package com.amazon.redshift.plugin;

import com.amazon.redshift.jdbc.EscapedFunctions;
import com.amazon.redshift.logger.LogLevel;
import com.amazon.redshift.logger.RedshiftLogger;
import com.amazonaws.SdkClientException;
import com.amazonaws.util.IOUtils;
import com.amazonaws.util.StringUtils;
import java.io.Closeable;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/amazon/redshift/plugin/PingCredentialsProvider.class */
public class PingCredentialsProvider extends SamlCredentialsProvider {
    private static final Pattern SAML_PATTERN = Pattern.compile("SAMLResponse\\W+value=\"([^\"]+)\"");
    private static final String KEY_PARTNER_SPID = "partner_spid";
    protected String m_partnerSpId;

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public void addParameter(String str, String str2) {
        super.addParameter(str, str2);
        if (KEY_PARTNER_SPID.equalsIgnoreCase(str)) {
            this.m_partnerSpId = str2;
        }
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider, com.amazon.redshift.IPlugin
    public String getPluginSpecificCacheKey() {
        return this.m_partnerSpId != null ? this.m_partnerSpId : "";
    }

    @Override // com.amazon.redshift.plugin.SamlCredentialsProvider
    protected String getSamlAssertion() throws IOException {
        checkRequiredParameters();
        if (StringUtils.isNullOrEmpty(this.m_partnerSpId)) {
            this.m_partnerSpId = "urn%3Aamazon%3Awebservices";
        } else {
            this.m_partnerSpId = URLEncoder.encode(this.m_partnerSpId, "UTF-8");
        }
        String str = "https://" + this.m_idpHost + ':' + this.m_idpPort + "/idp/startSSO.ping?PartnerSpId=" + this.m_partnerSpId;
        ArrayList arrayList = new ArrayList(5);
        try {
            try {
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("uri: {0}", str);
                }
                CloseableHttpClient httpClient = getHttpClient();
                CloseableHttpResponse execute = httpClient.execute(new HttpGet(str));
                if (execute.getStatusLine().getStatusCode() != 200) {
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.log(LogLevel.DEBUG, "getSamlAssertion https response:" + EntityUtils.toString(execute.getEntity()), new Object[0]);
                    }
                    throw new IOException("Failed send request: " + execute.getStatusLine().getReasonPhrase());
                }
                String entityUtils = EntityUtils.toString(execute.getEntity());
                BasicNameValuePair basicNameValuePair = null;
                BasicNameValuePair basicNameValuePair2 = null;
                String str2 = null;
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("body: {0}", entityUtils);
                }
                for (String str3 : getInputTagsfromHTML(entityUtils)) {
                    String valueByKey = getValueByKey(str3, "name");
                    String valueByKey2 = getValueByKey(str3, "id");
                    String valueByKey3 = getValueByKey(str3, "value");
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.logDebug("name: {0} , id: {1}", valueByKey, valueByKey2);
                    }
                    if (basicNameValuePair == null && (("username".equals(valueByKey2) || "pf.username".equals(valueByKey2) || "username".equals(valueByKey) || "pf.username".equals(valueByKey)) && isText(str3))) {
                        basicNameValuePair = new BasicNameValuePair(valueByKey, this.m_userName);
                    } else if (("pf.pass".equals(valueByKey) || valueByKey.contains("pass")) && isPassword(str3)) {
                        if (basicNameValuePair2 != null) {
                            if (RedshiftLogger.isEnable()) {
                                this.m_log.log(LogLevel.DEBUG, String.format("pass field: %s has conflict with field: %s", str2, str3), new Object[0]);
                                this.m_log.log(LogLevel.DEBUG, entityUtils, new Object[0]);
                            }
                            throw new IOException("Duplicate password fields on login page.");
                        }
                        str2 = str3;
                        basicNameValuePair2 = new BasicNameValuePair(valueByKey, this.m_password);
                    } else if (!StringUtils.isNullOrEmpty(valueByKey)) {
                        arrayList.add(new BasicNameValuePair(valueByKey, valueByKey3));
                    }
                }
                if (basicNameValuePair == null) {
                    for (String str4 : getInputTagsfromHTML(entityUtils)) {
                        String valueByKey4 = getValueByKey(str4, "name");
                        if (RedshiftLogger.isEnable()) {
                            this.m_log.log(LogLevel.DEBUG, String.format("inputTag: %s has name with field: %s", str4, valueByKey4), new Object[0]);
                        }
                        if (("email".equals(valueByKey4) || valueByKey4.contains(EscapedFunctions.USER) || valueByKey4.contains("email")) && isText(str4)) {
                            basicNameValuePair = new BasicNameValuePair(valueByKey4, this.m_userName);
                        }
                    }
                }
                if (basicNameValuePair == null || basicNameValuePair2 == null) {
                    boolean z = basicNameValuePair == null;
                    boolean z2 = basicNameValuePair2 == null;
                    if (RedshiftLogger.isEnable()) {
                        this.m_log.log(LogLevel.DEBUG, entityUtils, new Object[0]);
                    }
                    throw new IOException("Failed to parse login form. noUserName = " + z + " noPass=" + z2);
                }
                arrayList.add(basicNameValuePair);
                arrayList.add(basicNameValuePair2);
                String formAction = getFormAction(entityUtils);
                if (!StringUtils.isNullOrEmpty(formAction) && formAction.startsWith("/")) {
                    str = "https://" + this.m_idpHost + ':' + this.m_idpPort + formAction;
                }
                if (RedshiftLogger.isEnable()) {
                    this.m_log.logDebug("action uri: {0}", str);
                }
                HttpPost httpPost = new HttpPost(str);
                httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
                CloseableHttpResponse execute2 = httpClient.execute(httpPost);
                if (execute2.getStatusLine().getStatusCode() != 200) {
                    throw new IOException("Failed send request: " + execute2.getStatusLine().getReasonPhrase());
                }
                Matcher matcher = SAML_PATTERN.matcher(EntityUtils.toString(execute2.getEntity()));
                if (!matcher.find()) {
                    throw new IOException("Failed to retrieve SAMLAssertion.");
                }
                String group = matcher.group(1);
                IOUtils.closeQuietly(httpClient, (Log) null);
                return group;
            } catch (GeneralSecurityException e) {
                throw new SdkClientException("Failed create SSLContext.", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) null, (Log) null);
            throw th;
        }
    }
}
