package com.tibco.bw.sharedresource.amazoncs.design.util;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.tibco.bw.auth.saml2.IdpEnum;
import com.tibco.bw.auth.saml2.SAMLService;
import com.tibco.bw.auth.saml2.idpimpl.GenericIdpAuthHandler;
import com.tibco.bw.sharedresource.amazoncs.model.amazoncs.AmazoncsClientConfiguration;
import com.tibco.bw.sharedresource.amazoncs.model.amazoncs.AuthTypeEnum;
import com.tibco.bw.sharedresource.amazoncs.model.amazoncs.CLIENT_TYPE;
import com.tibco.bw.sharedresource.amazoncs.model.helper.Messages;
import com.tibco.trinity.runtime.base.provider.identity.IdentityTrust;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.util.List;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/tibco/bw/sharedresource/amazoncs/design/util/ClientUtil.class */
public class ClientUtil {
    public static AmazonS3Client getAmazonS3Client(AmazoncsClientConfiguration amazoncsClientConfiguration, IdentityTrust identityTrust) throws Exception {
        String authType = SharedResourceUtil.getAuthType(amazoncsClientConfiguration);
        System.out.println(SharedResourceUtil.getRegion(amazoncsClientConfiguration));
        String accessKey = SharedResourceUtil.getAccessKey(amazoncsClientConfiguration);
        String secretKey = SharedResourceUtil.getSecretKey(amazoncsClientConfiguration);
        ClientConfiguration clientConfiguration = getClientConfiguration(amazoncsClientConfiguration);
        if (clientConfiguration == null) {
            clientConfiguration = new ClientConfiguration();
        }
        if (authType == null || AuthTypeEnum.AWS_CREDENTIALS.getLiteral().equals(authType)) {
            return SharedResourceUtil.isUseCrossAccountAccess(amazoncsClientConfiguration) ? new AmazonS3Client(getCredentialsForCrossAccountAccess(amazoncsClientConfiguration, accessKey, secretKey, clientConfiguration), clientConfiguration) : new AmazonS3Client(new BasicAWSCredentials(accessKey, secretKey), clientConfiguration);
        }
        if (AuthTypeEnum.SAML_AUTH.getLiteral().equals(authType)) {
            return new AmazonS3Client(getAwsCredentialsViaSAML(amazoncsClientConfiguration, identityTrust), clientConfiguration);
        }
        return null;
    }

    public static AWSSecurityTokenServiceClient getAWSSecurityTokenServiceClient(AmazoncsClientConfiguration amazoncsClientConfiguration, IdentityTrust identityTrust) throws Exception {
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient;
        String authType = SharedResourceUtil.getAuthType(amazoncsClientConfiguration);
        String region = SharedResourceUtil.getRegion(amazoncsClientConfiguration);
        System.out.println(region);
        String accessKey = SharedResourceUtil.getAccessKey(amazoncsClientConfiguration);
        String secretKey = SharedResourceUtil.getSecretKey(amazoncsClientConfiguration);
        ClientConfiguration clientConfiguration = getClientConfiguration(amazoncsClientConfiguration);
        if (clientConfiguration == null) {
            clientConfiguration = new ClientConfiguration();
        }
        if (authType == null || AuthTypeEnum.AWS_CREDENTIALS.getLiteral().equals(authType)) {
            aWSSecurityTokenServiceClient = SharedResourceUtil.isUseCrossAccountAccess(amazoncsClientConfiguration) ? new AWSSecurityTokenServiceClient(getCredentialsForCrossAccountAccess(amazoncsClientConfiguration, accessKey, secretKey, clientConfiguration), clientConfiguration) : new AWSSecurityTokenServiceClient(new BasicAWSCredentials(accessKey, secretKey), clientConfiguration);
        } else {
            if (!AuthTypeEnum.SAML_AUTH.getLiteral().equals(authType)) {
                return null;
            }
            aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(getAwsCredentialsViaSAML(amazoncsClientConfiguration, identityTrust), clientConfiguration);
        }
        if (System.getProperty("com.tibco.aws.useregionalendpoint") == null || !Boolean.valueOf(System.getProperty("com.tibco.aws.useregionalendpoint")).booleanValue()) {
            System.out.println("Using global sts endpoint");
        } else {
            aWSSecurityTokenServiceClient.setRegion(RegionUtils.getRegion(region));
            aWSSecurityTokenServiceClient.setEndpoint("sts." + region + ".amazonaws.com");
            System.out.println("Using region specific sts endpoint - sts." + region + ".amazonaws.com");
        }
        return aWSSecurityTokenServiceClient;
    }

    private static BasicSessionCredentials getCredentialsForCrossAccountAccess(AmazoncsClientConfiguration amazoncsClientConfiguration, String str, String str2, ClientConfiguration clientConfiguration) throws Exception {
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new BasicAWSCredentials(str, str2), clientConfiguration);
        if (System.getProperty("com.tibco.aws.useregionalendpoint") == null || !Boolean.valueOf(System.getProperty("com.tibco.aws.useregionalendpoint")).booleanValue()) {
            System.out.println("Using global sts endpoint");
        } else {
            String region = SharedResourceUtil.getRegion(amazoncsClientConfiguration);
            aWSSecurityTokenServiceClient.setRegion(RegionUtils.getRegion(region));
            aWSSecurityTokenServiceClient.setEndpoint("sts." + region + ".amazonaws.com");
            System.out.println("Using region specific sts endpoint - sts." + region + ".amazonaws.com");
        }
        String roleARN = SharedResourceUtil.getRoleARN(amazoncsClientConfiguration);
        if (roleARN == null || roleARN.trim().length() == 0) {
            throw new Exception("Please provide role ARN.");
        }
        String roleSessionName = SharedResourceUtil.getRoleSessionName(amazoncsClientConfiguration);
        if (roleSessionName == null || roleSessionName.trim().length() == 0) {
            throw new Exception("Please provide role session name.");
        }
        String externalId = SharedResourceUtil.getExternalId(amazoncsClientConfiguration);
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.withRoleArn(roleARN);
        assumeRoleRequest.withRoleSessionName(roleSessionName);
        if (externalId != null && externalId.length() > 0) {
            assumeRoleRequest.withExternalId(externalId);
        }
        int expirationDuration = SharedResourceUtil.getExpirationDuration(amazoncsClientConfiguration);
        if (expirationDuration > 0) {
            assumeRoleRequest.withDurationSeconds(Integer.valueOf(expirationDuration * 60));
        }
        AssumeRoleResult assumeRole = aWSSecurityTokenServiceClient.assumeRole(assumeRoleRequest);
        return new BasicSessionCredentials(assumeRole.getCredentials().getAccessKeyId(), assumeRole.getCredentials().getSecretAccessKey(), assumeRole.getCredentials().getSessionToken());
    }

    private static ClientConfiguration getClientConfiguration(AmazoncsClientConfiguration amazoncsClientConfiguration) {
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        if (CLIENT_TYPE.CUSTOM.getLiteral().equals(SharedResourceUtil.getClientType(amazoncsClientConfiguration))) {
            if (SharedResourceUtil.getUseProxy(amazoncsClientConfiguration)) {
                clientConfiguration.withClientExecutionTimeout(SharedResourceUtil.getClientExecutionTimeout(amazoncsClientConfiguration)).withConnectionTimeout(SharedResourceUtil.getConnectionTimeout(amazoncsClientConfiguration)).withGzip(SharedResourceUtil.getUseGzip(amazoncsClientConfiguration)).withMaxErrorRetry(SharedResourceUtil.getMaxErrorRetry(amazoncsClientConfiguration)).withPreemptiveBasicProxyAuth(SharedResourceUtil.getPreemptBasicProxyAuth(amazoncsClientConfiguration)).withProxyDomain(SharedResourceUtil.getProxyDomain(amazoncsClientConfiguration)).withProxyHost(SharedResourceUtil.getProxyHost(amazoncsClientConfiguration)).withProxyPassword(SharedResourceUtil.getProxyPassword(amazoncsClientConfiguration)).withProxyPort(SharedResourceUtil.getProxyPort(amazoncsClientConfiguration)).withProxyUsername(SharedResourceUtil.getProxyUsername(amazoncsClientConfiguration)).withProxyWorkstation(SharedResourceUtil.getProxyWorkstation(amazoncsClientConfiguration)).withRequestTimeout(SharedResourceUtil.getRequestTimeout(amazoncsClientConfiguration));
            } else {
                clientConfiguration.withClientExecutionTimeout(SharedResourceUtil.getClientExecutionTimeout(amazoncsClientConfiguration)).withConnectionTimeout(SharedResourceUtil.getConnectionTimeout(amazoncsClientConfiguration)).withGzip(SharedResourceUtil.getUseGzip(amazoncsClientConfiguration)).withMaxErrorRetry(SharedResourceUtil.getMaxErrorRetry(amazoncsClientConfiguration)).withRequestTimeout(SharedResourceUtil.getRequestTimeout(amazoncsClientConfiguration));
            }
        }
        return clientConfiguration;
    }

    private static AWSCredentialsProvider getAwsCredentialsViaSAML(AmazoncsClientConfiguration amazoncsClientConfiguration, IdentityTrust identityTrust) throws Exception {
        System.out.println("Auth Type - SAML Authentication");
        boolean z = false;
        String str = null;
        String str2 = null;
        Proxy proxy = null;
        if (SharedResourceUtil.isIdpUseProxy(amazoncsClientConfiguration)) {
            if (!CLIENT_TYPE.CUSTOM.getLiteral().equals(amazoncsClientConfiguration.getClientType().getLiteral())) {
                throw new Exception("Proxy connection details not provided. Please select 'Custom' client profile to provide the details.");
            }
            z = true;
            str = SharedResourceUtil.getProxyUsername(amazoncsClientConfiguration);
            str2 = SharedResourceUtil.getProxyPassword(amazoncsClientConfiguration);
            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(SharedResourceUtil.getProxyHost(amazoncsClientConfiguration), SharedResourceUtil.getProxyPort(amazoncsClientConfiguration)));
        }
        String generateSAMLAssertion = new GenericIdpAuthHandler().generateSAMLAssertion(IdpEnum.getIdpByName(SharedResourceUtil.getIdpName(amazoncsClientConfiguration)), SharedResourceUtil.getIdpEntryUrl(amazoncsClientConfiguration), SharedResourceUtil.getIdpUsername(amazoncsClientConfiguration), SharedResourceUtil.getIdpPassword(amazoncsClientConfiguration), false, z, proxy, str, str2, identityTrust != null ? identityTrust.getSSLContext().getSocketFactory() : null);
        String str3 = new String(DatatypeConverter.parseBase64Binary(generateSAMLAssertion), "UTF-8");
        SAMLService sAMLService = SAMLService.getInstance();
        String arn = getARN(sAMLService.getRoleAttributeValues(sAMLService.parseSAMLResponse(str3), Messages.SAMLRoleAttribute), SharedResourceUtil.getAwsRole(amazoncsClientConfiguration));
        String str4 = null;
        String str5 = null;
        String awsRole = SharedResourceUtil.getAwsRole(amazoncsClientConfiguration);
        for (String str6 : arn.split(",")) {
            if (str6.contains(":role/" + awsRole)) {
                str4 = str6;
            }
            if (str6.contains(":saml-provider/")) {
                str5 = str6;
            }
        }
        Credentials creds = getCreds(str4, str5, generateSAMLAssertion, SharedResourceUtil.getTokenExpirationDuration(amazoncsClientConfiguration), amazoncsClientConfiguration);
        return new AWSStaticCredentialsProvider(new BasicSessionCredentials(creds.getAccessKeyId(), creds.getSecretAccessKey(), creds.getSessionToken()));
    }

    private static Credentials getCreds(String str, String str2, String str3, int i, AmazoncsClientConfiguration amazoncsClientConfiguration) {
        AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest = new AssumeRoleWithSAMLRequest();
        assumeRoleWithSAMLRequest.setRoleArn(str);
        assumeRoleWithSAMLRequest.setPrincipalArn(str2);
        assumeRoleWithSAMLRequest.setSAMLAssertion(str3);
        if (i > 0) {
            assumeRoleWithSAMLRequest.setDurationSeconds(Integer.valueOf(i * 60));
        }
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new BasicAWSCredentials("", ""), getClientConfiguration(amazoncsClientConfiguration));
        if (System.getProperty("com.tibco.aws.useregionalendpoint") == null || !Boolean.valueOf(System.getProperty("com.tibco.aws.useregionalendpoint")).booleanValue()) {
            System.out.println("Using global sts endpoint");
        } else {
            String region = SharedResourceUtil.getRegion(amazoncsClientConfiguration);
            aWSSecurityTokenServiceClient.setRegion(RegionUtils.getRegion(region));
            aWSSecurityTokenServiceClient.setEndpoint("sts." + region + ".amazonaws.com");
            System.out.println("Using region specific sts endpoint - sts." + region + ".amazonaws.com");
        }
        return aWSSecurityTokenServiceClient.assumeRoleWithSAML(assumeRoleWithSAMLRequest).getCredentials();
    }

    private static String getARN(List<String> list, String str) throws Exception {
        for (String str2 : list) {
            if (findRole(str2, str)) {
                return str2;
            }
        }
        throw new Exception("Invalid AWS role. Role not found in SAML assertion.");
    }

    private static boolean findRole(String str, String str2) {
        for (String str3 : str.split(",")) {
            if (str3.contains(":role/") && str3.split("/")[1].equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }
}
