package com.databricks.client.jdbc.oauth;

import com.databricks.client.hivecommon.HiveJDBCSettings;
import com.databricks.client.hivecommon.utils.OAuthTokenCache;
import com.databricks.client.jdbc.common.CommonUtils;
import com.databricks.client.jdbc.common.OAuthFlow;
import com.databricks.client.jdbc.common.OAuthSettings;
import com.databricks.client.jdbc.common.SSLSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc.internal.fasterxml.jackson.databind.ObjectMapper;
import com.databricks.client.jdbc42.internal.apache.commons.codec.binary.Base64;
import com.databricks.client.jdbc42.internal.apache.http.HttpResponse;
import com.databricks.client.jdbc42.internal.apache.http.client.config.RequestConfig;
import com.databricks.client.jdbc42.internal.apache.http.client.entity.UrlEncodedFormEntity;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpPost;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpUriRequest;
import com.databricks.client.jdbc42.internal.apache.http.impl.client.HttpClients;
import com.databricks.client.jdbc42.internal.apache.http.message.BasicNameValuePair;
import com.databricks.client.jdbc42.internal.apache.http.util.EntityUtils;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/databricks/client/jdbc/oauth/OAuthFactory.class */
public class OAuthFactory {
    private static final String JSON_ACCESS_TOKEN_KEY = "access_token";
    private static final String JSON_REFRESH_TOKEN_KEY = "refresh_token";
    private static final String EXPIRY_TIME_KEY = "expires_in";
    private static final String JSON_ERROR_KEY = "error";
    private static final String JSON_ERROR_DESCRIPTION_KEY = "error_description";
    private static final String GRANT_TYPE_KEY = "grant_type";
    private static final String SCOPE_KEY = "scope";
    private static final String CLIENT_ID_KEY = "client_id";
    private static final String CLIENT_SECRET_KEY = "client_secret";
    private static final String CLIENT_CRED_GRANT = "client_credentials";
    private static final String UTF_8_CHARSET = "UTF-8";
    private static final String CODE = "code";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String CODE_VERIFIER = "code_verifier";
    private static final String BROWSER_CRED_GRANT = "authorization_code";
    private static final String INVALID_AUTHORIZATION_URL_STRINGS = "metadata|fd00:ec2::254|169.254.169.254";
    private static final String HTTPS_STRING = "https";
    private static final String HTTPS_ERROR_DESC = "HTTPS required";
    private static final String LOCAL_ADDRESS_ERROR_DESC = "Invalid local Address";
    private static final String URL_ERROR_DESC = "Invalid URL";
    private static final String METADATA_ERROR_DESC = "Invalid metadata access";

    public static URI getServerURI(OAuthSettings oAuthSettings) throws ErrorException {
        checkInvalidAuthorizationUrl(oAuthSettings.m_authorizationUrl);
        try {
            return new URL(oAuthSettings.m_authorizationUrl).toURI();
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage()});
        }
    }

    public static void checkInvalidAuthorizationUrl(String str) throws ErrorException {
        String str2 = "";
        Boolean bool = false;
        if (str == null) {
            bool = true;
        }
        Matcher matcher = Pattern.compile(INVALID_AUTHORIZATION_URL_STRINGS, 2).matcher(str);
        try {
            if (InetAddress.getByAddress(InetAddress.getByName(new URL(str).getHost()).getAddress()).isSiteLocalAddress()) {
                bool = true;
                str2 = LOCAL_ADDRESS_ERROR_DESC;
            }
        } catch (MalformedURLException | UnknownHostException e) {
            bool = true;
            str2 = URL_ERROR_DESC;
        }
        if (matcher.find()) {
            bool = true;
            str2 = METADATA_ERROR_DESC;
        }
        ErrorException createGeneralException = DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.AUTHORIZATIONN_URL_ERROR.name(), str2);
        if (bool.booleanValue()) {
            throw createGeneralException;
        }
    }

    public static String clientCredentialOAuth(OAuthSettings oAuthSettings, SSLSettings sSLSettings, ILogger iLogger) throws ErrorException {
        LogUtilities.logFunctionEntrance(iLogger, oAuthSettings, sSLSettings, iLogger);
        URI serverURI = getServerURI(oAuthSettings);
        HttpPost requestParams = setRequestParams(oAuthSettings, new HttpPost(serverURI));
        requestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        String executeRequest = executeRequest(oAuthSettings, serverURI, requestParams);
        String parseJsonResponse = parseJsonResponse(executeRequest.toString(), JSON_ACCESS_TOKEN_KEY);
        setExpiryTime(executeRequest, oAuthSettings, iLogger);
        if (null == parseJsonResponse) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
        }
        return parseJsonResponse;
    }

    public static String browerCredentialOauth(ILogger iLogger, OAuthTokenCache oAuthTokenCache, HiveJDBCSettings hiveJDBCSettings, String str) throws ErrorException {
        LogUtilities.logFunctionEntrance(iLogger, hiveJDBCSettings);
        OAuthSettings oAuthSettings = hiveJDBCSettings.m_oAuthSettings;
        URI serverURI = getServerURI(oAuthSettings);
        HttpPost requestParams = setRequestParams(oAuthSettings, new HttpPost(serverURI));
        requestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        String executeRequest = executeRequest(hiveJDBCSettings.m_oAuthSettings, serverURI, requestParams);
        String parseJsonResponse = parseJsonResponse(executeRequest.toString(), JSON_ACCESS_TOKEN_KEY);
        if (hiveJDBCSettings.m_oAuthSettings.m_authFlow == OAuthFlow.BROWSER && hiveJDBCSettings.m_enableTokenCache.booleanValue()) {
            oAuthTokenCache.getTokenCache().setValue(str, parseJsonResponse(executeRequest.toString(), JSON_REFRESH_TOKEN_KEY), System.currentTimeMillis() * 2);
        }
        setExpiryTime(executeRequest, oAuthSettings, iLogger);
        if (null == parseJsonResponse) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
        }
        return parseJsonResponse;
    }

    public static String tokenCredentialOauth(OAuthSettings oAuthSettings, SSLSettings sSLSettings, ILogger iLogger, OAuthTokenCache oAuthTokenCache, HiveJDBCSettings hiveJDBCSettings) throws ErrorException {
        LogUtilities.logFunctionEntrance(iLogger, oAuthSettings, sSLSettings, iLogger);
        URI serverURI = getServerURI(oAuthSettings);
        HttpPost tokenRequestParams = setTokenRequestParams(oAuthSettings, new HttpPost(serverURI));
        tokenRequestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        if (!tokenRequestParams.getURI().getScheme().equals(HTTPS_STRING)) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.AUTHORIZATIONN_URL_ERROR.name(), HTTPS_ERROR_DESC);
        }
        String executeRequest = executeRequest(hiveJDBCSettings.m_oAuthSettings, serverURI, tokenRequestParams);
        String parseJsonResponse = parseJsonResponse(executeRequest.toString(), JSON_ACCESS_TOKEN_KEY);
        setExpiryTime(executeRequest, oAuthSettings, iLogger);
        if (null == parseJsonResponse) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
        }
        return parseJsonResponse;
    }

    private static void setExpiryTime(String str, OAuthSettings oAuthSettings, ILogger iLogger) throws ErrorException {
        int intValue = Integer.valueOf(parseJsonResponse(str.toString(), EXPIRY_TIME_KEY)).intValue();
        if (oAuthSettings.m_tokenExpiryBuffer < intValue) {
            intValue -= oAuthSettings.m_tokenExpiryBuffer;
        } else {
            LogUtilities.logWarning("Token expiry buffer " + String.valueOf(oAuthSettings.m_tokenExpiryBuffer) + " is greater than the token expiry time " + intValue + ". No buffer is used for token expiry time.", iLogger);
        }
        oAuthSettings.m_expiryTime = System.currentTimeMillis() + (intValue * 1000);
    }

    private static void checkResponse(HttpResponse httpResponse, String str) throws ErrorException {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (statusCode != 200) {
            if (statusCode != 400) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{Integer.toString(statusCode), httpResponse.getStatusLine().getReasonPhrase()});
            }
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{parseJsonResponse(str, JSON_ERROR_KEY), parseJsonResponse(str, JSON_ERROR_DESCRIPTION_KEY)});
        }
    }

    private static String parseJsonResponse(String str, String str2) throws ErrorException {
        try {
            return new ObjectMapper().readTree(str).get(str2).asText();
        } catch (IOException e) {
            ErrorException createGeneralException = DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.ERROR_PARSING_JSON_RESPONSE.name(), e.getMessage());
            createGeneralException.initCause(e);
            throw createGeneralException;
        }
    }

    private static HttpPost setRequestParams(OAuthSettings oAuthSettings, HttpPost httpPost) throws ErrorException {
        ArrayList arrayList = new ArrayList(2);
        if (OAuthFlow.BROWSER == oAuthSettings.m_authFlow) {
            arrayList.add(new BasicNameValuePair(GRANT_TYPE_KEY, BROWSER_CRED_GRANT));
            arrayList.add(new BasicNameValuePair(CLIENT_ID_KEY, oAuthSettings.m_authClientID));
            arrayList.add(new BasicNameValuePair(CODE, oAuthSettings.m_code));
            arrayList.add(new BasicNameValuePair(REDIRECT_URI, oAuthSettings.m_redirectUri));
            arrayList.add(new BasicNameValuePair(CODE_VERIFIER, oAuthSettings.m_codeVerifier));
        } else if (OAuthFlow.CLIENT_CREDENTIALS == oAuthSettings.m_authFlow) {
            arrayList.add(new BasicNameValuePair(GRANT_TYPE_KEY, CLIENT_CRED_GRANT));
            if (oAuthSettings.m_authSource == OAuthSettings.OAuthSource.AZURE) {
                arrayList.add(new BasicNameValuePair(CLIENT_ID_KEY, oAuthSettings.m_authClientID));
                arrayList.add(new BasicNameValuePair(CLIENT_SECRET_KEY, oAuthSettings.m_authClientSecret));
            } else if (oAuthSettings.m_authSource == OAuthSettings.OAuthSource.AWS) {
                httpPost.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64((oAuthSettings.m_authClientID + ":" + oAuthSettings.m_authClientSecret).getBytes())));
            }
        }
        if (null != oAuthSettings.m_authScope) {
            arrayList.add(new BasicNameValuePair(SCOPE_KEY, oAuthSettings.m_authScope));
        }
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage(), e.getCause().toString()});
        }
    }

    private static String executeRequest(OAuthSettings oAuthSettings, URI uri, HttpPost httpPost) throws ErrorException {
        try {
            HttpResponse execute = HttpClients.custom().setSSLSocketFactory(CommonUtils.getSocketFactory(uri.getHost(), oAuthSettings.m_tokenEndpointSSLSettings)).build().execute((HttpUriRequest) httpPost);
            String entityUtils = EntityUtils.toString(execute.getEntity());
            checkResponse(execute, entityUtils);
            return entityUtils;
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage(), e.getCause().toString()});
        }
    }

    private static HttpPost setTokenRequestParams(OAuthSettings oAuthSettings, HttpPost httpPost) throws ErrorException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new BasicNameValuePair(GRANT_TYPE_KEY, JSON_REFRESH_TOKEN_KEY));
        arrayList.add(new BasicNameValuePair(JSON_REFRESH_TOKEN_KEY, oAuthSettings.m_refreshToken));
        arrayList.add(new BasicNameValuePair(CLIENT_ID_KEY, oAuthSettings.m_authClientID));
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage(), e.getCause().toString()});
        }
    }
}
