package net.snowflake.client.core;

import java.awt.Desktop;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Locale;
import java.util.TimeZone;
import net.snowflake.client.core.Constants;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.jdbc.SnowflakeSQLException;
import net.snowflake.client.jdbc.internal.apache.commons.io.IOUtils;
import net.snowflake.client.jdbc.internal.apache.http.client.methods.HttpPost;
import net.snowflake.client.jdbc.internal.apache.http.client.utils.URIBuilder;
import net.snowflake.client.jdbc.internal.apache.http.entity.StringEntity;
import net.snowflake.client.jdbc.internal.apache.tika.metadata.Metadata;
import net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.JsonNode;
import net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.ObjectMapper;
import net.snowflake.client.jdbc.internal.google.common.base.Strings;
import net.snowflake.client.jdbc.internal.microsoft.azure.storage.table.TableConstants;
import net.snowflake.client.jdbc.internal.snowflake.common.core.ClientAuthnDTO;
import net.snowflake.client.jdbc.internal.snowflake.common.core.ClientAuthnParameter;
import net.snowflake.client.jdbc.internal.snowflake.common.core.SqlState;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

/* loaded from: input_file:net/snowflake/client/core/SessionUtilExternalBrowser.class */
public class SessionUtilExternalBrowser {
    private final SFLoginInput loginInput;
    String token;
    private String proofKey;
    private AuthExternalBrowserHandlers handlers;
    private static final String PREFIX_GET = "GET ";
    private static final String PREFIX_POST = "POST ";
    private static final String PREFIX_OPTIONS = "OPTIONS ";
    private static final String PREFIX_USER_AGENT = "USER-AGENT: ";
    static final SFLogger logger = SFLoggerFactory.getLogger(SessionUtilExternalBrowser.class);
    private static Charset UTF8_CHARSET = Charset.forName("UTF-8");
    private final ObjectMapper mapper = ObjectMapperFactory.getObjectMapper();
    private boolean consentCacheIdToken = true;
    private String origin = null;

    /* loaded from: input_file:net/snowflake/client/core/SessionUtilExternalBrowser$AuthExternalBrowserHandlers.class */
    public interface AuthExternalBrowserHandlers {
        HttpPost build(URI uri);

        void openBrowser(String str) throws SFException;

        void output(String str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/snowflake/client/core/SessionUtilExternalBrowser$DefaultAuthExternalBrowserHandlers.class */
    public static class DefaultAuthExternalBrowserHandlers implements AuthExternalBrowserHandlers {
        DefaultAuthExternalBrowserHandlers() {
        }

        @Override // net.snowflake.client.core.SessionUtilExternalBrowser.AuthExternalBrowserHandlers
        public HttpPost build(URI uri) {
            return new HttpPost(uri);
        }

        @Override // net.snowflake.client.core.SessionUtilExternalBrowser.AuthExternalBrowserHandlers
        public void openBrowser(String str) throws SFException {
            try {
                if (Desktop.isDesktopSupported()) {
                    Desktop.getDesktop().browse(new URI(str));
                } else {
                    Runtime runtime = Runtime.getRuntime();
                    if (Constants.getOS() == Constants.OS.MAC) {
                        runtime.exec("open " + str);
                    } else {
                        runtime.exec("xdg-open " + str);
                    }
                }
            } catch (IOException | URISyntaxException e) {
                throw new SFException(e, ErrorCode.NETWORK_ERROR, e.getMessage());
            }
        }

        @Override // net.snowflake.client.core.SessionUtilExternalBrowser.AuthExternalBrowserHandlers
        public void output(String str) {
            System.out.println(str);
        }
    }

    public static SessionUtilExternalBrowser createInstance(SFLoginInput sFLoginInput) {
        return new SessionUtilExternalBrowser(sFLoginInput, new DefaultAuthExternalBrowserHandlers());
    }

    public SessionUtilExternalBrowser(SFLoginInput sFLoginInput, AuthExternalBrowserHandlers authExternalBrowserHandlers) {
        this.loginInput = sFLoginInput;
        this.handlers = authExternalBrowserHandlers;
    }

    protected ServerSocket getServerSocket() throws SFException {
        try {
            return new ServerSocket(0, 0, InetAddress.getByName("localhost"));
        } catch (IOException e) {
            throw new SFException(e, ErrorCode.NETWORK_ERROR, e.getMessage());
        }
    }

    protected int getLocalPort(ServerSocket serverSocket) {
        return serverSocket.getLocalPort();
    }

    private String getSSOUrl(int i) throws SFException, SnowflakeSQLException {
        try {
            String serverUrl = this.loginInput.getServerUrl();
            String authenticator = this.loginInput.getAuthenticator();
            URIBuilder uRIBuilder = new URIBuilder(serverUrl);
            uRIBuilder.setPath("/session/authenticator-request");
            HttpPost build = this.handlers.build(uRIBuilder.build());
            ClientAuthnDTO clientAuthnDTO = new ClientAuthnDTO();
            HashMap hashMap = new HashMap();
            hashMap.put(ClientAuthnParameter.AUTHENTICATOR.name(), authenticator);
            hashMap.put(ClientAuthnParameter.ACCOUNT_NAME.name(), this.loginInput.getAccountName());
            hashMap.put(ClientAuthnParameter.LOGIN_NAME.name(), this.loginInput.getUserName());
            hashMap.put(ClientAuthnParameter.BROWSER_MODE_REDIRECT_PORT.name(), Integer.toString(i));
            hashMap.put(ClientAuthnParameter.CLIENT_APP_ID.name(), this.loginInput.getAppId());
            hashMap.put(ClientAuthnParameter.CLIENT_APP_VERSION.name(), this.loginInput.getAppVersion());
            clientAuthnDTO.setData(hashMap);
            StringEntity stringEntity = new StringEntity(this.mapper.writeValueAsString(clientAuthnDTO), StandardCharsets.UTF_8);
            stringEntity.setContentType("application/json");
            build.setEntity(stringEntity);
            build.addHeader("accept", "application/json");
            String executeGeneralRequest = HttpUtil.executeGeneralRequest(build, this.loginInput.getLoginTimeout(), this.loginInput.getOCSPMode());
            logger.debug("authenticator-request response: {}", executeGeneralRequest);
            JsonNode readTree = this.mapper.readTree(executeGeneralRequest);
            if (!readTree.path("success").asBoolean()) {
                logger.debug("response = {}", executeGeneralRequest);
                throw new SnowflakeSQLException(SqlState.SQLCLIENT_UNABLE_TO_ESTABLISH_SQLCONNECTION, new Integer(readTree.path(TableConstants.ErrorConstants.ERROR_CODE).asText()).intValue(), readTree.path(TableConstants.ErrorConstants.ERROR_MESSAGE).asText());
            }
            JsonNode path = readTree.path("data");
            this.proofKey = path.path("proofKey").asText();
            return path.path("ssoUrl").asText();
        } catch (IOException | URISyntaxException e) {
            throw new SFException(e, ErrorCode.NETWORK_ERROR, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticate() throws SFException, SnowflakeSQLException {
        ServerSocket serverSocket = getServerSocket();
        try {
            try {
                int localPort = getLocalPort(serverSocket);
                logger.debug("Listening localhost:{}", Integer.valueOf(localPort));
                String sSOUrl = getSSOUrl(localPort);
                this.handlers.output("Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...");
                this.handlers.openBrowser(sSOUrl);
                while (true) {
                    Socket accept = serverSocket.accept();
                    try {
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(accept.getInputStream(), UTF8_CHARSET));
                        char[] cArr = new char[16384];
                        String[] split = new String(cArr, 0, bufferedReader.read(cArr)).split(IOUtils.LINE_SEPARATOR_WINDOWS);
                        if (!processOptions(split, accept)) {
                            processSamlToken(split, accept);
                            accept.close();
                            try {
                                serverSocket.close();
                                return;
                            } catch (IOException e) {
                                throw new SFException(e, ErrorCode.NETWORK_ERROR, e.getMessage());
                            }
                        }
                        accept.close();
                    } catch (Throwable th) {
                        accept.close();
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                try {
                    serverSocket.close();
                    throw th2;
                } catch (IOException e2) {
                    throw new SFException(e2, ErrorCode.NETWORK_ERROR, e2.getMessage());
                }
            }
        } catch (IOException e3) {
            throw new SFException(e3, ErrorCode.NETWORK_ERROR, e3.getMessage());
        }
    }

    private boolean processOptions(String[] strArr, Socket socket) throws IOException {
        String str = null;
        String str2 = null;
        String str3 = null;
        for (String str4 : strArr) {
            if (str4.length() > PREFIX_OPTIONS.length() && str4.substring(0, PREFIX_OPTIONS.length()).equalsIgnoreCase(PREFIX_OPTIONS)) {
                str = str4;
            } else if (str4.length() > PREFIX_USER_AGENT.length() && str4.substring(0, PREFIX_USER_AGENT.length()).equalsIgnoreCase(PREFIX_USER_AGENT)) {
                str2 = str4;
            } else if (str4.startsWith("Access-Control-Request-Method")) {
                String[] split = str4.split(Metadata.NAMESPACE_PREFIX_DELIMITER);
                if (split.length != 2) {
                    logger.error("no value for HTTP header: Access-Control-Request-Method. line={}", str4);
                    return false;
                }
                if (!split[1].trim().contains("POST")) {
                    return false;
                }
            } else if (str4.startsWith("Access-Control-Request-Headers")) {
                String[] split2 = str4.split(Metadata.NAMESPACE_PREFIX_DELIMITER);
                if (split2.length != 2) {
                    logger.error("no value for HTTP header: Access-Control-Request-Method. line={}", str4);
                    return false;
                }
                str3 = split2[1].trim();
            } else if (!str4.startsWith("Origin")) {
                continue;
            } else {
                if (str4.split(Metadata.NAMESPACE_PREFIX_DELIMITER).length < 2) {
                    logger.error("no value for HTTP header: Origin. line={}", str4);
                    return false;
                }
                this.origin = str4.substring(str4.indexOf(58) + 1).trim();
            }
        }
        if (str2 != null) {
            logger.debug("{}", str2);
        }
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str3) || Strings.isNullOrEmpty(this.origin)) {
            return false;
        }
        returnToBrowserForOptions(str3, socket);
        return true;
    }

    private void returnToBrowserForOptions(String str, Socket socket) throws IOException {
        PrintWriter printWriter = new PrintWriter(socket.getOutputStream(), true);
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        String[] strArr = {"HTTP/1.1 200 OK", String.format("Date: %s", simpleDateFormat.format(new Date()) + " GMT"), "Access-Control-Allow-Methods: POST, GET", String.format("Access-Control-Allow-Headers: %s", str), "Access-Control-Max-Age: 86400", String.format("Access-Control-Allow-Origin: %s", this.origin), "", ""};
        for (int i = 0; i < strArr.length; i++) {
            if (i > 0) {
                printWriter.print(IOUtils.LINE_SEPARATOR_WINDOWS);
            }
            printWriter.print(strArr[i]);
        }
        printWriter.flush();
    }

    /* JADX WARN: Code restructure failed: missing block: B:56:0x012e, code lost:
    
        r12.token = r0.getValue();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void processSamlToken(java.lang.String[] r13, java.net.Socket r14) throws java.io.IOException, net.snowflake.client.core.SFException {
        /*
            Method dump skipped, instructions count: 406
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: net.snowflake.client.core.SessionUtilExternalBrowser.processSamlToken(java.lang.String[], java.net.Socket):void");
    }

    private void extractJsonTokenFromPostRequest(String str) throws IOException {
        JsonNode readTree = this.mapper.readTree(str);
        this.token = readTree.get("token").asText();
        this.consentCacheIdToken = readTree.get("consent").asBoolean();
    }

    private String extractTokenFromPostRequest(String str) {
        return "/?" + str;
    }

    private String extractTokenFromGetRequest(String str) throws SFException {
        String[] split = str.split("\\s");
        if (split.length == 3 && split[0].toLowerCase(Locale.US).equalsIgnoreCase("GET") && split[2].startsWith("HTTP/1.")) {
            return split[1];
        }
        throw new SFException(ErrorCode.NETWORK_ERROR, String.format("Invalid HTTP request. No token is given from the browser: %s", str));
    }

    private void returnToBrowser(Socket socket) throws IOException {
        String str;
        PrintWriter printWriter = new PrintWriter(socket.getOutputStream(), true);
        ArrayList arrayList = new ArrayList();
        arrayList.add("HTTP/1.0 200 OK");
        arrayList.add("Content-Type: text/html");
        if (this.origin != null) {
            arrayList.add(String.format("Access-Control-Allow-Origin: %s", this.origin));
            arrayList.add("Vary: Accept-Encoding, Origin");
            HashMap hashMap = new HashMap();
            hashMap.put("consent", Boolean.valueOf(this.consentCacheIdToken));
            str = this.mapper.writeValueAsString(hashMap);
        } else {
            str = "<!DOCTYPE html><html><head><meta charset=\"UTF-8\"/><title>SAML Response for Snowflake</title></head><body>Your identity was confirmed and propagated to Snowflake JDBC driver. You can close this window now and go back where you started from.</body></html>";
        }
        arrayList.add(String.format("Content-Length: %s", Integer.valueOf(str.length())));
        arrayList.add("");
        arrayList.add(str);
        for (int i = 0; i < arrayList.size(); i++) {
            if (i > 0) {
                printWriter.print(IOUtils.LINE_SEPARATOR_WINDOWS);
            }
            printWriter.print((String) arrayList.get(i));
        }
        printWriter.flush();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getToken() {
        return this.token;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getProofKey() {
        return this.proofKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isConsentCacheIdToken() {
        return this.consentCacheIdToken;
    }
}
