package com.singlestore.jdbc.plugin.credential.browser;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.SignatureGenerationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.singlestore.jdbc.plugin.Credential;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.Random;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:com/singlestore/jdbc/plugin/credential/browser/TokenWaiterServer.class */
public class TokenWaiterServer {
    public static int WAIT_TIMEOUT = 300;
    private final CountDownLatch latch = new CountDownLatch(1);
    private final String listenPath;
    private final HttpServer server;
    private ExpiringCredential credential;
    private IOException handleException;

    /* loaded from: input_file:com/singlestore/jdbc/plugin/credential/browser/TokenWaiterServer$DummyAlgorithm.class */
    private static class DummyAlgorithm extends Algorithm {
        public DummyAlgorithm(String str) {
            super(str, "Does not do any signature verification. Used to only verify claims for a token");
        }

        public void verify(DecodedJWT decodedJWT) throws SignatureVerificationException {
        }

        public byte[] sign(byte[] bArr) throws SignatureGenerationException {
            return null;
        }
    }

    /* loaded from: input_file:com/singlestore/jdbc/plugin/credential/browser/TokenWaiterServer$RequestHandler.class */
    private static class RequestHandler implements HttpHandler {
        private final TokenWaiterServer server;

        public RequestHandler(TokenWaiterServer tokenWaiterServer) {
            this.server = tokenWaiterServer;
        }

        public void handle(HttpExchange httpExchange) throws IOException {
            httpExchange.getResponseHeaders().set("Access-Control-Allow-Origin", "*");
            if (httpExchange.getRequestMethod().equals("OPTIONS")) {
                httpExchange.getResponseHeaders().set("Allow", "POST");
                httpExchange.sendResponseHeaders(204, -1L);
                httpExchange.close();
                return;
            }
            if (!httpExchange.getRequestMethod().equals("POST")) {
                error(httpExchange, 400, "POST expected");
                this.server.setHandleException(new IOException("POST request expected, got " + httpExchange.getRequestMethod()));
                return;
            }
            try {
                try {
                    DecodedJWT decode = JWT.decode((String) ((Stream) new BufferedReader(new InputStreamReader(httpExchange.getRequestBody())).lines().parallel()).collect(Collectors.joining("\n")));
                    try {
                        JWT.require(new DummyAlgorithm(decode.getAlgorithm())).withClaimPresence("email").build().verify(decode);
                        if (decode.getExpiresAt() == null) {
                            throw new JWTVerificationException("The Claim 'exp' is not present in the JWT.");
                        }
                        if (decode.getClaim("sub").isNull() && decode.getClaim("username").isNull()) {
                            throw new JWTVerificationException("One of claims 'sub' and 'username' must be present in the JWT.");
                        }
                        httpExchange.sendResponseHeaders(204, -1L);
                        httpExchange.close();
                        this.server.setCredential(new ExpiringCredential(new Credential(decode.getClaim("username").isNull() ? decode.getClaim("sub").asString() : decode.getClaim("username").asString(), decode.getToken()), decode.getClaim("email").asString(), decode.getExpiresAt().toInstant()));
                    } catch (JWTVerificationException e) {
                        error(httpExchange, 400, "Could not verify claims: " + e.getMessage());
                        this.server.setHandleException(new IOException("Could not verify claims: ", e));
                    }
                } catch (JWTDecodeException e2) {
                    error(httpExchange, 400, "Could not parse claims: " + e2.getMessage());
                    this.server.setHandleException(new IOException("Could not parse claims: ", e2));
                }
            } catch (Exception e3) {
                error(httpExchange, 500, "Bad read from request");
                this.server.setHandleException(new IOException("Bad read from request: ", e3));
            }
        }

        private void error(HttpExchange httpExchange, int i, String str) throws IOException {
            httpExchange.getResponseHeaders().set("Content-Type", "text/plain; charset=utf-8");
            httpExchange.getResponseHeaders().set("X-Content-Type-Options", "nosniff");
            httpExchange.sendResponseHeaders(i, 0L);
            httpExchange.getResponseBody().write(str.getBytes(StandardCharsets.UTF_8));
            httpExchange.getResponseBody().close();
        }
    }

    public TokenWaiterServer() throws SQLException {
        try {
            this.server = HttpServer.create(new InetSocketAddress("127.0.0.1", 0), 0);
            String str = "/" + randomAlphanumeric(20);
            this.server.createContext(str, new RequestHandler(this));
            this.listenPath = "http://127.0.0.1:" + this.server.getAddress().getPort() + str;
            this.server.start();
        } catch (IOException e) {
            throw new SQLException("Could not create a local HTTP server while using identity plugin 'BROWSER_SSO'", e);
        }
    }

    public ExpiringCredential WaitForCredential() throws InterruptedException, TimeoutException, IOException {
        try {
            if (!this.latch.await(WAIT_TIMEOUT, TimeUnit.SECONDS)) {
                throw new TimeoutException();
            }
            if (this.handleException != null) {
                throw this.handleException;
            }
            return this.credential;
        } finally {
            this.server.stop(0);
        }
    }

    public String getListenPath() {
        return this.listenPath;
    }

    public void setCredential(ExpiringCredential expiringCredential) {
        this.credential = expiringCredential;
        this.latch.countDown();
    }

    public void setHandleException(IOException iOException) {
        this.handleException = iOException;
        this.latch.countDown();
    }

    private String randomAlphanumeric(int i) {
        return ((StringBuilder) new Random().ints(48, 123).filter(i2 -> {
            return (i2 <= 57 || i2 >= 65) && (i2 <= 90 || i2 >= 97);
        }).limit(i).collect(StringBuilder::new, (v0, v1) -> {
            v0.appendCodePoint(v1);
        }, (v0, v1) -> {
            v0.append(v1);
        })).toString();
    }
}
