package com.amazon.athena.jdbc.authentication.datazone.helpers;

import com.amazon.athena.logging.AthenaLogger;
import java.util.ArrayList;
import software.amazon.awssdk.services.ssooidc.SsoOidcClient;
import software.amazon.awssdk.services.ssooidc.model.CreateTokenRequest;
import software.amazon.awssdk.services.ssooidc.model.CreateTokenResponse;
import software.amazon.awssdk.services.ssooidc.model.RegisterClientRequest;
import software.amazon.awssdk.services.ssooidc.model.RegisterClientResponse;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/datazone/helpers/SsoOidcHelper.class */
public class SsoOidcHelper {
    private static final AthenaLogger logger = AthenaLogger.of(SsoOidcHelper.class);
    private final SsoOidcClient ssoOidcClient;
    private final int serverListenPort;
    private final String datazoneScope;
    private static final String CLIENT_NAME = "DataZoneAuthPlugin";
    private static final String CLIENT_TYPE = "public";
    private static final String REDIRECT_URI = "http://127.0.0.1:";

    public SsoOidcHelper(SsoOidcClient ssoOidcClient, int i, String str) {
        this.ssoOidcClient = ssoOidcClient;
        this.serverListenPort = i;
        this.datazoneScope = str;
    }

    public RegisterClientResponse registerClient(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.datazoneScope);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("authorization_code");
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(REDIRECT_URI + this.serverListenPort);
        RegisterClientRequest registerClientRequest = (RegisterClientRequest) RegisterClientRequest.builder().clientName(CLIENT_NAME).clientType("public").issuerUrl(str).scopes(arrayList).grantTypes(arrayList2).redirectUris(arrayList3).mo1373build();
        logger.trace(String.format("Registering Client with IAM Identity Center with name: %s, scopes: %s", CLIENT_NAME, arrayList), new Object[0]);
        RegisterClientResponse registerClient = this.ssoOidcClient.registerClient(registerClientRequest);
        logger.info("Successfully registered client with iam identity center", new Object[0]);
        return registerClient;
    }

    public String retrieveAccessToken(RegisterClientResponse registerClientResponse, String str, String str2) {
        CreateTokenRequest createTokenRequest = (CreateTokenRequest) CreateTokenRequest.builder().clientId(registerClientResponse.clientId()).clientSecret(registerClientResponse.clientSecret()).grantType("authorization_code").redirectUri(REDIRECT_URI + this.serverListenPort).codeVerifier(str).code(str2).mo1373build();
        logger.trace("Retrieving access token from iam identity center...", new Object[0]);
        CreateTokenResponse createToken = this.ssoOidcClient.createToken(createTokenRequest);
        logger.info("Successfully retrieved access token from iam identity center", new Object[0]);
        return createToken.accessToken();
    }
}
