package com.dbeaver.db.redshift.auth;

import com.dbeaver.db.redshift.RedshiftConstants;
import com.dbeaver.net.auth.aws.AWSIAMUtils;
import com.dbeaver.net.auth.aws.AuthModelAWSAbstract;
import com.dbeaver.net.auth.aws.AuthModelAWSCredentials;
import java.util.List;
import java.util.Properties;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.model.DBPDataSource;
import org.jkiss.dbeaver.model.DBPDataSourceContainer;
import org.jkiss.dbeaver.model.DBPDataSourceURLProvider;
import org.jkiss.dbeaver.model.connection.DBPConnectionConfiguration;
import org.jkiss.dbeaver.model.connection.DBPDriver;
import org.jkiss.dbeaver.model.exec.DBCException;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.utils.CommonUtils;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;

/* loaded from: input_file:com/dbeaver/db/redshift/auth/AuthModelAWSRedshift.class */
public class AuthModelAWSRedshift extends AuthModelAWSAbstract implements DBPDataSourceURLProvider {
    public static final String ID = "redshift_iam";
    public static final String ATTR_REDSHIFT_DBUSER = "https://redshift.amazon.com/SAML/Attributes/DbUser";
    public static final String ATTR_REDSHIFT_DBGROUPS = "https://redshift.amazon.com/SAML/Attributes/DbGroups";
    public static final String ATTR_REDSHIFT_AUTOCREATE = "https://redshift.amazon.com/SAML/Attributes/AutoCreate";

    public Object initAuthentication(@NotNull DBRProgressMonitor dBRProgressMonitor, @NotNull DBPDataSource dBPDataSource, @NotNull AuthModelAWSCredentials authModelAWSCredentials, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration, @NotNull Properties properties) throws DBException {
        String userName = authModelAWSCredentials.getUserName();
        String userPassword = authModelAWSCredentials.getUserPassword();
        String samlAttribute = getSamlAttribute(authModelAWSCredentials, ATTR_REDSHIFT_DBUSER);
        String samlAttribute2 = getSamlAttribute(authModelAWSCredentials, ATTR_REDSHIFT_DBGROUPS);
        String samlAttribute3 = getSamlAttribute(authModelAWSCredentials, ATTR_REDSHIFT_AUTOCREATE);
        if (samlAttribute != null) {
            userName = samlAttribute;
        }
        if (samlAttribute2 != null) {
            properties.put("DbGroups", samlAttribute2);
        }
        if (samlAttribute3 != null) {
            properties.put("AutoCreate", samlAttribute3);
        }
        properties.put("ssl", "true");
        if (CommonUtils.isEmpty(userName)) {
            properties.remove("user");
        } else {
            properties.put("user", userName);
        }
        String authProperty = dBPConnectionConfiguration.getAuthProperty(RedshiftConstants.PROP_FS_PLUGIN_NAME);
        if (!CommonUtils.isEmpty(authProperty)) {
            RedshiftAuthFSPlugin byId = RedshiftAuthFSPlugin.getById(authProperty);
            if (byId == null) {
                throw new DBCException("Invalid Redshift FS plugin: '" + authProperty + "'");
            }
            properties.put(RedshiftConstants.PROP_PLUGIN_NAME, byId.getProviderClassName());
            for (String str : byId.getPluginProperties()) {
                properties.put(str, dBPConnectionConfiguration.getAuthProperty(str));
            }
            if (byId.supportsCredentials() && authModelAWSCredentials.getUserPassword() != null) {
                properties.put("password", authModelAWSCredentials.getUserPassword());
            }
            return authModelAWSCredentials;
        }
        String authProperty2 = dBPConnectionConfiguration.getAuthProperty("iam.region");
        authModelAWSCredentials.setRegion(authProperty2);
        AwsCredentialsProvider authCredentialsProvider = authModelAWSCredentials.getAuthCredentialsProvider(dBRProgressMonitor, dBPConnectionConfiguration);
        if (!CommonUtils.isEmpty(userPassword)) {
            properties.put("password", userPassword);
        }
        AwsSessionCredentials resolveCredentials = authCredentialsProvider.resolveCredentials();
        if (!CommonUtils.isEmpty(authModelAWSCredentials.getSecretName())) {
            AWSIAMUtils.initSecretAuthentication(authModelAWSCredentials, authProperty2, authModelAWSCredentials.getSecretName(), authCredentialsProvider, dBPDataSource, dBPConnectionConfiguration);
            if (!CommonUtils.equalObjects(userName, authModelAWSCredentials.getUserName())) {
                properties.put("user", authModelAWSCredentials.getUserName());
            }
            if (!CommonUtils.equalObjects(userPassword, authModelAWSCredentials.getUserPassword())) {
                properties.put("password", authModelAWSCredentials.getUserPassword());
            }
        }
        if (!CommonUtils.isEmpty(resolveCredentials.accessKeyId())) {
            properties.put("AccessKeyID", resolveCredentials.accessKeyId());
            properties.put("SecretAccessKey", resolveCredentials.secretAccessKey());
        }
        if (resolveCredentials instanceof AwsSessionCredentials) {
            properties.put("SessionToken", resolveCredentials.sessionToken());
        }
        return resolveCredentials;
    }

    private String getSamlAttribute(AuthModelAWSCredentials authModelAWSCredentials, String str) {
        Object attribute = authModelAWSCredentials.getAttribute(str);
        if ((attribute instanceof List) && !((List) attribute).isEmpty()) {
            return (String) ((List) attribute).get(0);
        }
        if (attribute != null) {
            return CommonUtils.toString(attribute, (String) null);
        }
        return null;
    }

    public void endAuthentication(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration, @NotNull Properties properties) {
    }

    public String getConnectionURL(DBPDriver dBPDriver, DBPConnectionConfiguration dBPConnectionConfiguration) {
        String authProperty = dBPConnectionConfiguration.getAuthProperty("iam.region");
        StringBuilder sb = new StringBuilder();
        String hostName = dBPConnectionConfiguration.getHostName();
        sb.append("jdbc:redshift:iam://").append(hostName).append(":");
        if (CommonUtils.isEmpty(hostName) || !(hostName.contains(".") || CommonUtils.isEmpty(authProperty))) {
            sb.append(authProperty);
        } else {
            sb.append(dBPConnectionConfiguration.getHostPort());
        }
        sb.append("/");
        if (!CommonUtils.isEmpty(dBPConnectionConfiguration.getDatabaseName())) {
            sb.append(dBPConnectionConfiguration.getDatabaseName());
        }
        return sb.toString();
    }

    @NotNull
    public AuthModelAWSCredentials loadCredentials(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration) {
        AuthModelAWSCredentials loadCredentials = super.loadCredentials(dBPDataSourceContainer, dBPConnectionConfiguration);
        String samlAttribute = getSamlAttribute(loadCredentials, ATTR_REDSHIFT_DBUSER);
        if (samlAttribute != null) {
            loadCredentials.setUserName(samlAttribute);
        }
        return loadCredentials;
    }
}
