package com.tibco.tci.sharedresource.sqsclient.design.connection.util;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.PredefinedClientConfigurations;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.sqs.AmazonSQSClient;
import com.amazonaws.services.sqs.AmazonSQSClientBuilder;
import com.tibco.bw.auth.saml2.IdpEnum;
import com.tibco.bw.auth.saml2.SAMLService;
import com.tibco.bw.auth.saml2.idpimpl.GenericIdpAuthHandler;
import com.tibco.tci.sharedresource.sqsclient.design.Messages;
import com.tibco.tci.sharedresource.sqsclient.model.sqsclient.AuthTypeEnum;
import com.tibco.tci.sharedresource.sqsclient.model.sqsclient.SqsClient;
import com.tibco.trinity.runtime.base.provider.identity.IdentityTrust;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.UnknownHostException;
import java.util.List;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/tibco/tci/sharedresource/sqsclient/design/connection/util/ClientUtil.class */
public class ClientUtil {
    public static AmazonSQSClient getAmazonSQSClient(SqsClient sqsClient, IdentityTrust identityTrust) throws Exception {
        AWSCredentialsProvider credentialsForCrossAccountAccess;
        String region = SharedResourceUtil.getRegion(sqsClient);
        String authType = SharedResourceUtil.getAuthType(sqsClient);
        ClientConfiguration clientConfiguration = getClientConfiguration(sqsClient);
        if (authType == null || authType.equals(AuthTypeEnum.AWS_CREDENTIALS.getLiteral())) {
            credentialsForCrossAccountAccess = SharedResourceUtil.isUseCrossAccountAccess(sqsClient) ? getCredentialsForCrossAccountAccess(sqsClient, clientConfiguration, region) : getAwsCredentialsProvider(sqsClient);
        } else {
            if (!AuthTypeEnum.SAML_AUTH.getLiteral().equals(authType)) {
                return null;
            }
            credentialsForCrossAccountAccess = getAwsCredentialsViaSAML(sqsClient, identityTrust, clientConfiguration, region);
        }
        return (AmazonSQSClient) AmazonSQSClientBuilder.standard().withCredentials(credentialsForCrossAccountAccess).withRegion(region).withClientConfiguration(clientConfiguration).build();
    }

    private static ClientConfiguration getClientConfiguration(SqsClient sqsClient) throws Exception {
        if (com.tibco.tci.sharedresource.sqsclient.model.sqsclient.ClientConfiguration.DEFAULT.getLiteral().equals(sqsClient.getClientConfig().getLiteral())) {
            return PredefinedClientConfigurations.defaultConfig();
        }
        if (com.tibco.tci.sharedresource.sqsclient.model.sqsclient.ClientConfiguration.DYNAMO_DB.getLiteral().equals(sqsClient.getClientConfig().getLiteral())) {
            return PredefinedClientConfigurations.dynamoDefault();
        }
        if (com.tibco.tci.sharedresource.sqsclient.model.sqsclient.ClientConfiguration.SIMPLE_WORK_FLOW.getLiteral().equals(sqsClient.getClientConfig().getLiteral())) {
            return PredefinedClientConfigurations.swfDefault();
        }
        try {
            return new ClientConfiguration().withClientExecutionTimeout(SharedResourceUtil.getClientExecutionTimeout(sqsClient)).withConnectionMaxIdleMillis(SharedResourceUtil.getConnectionPoolMaxIdle(sqsClient)).withConnectionTimeout(SharedResourceUtil.getConnectionTimeout(sqsClient)).withConnectionTTL(SharedResourceUtil.getConnectionTTL(sqsClient)).withGzip(SharedResourceUtil.isUseGzip(sqsClient)).withLocalAddress(getInetAddr(sqsClient)).withMaxConnections(SharedResourceUtil.getMaxConnections(sqsClient)).withMaxErrorRetry(SharedResourceUtil.getMaxErrorRetry(sqsClient)).withPreemptiveBasicProxyAuth(SharedResourceUtil.isPreemptBasicProxyAuth(sqsClient)).withProtocol(Protocol.valueOf(SharedResourceUtil.getProtocol(sqsClient))).withReaper(SharedResourceUtil.isUseReaper(sqsClient)).withRequestTimeout(SharedResourceUtil.getRequestTimeout(sqsClient)).withResponseMetadataCacheSize(SharedResourceUtil.getResponseMetadataCacheSize(sqsClient)).withSocketBufferSizeHints(SharedResourceUtil.getSocketBufferSizeHints(sqsClient), SharedResourceUtil.getSocketBufferSizeHints(sqsClient)).withSocketTimeout(SharedResourceUtil.getSocketTimeout(sqsClient)).withTcpKeepAlive(SharedResourceUtil.isUseTcpKeepalive(sqsClient)).withUseExpectContinue(SharedResourceUtil.isUseExpectContinue(sqsClient)).withMaxConnections(SharedResourceUtil.getMaxConnections(sqsClient)).withProxyHost(SharedResourceUtil.getProxyHost(sqsClient)).withProxyPort(SharedResourceUtil.getProxyPort(sqsClient)).withProxyUsername(SharedResourceUtil.getProxyUserName(sqsClient)).withProxyPassword(SharedResourceUtil.getProxyPassword(sqsClient));
        } catch (Exception e) {
            throw e;
        }
    }

    private static InetAddress getInetAddr(SqsClient sqsClient) throws UnknownHostException {
        String localAddress = SharedResourceUtil.getLocalAddress(sqsClient);
        if (localAddress == null || localAddress.isEmpty()) {
            return null;
        }
        return InetAddress.getByName(localAddress);
    }

    private static AWSCredentialsProvider getAwsCredentialsProvider(SqsClient sqsClient) {
        System.out.println("Auth Type - AWS Credentials");
        String accessKey = SharedResourceUtil.getAccessKey(sqsClient);
        String secretKey = SharedResourceUtil.getSecretKey(sqsClient);
        if (accessKey != null) {
            try {
                if (!accessKey.isEmpty()) {
                    if (secretKey != null) {
                        secretKey.isEmpty();
                    }
                    return new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey));
                }
            } catch (Exception e) {
                throw e;
            }
        }
        return new ProfileCredentialsProvider();
    }

    private static AWSCredentialsProvider getAwsCredentialsViaSAML(SqsClient sqsClient, IdentityTrust identityTrust, ClientConfiguration clientConfiguration, String str) throws Exception {
        System.out.println("Auth Type - SAML Authentication");
        boolean z = false;
        String str2 = null;
        String str3 = null;
        Proxy proxy = null;
        if (SharedResourceUtil.isIdpUseProxy(sqsClient)) {
            if (!com.tibco.tci.sharedresource.sqsclient.model.sqsclient.ClientConfiguration.CUSTOM.getLiteral().equals(sqsClient.getClientConfig().getLiteral())) {
                throw new Exception("Proxy connection details not provided. Please select 'Custom' client profile to provide the details.");
            }
            z = true;
            str2 = SharedResourceUtil.getProxyUserName(sqsClient);
            str3 = SharedResourceUtil.getProxyPassword(sqsClient);
            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(SharedResourceUtil.getProxyHost(sqsClient), SharedResourceUtil.getProxyPort(sqsClient)));
        }
        String generateSAMLAssertion = new GenericIdpAuthHandler().generateSAMLAssertion(IdpEnum.getIdpByName(SharedResourceUtil.getIdpName(sqsClient)), SharedResourceUtil.getIdpEntryUrl(sqsClient), SharedResourceUtil.getIdpUsername(sqsClient), SharedResourceUtil.getIdpPassword(sqsClient), false, z, proxy, str2, str3, identityTrust != null ? identityTrust.getSSLContext().getSocketFactory() : null);
        String str4 = new String(DatatypeConverter.parseBase64Binary(generateSAMLAssertion), "UTF-8");
        SAMLService sAMLService = SAMLService.getInstance();
        String arn = getARN(sAMLService.getRoleAttributeValues(sAMLService.parseSAMLResponse(str4), Messages.SAMLRoleAttribute), SharedResourceUtil.getAwsRole(sqsClient));
        String awsRole = SharedResourceUtil.getAwsRole(sqsClient);
        String str5 = null;
        String str6 = null;
        for (String str7 : arn.split(",")) {
            if (str7.contains(":role/" + awsRole)) {
                str5 = str7;
            }
            if (str7.contains(":saml-provider/")) {
                str6 = str7;
            }
        }
        Credentials creds = getCreds(str5, str6, generateSAMLAssertion, SharedResourceUtil.getTokenExpirationDuration(sqsClient), clientConfiguration, str);
        return new AWSStaticCredentialsProvider(new BasicSessionCredentials(creds.getAccessKeyId(), creds.getSecretAccessKey(), creds.getSessionToken()));
    }

    private static AWSCredentialsProvider getCredentialsForCrossAccountAccess(SqsClient sqsClient, ClientConfiguration clientConfiguration, String str) throws Exception {
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new BasicAWSCredentials(SharedResourceUtil.getAccessKey(sqsClient), SharedResourceUtil.getSecretKey(sqsClient)), clientConfiguration);
        if (System.getProperty("com.tibco.aws.useregionalendpoint") == null || !Boolean.valueOf(System.getProperty("com.tibco.aws.useregionalendpoint")).booleanValue()) {
            System.out.println("Using global sts endpoint");
        } else {
            aWSSecurityTokenServiceClient.setRegion(RegionUtils.getRegion(str));
            aWSSecurityTokenServiceClient.setEndpoint("sts." + str + ".amazonaws.com");
            System.out.println("Using region specific sts endpoint - sts." + str + ".amazonaws.com");
        }
        String roleARN = SharedResourceUtil.getRoleARN(sqsClient);
        if (roleARN == null || roleARN.trim().length() == 0) {
            throw new Exception("Please provide role ARN.");
        }
        String roleSessionName = SharedResourceUtil.getRoleSessionName(sqsClient);
        if (roleSessionName == null || roleSessionName.trim().length() == 0) {
            throw new Exception("Please provide role session name.");
        }
        String externalId = SharedResourceUtil.getExternalId(sqsClient);
        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.withRoleArn(roleARN);
        assumeRoleRequest.withRoleSessionName(roleSessionName);
        if (externalId != null && externalId.length() > 0) {
            assumeRoleRequest.withExternalId(externalId);
        }
        int expirationDuration = SharedResourceUtil.getExpirationDuration(sqsClient);
        if (expirationDuration > 0) {
            assumeRoleRequest.withDurationSeconds(Integer.valueOf(expirationDuration * 60));
        }
        AssumeRoleResult assumeRole = aWSSecurityTokenServiceClient.assumeRole(assumeRoleRequest);
        return new AWSStaticCredentialsProvider(new BasicSessionCredentials(assumeRole.getCredentials().getAccessKeyId(), assumeRole.getCredentials().getSecretAccessKey(), assumeRole.getCredentials().getSessionToken()));
    }

    private static String getARN(List<String> list, String str) throws Exception {
        for (String str2 : list) {
            if (findRole(str2, str)) {
                return str2;
            }
        }
        throw new Exception("Invalid AWS role. Role not found in SAML assertion.");
    }

    public static Credentials getCreds(String str, String str2, String str3, int i, ClientConfiguration clientConfiguration, String str4) {
        AssumeRoleWithSAMLRequest assumeRoleWithSAMLRequest = new AssumeRoleWithSAMLRequest();
        assumeRoleWithSAMLRequest.setRoleArn(str);
        assumeRoleWithSAMLRequest.setPrincipalArn(str2);
        assumeRoleWithSAMLRequest.setSAMLAssertion(str3);
        if (i > 0) {
            assumeRoleWithSAMLRequest.setDurationSeconds(Integer.valueOf(i * 60));
        }
        AWSSecurityTokenServiceClient aWSSecurityTokenServiceClient = new AWSSecurityTokenServiceClient(new BasicAWSCredentials("", ""), clientConfiguration);
        if (System.getProperty("com.tibco.aws.useregionalendpoint") == null || !Boolean.valueOf(System.getProperty("com.tibco.aws.useregionalendpoint")).booleanValue()) {
            System.out.println("Using global sts endpoint");
        } else {
            aWSSecurityTokenServiceClient.setRegion(RegionUtils.getRegion(str4));
            aWSSecurityTokenServiceClient.setEndpoint("sts." + str4 + ".amazonaws.com");
            System.out.println("Using region specific sts endpoint - sts." + str4 + ".amazonaws.com");
        }
        return aWSSecurityTokenServiceClient.assumeRoleWithSAML(assumeRoleWithSAMLRequest).getCredentials();
    }

    private static boolean findRole(String str, String str2) {
        for (String str3 : str.split(",")) {
            if (str3.contains(":role/") && str3.split("/")[1].equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }
}
