package com.simba.athena.iamsupport.plugin;

import com.simba.athena.amazonaws.util.json.Jackson;
import com.simba.athena.iamsupport.plugin.httpserver.RequestHandler;
import com.simba.athena.iamsupport.plugin.httpserver.Server;
import com.simba.athena.iamsupport.plugin.utils.CheckUtils;
import com.simba.athena.iamsupport.plugin.utils.LogUtils;
import com.simba.athena.iamsupport.plugin.utils.RandomStateUtil;
import com.simba.athena.iamsupport.plugin.utils.RequestProcess;
import com.simba.athena.shaded.fasterxml.jackson.databind.JsonNode;
import com.simba.athena.support.LogUtilities;
import java.awt.Desktop;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import org.apache.commons.codec.Charsets;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/simba/athena/iamsupport/plugin/BrowserAzureCredentialsProvider.class */
public class BrowserAzureCredentialsProvider extends SamlCredentialsProvider {
    public static final String KEY_IDP_RESPONSE_TIMEOUT = "idp_response_timeout";
    public static final String KEY_LISTEN_PORT = "listen_port";
    public static final String KEY_TENANT_ID = "tenant_id";
    public static final String KEY_CLIENT_ID = "client_id";
    public static final String KEY_CLIENT_SECRET = "client_secret";
    public static final String OAUTH_STATE_PARAMETER_NAME = "state";
    public static final String OAUTH_REDIRECT_PARAMETER_NAME = "redirect_uri";
    public static final String OAUTH_IDP_CODE_PARAMETER_NAME = "code";
    public static final String OAUTH_CLIENT_ID_PARAMETER_NAME = "client_id";
    public static final String OAUTH_CLIENT_SECRET_PARAMETER_NAME = "client_secret";
    public static final String OAUTH_RESPONSE_TYPE_PARAMETER_NAME = "response_type";
    public static final String OAUTH_REQUESTED_TOKEN_TYPE_PARAMETER_NAME = "requested_token_type";
    public static final String OAUTH_GRANT_TYPE_PARAMETER_NAME = "grant_type";
    public static final String OAUTH_SCOPE_PARAMETER_NAME = "scope";
    public static final String OAUTH_RESOURCE_PARAMETER_NAME = "resource";
    public static final String OAUTH_RESPONSE_MODE_PARAMETER_NAME = "response_mode";
    private static final String CURRENT_INTERACTION_SCHEMA = "https";
    private String m_idp_tenant;
    private String m_clientId;
    private String m_clientSecret = null;
    private int m_idp_response_timeout = 120;
    private int m_listen_port = 0;
    private String redirectUri;

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        try {
            LogUtilities.logDebug("Entered", LogUtils.getLogger());
            CheckUtils.checkMissingAndThrows(this.m_idp_tenant, KEY_TENANT_ID);
            CheckUtils.checkMissingAndThrows(this.m_clientId, "client_id");
            CheckUtils.checkAndThrowsWithMessage(this.m_idp_response_timeout < 10, "idp_response_timeout should be 10 seconds or greater.");
            CheckUtils.checkInvalidAndThrows(this.m_listen_port != 0 && (this.m_listen_port < 1 || this.m_listen_port > 65535), "listen_port");
            if (this.m_listen_port == 0) {
                LogUtilities.logDebug("Listen port set to 0. Will pick random port", LogUtils.getLogger());
            }
            String extractSamlAssertion = extractSamlAssertion(fetchSamlResponse(fetchAuthorizationToken()));
            LogUtilities.logDebug(String.format("Exiting with return value {%s}", extractSamlAssertion), LogUtils.getLogger());
            return wrapAndEncodeAssertion(extractSamlAssertion);
        } catch (InternalPluginException | URISyntaxException e) {
            throw new IOException(e);
        }
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider, com.simba.athena.iamsupport.IPlugin
    public void addParameter(String str, String str2) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1904089585:
                if (str.equals("client_id")) {
                    z = true;
                    break;
                }
                break;
            case -1852780336:
                if (str.equals(KEY_TENANT_ID)) {
                    z = false;
                    break;
                }
                break;
            case -942824531:
                if (str.equals("idp_response_timeout")) {
                    z = 3;
                    break;
                }
                break;
            case 557813156:
                if (str.equals("client_secret")) {
                    z = 2;
                    break;
                }
                break;
            case 1331349497:
                if (str.equals("listen_port")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.m_idp_tenant = str2;
                return;
            case true:
                this.m_clientId = str2;
                return;
            case true:
                this.m_clientSecret = str2;
                return;
            case true:
                this.m_idp_response_timeout = Integer.parseInt(str2);
                return;
            case true:
                this.m_listen_port = Integer.parseInt(str2);
                return;
            default:
                super.addParameter(str, str2);
                return;
        }
    }

    private String fetchAuthorizationToken() throws IOException, URISyntaxException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        String generateRandomState = RandomStateUtil.generateRandomState();
        RequestProcess requestProcess = new RequestProcess();
        requestProcess.setState(generateRandomState);
        RequestHandler requestHandler = new RequestHandler(requestProcess);
        Server server = new Server(this.m_listen_port, requestHandler, this.m_idp_response_timeout);
        server.listen();
        int localPort = server.getLocalPort();
        this.redirectUri = "http://localhost:" + localPort + RequestHandler.ATHENA_PATH;
        URI prepareAndValidateURI = prepareAndValidateURI(generateRandomState);
        try {
            LogUtilities.logInfo(String.format("Listening for connection on port %d", Integer.valueOf(localPort)), LogUtils.getLogger());
            openBrowser(prepareAndValidateURI);
            server.waitForResult();
            Object result = requestHandler.getResult();
            if (result instanceof InternalPluginException) {
                throw ((InternalPluginException) result);
            }
            if (result instanceof String) {
                LogUtilities.logInfo(String.format("Got SAML assertion with {%s}", result), LogUtils.getLogger());
                return (String) result;
            }
            LogUtilities.logDebug("Throwing timeout", LogUtils.getLogger());
            throw new InternalPluginException("Fail to login during timeout.");
        } catch (IOException | URISyntaxException e) {
            server.stop();
            throw e;
        }
    }

    private String wrapAndEncodeAssertion(String str) {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        String str2 = "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status>" + str + "</samlp:Response>";
        LogUtilities.logDebug(String.format("Exiting with return value {%s}", str2), LogUtils.getLogger());
        return StringUtils.newStringUtf8(Base64.encodeBase64(str2.getBytes()));
    }

    private String fetchSamlResponse(String str) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        HttpPost createAuthorizationRequest = createAuthorizationRequest(str);
        try {
            CloseableHttpClient httpClient = getHttpClient();
            boolean CheckNonProxyHost = CheckNonProxyHost("login.microsoftonline.com", this.m_nonProxyHosts);
            if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost) {
                if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                    httpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                }
                createAuthorizationRequest.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
            }
            CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) createAuthorizationRequest);
            CheckUtils.checkAndThrowsWithMessage(execute.getStatusLine().getStatusCode() != 200, "Unexpected response:  " + execute.getStatusLine().getReasonPhrase());
            String entityUtils = EntityUtils.toString(execute.getEntity());
            LogUtilities.logDebug(String.format("Exiting with return value {%s}", entityUtils), LogUtils.getLogger());
            return entityUtils;
        } catch (GeneralSecurityException e) {
            LogUtilities.logError(e, LogUtils.getLogger());
            throw new InternalPluginException(e);
        }
    }

    private String extractSamlAssertion(String str) {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        JsonNode findValue = Jackson.jsonNodeOf(str).findValue("access_token");
        CheckUtils.checkAndThrowsWithMessage(findValue == null, "Failed to find access_token");
        String textValue = findValue.textValue();
        CheckUtils.checkAndThrowsWithMessage(com.simba.athena.amazonaws.util.StringUtils.isNullOrEmpty(textValue), "Invalid access_token value.");
        LogUtilities.logInfo("Successfully got SAML assertion", LogUtils.getLogger());
        LogUtilities.logDebug(String.format("Exiting with return value {%s}", textValue), LogUtils.getLogger());
        return StringUtils.newStringUtf8(Base64.decodeBase64(textValue));
    }

    private HttpPost createAuthorizationRequest(String str) throws IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        String uRIBuilder = new URIBuilder().setScheme(CURRENT_INTERACTION_SCHEMA).setHost("login.microsoftonline.com").setPath("/" + this.m_idp_tenant + "/oauth2/token").toString();
        validateURL(uRIBuilder);
        HttpPost httpPost = new HttpPost(uRIBuilder);
        LogUtilities.logDebug(String.format("ProxyHost={%s},ProxyPort={%d},UseProxyforIdp={%b}", this.m_proxyHost, Integer.valueOf(this.m_proxyPort), this.m_useProxyForIdpAuth), LogUtils.getLogger());
        LogUtilities.logDebug(String.format("UserName={%s},Password={%s},NonProxyHosts={%s}", this.m_userName, this.m_password, this.m_nonProxyHosts), LogUtils.getLogger());
        if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue()) {
            LogUtilities.logDebug("Setting Proxy", LogUtils.getLogger());
            httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(OAUTH_IDP_CODE_PARAMETER_NAME, str));
        arrayList.add(new BasicNameValuePair(OAUTH_REQUESTED_TOKEN_TYPE_PARAMETER_NAME, "urn:ietf:params:oauth:token-type:saml2"));
        arrayList.add(new BasicNameValuePair(OAUTH_GRANT_TYPE_PARAMETER_NAME, "authorization_code"));
        arrayList.add(new BasicNameValuePair("scope", "openid"));
        arrayList.add(new BasicNameValuePair(OAUTH_RESOURCE_PARAMETER_NAME, this.m_clientId));
        arrayList.add(new BasicNameValuePair("client_id", this.m_clientId));
        arrayList.add(new BasicNameValuePair(OAUTH_REDIRECT_PARAMETER_NAME, this.redirectUri));
        if (null != this.m_clientSecret) {
            arrayList.add(new BasicNameValuePair("client_secret", this.m_clientSecret));
        }
        httpPost.addHeader("Content-Type", ContentType.APPLICATION_FORM_URLENCODED.toString());
        httpPost.addHeader(HttpHeaders.ACCEPT, ContentType.APPLICATION_JSON.toString());
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Charsets.UTF_8));
        LogUtilities.logDebug(String.format("Request token URI: \n%s\nRequest parameters:\n%s", uRIBuilder, Arrays.toString(arrayList.toArray())), LogUtils.getLogger());
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return httpPost;
    }

    private void openBrowser(URI uri) throws URISyntaxException, IOException {
        Desktop.getDesktop().browse(uri);
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
    }

    private URI prepareAndValidateURI(String str) throws URISyntaxException, IOException {
        LogUtilities.logDebug(String.format("Entered with parameter value {%s}", str), LogUtils.getLogger());
        URI build = new URIBuilder().setScheme(CURRENT_INTERACTION_SCHEMA).setHost("login.microsoftonline.com").setPath("/" + this.m_idp_tenant + "/oauth2/authorize").addParameter("scope", "openid").addParameter(OAUTH_RESPONSE_TYPE_PARAMETER_NAME, OAUTH_IDP_CODE_PARAMETER_NAME).addParameter(OAUTH_RESPONSE_MODE_PARAMETER_NAME, "form_post").addParameter("client_id", this.m_clientId).addParameter(OAUTH_REDIRECT_PARAMETER_NAME, this.redirectUri).addParameter(OAUTH_STATE_PARAMETER_NAME, str).build();
        LogUtilities.logDebug(String.format("Authorization code request URI: \n%s", build.toString()), LogUtils.getLogger());
        validateURL(build.toString());
        return build;
    }
}
