package net.snowflake.client.core;

import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import net.snowflake.client.core.Constants;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.model.InstructionFileId;
import net.snowflake.client.jdbc.internal.amazonaws.util.StringUtils;
import net.snowflake.client.jdbc.internal.google.common.base.Strings;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

/* loaded from: input_file:net/snowflake/client/core/CredentialManager.class */
public class CredentialManager {
    private static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) CredentialManager.class);
    private SecureStorageManager secureStorageManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/snowflake/client/core/CredentialManager$CredentialManagerHolder.class */
    public static class CredentialManagerHolder {
        private static final CredentialManager INSTANCE = new CredentialManager();

        private CredentialManagerHolder() {
        }
    }

    private CredentialManager() {
        initSecureStorageManager();
    }

    private void initSecureStorageManager() {
        try {
            if (Constants.getOS() == Constants.OS.MAC) {
                this.secureStorageManager = SecureStorageAppleManager.builder();
            } else if (Constants.getOS() == Constants.OS.WINDOWS) {
                this.secureStorageManager = SecureStorageWindowsManager.builder();
            } else if (Constants.getOS() == Constants.OS.LINUX) {
                this.secureStorageManager = SecureStorageLinuxManager.getInstance();
            } else {
                logger.error("Unsupported Operating System. Expected: OSX, Windows, Linux", false);
            }
        } catch (NoClassDefFoundError e) {
            logMissingJnaJarForSecureLocalStorage();
        }
    }

    static void resetSecureStorageManager() {
        logger.debug("Resetting the secure storage manager", new Object[0]);
        getInstance().initSecureStorageManager();
    }

    static void injectSecureStorageManager(SecureStorageManager secureStorageManager) {
        logger.debug("Injecting secure storage manager", new Object[0]);
        getInstance().secureStorageManager = secureStorageManager;
    }

    public static CredentialManager getInstance() {
        return CredentialManagerHolder.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fillCachedIdToken(SFLoginInput sFLoginInput) throws SFException {
        logger.debug("Looking for cached id token for user: {}, host: {}", sFLoginInput.getUserName(), sFLoginInput.getHostFromServerUrl());
        getInstance().fillCachedCredential(sFLoginInput, sFLoginInput.getHostFromServerUrl(), sFLoginInput.getUserName(), CachedCredentialType.ID_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fillCachedMfaToken(SFLoginInput sFLoginInput) throws SFException {
        logger.debug("Looking for cached mfa token for user: {}, host: {}", sFLoginInput.getUserName(), sFLoginInput.getHostFromServerUrl());
        getInstance().fillCachedCredential(sFLoginInput, sFLoginInput.getHostFromServerUrl(), sFLoginInput.getUserName(), CachedCredentialType.MFA_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fillCachedOAuthAccessToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Looking for cached OAuth access token for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        getInstance().fillCachedCredential(sFLoginInput, hostForOAuthCacheKey, sFLoginInput.getUserName(), CachedCredentialType.OAUTH_ACCESS_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fillCachedOAuthRefreshToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Looking for cached OAuth refresh token for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        getInstance().fillCachedCredential(sFLoginInput, hostForOAuthCacheKey, sFLoginInput.getUserName(), CachedCredentialType.OAUTH_REFRESH_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fillCachedDPoPBundledAccessToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Looking for cached DPoP public key for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        getInstance().fillCachedCredential(sFLoginInput, hostForOAuthCacheKey, sFLoginInput.getUserName(), CachedCredentialType.DPOP_BUNDLED_ACCESS_TOKEN);
    }

    synchronized void fillCachedCredential(SFLoginInput sFLoginInput, String str, String str2, CachedCredentialType cachedCredentialType) throws SFException {
        if (StringUtils.isNullOrEmpty(str2)) {
            logger.debug("Missing username; Cannot read from credential cache", new Object[0]);
            return;
        }
        if (this.secureStorageManager == null) {
            logMissingJnaJarForSecureLocalStorage();
            return;
        }
        String str3 = null;
        try {
            String credential = this.secureStorageManager.getCredential(str, str2, cachedCredentialType.getValue());
            if (credential == null) {
                logger.debug("Retrieved {} is null", cachedCredentialType);
            }
            SFLogger sFLogger = logger;
            Object[] objArr = new Object[4];
            objArr[0] = credential == null ? "null " : "";
            objArr[1] = cachedCredentialType.getValue();
            objArr[2] = str2;
            objArr[3] = str;
            sFLogger.debug("Setting {}{} token for user: {}, host: {}", objArr);
            if (credential != null && cachedCredentialType != CachedCredentialType.DPOP_BUNDLED_ACCESS_TOKEN) {
                try {
                    str3 = new String(Base64.getDecoder().decode(credential));
                } catch (Exception e) {
                    deleteTemporaryCredential(str, str2, cachedCredentialType);
                    return;
                }
            }
            switch (cachedCredentialType) {
                case ID_TOKEN:
                    sFLoginInput.setIdToken(str3);
                    return;
                case MFA_TOKEN:
                    sFLoginInput.setMfaToken(str3);
                    return;
                case OAUTH_ACCESS_TOKEN:
                    sFLoginInput.setOauthAccessToken(str3);
                    return;
                case OAUTH_REFRESH_TOKEN:
                    sFLoginInput.setOauthRefreshToken(str3);
                    return;
                case DPOP_BUNDLED_ACCESS_TOKEN:
                    updateInputWithTokenAndPublicKey(credential, sFLoginInput);
                    return;
                default:
                    throw new SFException(ErrorCode.INTERNAL_ERROR, "Unrecognized type {} for local cached credential", cachedCredentialType);
            }
        } catch (NoClassDefFoundError e2) {
            logMissingJnaJarForSecureLocalStorage();
        }
    }

    private void updateInputWithTokenAndPublicKey(String str, SFLoginInput sFLoginInput) throws SFException {
        if (Strings.isNullOrEmpty(str)) {
            String[] split = str.split("\\.");
            if (split.length != 2) {
                throw new SFException(ErrorCode.INTERNAL_ERROR, "Invalid DPoP bundled access token credential format");
            }
            Base64.Decoder decoder = Base64.getDecoder();
            sFLoginInput.setOauthAccessToken(new String(decoder.decode(split[0])));
            sFLoginInput.setDPoPPublicKey(new String(decoder.decode(split[1])));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writeIdToken(SFLoginInput sFLoginInput, String str) throws SFException {
        logger.debug("Caching id token in a secure storage for user: {}, host: {}", sFLoginInput.getUserName(), sFLoginInput.getHostFromServerUrl());
        getInstance().writeTemporaryCredential(sFLoginInput.getHostFromServerUrl(), sFLoginInput.getUserName(), str, CachedCredentialType.ID_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writeMfaToken(SFLoginInput sFLoginInput, String str) throws SFException {
        logger.debug("Caching mfa token in a secure storage for user: {}, host: {}", sFLoginInput.getUserName(), sFLoginInput.getHostFromServerUrl());
        getInstance().writeTemporaryCredential(sFLoginInput.getHostFromServerUrl(), sFLoginInput.getUserName(), str, CachedCredentialType.MFA_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writeOAuthAccessToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Caching OAuth access token in a secure storage for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        getInstance().writeTemporaryCredential(hostForOAuthCacheKey, sFLoginInput.getUserName(), sFLoginInput.getOauthAccessToken(), CachedCredentialType.OAUTH_ACCESS_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writeOAuthRefreshToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Caching OAuth refresh token in a secure storage for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        getInstance().writeTemporaryCredential(hostForOAuthCacheKey, sFLoginInput.getUserName(), sFLoginInput.getOauthRefreshToken(), CachedCredentialType.OAUTH_REFRESH_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void writeDPoPBundledAccessToken(SFLoginInput sFLoginInput) throws SFException {
        String hostForOAuthCacheKey = getHostForOAuthCacheKey(sFLoginInput);
        logger.debug("Caching DPoP public key in a secure storage for user: {}, host: {}", sFLoginInput.getUserName(), hostForOAuthCacheKey);
        Base64.Encoder encoder = Base64.getEncoder();
        getInstance().writeTemporaryCredential(hostForOAuthCacheKey, sFLoginInput.getUserName(), encoder.encodeToString(sFLoginInput.getOauthAccessToken().getBytes(StandardCharsets.UTF_8)) + InstructionFileId.DOT + encoder.encodeToString(sFLoginInput.getDPoPPublicKey().getBytes(StandardCharsets.UTF_8)), CachedCredentialType.DPOP_BUNDLED_ACCESS_TOKEN);
    }

    synchronized void writeTemporaryCredential(String str, String str2, String str3, CachedCredentialType cachedCredentialType) {
        if (StringUtils.isNullOrEmpty(str2)) {
            logger.debug("Missing username; Cannot write to credential cache", new Object[0]);
            return;
        }
        if (Strings.isNullOrEmpty(str3)) {
            logger.debug("No {} is given.", cachedCredentialType);
            return;
        }
        if (this.secureStorageManager == null) {
            logMissingJnaJarForSecureLocalStorage();
            return;
        }
        try {
            if (cachedCredentialType == CachedCredentialType.DPOP_BUNDLED_ACCESS_TOKEN) {
                this.secureStorageManager.setCredential(str, str2, cachedCredentialType.getValue(), str3);
            } else {
                this.secureStorageManager.setCredential(str, str2, cachedCredentialType.getValue(), Base64.getEncoder().encodeToString(str3.getBytes(StandardCharsets.UTF_8)));
            }
        } catch (NoClassDefFoundError e) {
            logMissingJnaJarForSecureLocalStorage();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteIdTokenCacheEntry(String str, String str2) {
        logger.debug("Removing cached id token from a secure storage for user: {}, host: {}", str2, str);
        getInstance().deleteTemporaryCredential(str, str2, CachedCredentialType.ID_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteMfaTokenCacheEntry(String str, String str2) {
        logger.debug("Removing cached mfa token from a secure storage for user: {}, host: {}", str2, str);
        getInstance().deleteTemporaryCredential(str, str2, CachedCredentialType.MFA_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteOAuthAccessTokenCacheEntry(String str, String str2) {
        logger.debug("Removing cached oauth access token from a secure storage for user: {}, host: {}", str2, str);
        getInstance().deleteTemporaryCredential(str, str2, CachedCredentialType.OAUTH_ACCESS_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteOAuthRefreshTokenCacheEntry(String str, String str2) {
        logger.debug("Removing cached OAuth refresh token from a secure storage for user: {}, host: {}", str2, str);
        getInstance().deleteTemporaryCredential(str, str2, CachedCredentialType.OAUTH_REFRESH_TOKEN);
    }

    static void deleteDPoPBundledAccessTokenCacheEntry(String str, String str2) {
        logger.debug("Removing cached DPoP public key from a secure storage for user: {}, host: {}", str2, str);
        getInstance().deleteTemporaryCredential(str, str2, CachedCredentialType.DPOP_BUNDLED_ACCESS_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteOAuthAccessTokenCacheEntry(SFLoginInput sFLoginInput) throws SFException {
        deleteOAuthAccessTokenCacheEntry(getHostForOAuthCacheKey(sFLoginInput), sFLoginInput.getUserName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteOAuthRefreshTokenCacheEntry(SFLoginInput sFLoginInput) throws SFException {
        deleteOAuthRefreshTokenCacheEntry(getHostForOAuthCacheKey(sFLoginInput), sFLoginInput.getUserName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void deleteDPoPBundledAccessTokenCacheEntry(SFLoginInput sFLoginInput) throws SFException {
        deleteDPoPBundledAccessTokenCacheEntry(getHostForOAuthCacheKey(sFLoginInput), sFLoginInput.getUserName());
    }

    static String getHostForOAuthCacheKey(SFLoginInput sFLoginInput) throws SFException {
        String tokenRequestUrl = sFLoginInput.getOauthLoginInput().getTokenRequestUrl();
        return tokenRequestUrl != null ? URI.create(tokenRequestUrl).getHost() : sFLoginInput.getHostFromServerUrl();
    }

    synchronized void deleteTemporaryCredential(String str, String str2, CachedCredentialType cachedCredentialType) {
        if (this.secureStorageManager == null) {
            logMissingJnaJarForSecureLocalStorage();
        } else {
            if (StringUtils.isNullOrEmpty(str2)) {
                logger.debug("Missing username; Cannot delete from credential cache", new Object[0]);
                return;
            }
            try {
                this.secureStorageManager.deleteCredential(str, str2, cachedCredentialType.getValue());
            } catch (NoClassDefFoundError e) {
                logMissingJnaJarForSecureLocalStorage();
            }
        }
    }

    private static void logMissingJnaJarForSecureLocalStorage() {
        logger.warn("JNA jar files are needed for Secure Local Storage service. Please follow the Snowflake JDBC instruction for Secure Local Storage feature. Fall back to normal process.", false);
    }
}
