:0x00ec */
    /* JADX WARN: Type inference failed for: r10v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    private String fetchSamlAssertion(HttpGet httpGet) {
        logger.debug("Requesting SAML assertion from Okta: {}", anonymizeSessionToken(httpGet.getURI()));
        try {
            try {
                CloseableHttpClient closeableHttpClient = this.httpClientFactory.get();
                Throwable th = null;
                CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpGet);
                Throwable th2 = null;
                try {
                    validateHttpResponse(execute);
                    Optional<String> samlResponseFromHtml = getSamlResponseFromHtml(extractResponseBody(execute));
                    if (!samlResponseFromHtml.isPresent()) {
                        throw new AuthenticationException("Unable to extract the SAMLResponse field from the response body");
                    }
                    String str = samlResponseFromHtml.get();
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (closeableHttpClient != null) {
                        if (0 != 0) {
                            try {
                                closeableHttpClient.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            closeableHttpClient.close();
                        }
                    }
                    return str;
                } catch (Throwable th5) {
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException("Unable to obtain the SAML assertion from Okta", e);
        }
    }

    private String anonymizeSessionToken(URI uri) {
        return uri.toASCIIString().replaceFirst("(?<=onetimetoken=).+?(?=\\&|$)", "*******");
    }

    private void validateHttpResponse(CloseableHttpResponse closeableHttpResponse) {
        if (closeableHttpResponse.getStatusLine().getStatusCode() != 200) {
            JsonNode parse = getJsonParser().parse(extractResponseBody(closeableHttpResponse));
            String str = (String) parse.field("errorCauses").map((v0) -> {
                return v0.text();
            }).orElse("");
            String str2 = (String) parse.field("errorCode").map((v0) -> {
                return v0.text();
            }).orElse("");
            String str3 = (String) parse.field("errorId").map((v0) -> {
                return v0.text();
            }).orElse("");
            String str4 = (String) parse.field("errorSummary").map((v0) -> {
                return v0.text();
            }).orElse("");
            if (!StringUtils.isEmpty(str)) {
                throw new AuthenticationException(str2 + " -- " + str4 + " -- " + str3 + "-- " + str);
            }
            throw new AuthenticationException(str2 + " -- " + str4 + " -- " + str3);
        }
    }

    private static String extractResponseBody(CloseableHttpResponse closeableHttpResponse) {
        try {
            return EntityUtils.toString(closeableHttpResponse.getEntity());
        } catch (IOException e) {
            throw new AuthenticationException("An error occurred while processing the response from Okta", e);
        }
    }

    private Optional<String> getSamlResponseFromHtml(String str) {
        Matcher matcher = INPUT_TAG_PATTERN.matcher(str);
        while (matcher.find()) {
            String group = matcher.group(0);
            Matcher matcher2 = NAME_PATTERN.matcher(group);
            Matcher matcher3 = VALUE_PATTERN.matcher(group);
            if (matcher2.find() && matcher2.group(1).equals("SAMLResponse") && matcher3.find()) {
                return Optional.of(decodeHtmlCharacterReferences(matcher3.group(1)));
            }
        }
        return Optional.empty();
    }

    private JsonNodeParser getJsonParser() {
        return this.jsonParser == null ? JsonNodeParser.create() : this.jsonParser;
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider, software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public /* bridge */ /* synthetic */ AwsCredentials resolveCredentials() {
        return super.resolveCredentials();
    }
}
