package com.amazon.redshift.plugin;

import com.amazon.redshift.amazonaws.SdkClientException;
import com.amazon.redshift.amazonaws.util.IOUtils;
import com.amazon.redshift.amazonaws.util.StringUtils;
import com.amazon.redshift.client.PGConstants;
import com.amazon.redshift.core.PGJDBCPropertyKey;
import com.amazon.redshift.shaded.apache.http.StatusLine;
import com.amazon.redshift.shaded.apache.http.client.methods.CloseableHttpResponse;
import com.amazon.redshift.shaded.apache.http.client.methods.HttpGet;
import com.amazon.redshift.shaded.apache.http.client.methods.HttpPost;
import com.amazon.redshift.shaded.apache.http.client.methods.HttpUriRequest;
import com.amazon.redshift.shaded.apache.http.entity.StringEntity;
import com.amazon.redshift.shaded.apache.http.impl.client.CloseableHttpClient;
import com.amazon.redshift.shaded.apache.http.util.EntityUtils;
import com.amazon.redshift.shaded.fasterxml.jackson.databind.JsonNode;
import com.amazon.redshift.shaded.fasterxml.jackson.databind.ObjectMapper;
import io.netty.handler.codec.http.HttpHeaders;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.HashMap;

/* loaded from: input_file:com/amazon/redshift/plugin/OktaCredentialsProvider.class */
public class OktaCredentialsProvider extends SamlCredentialsProvider {
    private static final String KEY_APP_URL = "app_id";
    private static final String KEY_APP_NAME = "app_name";
    protected String m_app_id;
    protected String m_app_name;

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public void addParameter(String str, String str2) {
        super.addParameter(str, str2);
        if (KEY_APP_URL.equalsIgnoreCase(str)) {
            this.m_app_id = str2;
        }
        if (KEY_APP_NAME.equalsIgnoreCase(str)) {
            this.m_app_name = str2;
        }
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        checkRequiredParameters();
        if (StringUtils.isNullOrEmpty(this.m_app_id)) {
            throw new IOException("Missing required property: app_id");
        }
        CloseableHttpClient closeableHttpClient = null;
        try {
            try {
                closeableHttpClient = getHttpClient();
                String handleSamlAssertion = handleSamlAssertion(closeableHttpClient, oktaAuthentication(closeableHttpClient));
                IOUtils.closeQuietly(closeableHttpClient, null);
                return handleSamlAssertion;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed create SSLContext.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(closeableHttpClient, null);
            throw th;
        }
    }

    private String oktaAuthentication(CloseableHttpClient closeableHttpClient) throws IOException {
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            HttpPost httpPost = new HttpPost("https://" + this.m_idpHost + "/api/v1/authn");
            httpPost.addHeader("Accept", HttpHeaders.Values.APPLICATION_JSON);
            httpPost.addHeader("Content-Type", HttpHeaders.Values.APPLICATION_JSON);
            httpPost.addHeader("Cache-Control", "no-cache");
            HashMap hashMap = new HashMap();
            hashMap.put("username", this.m_userName);
            hashMap.put(PGJDBCPropertyKey.PASSWORD_ALT, this.m_password);
            StringWriter stringWriter = new StringWriter();
            objectMapper.writeValue(stringWriter, hashMap);
            StringEntity stringEntity = new StringEntity(stringWriter.toString(), "UTF-8");
            stringEntity.setContentType(HttpHeaders.Values.APPLICATION_JSON);
            httpPost.setEntity(stringEntity);
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPost);
            StatusLine statusLine = execute.getStatusLine();
            if (statusLine.getStatusCode() != 200) {
                throw new IOException(statusLine.getReasonPhrase());
            }
            JsonNode readTree = objectMapper.readTree(EntityUtils.toString(execute.getEntity()));
            if (!"SUCCESS".equals(readTree.get("status").asText())) {
                throw new IOException("No session token in the response.");
            }
            String asText = readTree.get("sessionToken").asText();
            IOUtils.closeQuietly(execute, null);
            return asText;
        } catch (Throwable th) {
            IOUtils.closeQuietly(null, null);
            throw th;
        }
    }

    private String handleSamlAssertion(CloseableHttpClient closeableHttpClient, String str) throws IOException {
        if (StringUtils.isNullOrEmpty(this.m_app_name)) {
            this.m_app_name = "amazon_aws";
        } else {
            this.m_app_name = URLEncoder.encode(this.m_app_name, "UTF-8");
        }
        CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) new HttpGet(("https://" + this.m_idpHost + "/home/" + this.m_app_name + "/" + this.m_app_id) + "?onetimetoken=" + str));
        if (execute.getStatusLine().getStatusCode() != 200) {
            throw new RuntimeException("Failed : HTTP error code : " + execute.getStatusLine().getStatusCode() + " : Reason : " + execute.getStatusLine().getReasonPhrase());
        }
        for (String str2 : getInputTagsfromHTML(EntityUtils.toString(execute.getEntity()))) {
            String valueByKey = getValueByKey(str2, PGConstants.NAME_NAME);
            String valueByKey2 = getValueByKey(str2, "value");
            if ("SAMLResponse".equalsIgnoreCase(valueByKey)) {
                return valueByKey2.replace("&#x2b;", "+").replace("&#x3d;", "=");
            }
        }
        throw new IOException("Failed to retrieve SAMLAssertion.");
    }
}
