package com.simba.athena.iamsupport.plugin;

import com.simba.athena.amazonaws.SdkClientException;
import com.simba.athena.amazonaws.util.IOUtils;
import com.simba.athena.amazonaws.util.StringUtils;
import com.simba.athena.amazonaws.util.json.Jackson;
import com.simba.athena.iamsupport.IamSupport;
import com.simba.athena.iamsupport.plugin.utils.LogUtils;
import com.simba.athena.shaded.fasterxml.jackson.core.util.Separators;
import com.simba.athena.shaded.fasterxml.jackson.databind.JsonNode;
import com.simba.athena.support.LogUtilities;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/simba/athena/iamsupport/plugin/AzureCredentialsProvider.class */
public class AzureCredentialsProvider extends SamlCredentialsProvider {
    private static final String KEY_TENANT_ID = "tenant_id";
    private static final String KEY_CLIENT_SECRET = "client_secret";
    private static final String KEY_CLIENT_ID = "client_id";
    private String m_idpTenant;
    private String m_clientSecret;
    private String m_clientId;

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        if (StringUtils.isNullOrEmpty(this.m_idpTenant)) {
            throw new IOException("Missing required property: tenant_id");
        }
        if (StringUtils.isNullOrEmpty(this.m_userName)) {
            throw new IOException("Missing required property: UID or user");
        }
        if (StringUtils.isNullOrEmpty(this.m_password)) {
            throw new IOException("Missing required property: PWD or password");
        }
        if (StringUtils.isNullOrEmpty(this.m_clientSecret)) {
            throw new IOException("Missing required property: client_secret");
        }
        if (StringUtils.isNullOrEmpty(this.m_clientId)) {
            throw new IOException("Missing required property: client_id");
        }
        LogUtilities.logDebug("Exiting", LogUtils.getLogger());
        return azureOauthBasedAuthentication();
    }

    @Override // com.simba.athena.iamsupport.plugin.SamlCredentialsProvider, com.simba.athena.iamsupport.IPlugin
    public void addParameter(String str, String str2) {
        if ("tenant_id".equalsIgnoreCase(str)) {
            this.m_idpTenant = str2;
            return;
        }
        if ("client_secret".equalsIgnoreCase(str)) {
            this.m_clientSecret = str2;
        } else if ("client_id".equalsIgnoreCase(str)) {
            this.m_clientId = str2;
        } else {
            super.addParameter(str, str2);
        }
    }

    private String azureOauthBasedAuthentication() throws IOException, SdkClientException {
        LogUtilities.logDebug("Entered", LogUtils.getLogger());
        String str = "https://login.microsoftonline.com/" + this.m_idpTenant + "/oauth2/token";
        validateURL(str);
        try {
            try {
                CloseableHttpClient httpClient = getHttpClient();
                HttpPost httpPost = new HttpPost(str);
                boolean CheckNonProxyHost = CheckNonProxyHost("login.microsoftonline.com", this.m_nonProxyHosts);
                if (null != this.m_proxyHost && !this.m_proxyHost.isEmpty() && this.m_useProxyForIdpAuth.booleanValue() && !CheckNonProxyHost) {
                    if (this.m_proxyUid != null && !this.m_proxyUid.isEmpty() && this.m_proxyPwd != null && !this.m_proxyPwd.isEmpty()) {
                        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                        basicCredentialsProvider.setCredentials(new AuthScope(this.m_proxyHost, this.m_proxyPort), new UsernamePasswordCredentials(this.m_proxyUid, this.m_proxyPwd));
                        httpClient = HttpClients.custom().setDefaultCredentialsProvider(basicCredentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build();
                    }
                    httpPost.setConfig(RequestConfig.custom().setProxy(new HttpHost(this.m_proxyHost, this.m_proxyPort)).build());
                }
                ArrayList arrayList = new ArrayList(7);
                arrayList.add(new BasicNameValuePair(BrowserAzureCredentialsProvider.OAUTH_GRANT_TYPE_PARAMETER_NAME, IamSupport.PASSWORD_ALT));
                arrayList.add(new BasicNameValuePair(BrowserAzureCredentialsProvider.OAUTH_REQUESTED_TOKEN_TYPE_PARAMETER_NAME, "urn:ietf:params:oauth:token-type:saml2"));
                arrayList.add(new BasicNameValuePair("username", this.m_userName));
                arrayList.add(new BasicNameValuePair(IamSupport.PASSWORD_ALT, this.m_password));
                arrayList.add(new BasicNameValuePair("client_secret", this.m_clientSecret));
                arrayList.add(new BasicNameValuePair("client_id", this.m_clientId));
                arrayList.add(new BasicNameValuePair(BrowserAzureCredentialsProvider.OAUTH_RESOURCE_PARAMETER_NAME, this.m_clientId));
                httpPost.addHeader("Content-Type", URLEncodedUtils.CONTENT_TYPE);
                httpPost.addHeader(HttpHeaders.ACCEPT, "application/json");
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Charset.forName("UTF-8")));
                CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) httpPost);
                JsonNode jsonNodeOf = Jackson.jsonNodeOf(EntityUtils.toString(execute.getEntity()));
                if (execute.getStatusLine().getStatusCode() != 200) {
                    String str2 = "Authentication failed on the Azure server. Please check the tenant, user, password, client secret, and client id.";
                    JsonNode findValue = jsonNodeOf.findValue("error_description");
                    if (findValue != null && !StringUtils.isNullOrEmpty(findValue.textValue())) {
                        String replaceAll = findValue.textValue().replaceAll("\r\n", Separators.DEFAULT_ROOT_VALUE_SEPARATOR);
                        JsonNode findValue2 = jsonNodeOf.findValue("error");
                        str2 = (findValue2 == null || StringUtils.isNullOrEmpty(findValue2.textValue())) ? "Unexpected response: " + replaceAll : findValue2.textValue() + ": " + replaceAll;
                    }
                    throw new IOException(str2);
                }
                JsonNode findValue3 = jsonNodeOf.findValue("access_token");
                if (findValue3 == null) {
                    throw new IOException("Failed to find Azure access_token");
                }
                String textValue = findValue3.textValue();
                if (StringUtils.isNullOrEmpty(textValue)) {
                    throw new IOException("Invalid Azure access_token response");
                }
                String str3 = new String(Base64.decodeBase64(textValue), Charset.forName("UTF-8"));
                LogUtilities.logDebug("Exiting", LogUtils.getLogger());
                String str4 = new String(Base64.encodeBase64(("<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status>" + str3 + "</samlp:Response>").getBytes()));
                IOUtils.closeQuietly(execute, null);
                IOUtils.closeQuietly(httpClient, null);
                return str4;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed to create SSLContext", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }
}
