package com.databricks.client.jdbc.oauth;

import com.databricks.client.dsi.core.impl.DSIDriverSingleton;
import com.databricks.client.hivecommon.HiveJDBCSettings;
import com.databricks.client.hivecommon.api.WebBrowserOAuthClient;
import com.databricks.client.hivecommon.core.HiveJDBCCommonDriver;
import com.databricks.client.hivecommon.exceptions.HiveJDBCMessageKey;
import com.databricks.client.hivecommon.utils.OAuthTokenCache;
import com.databricks.client.jdbc.common.OAuthSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc42.internal.apache.commons.codec.digest.MessageDigestAlgorithms;
import com.databricks.client.jdbc42.internal.apache.http.client.config.RequestConfig;
import com.databricks.client.jdbc42.internal.apache.http.client.entity.UrlEncodedFormEntity;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpPost;
import com.databricks.client.jdbc42.internal.apache.http.message.BasicNameValuePair;
import com.databricks.client.jdbc42.internal.apache.logging.log4j.util.ProcessIdUtil;
import com.databricks.client.jdbc42.internal.apache.thrift.TException;
import com.databricks.client.jdbc42.internal.apache.thrift.transport.TTransportException;
import com.databricks.client.jdbc42.internal.bytebuddy.utility.JavaConstant;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Random;

/* loaded from: input_file:com/databricks/client/jdbc/oauth/AuthorizationCodeOAuthProvider.class */
public class AuthorizationCodeOAuthProvider extends OauthProvider {
    private final int OAUTH2_CODE_VERIFIER_GEN_LENGTH = 200;
    private final int OAUTH2_CODE_VERIFIER_MIN_LENGTH = 50;
    private final String OAUTH2_REDIRECTURL_STR = "redirect_uri";
    private final String OAUTH2_CODE_CHALLENGE_STR = "code_challenge";
    private final String OAUTH2_CODE_CHALLENGE_METHOD_STR = "code_challenge_method";
    private final String OAUTH2_STATE_STR = "state";
    private final String OAUTH2_CODE_RESPONSE_TYPE_STR = "response_type=code&";
    private final String HTTP_LOCALHOST_PREFIX = "http://localhost:";
    private final String BROWSER_CRED_GRANT = "authorization_code";
    private final String CODE = "code";
    private final String REDIRECT_URI = "redirect_uri";
    private final String CODE_VERIFIER = "code_verifier";
    private OAuthTokenCache m_refreshTokenCache;
    private OAuthTokenCache m_accessTokenCache;
    private WebBrowserOAuthClient m_browserClient;
    private String m_codeVerifier;

    public AuthorizationCodeOAuthProvider(HiveJDBCSettings hiveJDBCSettings, ILogger iLogger) throws ErrorException {
        super(hiveJDBCSettings, iLogger);
        this.OAUTH2_CODE_VERIFIER_GEN_LENGTH = 200;
        this.OAUTH2_CODE_VERIFIER_MIN_LENGTH = 50;
        this.OAUTH2_REDIRECTURL_STR = "redirect_uri";
        this.OAUTH2_CODE_CHALLENGE_STR = "code_challenge";
        this.OAUTH2_CODE_CHALLENGE_METHOD_STR = "code_challenge_method";
        this.OAUTH2_STATE_STR = "state";
        this.OAUTH2_CODE_RESPONSE_TYPE_STR = "response_type=code&";
        this.HTTP_LOCALHOST_PREFIX = "http://localhost:";
        this.BROWSER_CRED_GRANT = "authorization_code";
        this.CODE = OAuthAPIConstants.SUPPORTED_RESPONSE_TYPE;
        this.REDIRECT_URI = "redirect_uri";
        this.CODE_VERIFIER = "code_verifier";
        this.m_browserClient = null;
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        this.m_refreshTokenCache = new OAuthTokenCache(iLogger, this.m_settings, "refresh");
        this.m_accessTokenCache = new OAuthTokenCache(iLogger, this.m_settings, "access");
    }

    @Override // com.databricks.client.jdbc.oauth.OauthProvider
    public void obtainAccessToken() throws TException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        if (hasValidAccessTokenJwtExpiry()) {
            return;
        }
        boolean z = false;
        String str = this.m_settings.m_host + ".accesskey";
        String str2 = this.m_settings.m_host;
        if (this.m_settings.m_enableTokenCache.booleanValue()) {
            String str3 = null;
            String str4 = null;
            try {
                try {
                    str3 = this.m_accessTokenCache.getTokenCache().getValue(str);
                    str4 = this.m_refreshTokenCache.getTokenCache().getValue(str2);
                    if (!this.m_settings.m_expiredCachedAccessTokenTest.isEmpty()) {
                        LogUtilities.logDebug("Expired Cached Access Token Test is enabled.This code is for test purpose.", this.m_logger);
                        str3 = this.m_settings.m_expiredCachedAccessTokenTest;
                    }
                    if (!this.m_settings.m_expiredCachedRefreshTokenTest.isEmpty()) {
                        LogUtilities.logDebug("Expired Cached Access Token Test is enabled.This code is for test purpose.", this.m_logger);
                        str4 = this.m_settings.m_expiredCachedRefreshTokenTest;
                    }
                } catch (Exception e) {
                    LogUtilities.logWarning(String.format("Got an Exception while retrieving Token Cache. Exception: %s", e.getMessage()), this.m_logger);
                }
                if (!hasValidAccessTokenJwtExpiry()) {
                    if (str3 != null && !OAuthUtil.isAccessTokenExpired(str3, this.m_settings.m_oAuthSettings.m_tokenExpiryBuffer)) {
                        LogUtilities.logDebug("Cached access token is still valid. Driver will try to use this access token.", this.m_logger);
                        this.m_settings.m_oAuthSettings.m_accessToken = str3;
                        decodeAndExchangeAccessToken(false);
                    } else if (str4 != null) {
                        try {
                            LogUtilities.logDebug("Setting cached refresh token to get access token.", this.m_logger);
                            this.m_settings.m_oAuthSettings.m_refreshToken = str4;
                            if (this.m_settings.m_enableTestOverrideAuthorizationUrl.booleanValue()) {
                                this.m_settings.m_oAuthSettings.m_Oauth2TokenEndpoint = this.m_settings.m_oAuthSettings.m_authorizationUrl;
                            }
                            getAccessTokenFromRefresh();
                            decodeAndExchangeAccessToken(this.m_oAuthSettings.m_enableMandatoryTokenExchange);
                            cacheToken(this.m_refreshTokenCache, str2, this.m_accessTokenCache, str);
                        } catch (ErrorException e2) {
                            if (!(e2 instanceof RefreshTokenExpiredException)) {
                                throw new TException(getDetailedErrorExceptionMessage(e2), e2.getCause());
                            }
                            z = true;
                            LogUtilities.logError("Error occured during access token request using refresh token.", this.m_logger);
                            if (e2.getMessageParams() != null && e2.getMessageParams().length > 0) {
                                for (String str5 : e2.getMessageParams()) {
                                    LogUtilities.logError("Following error occured while getting the new access token. " + str5, this.m_logger);
                                }
                            }
                            try {
                                if (this.m_refreshTokenCache.getTokenCache().getValue(str2) != null) {
                                    this.m_refreshTokenCache.getTokenCache().setValue(str2, this.m_refreshTokenCache.getTokenCache().getValue(str2), 0L);
                                }
                            } catch (Exception e3) {
                                LogUtilities.logWarning(String.format("Got an Exception while retrieving and setting Token Cache. Exception: %s", e3.getMessage()), this.m_logger);
                            }
                        }
                    } else {
                        z = true;
                    }
                }
            } catch (Exception e4) {
                throw new TException(e4.getMessage(), e4.getCause());
            }
        } else if (!hasValidAccessTokenJwtExpiry()) {
            z = true;
        }
        if (z) {
            try {
                getBrowserSSODetails();
                browerCredentialOauth(this.m_refreshTokenCache, str2, this.m_accessTokenCache, str);
                decodeAndExchangeAccessToken(this.m_oAuthSettings.m_enableMandatoryTokenExchange);
                if (this.m_settings.m_enableTokenCache.booleanValue()) {
                    cacheToken(this.m_refreshTokenCache, str2, this.m_accessTokenCache, str);
                }
            } catch (ErrorException e5) {
                throw new TException(getDetailedErrorExceptionMessage(e5), e5.getCause());
            }
        }
        addCustomOAuthHeader("Authorization", "Bearer " + this.m_oAuthSettings.m_accessToken);
    }

    private void browerCredentialOauth(OAuthTokenCache oAuthTokenCache, String str, OAuthTokenCache oAuthTokenCache2, String str2) throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        OAuthSettings oAuthSettings = this.m_settings.m_oAuthSettings;
        URI serverURI = OAuthUtil.getServerURI(oAuthSettings.m_authorizationUrl, oAuthSettings.m_OAuth2EnableAuthURLIPRange);
        HttpPost requestParams = setRequestParams(oAuthSettings, new HttpPost(serverURI));
        requestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        parseTokenResponse(executeRequestWithRetry(serverURI, requestParams));
    }

    private void getBrowserSSODetails() throws TTransportException {
        try {
            LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
            this.m_browserClient = new WebBrowserOAuthClient(this.m_settings, this.m_logger);
            checkDriverConfigurations();
            String valueOf = String.valueOf(this.m_browserClient.getPort());
            this.m_browserClient.setSSOUri(new URI(generateBrowserConnectionString(valueOf).replace(" ", "%20")));
            this.m_browserClient.doBrowserSSO();
            if (!this.m_browserClient.isSuccess()) {
                if (!this.m_browserClient.hasResponse()) {
                    throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SSO_RESPONSE_TIMEOUT.name());
                }
                throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SSO_BROWSER_AUTH_FAILED_WITH_MSG.name(), "");
            }
            if (!this.m_settings.m_enableTestOverrideAuthorizationUrl.booleanValue()) {
                this.m_settings.m_oAuthSettings.m_authorizationUrl = this.m_settings.m_oAuthSettings.m_Oauth2TokenEndpoint;
            }
            this.m_settings.m_oAuthSettings.m_code = this.m_browserClient.getCode();
            this.m_settings.m_oAuthSettings.m_redirectUri = "http://localhost:" + valueOf;
            this.m_settings.m_oAuthSettings.m_codeVerifier = this.m_codeVerifier;
        } catch (ErrorException e) {
            e.loadMessage(DSIDriverSingleton.getInstance().getMessageSource(), DSIDriverSingleton.getInstance().getLocale());
            throw new TTransportException(e);
        } catch (URISyntaxException e2) {
            throw new TTransportException(new TException(getDetailedErrorExceptionMessage(HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SSO_INVALID_URL_RECEIVED.name())), e2.getCause()));
        }
    }

    private void checkDriverConfigurations() throws ErrorException {
        if (!this.m_settings.m_serverSSLSettings.m_enableSSL) {
            throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.SSL_NOT_ENABLED.name(), this.m_settings.m_authMech.getDisplayName());
        }
    }

    private String generateBrowserConnectionString(String str) throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        String str2 = this.m_settings.m_oAuthSettings.m_Oauth2AuthorizeEndpoint + "?response_type=code&" + OAuthAPIConstants.CLIENT_ID_KEY + "=" + this.m_settings.m_oAuthSettings.m_authClientID + "&code_challenge=" + generateCodeChallenge() + "&redirect_uri=http://localhost:" + str + "&scope=" + this.m_settings.m_oAuthSettings.m_authScope + "&code_challenge_method=" + this.m_settings.m_oAuthSettings.m_OAuth2CodeChallengeMethod + "&state=" + this.m_codeVerifier.substring(this.m_codeVerifier.length() / 2);
        if (this.m_settings.m_oAuthSettings.m_authClientSecret != null) {
            str2 = str2 + "&client_secret=" + this.m_settings.m_oAuthSettings.m_authClientSecret;
        }
        return str2;
    }

    private String generateCodeChallenge() throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        this.m_codeVerifier = "";
        while (50 > this.m_codeVerifier.length()) {
            try {
                byte[] bArr = new byte[200];
                new Random().nextBytes(bArr);
                this.m_codeVerifier += new String(bArr, Charset.forName("UTF-8")).replaceAll("[^a-zA-Z0-9]+", "");
            } catch (Exception e) {
                throw HiveJDBCCommonDriver.s_HiveMessages.createGeneralException(HiveJDBCMessageKey.OAUTH_FAILED_CODE_CHALLENGE.name(), e.getMessage());
            }
        }
        String replaceAll = new String(Base64.getEncoder().encode(MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(this.m_codeVerifier.getBytes(Charset.forName("UTF-8"))))).replaceAll("\\+", ProcessIdUtil.DEFAULT_PROCESSID).replaceAll("/", JavaConstant.Dynamic.DEFAULT_NAME);
        while (Character.compare(replaceAll.charAt(replaceAll.length() - 1), '=') == 0) {
            replaceAll = replaceAll.replace("=", "");
        }
        return replaceAll;
    }

    private void cacheToken(OAuthTokenCache oAuthTokenCache, String str, OAuthTokenCache oAuthTokenCache2, String str2) {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        String str3 = this.m_oAuthSettings.m_accessToken;
        String str4 = this.m_oAuthSettings.m_refreshToken;
        long currentTimeMillis = (this.m_oAuthSettings.m_expiryTime - System.currentTimeMillis()) / 1000 > 0 ? (this.m_oAuthSettings.m_expiryTime - System.currentTimeMillis()) / 1000 : 0L;
        if (str3 != null) {
            try {
                if (!str3.isEmpty() && currentTimeMillis != 0) {
                    LogUtilities.logDebug("Caching the access token.", this.m_logger);
                    oAuthTokenCache2.getTokenCache().setValue(str2, str3, currentTimeMillis);
                }
            } catch (Exception e) {
                LogUtilities.logWarning(String.format("Got an Exception while setting Token Cache. Exception: %s", e.getMessage()), this.m_logger);
                return;
            }
        }
        if (str4 != null && !str4.isEmpty()) {
            LogUtilities.logDebug("Caching  the refresh token.", this.m_logger);
            oAuthTokenCache.getTokenCache().setValue(str, str4, Instant.now().getEpochSecond() * 2);
        }
    }

    protected final HttpPost setRequestParams(OAuthSettings oAuthSettings, HttpPost httpPost) throws ErrorException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new BasicNameValuePair(OAuthAPIConstants.GRANT_TYPE_KEY, "authorization_code"));
        arrayList.add(new BasicNameValuePair(OAuthAPIConstants.CLIENT_ID_KEY, oAuthSettings.m_authClientID));
        arrayList.add(new BasicNameValuePair(OAuthAPIConstants.SUPPORTED_RESPONSE_TYPE, oAuthSettings.m_code));
        arrayList.add(new BasicNameValuePair("redirect_uri", oAuthSettings.m_redirectUri));
        arrayList.add(new BasicNameValuePair("code_verifier", oAuthSettings.m_codeVerifier));
        if (null != oAuthSettings.m_authScope) {
            arrayList.add(new BasicNameValuePair("scope", oAuthSettings.m_authScope));
        }
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage(), e.getCause().toString()});
        }
    }
}
