package com.amazon.redshift.core;

import com.amazon.dsi.core.utilities.ConnSettingRequestMap;
import com.amazon.dsi.core.utilities.Variant;
import com.amazon.redshift.AuthMech;
import com.amazon.redshift.CredentialsHolder;
import com.amazon.redshift.IPlugin;
import com.amazon.redshift.amazonaws.AmazonClientException;
import com.amazon.redshift.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazon.redshift.amazonaws.auth.BasicAWSCredentials;
import com.amazon.redshift.amazonaws.auth.BasicSessionCredentials;
import com.amazon.redshift.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazon.redshift.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazon.redshift.amazonaws.client.builder.AwsClientBuilder;
import com.amazon.redshift.amazonaws.services.redshift.AmazonRedshift;
import com.amazon.redshift.amazonaws.services.redshift.AmazonRedshiftClientBuilder;
import com.amazon.redshift.amazonaws.services.redshift.model.Cluster;
import com.amazon.redshift.amazonaws.services.redshift.model.DescribeClustersRequest;
import com.amazon.redshift.amazonaws.services.redshift.model.Endpoint;
import com.amazon.redshift.amazonaws.services.redshift.model.GetClusterCredentialsRequest;
import com.amazon.redshift.amazonaws.services.redshift.model.GetClusterCredentialsResult;
import com.amazon.redshift.amazonaws.util.StringUtils;
import com.amazon.redshift.exceptions.PGJDBCMessageKey;
import com.amazon.support.ILogger;
import com.amazon.support.LogUtilities;
import com.amazon.support.exceptions.ErrorException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: input_file:com/amazon/redshift/core/IamHelper.class */
public final class IamHelper {
    private IamHelper() {
    }

    public static void setIAMProperties(ConnSettingRequestMap connSettingRequestMap, PGJDBCSettings pGJDBCSettings, ILogger iLogger) throws ErrorException {
        if (pGJDBCSettings.m_authMech.ordinal() < AuthMech.VERIFY_CA.ordinal()) {
            pGJDBCSettings.m_authMech = AuthMech.VERIFY_CA;
        }
        Variant requiredConnSetting = PGJDBCConnection.getRequiredConnSetting(PGJDBCPropertyKey.CLUSTER_IDENTIFIER, connSettingRequestMap);
        Variant optionalConnSetting = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.AWS_REGION, connSettingRequestMap);
        Variant optionalConnSetting2 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.ENDPOINT_URL, connSettingRequestMap);
        Variant optionalConnSetting3 = PGJDBCConnection.getOptionalConnSetting("UID", connSettingRequestMap);
        Variant optionalConnSetting4 = PGJDBCConnection.getOptionalConnSetting("PWD", connSettingRequestMap);
        Variant optionalConnSetting5 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.AWS_PROFILE, connSettingRequestMap);
        Variant optionalConnSetting6 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.IAM_DURATION, connSettingRequestMap);
        Variant optionalConnSetting7 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.IAM_ACCESS_KEY_ID, connSettingRequestMap);
        Variant optionalConnSetting8 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.IAM_SECRET_ACCESS_KEY, connSettingRequestMap);
        Variant optionalConnSetting9 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.IAM_SESSION_TOKEN, connSettingRequestMap);
        Variant optionalConnSetting10 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.CREDENTIALS_PROVIDER, connSettingRequestMap);
        Variant optionalConnSetting11 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.USER_AUTOCREATE, connSettingRequestMap);
        Variant optionalConnSetting12 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.DB_USER, connSettingRequestMap);
        Variant optionalConnSetting13 = PGJDBCConnection.getOptionalConnSetting(PGJDBCPropertyKey.DB_GROUPS, connSettingRequestMap);
        pGJDBCSettings.m_clusterIdentifier = requiredConnSetting.getString();
        if (pGJDBCSettings.m_clusterIdentifier.isEmpty()) {
            ErrorException createGeneralException = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_MISSING_PROPERTY_ERROR, PGJDBCPropertyKey.CLUSTER_IDENTIFIER);
            LogUtilities.logError(createGeneralException, iLogger);
            throw createGeneralException;
        }
        if (null != optionalConnSetting) {
            pGJDBCSettings.m_awsRegion = optionalConnSetting.getString().trim().toLowerCase();
        }
        if (null != optionalConnSetting2) {
            pGJDBCSettings.m_endpoint = optionalConnSetting2.getString();
        } else {
            pGJDBCSettings.m_endpoint = System.getProperty("redshift.endpoint-url");
        }
        if (null != optionalConnSetting3) {
            pGJDBCSettings.m_username = optionalConnSetting3.getString();
        }
        if (null != optionalConnSetting4) {
            pGJDBCSettings.m_password = optionalConnSetting4.getString();
        }
        if (null != optionalConnSetting5) {
            pGJDBCSettings.m_profile = optionalConnSetting5.getString();
        }
        if (null != optionalConnSetting6) {
            try {
                pGJDBCSettings.m_iamDuration = Integer.parseInt(optionalConnSetting6.getString());
                if (pGJDBCSettings.m_iamDuration < 900 || pGJDBCSettings.m_iamDuration > 3600) {
                    ErrorException createGeneralException2 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_INVALID_PROPERTY_VALUE_TYPE_OR_RANGE.name(), new String[]{PGJDBCPropertyKey.IAM_DURATION, optionalConnSetting6.getString(), "900", "3600"});
                    LogUtilities.logError(createGeneralException2, iLogger);
                    throw createGeneralException2;
                }
            } catch (NumberFormatException e) {
                ErrorException createGeneralException3 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_INVALID_PROPERTY_VALUE.name(), new String[]{PGJDBCPropertyKey.IAM_DURATION, optionalConnSetting6.getString()});
                LogUtilities.logError(createGeneralException3, iLogger);
                throw createGeneralException3;
            }
        }
        if (null != optionalConnSetting7) {
            pGJDBCSettings.m_iamAccessKeyID = optionalConnSetting7.getString();
        }
        if (null == optionalConnSetting8) {
            pGJDBCSettings.m_iamSecretKey = pGJDBCSettings.m_password;
        } else {
            if (StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamAccessKeyID)) {
                ErrorException createGeneralException4 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_MISSING_PROPERTY_ERROR, PGJDBCPropertyKey.IAM_ACCESS_KEY_ID);
                LogUtilities.logError(createGeneralException4, iLogger);
                throw createGeneralException4;
            }
            pGJDBCSettings.m_iamSecretKey = optionalConnSetting8.getString();
            if (pGJDBCSettings.m_iamSecretKey.isEmpty()) {
                pGJDBCSettings.m_iamSecretKey = pGJDBCSettings.m_password;
            }
        }
        if (null != optionalConnSetting9) {
            if (StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamAccessKeyID)) {
                ErrorException createGeneralException5 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_MISSING_PROPERTY_ERROR, PGJDBCPropertyKey.IAM_ACCESS_KEY_ID);
                LogUtilities.logError(createGeneralException5, iLogger);
                throw createGeneralException5;
            }
            pGJDBCSettings.m_iamSessionToken = optionalConnSetting9.getString();
        }
        if (null != optionalConnSetting10) {
            pGJDBCSettings.m_credentialsProvider = optionalConnSetting10.getString();
        }
        Iterator<String> keysIterator = connSettingRequestMap.getKeysIterator();
        while (keysIterator.hasNext()) {
            String lowerCase = keysIterator.next().toLowerCase(Locale.getDefault());
            String string = connSettingRequestMap.getProperty(lowerCase).getString();
            if (!"*".equals(string)) {
                pGJDBCSettings.m_pluginArgs.put(lowerCase, string);
            }
        }
        pGJDBCSettings.m_autocreate = optionalConnSetting11 == null ? null : Boolean.valueOf(optionalConnSetting11.getString());
        if (null != optionalConnSetting12) {
            pGJDBCSettings.m_dbUser = optionalConnSetting12.getString();
        }
        pGJDBCSettings.m_dbGroups = optionalConnSetting13 != null ? Arrays.asList(optionalConnSetting13.getString().split(StringUtils.COMMA_SEPARATOR)) : Collections.emptyList();
        setIAMCredentials(pGJDBCSettings, iLogger);
    }

    private static void setIAMCredentials(PGJDBCSettings pGJDBCSettings, ILogger iLogger) throws ErrorException {
        AWSCredentialsProvider defaultAWSCredentialsProviderChain;
        CredentialsHolder.IamMetadata metadata;
        if (!StringUtils.isNullOrEmpty(pGJDBCSettings.m_credentialsProvider)) {
            if (!StringUtils.isNullOrEmpty(pGJDBCSettings.m_profile)) {
                ErrorException createGeneralException = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_PROPERTY_CONFLICT_ERR, new String[]{PGJDBCPropertyKey.CREDENTIALS_PROVIDER, PGJDBCPropertyKey.AWS_PROFILE});
                LogUtilities.logError(createGeneralException, iLogger);
                throw createGeneralException;
            }
            if (!StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamAccessKeyID)) {
                ErrorException createGeneralException2 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_PROPERTY_CONFLICT_ERR, new String[]{PGJDBCPropertyKey.CREDENTIALS_PROVIDER, PGJDBCPropertyKey.IAM_ACCESS_KEY_ID});
                LogUtilities.logError(createGeneralException2, iLogger);
                throw createGeneralException2;
            }
            try {
                defaultAWSCredentialsProviderChain = (AWSCredentialsProvider) Class.forName(pGJDBCSettings.m_credentialsProvider).asSubclass(AWSCredentialsProvider.class).newInstance();
                if (defaultAWSCredentialsProviderChain instanceof IPlugin) {
                    IPlugin iPlugin = (IPlugin) defaultAWSCredentialsProviderChain;
                    for (Map.Entry<String, String> entry : pGJDBCSettings.m_pluginArgs.entrySet()) {
                        iPlugin.addParameter(entry.getKey(), entry.getValue());
                    }
                }
            } catch (ClassNotFoundException e) {
                ErrorException createGeneralException3 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_INVALID_CREDENTIALS_PROVIDER_CLASS, pGJDBCSettings.m_credentialsProvider);
                LogUtilities.logError(createGeneralException3, iLogger);
                throw createGeneralException3;
            } catch (IllegalAccessException e2) {
                ErrorException createGeneralException4 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_INVALID_CREDENTIALS_PROVIDER_CLASS, pGJDBCSettings.m_credentialsProvider);
                LogUtilities.logError(createGeneralException4, iLogger);
                throw createGeneralException4;
            } catch (InstantiationException e3) {
                ErrorException createGeneralException5 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_INVALID_CREDENTIALS_PROVIDER_CLASS, pGJDBCSettings.m_credentialsProvider);
                LogUtilities.logError(createGeneralException5, iLogger);
                throw createGeneralException5;
            }
        } else if (StringUtils.isNullOrEmpty(pGJDBCSettings.m_profile)) {
            defaultAWSCredentialsProviderChain = StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamAccessKeyID) ? new DefaultAWSCredentialsProviderChain() : new AWSStaticCredentialsProvider(!StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamSessionToken) ? new BasicSessionCredentials(pGJDBCSettings.m_iamAccessKeyID, pGJDBCSettings.m_iamSecretKey, pGJDBCSettings.m_iamSessionToken) : new BasicAWSCredentials(pGJDBCSettings.m_iamAccessKeyID, pGJDBCSettings.m_iamSecretKey));
        } else {
            if (!StringUtils.isNullOrEmpty(pGJDBCSettings.m_iamAccessKeyID)) {
                ErrorException createGeneralException6 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_PROPERTY_CONFLICT_ERR, new String[]{PGJDBCPropertyKey.AWS_PROFILE, PGJDBCPropertyKey.IAM_ACCESS_KEY_ID});
                LogUtilities.logError(createGeneralException6, iLogger);
                throw createGeneralException6;
            }
            defaultAWSCredentialsProviderChain = new ProfileCredentialsProvider(new PluginProfilesConfigFile(pGJDBCSettings), pGJDBCSettings.m_profile);
        }
        AWSCredentials credentials = defaultAWSCredentialsProviderChain.getCredentials();
        if ((credentials instanceof CredentialsHolder) && null != (metadata = ((CredentialsHolder) credentials).getMetadata())) {
            Boolean autoCreate = metadata.getAutoCreate();
            String dbUser = metadata.getDbUser();
            String dbGroups = metadata.getDbGroups();
            if (null == pGJDBCSettings.m_autocreate) {
                pGJDBCSettings.m_autocreate = autoCreate;
            }
            if (null == pGJDBCSettings.m_dbUser) {
                pGJDBCSettings.m_dbUser = dbUser;
            }
            if (pGJDBCSettings.m_dbGroups.isEmpty() && null != dbGroups) {
                pGJDBCSettings.m_dbGroups = Arrays.asList(dbGroups.split(StringUtils.COMMA_SEPARATOR));
            }
        }
        if ("*".equals(pGJDBCSettings.m_username) && null == pGJDBCSettings.m_dbUser) {
            ErrorException createGeneralException7 = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_MISSING_PROPERTY_ERROR, PGJDBCPropertyKey.DB_USER);
            LogUtilities.logError(createGeneralException7, iLogger);
            throw createGeneralException7;
        }
        setClusterCredentials(defaultAWSCredentialsProviderChain, pGJDBCSettings, iLogger);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void setClusterCredentials(AWSCredentialsProvider aWSCredentialsProvider, PGJDBCSettings pGJDBCSettings, ILogger iLogger) throws ErrorException {
        try {
            AmazonRedshiftClientBuilder standard = AmazonRedshiftClientBuilder.standard();
            if (pGJDBCSettings.m_endpoint != null) {
                standard.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(pGJDBCSettings.m_endpoint, pGJDBCSettings.m_endpoint));
            } else if (pGJDBCSettings.m_awsRegion != null && !pGJDBCSettings.m_awsRegion.isEmpty()) {
                standard.setRegion(pGJDBCSettings.m_awsRegion);
            }
            AmazonRedshift build = ((AmazonRedshiftClientBuilder) standard.withCredentials(aWSCredentialsProvider)).build();
            if (null == pGJDBCSettings.m_host || pGJDBCSettings.m_port == 0) {
                DescribeClustersRequest describeClustersRequest = new DescribeClustersRequest();
                describeClustersRequest.setClusterIdentifier(pGJDBCSettings.m_clusterIdentifier);
                List<Cluster> clusters = build.describeClusters(describeClustersRequest).getClusters();
                if (clusters.isEmpty()) {
                    throw new AmazonClientException("Failed to describeClusters.");
                }
                Endpoint endpoint = clusters.get(0).getEndpoint();
                if (null == endpoint) {
                    throw new AmazonClientException("Cluster is not fully created yet.");
                }
                pGJDBCSettings.m_host = endpoint.getAddress();
                pGJDBCSettings.m_port = endpoint.getPort().intValue();
            }
            GetClusterCredentialsRequest getClusterCredentialsRequest = new GetClusterCredentialsRequest();
            getClusterCredentialsRequest.setClusterIdentifier(pGJDBCSettings.m_clusterIdentifier);
            if (pGJDBCSettings.m_iamDuration > 0) {
                getClusterCredentialsRequest.setDurationSeconds(Integer.valueOf(pGJDBCSettings.m_iamDuration));
            }
            getClusterCredentialsRequest.setDbName(pGJDBCSettings.m_Schema);
            getClusterCredentialsRequest.setDbUser(pGJDBCSettings.m_dbUser == null ? pGJDBCSettings.m_username : pGJDBCSettings.m_dbUser);
            getClusterCredentialsRequest.setAutoCreate(pGJDBCSettings.m_autocreate);
            getClusterCredentialsRequest.setDbGroups(pGJDBCSettings.m_dbGroups);
            LogUtilities.logTrace(getClusterCredentialsRequest.toString(), iLogger);
            GetClusterCredentialsResult clusterCredentials = build.getClusterCredentials(getClusterCredentialsRequest);
            pGJDBCSettings.m_username = clusterCredentials.getDbUser();
            pGJDBCSettings.m_password = clusterCredentials.getDbPassword();
        } catch (AmazonClientException e) {
            LogUtilities.logError(e, iLogger);
            ErrorException createGeneralException = PGJDBCDriver.s_PostgreSQLMessages.createGeneralException(PGJDBCMessageKey.CONN_IAM_ERROR_RETRIEVING_TEMP_CREDS, e.getMessage());
            LogUtilities.logError(createGeneralException, iLogger);
            throw createGeneralException;
        }
    }
}
