package com.dbeaver.net.auth.gcp;

import com.dbeaver.model.auth.SMAuthUtils;
import com.dbeaver.model.auth.SMSessionAuthCredentials;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.auth.Credentials;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Base64;
import java.util.Date;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.auth.AuthProperty;
import org.jkiss.dbeaver.model.data.json.JSONUtils;
import org.jkiss.dbeaver.model.exec.DBCException;
import org.jkiss.dbeaver.model.impl.auth.AuthModelDatabaseNativeCredentials;
import org.jkiss.dbeaver.model.meta.Property;
import org.jkiss.dbeaver.model.meta.SecureProperty;
import org.jkiss.dbeaver.model.runtime.AbstractJob;
import org.jkiss.dbeaver.model.runtime.DBRProcessDescriptor;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.dbeaver.model.runtime.DBRShellCommand;
import org.jkiss.dbeaver.utils.RuntimeUtils;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:com/dbeaver/net/auth/gcp/AuthModelGCPCredentials.class */
public class AuthModelGCPCredentials extends AuthModelDatabaseNativeCredentials implements SMSessionAuthCredentials {
    public static final String GCP_AUTH_CONTEXT_TYPE = "gcp";
    private static final Log log = Log.getLog(AuthModelGCPCredentials.class);
    private GCPAuthType authType;

    @SecureProperty
    private String clientId;

    @SecureProperty
    private String clientSecret;
    private String serviceAccountConfigPath;
    private String serviceAccountConfig;
    private String projectId;
    private transient String token;
    private boolean ssoOverCli;
    private transient HttpTransport httpTransport;
    private final transient JsonFactory jsonFactory = new GsonFactory();
    private transient HttpCredentialsAdapter requestInitializer;
    private static volatile /* synthetic */ int[] $SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType;

    public AuthModelGCPCredentials() {
    }

    public AuthModelGCPCredentials(AuthModelGCPCredentials authModelGCPCredentials) {
        this.authType = authModelGCPCredentials.authType;
        this.clientId = authModelGCPCredentials.clientId;
        this.clientSecret = authModelGCPCredentials.clientSecret;
        this.ssoOverCli = authModelGCPCredentials.ssoOverCli;
        this.serviceAccountConfigPath = authModelGCPCredentials.serviceAccountConfigPath;
        this.serviceAccountConfig = authModelGCPCredentials.serviceAccountConfig;
        this.token = authModelGCPCredentials.token;
        this.projectId = authModelGCPCredentials.projectId;
    }

    public boolean isSessionCredentials() {
        return this.authType == GCPAuthType.SESSION_CREDENTIALS;
    }

    @NotNull
    @AuthProperty(authContextType = GCP_AUTH_CONTEXT_TYPE)
    @Property(order = 2147483644)
    public GCPAuthType getAuthType() {
        return this.authType == null ? GCPAuthType.DEFAULT : this.authType;
    }

    public void setAuthType(GCPAuthType gCPAuthType) {
        this.authType = gCPAuthType;
    }

    public String getClientId() {
        return this.clientId;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getServiceAccountConfigPath() {
        return this.serviceAccountConfigPath;
    }

    public void setServiceAccountConfigPath(String str) {
        this.serviceAccountConfigPath = str;
    }

    @Property(features = {"file"}, password = true, order = 2147483645)
    public String getServiceAccountConfig() {
        return this.serviceAccountConfig;
    }

    public void setServiceAccountConfig(String str) {
        this.serviceAccountConfig = str;
    }

    public boolean isSsoOverCli() {
        return this.ssoOverCli;
    }

    public void setSsoOverCli(boolean z) {
        this.ssoOverCli = z;
    }

    public String getToken() {
        return this.token;
    }

    public void setToken(String str) {
        this.token = str;
    }

    public String getProjectId() {
        return this.projectId;
    }

    public void setProjectId(String str) {
        this.projectId = str;
    }

    public HttpTransport getTransport() {
        if (this.httpTransport == null) {
            this.httpTransport = new NetHttpTransport.Builder().build();
        }
        return this.httpTransport;
    }

    public JsonFactory getJsonFactory() {
        return this.jsonFactory;
    }

    public HttpRequestInitializer getRequestInitializer(@NotNull DBRProgressMonitor dBRProgressMonitor) throws DBException {
        if (!dBRProgressMonitor.isForceCacheUsage() && isSessionCredentials()) {
            resolveCredentials(dBRProgressMonitor);
        }
        boolean z = this.ssoOverCli && CommonUtils.isEmpty(this.token) && !dBRProgressMonitor.isForceCacheUsage();
        if (this.requestInitializer == null || z) {
            if (z) {
                initializeSSO(dBRProgressMonitor);
            }
            this.requestInitializer = new HttpCredentialsAdapter(getGoogleCredentials());
        }
        return this.requestInitializer;
    }

    @NotNull
    public Credentials getGoogleCredentials() throws DBException {
        try {
            switch ($SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType()[getAuthType().ordinal()]) {
                case 1:
                    if (!CommonUtils.isEmpty(this.serviceAccountConfigPath)) {
                        return GoogleCredentials.fromStream(Files.newInputStream(Path.of(this.serviceAccountConfigPath, new String[0]), new OpenOption[0]));
                    }
                    if (CommonUtils.isEmpty(this.serviceAccountConfig)) {
                        throw new DBException("Empty service account credentials");
                    }
                    return getServiceAccountCredentialsFromText(this.serviceAccountConfig);
                case 2:
                    return GoogleCredentials.getApplicationDefault();
                case 3:
                case 4:
                    return CommonUtils.isNotEmpty(this.token) ? GoogleCredentials.create(new AccessToken(this.token, (Date) null)) : GoogleCredentials.getApplicationDefault();
                default:
                    throw new IncompatibleClassChangeError();
            }
        } catch (Exception e) {
            throw new DBException("Error configuring Google credentials", e);
        }
    }

    private boolean initializeConnection(@NotNull DBRProgressMonitor dBRProgressMonitor) throws DBCException {
        if (!this.ssoOverCli) {
            return false;
        }
        initializeSSO(dBRProgressMonitor);
        return true;
    }

    private void initializeSSO(@NotNull DBRProgressMonitor dBRProgressMonitor) throws DBCException {
        dBRProgressMonitor.subTask("Initialize login over GCP CLI");
        String gCPExecutablePath = getGCPExecutablePath("auth print-access-token");
        String executeCLI = executeCLI(dBRProgressMonitor, gCPExecutablePath, true, true);
        if (CommonUtils.isNotEmpty(executeCLI) && executeCLI.startsWith("ya29.")) {
            this.token = executeCLI;
            return;
        }
        String gCPExecutablePath2 = getGCPExecutablePath("auth login");
        log.debug("Perform GCP SSO init [" + gCPExecutablePath2 + "]");
        executeCLI(dBRProgressMonitor, gCPExecutablePath2, false, false);
        String executeCLI2 = executeCLI(dBRProgressMonitor, gCPExecutablePath, true, false);
        if (CommonUtils.isNotEmpty(executeCLI2)) {
            this.token = executeCLI2;
        }
        dBRProgressMonitor.subTask("SSO init finished");
    }

    private void logoutSSO(@NotNull DBRProgressMonitor dBRProgressMonitor) throws DBCException {
        dBRProgressMonitor.subTask("Revoke credentials over GCP CLI");
        String gCPExecutablePath = getGCPExecutablePath("auth revoke");
        log.debug("Perform GCP SSO logout [" + gCPExecutablePath + "]");
        executeCLI(dBRProgressMonitor, gCPExecutablePath, false, false);
        dBRProgressMonitor.subTask("SSO logout finished");
    }

    @NotNull
    private String getGCPExecutablePath(String str) {
        String str2;
        String string = AuthModelGCPPreferences.getPreferences().getString(AuthModelGCPPreferences.GCP_CLI_EXECUTABLE);
        if (CommonUtils.isEmpty(string)) {
            str2 = (RuntimeUtils.isWindows() ? "cmd /c " : "") + "gcloud";
        } else {
            str2 = string;
        }
        return str2 + " " + str;
    }

    private String executeCLI(@NotNull DBRProgressMonitor dBRProgressMonitor, String str, boolean z, boolean z2) throws DBCException {
        DBRShellCommand dBRShellCommand = new DBRShellCommand(str);
        dBRShellCommand.setEnabled(true);
        final DBRProcessDescriptor dBRProcessDescriptor = new DBRProcessDescriptor(dBRShellCommand);
        try {
            dBRProcessDescriptor.execute();
            final String[] strArr = new String[2];
            AbstractJob abstractJob = null;
            if (dBRProcessDescriptor.isRunning()) {
                abstractJob = new AbstractJob(dBRProcessDescriptor.getName() + ": output reader") { // from class: com.dbeaver.net.auth.gcp.AuthModelGCPCredentials.1
                    protected IStatus run(DBRProgressMonitor dBRProgressMonitor2) {
                        try {
                            strArr[0] = dBRProcessDescriptor.dumpErrors();
                            strArr[1] = dBRProcessDescriptor.dumpOutput();
                        } catch (Exception e) {
                            AuthModelGCPCredentials.log.debug(e);
                        }
                        return Status.OK_STATUS;
                    }
                };
                abstractJob.schedule();
            }
            while (dBRProcessDescriptor.isRunning()) {
                if (dBRProgressMonitor.isCanceled()) {
                    dBRProcessDescriptor.terminate();
                    throw new DBCException("GCP SSO initialization has been canceled");
                }
                RuntimeUtils.pause(50);
            }
            if (abstractJob != null) {
                try {
                    abstractJob.join();
                } catch (InterruptedException unused) {
                }
            }
            int updatedExitValueCode = dBRProcessDescriptor.getUpdatedExitValueCode();
            String str2 = strArr[0];
            String str3 = strArr[1];
            if (!z2 && updatedExitValueCode != 0) {
                if (!CommonUtils.isEmptyTrimmed(str2)) {
                    log.debug("GCP SSO connection error message:\n" + str2);
                    throw new DBCException(str2);
                }
                log.debug("GCP SSO login ended with result  code " + updatedExitValueCode);
            }
            if (!CommonUtils.isEmptyTrimmed(str2)) {
                log.debug("GCP SSO login info message:\n" + str2);
            }
            if (!z || CommonUtils.isEmptyTrimmed(str3)) {
                return null;
            }
            return str3.trim();
        } catch (DBException e) {
            throw new DBCException("Error running GCP CLI. Is it installed on the local machine?", e);
        }
    }

    public boolean refreshSession(DBRProgressMonitor dBRProgressMonitor) throws DBException {
        if (isSessionCredentials()) {
            SMAuthUtils.updateSessionCredentialsFromSession(dBRProgressMonitor, GCP_AUTH_CONTEXT_TYPE, "Google", this);
            return true;
        }
        if (!this.ssoOverCli) {
            return false;
        }
        initializeSSO(dBRProgressMonitor);
        return true;
    }

    public boolean closeSession(DBRProgressMonitor dBRProgressMonitor) throws DBCException {
        if (!this.ssoOverCli) {
            return false;
        }
        logoutSSO(dBRProgressMonitor);
        this.token = null;
        return true;
    }

    public void resetCache() {
        this.httpTransport = null;
        this.requestInitializer = null;
    }

    public String getUserIdentity(DBRProgressMonitor dBRProgressMonitor) {
        if (this.ssoOverCli && this.token != null) {
            try {
                String[] parseJwtToken = parseJwtToken(executeCLI(dBRProgressMonitor, getGCPExecutablePath("auth print-identity-token"), true, true));
                if (parseJwtToken == null) {
                    return null;
                }
                return CommonUtils.toString(JSONUtils.parseMap(new Gson(), new StringReader(parseJwtToken[1])).get("email"), (String) null);
            } catch (Exception unused) {
                return null;
            }
        }
        if (this.requestInitializer == null) {
            return null;
        }
        ServiceAccountCredentials credentials = this.requestInitializer.getCredentials();
        if (credentials instanceof ServiceAccountCredentials) {
            return credentials.getClientEmail();
        }
        return null;
    }

    private String[] parseJwtToken(String str) {
        if (str == null) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length < 2) {
            return null;
        }
        Base64.Decoder decoder = Base64.getDecoder();
        return new String[]{new String(decoder.decode(split[0])), new String(decoder.decode(split[1]))};
    }

    public void resolveCredentials(DBRProgressMonitor dBRProgressMonitor) throws DBException {
        switch ($SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType()[getAuthType().ordinal()]) {
            case 3:
                initializeConnection(dBRProgressMonitor);
                return;
            case 4:
                if (CommonUtils.isEmpty(this.token) && !SMAuthUtils.updateSessionCredentialsFromSession(dBRProgressMonitor, GCP_AUTH_CONTEXT_TYPE, "Google", this)) {
                    throw new DBCException("Google session credentials are missing");
                }
                return;
            default:
                return;
        }
    }

    public static GoogleCredentials getServiceAccountCredentialsFromText(@NotNull String str) throws DBException {
        try {
            str = new String(Base64.getDecoder().decode(str));
        } catch (Exception unused) {
        }
        Throwable th = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
                try {
                    GoogleCredentials fromStream = GoogleCredentials.fromStream(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    return fromStream;
                } catch (Throwable th2) {
                    if (byteArrayInputStream != null) {
                        byteArrayInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new DBException("Error resolving credentials from stream", e);
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType() {
        int[] iArr = $SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[GCPAuthType.valuesCustom().length];
        try {
            iArr2[GCPAuthType.DEFAULT.ordinal()] = 2;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[GCPAuthType.SERVICE_ACCOUNT.ordinal()] = 1;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[GCPAuthType.SESSION_CREDENTIALS.ordinal()] = 4;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[GCPAuthType.SSO_OVER_CLI.ordinal()] = 3;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$com$dbeaver$net$auth$gcp$GCPAuthType = iArr2;
        return iArr2;
    }
}
