package com.amazon.athena.jdbc.authentication;

import com.amazon.athena.jdbc.configuration.ConnectionParameter;
import com.amazon.athena.jdbc.support.AuthenticationException;
import com.amazon.athena.logging.AthenaLogger;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import software.amazon.awssdk.auth.credentials.AwsCredentials;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.lakeformation.LakeFormationClientBuilder;
import software.amazon.awssdk.services.lakeformation.model.AssumeDecoratedRoleWithSamlRequest;
import software.amazon.awssdk.services.sts.StsClientBuilder;
import software.amazon.awssdk.services.sts.model.AssumeRoleWithSamlRequest;

/* loaded from: input_file:com/amazon/athena/jdbc/authentication/PingCredentialsProvider.class */
public class PingCredentialsProvider extends SamlCredentialsProvider {
    private static final String URI_TEMPLATE = "https://%s:%s/idp/startSSO.ping?PartnerSpId=%s";
    private final String username;
    private final String password;
    private final String hostName;
    private final Integer portNumber;
    private final String partnerSpId;
    private final Supplier<CloseableHttpClient> httpClientFactory;
    private static final AthenaLogger logger = AthenaLogger.of(PingCredentialsProvider.class);
    private static final Pattern INPUT_TAG_PATTERN = Pattern.compile("<input(.+?)/>", 32);
    private static final Pattern NAME_PATTERN = Pattern.compile("name=\"([^\"]+)\"");
    private static final Pattern VALUE_PATTERN = Pattern.compile("value=\"([^\"]+)\"");
    private static final Pattern SAML_ASSERTION_PATTERN = Pattern.compile("SAMLResponse\\W+value=\"([^\"]+)\"");

    /* loaded from: input_file:com/amazon/athena/jdbc/authentication/PingCredentialsProvider$Builder.class */
    public static class Builder {
        private String username;
        private String password;
        private String hostName;
        private String partnerSpId;
        private Integer portNumber;
        private String preferredRole;
        private Integer roleSessionDuration;
        private Region region;
        private boolean lakeFormationEnabled;
        private Supplier<CloseableHttpClient> httpClientFactory;
        private AssumeRoleWithSamlRequest.Builder assumeRoleWithSamlRequestFactory;
        private AssumeDecoratedRoleWithSamlRequest.Builder assumeDecoratedRoleWithSamlRequestFactory;
        private StsClientBuilder stsClientFactory;
        private LakeFormationClientBuilder lakeFormationClientFactory;
        private Map<ConnectionParameter<?>, String> parameters;

        public Builder username(String str) {
            this.username = str;
            return this;
        }

        public Builder password(String str) {
            this.password = str;
            return this;
        }

        public Builder hostName(String str) {
            this.hostName = str;
            return this;
        }

        public Builder partnerSpId(String str) {
            this.partnerSpId = str;
            return this;
        }

        public Builder portNumber(Integer num) {
            this.portNumber = num;
            return this;
        }

        public Builder preferredRole(String str) {
            this.preferredRole = str;
            return this;
        }

        public Builder roleSessionDuration(Integer num) {
            this.roleSessionDuration = num;
            return this;
        }

        public Builder region(Region region) {
            this.region = region;
            return this;
        }

        public Builder lakeFormationEnabled(boolean z) {
            this.lakeFormationEnabled = z;
            return this;
        }

        Builder httpClientFactory(Supplier<CloseableHttpClient> supplier) {
            this.httpClientFactory = supplier;
            return this;
        }

        Builder assumeRoleWithSamlRequestFactory(AssumeRoleWithSamlRequest.Builder builder) {
            this.assumeRoleWithSamlRequestFactory = builder;
            return this;
        }

        Builder assumeDecoratedRoleWithSamlRequestFactory(AssumeDecoratedRoleWithSamlRequest.Builder builder) {
            this.assumeDecoratedRoleWithSamlRequestFactory = builder;
            return this;
        }

        Builder stsClientBuilder(StsClientBuilder stsClientBuilder) {
            this.stsClientFactory = stsClientBuilder;
            return this;
        }

        Builder lakeFormationClientBuilder(LakeFormationClientBuilder lakeFormationClientBuilder) {
            this.lakeFormationClientFactory = lakeFormationClientBuilder;
            return this;
        }

        public Builder connectionParameters(Map<ConnectionParameter<?>, String> map) {
            this.parameters = map;
            return this;
        }

        public PingCredentialsProvider build() {
            return new PingCredentialsProvider(this.username, this.password, this.hostName, this.portNumber, this.partnerSpId, this.preferredRole, this.roleSessionDuration, this.region, this.httpClientFactory, this.assumeRoleWithSamlRequestFactory, this.stsClientFactory, this.assumeDecoratedRoleWithSamlRequestFactory, this.lakeFormationClientFactory, this.lakeFormationEnabled, this.parameters);
        }
    }

    private PingCredentialsProvider(String str, String str2, String str3, Integer num, String str4, String str5, Integer num2, Region region, Supplier<CloseableHttpClient> supplier, AssumeRoleWithSamlRequest.Builder builder, StsClientBuilder stsClientBuilder, AssumeDecoratedRoleWithSamlRequest.Builder builder2, LakeFormationClientBuilder lakeFormationClientBuilder, boolean z, Map<ConnectionParameter<?>, String> map) {
        super(builder, builder2, stsClientBuilder, lakeFormationClientBuilder, null, null, str5, num2, region, z, map);
        this.username = str;
        this.password = str2;
        this.hostName = str3;
        this.portNumber = num;
        this.partnerSpId = str4;
        this.httpClientFactory = supplier == null ? () -> {
            return IdpCredentialsProvider.createHttpClient(map);
        } : supplier;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider
    protected String getSamlAssertion() {
        URI constructPingEndpoint = constructPingEndpoint();
        logger.info("Making a request to get SAML assertion from the Ping URI: {}", constructPingEndpoint);
        return fetchSamlAssertion(createSamlRequest(fetchNameValuePairs(new HttpGet(constructPingEndpoint))));
    }

    private URI constructPingEndpoint() {
        try {
            return new URI(String.format(URI_TEMPLATE, this.hostName, this.portNumber, URLEncoder.encode(this.partnerSpId, HTTP.UTF_8)));
        } catch (UnsupportedEncodingException | URISyntaxException e) {
            throw new IllegalArgumentException(String.format("Could not construct a valid Ping endpoint URL from the provided host (\"%s\"), port (\"%s\"), and partner SpId (\"%s\")", this.hostName, this.portNumber, this.partnerSpId), e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00b6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:53:0x00b6 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00ba: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:55:0x00ba */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private List<NameValuePair> fetchNameValuePairs(HttpGet httpGet) {
        try {
            try {
                CloseableHttpClient closeableHttpClient = this.httpClientFactory.get();
                Throwable th = null;
                CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpGet);
                Throwable th2 = null;
                try {
                    validateHttpResponse(execute);
                    List<NameValuePair> extractNameValuePairs = extractNameValuePairs(extractResponseBody(execute));
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (closeableHttpClient != null) {
                        if (0 != 0) {
                            try {
                                closeableHttpClient.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            closeableHttpClient.close();
                        }
                    }
                    return extractNameValuePairs;
                } catch (Throwable th5) {
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException("Unable to obtain from Ping the parameters for the SAML assertion request", e);
        }
    }

    private HttpPost createSamlRequest(List<NameValuePair> list) {
        HttpPost httpPost = new HttpPost(constructPingEndpoint());
        httpPost.setEntity(new UrlEncodedFormEntity(list, StandardCharsets.UTF_8));
        return httpPost;
    }

    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x00b6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:53:0x00b6 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00ba: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:55:0x00ba */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private String fetchSamlAssertion(HttpPost httpPost) {
        try {
            try {
                CloseableHttpClient closeableHttpClient = this.httpClientFactory.get();
                Throwable th = null;
                CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
                Throwable th2 = null;
                try {
                    validateHttpResponse(execute);
                    String extractSamlAssertion = extractSamlAssertion(extractResponseBody(execute));
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (closeableHttpClient != null) {
                        if (0 != 0) {
                            try {
                                closeableHttpClient.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            closeableHttpClient.close();
                        }
                    }
                    return extractSamlAssertion;
                } catch (Throwable th5) {
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new AuthenticationException("Unable to obtain the SAML Assertion from Ping", e);
        }
    }

    private void validateHttpResponse(CloseableHttpResponse closeableHttpResponse) {
        if (closeableHttpResponse.getStatusLine().getStatusCode() != 200) {
            throw new AuthenticationException(String.format("Unexpected error from Ping (HTTP response status code %s)", Integer.valueOf(closeableHttpResponse.getStatusLine().getStatusCode())));
        }
    }

    private String extractResponseBody(CloseableHttpResponse closeableHttpResponse) {
        try {
            return EntityUtils.toString(closeableHttpResponse.getEntity());
        } catch (IOException e) {
            throw new AuthenticationException("An error occurred while processing the response from Ping", e);
        }
    }

    private String extractSamlAssertion(String str) {
        Matcher matcher = SAML_ASSERTION_PATTERN.matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        throw new AuthenticationException("Unable to extract the SAMLResponse field from the response body");
    }

    private List<NameValuePair> extractNameValuePairs(String str) {
        Matcher matcher = INPUT_TAG_PATTERN.matcher(str);
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            String group = matcher.group(0);
            Matcher matcher2 = NAME_PATTERN.matcher(group);
            Matcher matcher3 = VALUE_PATTERN.matcher(group);
            if (matcher2.find()) {
                String decodeHtmlCharacterReferences = decodeHtmlCharacterReferences(matcher2.group(1));
                if (decodeHtmlCharacterReferences.contains("user") || decodeHtmlCharacterReferences.contains("email")) {
                    arrayList.add(new BasicNameValuePair(decodeHtmlCharacterReferences, this.username));
                } else if (decodeHtmlCharacterReferences.contains("pass")) {
                    arrayList.add(new BasicNameValuePair(decodeHtmlCharacterReferences, this.password));
                } else if (!decodeHtmlCharacterReferences.isEmpty() && decodeHtmlCharacterReferences != null && matcher3.find()) {
                    arrayList.add(new BasicNameValuePair(decodeHtmlCharacterReferences, decodeHtmlCharacterReferences(matcher3.group(1))));
                }
            }
        }
        return arrayList;
    }

    @Override // com.amazon.athena.jdbc.authentication.SamlCredentialsProvider, software.amazon.awssdk.auth.credentials.AwsCredentialsProvider
    public /* bridge */ /* synthetic */ AwsCredentials resolveCredentials() {
        return super.resolveCredentials();
    }
}
