package com.vertica.core;

import com.vertica.dsi.core.impl.DSILogger;
import com.vertica.security.TrustStoreResolver;
import com.vertica.shaded.google.gson.JsonElement;
import com.vertica.shaded.google.gson.JsonObject;
import com.vertica.shaded.google.gson.JsonParser;
import com.vertica.shaded.google.gson.JsonSyntaxException;
import com.vertica.support.LogUtilities;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/vertica/core/OAuthConnection.class */
public class OAuthConnection {
    String refreshToken;
    String tokenUrl;
    String clientId;
    String clientSecret;
    String discoveryUrl;
    String scope;
    boolean validateCertHostname = true;
    TrustStoreResolver m_trustStore;
    DSILogger m_log;

    /* loaded from: input_file:com/vertica/core/OAuthConnection$OAuthConfigurationException.class */
    public class OAuthConfigurationException extends RuntimeException {
        public OAuthConfigurationException(String str, Exception exc) {
            super(str, exc);
        }
    }

    /* loaded from: input_file:com/vertica/core/OAuthConnection$OAuthEndpointDiscoveryException.class */
    public class OAuthEndpointDiscoveryException extends RuntimeException {
        public OAuthEndpointDiscoveryException(String str, Exception exc) {
            super(str, exc);
        }
    }

    /* loaded from: input_file:com/vertica/core/OAuthConnection$OAuthMissingParameterException.class */
    public static class OAuthMissingParameterException extends RuntimeException {
        public OAuthMissingParameterException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/vertica/core/OAuthConnection$OAuthTokenRefreshException.class */
    public class OAuthTokenRefreshException extends RuntimeException {
        public OAuthTokenRefreshException(String str, Exception exc) {
            super(str, exc);
        }
    }

    public OAuthConnection(String str, String str2, String str3, String str4, String str5, String str6, String str7, TrustStoreResolver trustStoreResolver, DSILogger dSILogger) {
        this.refreshToken = str;
        this.tokenUrl = str2;
        this.clientId = str3;
        this.clientSecret = str4;
        this.discoveryUrl = str5;
        this.scope = str6;
        this.m_trustStore = trustStoreResolver;
        this.m_log = dSILogger;
        if (str7 == null || str7.isEmpty()) {
            return;
        }
        ParseJsonConfig(str7);
    }

    private String ParseJsonField(JsonObject jsonObject, String str) {
        JsonElement jsonElement = jsonObject.get(str);
        if (jsonElement != null) {
            return jsonElement.getAsString();
        }
        JsonElement jsonElement2 = jsonObject.get(str.toLowerCase());
        return jsonElement2 != null ? jsonElement2.getAsString() : "";
    }

    public void ParseJsonConfig(String str) {
        try {
            JsonObject asJsonObject = new JsonParser().parse(str).getAsJsonObject();
            String ParseJsonField = ParseJsonField(asJsonObject, "OAuthTokenUrl");
            if (!ParseJsonField.isEmpty()) {
                this.tokenUrl = ParseJsonField;
            } else if (!this.tokenUrl.isEmpty()) {
                LogUtilities.logWarning("Value for field OAuthTokenUrl is set in both json config and direct parameter.", this.m_log);
            }
            String ParseJsonField2 = ParseJsonField(asJsonObject, "OAuthDiscoveryUrl");
            if (!ParseJsonField2.isEmpty()) {
                this.discoveryUrl = ParseJsonField2;
            } else if (!this.discoveryUrl.isEmpty()) {
                LogUtilities.logWarning("Value for field OAuthDiscoveryUrl is set in both json config and direct parameter.", this.m_log);
            }
            String ParseJsonField3 = ParseJsonField(asJsonObject, "OAuthClientId");
            if (!ParseJsonField3.isEmpty()) {
                this.clientId = ParseJsonField3;
            } else if (!this.clientId.isEmpty()) {
                LogUtilities.logWarning("Value for field OAuthClientId is set in both json config and direct parameter.", this.m_log);
            }
            String ParseJsonField4 = ParseJsonField(asJsonObject, "OAuthClientSecret");
            if (!ParseJsonField4.isEmpty()) {
                this.clientSecret = ParseJsonField4;
            } else if (!this.clientSecret.isEmpty()) {
                LogUtilities.logWarning("Value for field OAuthClientSecret is set in both json config and direct parameter.", this.m_log);
            }
            String ParseJsonField5 = ParseJsonField(asJsonObject, "OAuthScope");
            if (!ParseJsonField5.isEmpty()) {
                this.scope = ParseJsonField5;
            } else if (!this.scope.isEmpty()) {
                LogUtilities.logWarning("Value for field OAuthScope is set in both json config and direct parameter.", this.m_log);
            }
            String ParseJsonField6 = ParseJsonField(asJsonObject, "OAuthValidateHostname");
            if (!ParseJsonField6.isEmpty() && ParseJsonField6.equals(VConnectionPropertyValue.FALSE)) {
                this.validateCertHostname = false;
            }
        } catch (JsonSyntaxException e) {
            throw new OAuthConfigurationException("Invalid JSON string provided for OAuth configuration", e);
        }
    }

    private void SetHostnameValidation(HttpURLConnection httpURLConnection) {
        if (this.validateCertHostname || !(httpURLConnection instanceof HttpsURLConnection)) {
            return;
        }
        ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(new HostnameVerifier() { // from class: com.vertica.core.OAuthConnection.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return (str.isEmpty() || str.equals(null)) ? false : true;
            }
        });
    }

    private void SetCustomizedSSLSocketFactory(HttpURLConnection httpURLConnection) {
        if (httpURLConnection instanceof HttpsURLConnection) {
            try {
                KeyStore keyStore = this.m_trustStore.getKeyStore();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                LogUtilities.logInfo("set CustomizedSSLSocketFactory for OAuth", this.m_log);
            } catch (Exception e) {
                throw new OAuthConfigurationException("Cannot set Customized SSLSocketFactory", e);
            }
        }
    }

    private String GetTokenResponse(String str) {
        try {
            String str2 = "grant_type=refresh_token&client_secret=" + this.clientSecret + "&client_id=" + this.clientId + "&refresh_token=" + this.refreshToken;
            if (this.scope != null && !this.scope.isEmpty()) {
                str2 = str2 + "&scope=" + this.scope;
            }
            byte[] bytes = str2.getBytes("UTF-8");
            int length = bytes.length;
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            try {
                try {
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setUseCaches(false);
                    httpURLConnection.setRequestMethod("POST");
                    httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                    httpURLConnection.setRequestProperty("Content-Length", Integer.toString(length));
                    httpURLConnection.setRequestProperty("charset", "UTF-8");
                    httpURLConnection.setRequestProperty("Accept", "application/json");
                    SetCustomizedSSLSocketFactory(httpURLConnection);
                    SetHostnameValidation(httpURLConnection);
                    httpURLConnection.getOutputStream().write(bytes);
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(httpURLConnection.getInputStream());
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    for (int read = bufferedInputStream.read(); read != -1; read = bufferedInputStream.read()) {
                        byteArrayOutputStream.write((byte) read);
                    }
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
                    httpURLConnection.disconnect();
                    return byteArrayOutputStream2;
                } catch (Throwable th) {
                    httpURLConnection.disconnect();
                    throw th;
                }
            } catch (Exception e) {
                try {
                    BufferedInputStream bufferedInputStream2 = new BufferedInputStream(httpURLConnection.getErrorStream());
                    ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                    for (int read2 = bufferedInputStream2.read(); read2 != -1; read2 = bufferedInputStream2.read()) {
                        byteArrayOutputStream3.write((byte) read2);
                    }
                    throw new OAuthTokenRefreshException("Error when trying to refresh token, response was: " + byteArrayOutputStream3.toString("UTF-8"), e);
                } catch (Exception e2) {
                    LogUtilities.logWarning("Error reading error stream from failed OAuth token refresh: " + e2.toString(), this.m_log);
                    throw new OAuthTokenRefreshException("Error when trying to refresh token", e);
                }
            }
        } catch (OAuthTokenRefreshException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new OAuthTokenRefreshException("Error connecting to token refresh server: ", e4);
        }
    }

    private String DiscoverTokenEndpoint(String str) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            try {
                try {
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setUseCaches(false);
                    httpURLConnection.setRequestMethod("GET");
                    SetCustomizedSSLSocketFactory(httpURLConnection);
                    SetHostnameValidation(httpURLConnection);
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(httpURLConnection.getInputStream());
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    for (int read = bufferedInputStream.read(); read != -1; read = bufferedInputStream.read()) {
                        byteArrayOutputStream.write((byte) read);
                    }
                    String asString = new JsonParser().parse(byteArrayOutputStream.toString("UTF-8")).getAsJsonObject().get("token_endpoint").getAsString();
                    httpURLConnection.disconnect();
                    return asString;
                } catch (Throwable th) {
                    httpURLConnection.disconnect();
                    throw th;
                }
            } catch (Exception e) {
                try {
                    BufferedInputStream bufferedInputStream2 = new BufferedInputStream(httpURLConnection.getErrorStream());
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    for (int read2 = bufferedInputStream2.read(); read2 != -1; read2 = bufferedInputStream2.read()) {
                        byteArrayOutputStream2.write((byte) read2);
                    }
                    throw new OAuthEndpointDiscoveryException("Error when fetching token endpoints, response was: " + byteArrayOutputStream2.toString("UTF-8"), e);
                } catch (Exception e2) {
                    LogUtilities.logWarning("Error reading error stream from failed OAuth token endpoint discovery: " + e2.toString(), this.m_log);
                    throw new OAuthEndpointDiscoveryException("Error when fetching token endpoints", e);
                }
            }
        } catch (OAuthEndpointDiscoveryException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new OAuthEndpointDiscoveryException("Error connecting to identity provider: ", e4);
        }
    }

    public String GetActiveToken() {
        String str = this.tokenUrl;
        if (this.discoveryUrl.length() > 0) {
            str = DiscoverTokenEndpoint(this.discoveryUrl);
        }
        try {
            return new JsonParser().parse(GetTokenResponse(str)).getAsJsonObject().get("access_token").getAsString();
        } catch (Exception e) {
            throw new OAuthTokenRefreshException("Failed when parsing token refresh response. ", e);
        }
    }
}
