package com.amazon.redshift.core;

import com.amazon.redshift.AuthMech;
import com.amazon.redshift.CredentialsHolder;
import com.amazon.redshift.IPlugin;
import com.amazon.redshift.RedshiftProperty;
import com.amazon.redshift.jdbc.RedshiftConnectionImpl;
import com.amazon.redshift.logger.LogLevel;
import com.amazon.redshift.logger.RedshiftLogger;
import com.amazon.redshift.util.GT;
import com.amazon.redshift.util.RedshiftException;
import com.amazon.redshift.util.RedshiftState;
import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.services.redshift.AmazonRedshift;
import com.amazonaws.services.redshift.AmazonRedshiftClientBuilder;
import com.amazonaws.services.redshift.model.Cluster;
import com.amazonaws.services.redshift.model.DescribeClustersRequest;
import com.amazonaws.services.redshift.model.Endpoint;
import com.amazonaws.services.redshift.model.GetClusterCredentialsRequest;
import com.amazonaws.services.redshift.model.GetClusterCredentialsResult;
import com.amazonaws.util.StringUtils;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;

/* loaded from: input_file:com/amazon/redshift/core/IamHelper.class */
public final class IamHelper {
    private IamHelper() {
    }

    public static void setIAMProperties(Properties properties, RedshiftJDBCSettings redshiftJDBCSettings, RedshiftLogger redshiftLogger) throws RedshiftException {
        List<String> emptyList;
        try {
            if (redshiftJDBCSettings.m_authMech.ordinal() < AuthMech.VERIFY_CA.ordinal()) {
                redshiftJDBCSettings.m_authMech = AuthMech.VERIFY_CA;
            }
            String requiredConnSetting = RedshiftConnectionImpl.getRequiredConnSetting(RedshiftProperty.CLUSTER_IDENTIFIER.getName(), properties);
            String optionalConnSetting = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.AWS_REGION.getName(), properties);
            String optionalConnSetting2 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.ENDPOINT_URL.getName(), properties);
            String optionalConnSetting3 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.UID.getName(), properties);
            if (optionalConnSetting3 == null) {
                optionalConnSetting3 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.USER.getName(), properties);
            }
            String optionalConnSetting4 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.PWD.getName(), properties);
            if (optionalConnSetting4 == null) {
                optionalConnSetting4 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.PASSWORD.getName(), properties);
            }
            String optionalConnSetting5 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.AWS_PROFILE.getName(), properties);
            String optionalConnSetting6 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.IAM_DURATION.getName(), properties);
            String optionalConnSetting7 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.IAM_ACCESS_KEY_ID.getName(), properties);
            String optionalConnSetting8 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.IAM_SECRET_ACCESS_KEY.getName(), properties);
            String optionalConnSetting9 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.IAM_SESSION_TOKEN.getName(), properties);
            String optionalConnSetting10 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.CREDENTIALS_PROVIDER.getName(), properties);
            String optionalConnSetting11 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.USER_AUTOCREATE.getName(), properties);
            String optionalConnSetting12 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.DB_USER.getName(), properties);
            String optionalConnSetting13 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.DB_GROUPS.getName(), properties);
            String optionalConnSetting14 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.FORCE_LOWERCASE.getName(), properties);
            String optionalConnSetting15 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.DBNAME.getName(), properties);
            String optionalConnSetting16 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.HOST.getName(), properties);
            String optionalConnSetting17 = RedshiftConnectionImpl.getOptionalConnSetting(RedshiftProperty.PORT.getName(), properties);
            redshiftJDBCSettings.m_clusterIdentifier = requiredConnSetting;
            if (redshiftJDBCSettings.m_clusterIdentifier.isEmpty()) {
                RedshiftException redshiftException = new RedshiftException(GT.tr("Missing connection property {0}", RedshiftProperty.CLUSTER_IDENTIFIER.getName()), RedshiftState.UNEXPECTED_ERROR);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException.toString(), new Object[0]);
                }
                throw redshiftException;
            }
            if (null != optionalConnSetting) {
                redshiftJDBCSettings.m_awsRegion = optionalConnSetting.trim().toLowerCase();
            }
            if (null != optionalConnSetting2) {
                redshiftJDBCSettings.m_endpoint = optionalConnSetting2;
            } else {
                redshiftJDBCSettings.m_endpoint = System.getProperty("redshift.endpoint-url");
            }
            if (null != optionalConnSetting3) {
                redshiftJDBCSettings.m_username = optionalConnSetting3;
            }
            if (null != optionalConnSetting4) {
                redshiftJDBCSettings.m_password = optionalConnSetting4;
            }
            if (null != optionalConnSetting5) {
                redshiftJDBCSettings.m_profile = optionalConnSetting5;
            }
            if (null != optionalConnSetting6) {
                try {
                    redshiftJDBCSettings.m_iamDuration = Integer.parseInt(optionalConnSetting6);
                    if (redshiftJDBCSettings.m_iamDuration < 900 || redshiftJDBCSettings.m_iamDuration > 3600) {
                        RedshiftException redshiftException2 = new RedshiftException(GT.tr("Invalid connection property value or type range(900-3600) {0}", RedshiftProperty.IAM_DURATION.getName()), RedshiftState.UNEXPECTED_ERROR);
                        if (RedshiftLogger.isEnable()) {
                            redshiftLogger.log(LogLevel.ERROR, redshiftException2.toString(), new Object[0]);
                        }
                        throw redshiftException2;
                    }
                } catch (NumberFormatException e) {
                    RedshiftException redshiftException3 = new RedshiftException(GT.tr("Invalid connection property value {0} : {1}", RedshiftProperty.IAM_DURATION.getName(), optionalConnSetting6), RedshiftState.UNEXPECTED_ERROR, e);
                    if (RedshiftLogger.isEnable()) {
                        redshiftLogger.log(LogLevel.DEBUG, redshiftException3.toString(), new Object[0]);
                    }
                    throw redshiftException3;
                }
            }
            if (null != optionalConnSetting7) {
                redshiftJDBCSettings.m_iamAccessKeyID = optionalConnSetting7;
            }
            if (null == optionalConnSetting8) {
                redshiftJDBCSettings.m_iamSecretKey = redshiftJDBCSettings.m_password;
            } else {
                if (StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamAccessKeyID)) {
                    RedshiftException redshiftException4 = new RedshiftException(GT.tr("Missing connection property {0}", RedshiftProperty.IAM_ACCESS_KEY_ID.getName()), RedshiftState.UNEXPECTED_ERROR);
                    if (RedshiftLogger.isEnable()) {
                        redshiftLogger.log(LogLevel.ERROR, redshiftException4.toString(), new Object[0]);
                    }
                    throw redshiftException4;
                }
                redshiftJDBCSettings.m_iamSecretKey = optionalConnSetting8;
                if (redshiftJDBCSettings.m_iamSecretKey.isEmpty()) {
                    redshiftJDBCSettings.m_iamSecretKey = redshiftJDBCSettings.m_password;
                }
            }
            if (null != optionalConnSetting9) {
                if (StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamAccessKeyID)) {
                    RedshiftException redshiftException5 = new RedshiftException(GT.tr("Missing connection property {0}", RedshiftProperty.IAM_ACCESS_KEY_ID.getName()), RedshiftState.UNEXPECTED_ERROR);
                    if (RedshiftLogger.isEnable()) {
                        redshiftLogger.log(LogLevel.ERROR, redshiftException5.toString(), new Object[0]);
                    }
                    throw redshiftException5;
                }
                redshiftJDBCSettings.m_iamSessionToken = optionalConnSetting9;
            }
            if (null != optionalConnSetting10) {
                redshiftJDBCSettings.m_credentialsProvider = optionalConnSetting10;
            }
            Enumeration<?> propertyNames = properties.propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                String property = properties.getProperty(str);
                String lowerCase = str.toLowerCase(Locale.getDefault());
                if (!"*".equals(property)) {
                    redshiftJDBCSettings.m_pluginArgs.put(lowerCase, property);
                }
            }
            redshiftJDBCSettings.m_autocreate = optionalConnSetting11 == null ? null : Boolean.valueOf(optionalConnSetting11);
            redshiftJDBCSettings.m_forceLowercase = optionalConnSetting14 == null ? null : Boolean.valueOf(optionalConnSetting14);
            if (null != optionalConnSetting12) {
                redshiftJDBCSettings.m_dbUser = optionalConnSetting12;
            }
            if (optionalConnSetting13 != null) {
                emptyList = Arrays.asList(((redshiftJDBCSettings.m_forceLowercase == null || !redshiftJDBCSettings.m_forceLowercase.booleanValue()) ? optionalConnSetting13 : optionalConnSetting13.toLowerCase(Locale.getDefault())).split(","));
            } else {
                emptyList = Collections.emptyList();
            }
            redshiftJDBCSettings.m_dbGroups = emptyList;
            redshiftJDBCSettings.m_Schema = optionalConnSetting15;
            if (optionalConnSetting16 != null) {
                redshiftJDBCSettings.m_host = optionalConnSetting16;
            }
            if (optionalConnSetting17 != null) {
                redshiftJDBCSettings.m_port = Integer.parseInt(optionalConnSetting17);
            }
            setIAMCredentials(redshiftJDBCSettings, redshiftLogger);
        } catch (RedshiftException e2) {
            if (RedshiftLogger.isEnable()) {
                redshiftLogger.logError(e2);
            }
            throw e2;
        }
    }

    private static void setIAMCredentials(RedshiftJDBCSettings redshiftJDBCSettings, RedshiftLogger redshiftLogger) throws RedshiftException {
        AWSCredentialsProvider defaultAWSCredentialsProviderChain;
        CredentialsHolder.IamMetadata metadata;
        if (!StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_credentialsProvider)) {
            if (!StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_profile)) {
                RedshiftException redshiftException = new RedshiftException(GT.tr("Conflict in connection property setting {0} and {1}", RedshiftProperty.CREDENTIALS_PROVIDER.getName(), RedshiftProperty.AWS_PROFILE.getName()), RedshiftState.UNEXPECTED_ERROR);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException.toString(), new Object[0]);
                }
                throw redshiftException;
            }
            if (!StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamAccessKeyID)) {
                RedshiftException redshiftException2 = new RedshiftException(GT.tr("Conflict in connection property setting {0} and {1}", RedshiftProperty.CREDENTIALS_PROVIDER.getName(), RedshiftProperty.IAM_ACCESS_KEY_ID.getName()), RedshiftState.UNEXPECTED_ERROR);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException2.toString(), new Object[0]);
                }
                throw redshiftException2;
            }
            try {
                defaultAWSCredentialsProviderChain = (AWSCredentialsProvider) Class.forName(redshiftJDBCSettings.m_credentialsProvider).asSubclass(AWSCredentialsProvider.class).newInstance();
                if (defaultAWSCredentialsProviderChain instanceof IPlugin) {
                    IPlugin iPlugin = (IPlugin) defaultAWSCredentialsProviderChain;
                    iPlugin.setLogger(redshiftLogger);
                    for (Map.Entry<String, String> entry : redshiftJDBCSettings.m_pluginArgs.entrySet()) {
                        iPlugin.addParameter(entry.getKey(), entry.getValue());
                    }
                }
            } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                RedshiftException redshiftException3 = new RedshiftException(GT.tr("Invalid credentials provider class {0}", redshiftJDBCSettings.m_credentialsProvider), RedshiftState.UNEXPECTED_ERROR, e);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException3.toString(), new Object[0]);
                }
                throw redshiftException3;
            } catch (NumberFormatException e2) {
                RedshiftException redshiftException4 = new RedshiftException(GT.tr("{0} : {1}", e2.getMessage(), redshiftJDBCSettings.m_credentialsProvider), RedshiftState.UNEXPECTED_ERROR, e2);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException4.toString(), new Object[0]);
                }
                throw redshiftException4;
            }
        } else if (StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_profile)) {
            defaultAWSCredentialsProviderChain = StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamAccessKeyID) ? new DefaultAWSCredentialsProviderChain() : new AWSStaticCredentialsProvider(!StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamSessionToken) ? new BasicSessionCredentials(redshiftJDBCSettings.m_iamAccessKeyID, redshiftJDBCSettings.m_iamSecretKey, redshiftJDBCSettings.m_iamSessionToken) : new BasicAWSCredentials(redshiftJDBCSettings.m_iamAccessKeyID, redshiftJDBCSettings.m_iamSecretKey));
        } else {
            if (!StringUtils.isNullOrEmpty(redshiftJDBCSettings.m_iamAccessKeyID)) {
                RedshiftException redshiftException5 = new RedshiftException(GT.tr("Conflict in connection property setting {0} and {1}", RedshiftProperty.AWS_PROFILE.getName(), RedshiftProperty.IAM_ACCESS_KEY_ID.getName()), RedshiftState.UNEXPECTED_ERROR);
                if (RedshiftLogger.isEnable()) {
                    redshiftLogger.log(LogLevel.ERROR, redshiftException5.toString(), new Object[0]);
                }
                throw redshiftException5;
            }
            defaultAWSCredentialsProviderChain = new ProfileCredentialsProvider(new PluginProfilesConfigFile(redshiftJDBCSettings, redshiftLogger), redshiftJDBCSettings.m_profile);
        }
        if (RedshiftLogger.isEnable()) {
            redshiftLogger.log(LogLevel.DEBUG, "IDP Credential Provider {0}:{1}", defaultAWSCredentialsProviderChain, redshiftJDBCSettings.m_credentialsProvider);
        }
        AWSCredentials credentials = defaultAWSCredentialsProviderChain.getCredentials();
        if ((credentials instanceof CredentialsHolder) && null != (metadata = ((CredentialsHolder) credentials).getMetadata())) {
            Boolean autoCreate = metadata.getAutoCreate();
            String dbUser = metadata.getDbUser();
            String samlDbUser = metadata.getSamlDbUser();
            String profileDbUser = metadata.getProfileDbUser();
            String dbGroups = metadata.getDbGroups();
            boolean forceLowercase = metadata.getForceLowercase();
            boolean allowDbUserOverride = metadata.getAllowDbUserOverride();
            if (null == redshiftJDBCSettings.m_autocreate) {
                redshiftJDBCSettings.m_autocreate = autoCreate;
            }
            if (null == redshiftJDBCSettings.m_forceLowercase) {
                redshiftJDBCSettings.m_forceLowercase = Boolean.valueOf(forceLowercase);
            }
            if (allowDbUserOverride) {
                if (null != samlDbUser) {
                    redshiftJDBCSettings.m_dbUser = samlDbUser;
                } else if (null != dbUser) {
                    redshiftJDBCSettings.m_dbUser = dbUser;
                } else if (null != profileDbUser) {
                    redshiftJDBCSettings.m_dbUser = profileDbUser;
                }
            } else if (null != dbUser) {
                redshiftJDBCSettings.m_dbUser = dbUser;
            } else if (null != profileDbUser) {
                redshiftJDBCSettings.m_dbUser = profileDbUser;
            } else if (null != samlDbUser) {
                redshiftJDBCSettings.m_dbUser = samlDbUser;
            }
            if (redshiftJDBCSettings.m_dbGroups.isEmpty() && null != dbGroups) {
                redshiftJDBCSettings.m_dbGroups = Arrays.asList((redshiftJDBCSettings.m_forceLowercase.booleanValue() ? dbGroups.toLowerCase(Locale.getDefault()) : dbGroups).split(","));
            }
        }
        if (!"*".equals(redshiftJDBCSettings.m_username) || null != redshiftJDBCSettings.m_dbUser) {
            setClusterCredentials(defaultAWSCredentialsProviderChain, redshiftJDBCSettings, redshiftLogger);
            return;
        }
        RedshiftException redshiftException6 = new RedshiftException(GT.tr("Missing connection property {0}", RedshiftProperty.DB_USER.getName()), RedshiftState.UNEXPECTED_ERROR);
        if (RedshiftLogger.isEnable()) {
            redshiftLogger.log(LogLevel.ERROR, redshiftException6.toString(), new Object[0]);
        }
        throw redshiftException6;
    }

    private static void setClusterCredentials(AWSCredentialsProvider aWSCredentialsProvider, RedshiftJDBCSettings redshiftJDBCSettings, RedshiftLogger redshiftLogger) throws RedshiftException {
        try {
            AmazonRedshiftClientBuilder standard = AmazonRedshiftClientBuilder.standard();
            if (redshiftJDBCSettings.m_endpoint != null) {
                standard.setEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(redshiftJDBCSettings.m_endpoint, redshiftJDBCSettings.m_endpoint));
            } else if (redshiftJDBCSettings.m_awsRegion != null && !redshiftJDBCSettings.m_awsRegion.isEmpty()) {
                standard.setRegion(redshiftJDBCSettings.m_awsRegion);
            }
            AmazonRedshift amazonRedshift = (AmazonRedshift) standard.withCredentials(aWSCredentialsProvider).build();
            if (null == redshiftJDBCSettings.m_host || redshiftJDBCSettings.m_port == 0) {
                DescribeClustersRequest describeClustersRequest = new DescribeClustersRequest();
                describeClustersRequest.setClusterIdentifier(redshiftJDBCSettings.m_clusterIdentifier);
                List clusters = amazonRedshift.describeClusters(describeClustersRequest).getClusters();
                if (clusters.isEmpty()) {
                    throw new AmazonClientException("Failed to describeClusters.");
                }
                Endpoint endpoint = ((Cluster) clusters.get(0)).getEndpoint();
                if (null == endpoint) {
                    throw new AmazonClientException("Cluster is not fully created yet.");
                }
                redshiftJDBCSettings.m_host = endpoint.getAddress();
                redshiftJDBCSettings.m_port = endpoint.getPort().intValue();
            }
            GetClusterCredentialsRequest getClusterCredentialsRequest = new GetClusterCredentialsRequest();
            getClusterCredentialsRequest.setClusterIdentifier(redshiftJDBCSettings.m_clusterIdentifier);
            if (redshiftJDBCSettings.m_iamDuration > 0) {
                getClusterCredentialsRequest.setDurationSeconds(Integer.valueOf(redshiftJDBCSettings.m_iamDuration));
            }
            getClusterCredentialsRequest.setDbName(redshiftJDBCSettings.m_Schema);
            getClusterCredentialsRequest.setDbUser(redshiftJDBCSettings.m_dbUser == null ? redshiftJDBCSettings.m_username : redshiftJDBCSettings.m_dbUser);
            getClusterCredentialsRequest.setAutoCreate(redshiftJDBCSettings.m_autocreate);
            getClusterCredentialsRequest.setDbGroups(redshiftJDBCSettings.m_dbGroups);
            if (RedshiftLogger.isEnable()) {
                redshiftLogger.logDebug(getClusterCredentialsRequest.toString(), new Object[0]);
            }
            GetClusterCredentialsResult clusterCredentials = amazonRedshift.getClusterCredentials(getClusterCredentialsRequest);
            redshiftJDBCSettings.m_username = clusterCredentials.getDbUser();
            redshiftJDBCSettings.m_password = clusterCredentials.getDbPassword();
        } catch (AmazonClientException e) {
            RedshiftException redshiftException = new RedshiftException(GT.tr("IAM error retrieving temp credentials: {0}", e.getMessage()), RedshiftState.UNEXPECTED_ERROR, e);
            if (RedshiftLogger.isEnable()) {
                redshiftLogger.log(LogLevel.ERROR, redshiftException.toString(), new Object[0]);
            }
            throw redshiftException;
        }
    }
}
