package com.vertica.core;

import com.vertica.jdbc.common.BaseConnectionFactory;
import com.vertica.security.TrustStoreResolver;
import com.vertica.shaded.google.gson.Gson;
import com.vertica.shaded.google.gson.JsonElement;
import com.vertica.shaded.google.gson.JsonObject;
import com.vertica.shaded.google.gson.JsonParser;
import com.vertica.shaded.google.gson.JsonSyntaxException;
import java.awt.Desktop;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.UUID;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/vertica/core/OAuthBrowserFlow.class */
public class OAuthBrowserFlow {
    static final String grant_type = "authorization_code";
    TrustStoreResolver trustStore;
    String authCode = "";
    String clientSecret = "";
    String clientId = "";
    String redirectUrl = "";
    String authUrl = "";
    String tokenUrl = "";
    String scope = "";
    String discoveryUrl = "";
    boolean validateHost = true;
    String codeVerifier = "";
    String codeChallenge = "";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$JsonConfigurationException.class */
    public class JsonConfigurationException extends RuntimeException {
        private JsonConfigurationException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$OAuthBrowserException.class */
    public class OAuthBrowserException extends RuntimeException {
        private OAuthBrowserException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$OAuthBrowserMissingFieldException.class */
    public class OAuthBrowserMissingFieldException extends RuntimeException {
        private OAuthBrowserMissingFieldException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$OAuthURLFormattingException.class */
    public class OAuthURLFormattingException extends RuntimeException {
        private OAuthURLFormattingException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$ServerStartException.class */
    public class ServerStartException extends RuntimeException {
        private ServerStartException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$ServerStopException.class */
    public class ServerStopException extends RuntimeException {
        private ServerStopException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vertica/core/OAuthBrowserFlow$UnsupportedEnvironmentException.class */
    public class UnsupportedEnvironmentException extends RuntimeException {
        private UnsupportedEnvironmentException(String str) {
            super(str);
        }
    }

    public void init(String str, TrustStoreResolver trustStoreResolver) throws RuntimeException {
        this.trustStore = trustStoreResolver;
        try {
            ParseJsonConfig(str);
            SetTokenAndAuthUrlFromDiscoveryUrl();
            EnsureRequiredFieldsEntered();
        } catch (Exception e) {
            throw new JsonConfigurationException("Error initializing from JSON configuration file: " + e.getMessage());
        }
    }

    private void ParseJsonConfig(String str) throws RuntimeException {
        if (str == null || str.isEmpty()) {
            throw new JsonConfigurationException("A Json configuration must be included when doing browser OAuth flow.");
        }
        try {
            JsonObject asJsonObject = ((JsonElement) new Gson().fromJson(str, JsonElement.class)).getAsJsonObject();
            String ParseJsonField = ParseJsonField(asJsonObject, "OAuthTokenUrl");
            if (!ParseJsonField.isEmpty()) {
                this.tokenUrl = ParseJsonField;
            }
            String ParseJsonField2 = ParseJsonField(asJsonObject, "OAuthAuthUrl");
            if (!ParseJsonField2.isEmpty()) {
                this.authUrl = ParseJsonField2;
            }
            String ParseJsonField3 = ParseJsonField(asJsonObject, "OAuthClientId");
            if (!ParseJsonField3.isEmpty()) {
                this.clientId = ParseJsonField3;
            }
            String ParseJsonField4 = ParseJsonField(asJsonObject, "OAuthClientSecret");
            if (!ParseJsonField4.isEmpty()) {
                this.clientSecret = ParseJsonField4;
            }
            String ParseJsonField5 = ParseJsonField(asJsonObject, "OAuthDiscoveryUrl");
            if (!ParseJsonField5.isEmpty()) {
                this.discoveryUrl = ParseJsonField5;
            }
            String ParseJsonField6 = ParseJsonField(asJsonObject, "OAuthScope");
            if (!ParseJsonField6.isEmpty()) {
                this.scope = ParseJsonField6;
            }
            String ParseJsonField7 = ParseJsonField(asJsonObject, "OAuthValidateHostname");
            if (!ParseJsonField7.isEmpty() && ParseJsonField7.equals(VConnectionPropertyValue.FALSE)) {
                this.validateHost = false;
            }
        } catch (JsonSyntaxException e) {
            throw new JsonConfigurationException("Invalid JSON string provided for OAuth configuration: " + e.getMessage());
        }
    }

    private String ParseJsonField(JsonObject jsonObject, String str) {
        JsonElement jsonElement = jsonObject.get(str);
        if (jsonElement != null) {
            return jsonElement.getAsString();
        }
        JsonElement jsonElement2 = jsonObject.get(str.toLowerCase());
        return jsonElement2 != null ? jsonElement2.getAsString() : "";
    }

    private void SetTokenAndAuthUrlFromDiscoveryUrl() {
        if (this.discoveryUrl.isEmpty()) {
            return;
        }
        if (!this.tokenUrl.isEmpty() && !this.authUrl.isEmpty()) {
            return;
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.discoveryUrl).openConnection();
            httpURLConnection.setRequestMethod("GET");
            SetCustomizedSSLSocketFactory(httpURLConnection);
            SetHostnameValidation(httpURLConnection);
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode != 200) {
                throw new OAuthURLFormattingException("Error getting authorization and token urls. Response code: " + responseCode);
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    JsonObject asJsonObject = JsonParser.parseString(sb.toString()).getAsJsonObject();
                    String asString = asJsonObject.get("authorization_endpoint").getAsString();
                    String asString2 = asJsonObject.get("token_endpoint").getAsString();
                    this.authUrl = getValueOrEmpty(asString);
                    this.tokenUrl = getValueOrEmpty(asString2);
                    return;
                }
                sb.append(readLine);
            }
        } catch (IOException e) {
            throw new OAuthBrowserException("Error using discovery url: " + e.getMessage());
        }
    }

    private void EnsureRequiredFieldsEntered() throws RuntimeException {
        HashMap hashMap = new HashMap();
        hashMap.put("Client Id", this.clientId);
        hashMap.put("Auth url", this.authUrl);
        hashMap.put("Token url", this.tokenUrl);
        for (String str : hashMap.keySet()) {
            String str2 = (String) hashMap.get(str);
            if (str2 == null || str2.isEmpty()) {
                throw new OAuthBrowserMissingFieldException("Missing field for browser auth flow: " + str);
            }
        }
    }

    public String doAuth() throws RuntimeException {
        setRedirectUrl();
        setAuthCode();
        return setAccessToken();
    }

    private void setRedirectUrl() {
        try {
            ServerSocket serverSocket = new ServerSocket(0);
            Throwable th = null;
            try {
                try {
                    int localPort = serverSocket.getLocalPort();
                    if (serverSocket != null) {
                        if (0 != 0) {
                            try {
                                serverSocket.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            serverSocket.close();
                        }
                    }
                    this.redirectUrl = "http://localhost:" + localPort;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ServerStartException("Unable to assign an open port to redirect url: " + e.getMessage());
        }
    }

    private void setAuthCode() throws RuntimeException {
        String readLine;
        String uuid = UUID.randomUUID().toString();
        this.codeVerifier = setCodeVerifier();
        this.codeChallenge = setCodeChallenge();
        String str = this.authUrl + "?client_id=" + this.clientId + "&response_type=code&redirect_uri=" + this.redirectUrl + "&state=" + uuid + "&code_challenge=" + this.codeChallenge + "&code_challenge_method=S256";
        this.scope = getValueOrEmpty(this.scope);
        if (!this.scope.isEmpty()) {
            str = str + "&scope=" + this.scope;
        }
        if (!Desktop.isDesktopSupported() || !Desktop.getDesktop().isSupported(Desktop.Action.BROWSE)) {
            throw new UnsupportedEnvironmentException("Can't open browser in this environment.");
        }
        try {
            URI uri = new URI(this.redirectUrl);
            int port = uri.getPort();
            try {
                ServerSocket serverSocket = new ServerSocket(port, 0, InetAddress.getByName(uri.getHost()));
                serverSocket.setSoTimeout(60000);
                try {
                    Desktop.getDesktop().browse(new URI(str));
                    Socket socket = null;
                    if (serverSocket != null) {
                        try {
                            socket = serverSocket.accept();
                        } catch (IOException e) {
                            throw new ServerStartException("Unable to start server on port " + port + ": " + e.getMessage());
                        }
                    }
                    try {
                        try {
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
                            StringBuilder sb = new StringBuilder();
                            do {
                                readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                } else {
                                    sb.append(readLine).append("\r\n");
                                }
                            } while (!readLine.isEmpty());
                            String[] split = sb.toString().split("\r\n");
                            int length = split.length;
                            int i = 0;
                            while (true) {
                                if (i >= length) {
                                    break;
                                }
                                String str2 = split[i];
                                if (str2.contains("code=")) {
                                    String substring = str2.substring(6, str2.indexOf(32, 8));
                                    HashMap hashMap = new HashMap();
                                    for (String str3 : substring.split("&")) {
                                        String[] split2 = str3.split("=");
                                        hashMap.put(split2[0], split2[1]);
                                    }
                                    String str4 = (String) hashMap.get("state");
                                    this.authCode = (String) hashMap.get("code");
                                    if (this.authCode == null || this.authCode.isEmpty()) {
                                        throw new RuntimeException("Didn't get an authorization code from endpoint!");
                                    }
                                    if (!str4.equalsIgnoreCase(uuid)) {
                                        throw new RuntimeException("State token doesn't match!");
                                    }
                                    returnToBrowser(socket);
                                } else {
                                    i++;
                                }
                            }
                            if (socket != null) {
                                try {
                                    socket.close();
                                } catch (IOException e2) {
                                    throw new ServerStopException("Problem closing socket object: " + e2.getMessage());
                                }
                            }
                            if (serverSocket != null) {
                                try {
                                    serverSocket.close();
                                } catch (IOException e3) {
                                    throw new ServerStopException("Problem closing server socket: " + e3.getMessage());
                                }
                            }
                        } catch (SocketTimeoutException e4) {
                            throw new ServerStopException("Timeout waiting for response from client: " + e4.getMessage());
                        } catch (IOException e5) {
                            throw new RuntimeException("An error occurred during browser flow: " + e5.getMessage());
                        }
                    } catch (Throwable th) {
                        if (socket != null) {
                            try {
                                socket.close();
                            } catch (IOException e6) {
                                throw new ServerStopException("Problem closing socket object: " + e6.getMessage());
                            }
                        }
                        if (serverSocket != null) {
                            try {
                                serverSocket.close();
                            } catch (IOException e7) {
                                throw new ServerStopException("Problem closing server socket: " + e7.getMessage());
                            }
                        }
                        throw th;
                    }
                } catch (IOException | URISyntaxException e8) {
                    throw new OAuthURLFormattingException("Unable to open URL: " + e8.getMessage());
                }
            } catch (IOException e9) {
                throw new ServerStartException("Unable to start server on port " + port + ": " + e9.getMessage());
            }
        } catch (URISyntaxException e10) {
            throw new OAuthURLFormattingException("Redirect URL improperly formatted: " + e10.getMessage());
        }
    }

    private void returnToBrowser(Socket socket) {
        try {
            PrintWriter printWriter = new PrintWriter(socket.getOutputStream(), true);
            ArrayList arrayList = new ArrayList();
            arrayList.add("HTTP/1.0 200 OK");
            arrayList.add("Content-Type: text/html");
            arrayList.add(String.format("Content-Length: %s", Integer.valueOf("<!DOCTYPE html><html><head><meta charset=\"UTF-8\"/><title>OAuth Response for Vertica JDBC</title></head><body>Your identity was confirmed and propagated to Vertica JDBC driver. You can close this window and go back to where you started.</body></html>".length())));
            arrayList.add("");
            arrayList.add("<!DOCTYPE html><html><head><meta charset=\"UTF-8\"/><title>OAuth Response for Vertica JDBC</title></head><body>Your identity was confirmed and propagated to Vertica JDBC driver. You can close this window and go back to where you started.</body></html>");
            for (int i = 0; i < arrayList.size(); i++) {
                if (i > 0) {
                    printWriter.print("\r\n");
                }
                printWriter.print((String) arrayList.get(i));
            }
            printWriter.flush();
        } catch (IOException e) {
            throw new OAuthBrowserException("Error displaying response from redirect url: " + e.getMessage());
        }
    }

    private String setAccessToken() throws RuntimeException {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.tokenUrl).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("accept", "application/json");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            if (!this.clientSecret.isEmpty()) {
                httpURLConnection.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString((this.clientId + BaseConnectionFactory.URL_SEPARATOR + this.clientSecret).getBytes(StandardCharsets.UTF_8)));
            }
            SetCustomizedSSLSocketFactory(httpURLConnection);
            SetHostnameValidation(httpURLConnection);
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
            Throwable th = null;
            try {
                try {
                    dataOutputStream.writeBytes("grant_type=authorization_code&redirect_uri=" + this.redirectUrl + "&code=" + this.authCode + "&client_id=" + this.clientId + "&code_verifier=" + this.codeVerifier);
                    if (dataOutputStream != null) {
                        if (0 != 0) {
                            try {
                                dataOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            dataOutputStream.close();
                        }
                    }
                    if (httpURLConnection.getResponseCode() == 400) {
                        throw new OAuthBrowserException("Server responded with a Bad Request (HTTP 400) when trying to get access token");
                    }
                    StringBuilder sb = new StringBuilder();
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                    Throwable th3 = null;
                    while (true) {
                        try {
                            try {
                                String readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                sb.append(readLine);
                            } finally {
                            }
                        } finally {
                        }
                    }
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return JsonParser.parseString(sb.toString()).getAsJsonObject().get("access_token").getAsString();
                } finally {
                }
            } finally {
            }
        } catch (MalformedURLException e) {
            throw new OAuthURLFormattingException("Invalid token URL: " + this.tokenUrl + ": " + e.getMessage());
        } catch (IOException e2) {
            throw new OAuthURLFormattingException("Error while opening token URL: " + this.tokenUrl + ": " + e2.getMessage());
        }
    }

    private void SetHostnameValidation(HttpURLConnection httpURLConnection) {
        if (this.validateHost || !(httpURLConnection instanceof HttpsURLConnection)) {
            return;
        }
        ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(new HostnameVerifier() { // from class: com.vertica.core.OAuthBrowserFlow.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }

    private void SetCustomizedSSLSocketFactory(HttpURLConnection httpURLConnection) {
        if (httpURLConnection instanceof HttpsURLConnection) {
            try {
                KeyStore keyStore = this.trustStore.getKeyStore();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
            } catch (Exception e) {
                throw new OAuthBrowserException("Cannot set Customized SSLSocketFactory:" + e.getMessage());
            }
        }
    }

    private String setCodeVerifier() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private String setCodeChallenge() {
        try {
            byte[] bytes = this.codeVerifier.getBytes();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bytes);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new OAuthBrowserException("Unable to authenticate without client secret using PKCE: " + e.getMessage());
        }
    }

    private String getValueOrEmpty(String str) {
        return str != null ? str : "";
    }
}
