package org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy;

import com.google.common.base.Splitter;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Properties;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import net.snowflake.client.jdbc.internal.org.bouncycastle.jce.provider.BouncyCastleProvider;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.PEMParser;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import net.snowflake.client.jdbc.internal.org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import net.snowflake.client.jdbc.internal.org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.collections.api.tuple.Pair;
import org.eclipse.collections.impl.tuple.Tuples;
import org.eclipse.collections.impl.utility.Iterate;
import org.finos.legend.engine.plan.execution.stores.relational.connection.ConnectionException;
import org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy;
import org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.AuthenticationStrategyKey;
import org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.strategy.keys.SnowflakePublicAuthenticationStrategyKey;
import org.finos.legend.engine.plan.execution.stores.relational.connection.driver.DatabaseManager;
import org.finos.legend.engine.plan.execution.stores.relational.connection.ds.DataSourceWithStatistics;
import org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.ConnectionStateManager;
import org.finos.legend.engine.plan.execution.stores.relational.connection.ds.state.IdentityState;
import org.finos.legend.engine.shared.core.identity.Identity;
import org.finos.legend.engine.shared.core.identity.credential.PrivateKeyCredential;
import org.finos.legend.engine.shared.core.vault.Vault;

/* loaded from: input_file:org/finos/legend/engine/plan/execution/stores/relational/connection/authentication/strategy/SnowflakePublicAuthenticationStrategy.class */
public class SnowflakePublicAuthenticationStrategy extends AuthenticationStrategy {
    private final String privateKeyVaultReference;
    private final String passPhraseVaultReference;
    private final String publicUserName;

    public SnowflakePublicAuthenticationStrategy(String str, String str2, String str3) {
        this.privateKeyVaultReference = str;
        this.passPhraseVaultReference = str2;
        this.publicUserName = str3;
    }

    @Override // org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy
    public Pair<String, Properties> handleConnection(String str, Properties properties, DatabaseManager databaseManager) {
        PrivateKeyCredential resolveCredential = resolveCredential(properties, this.privateKeyVaultReference, this.passPhraseVaultReference, this.publicUserName);
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        properties2.put("privateKey", resolveCredential.getPrivateKey());
        properties2.put("user", resolveCredential.getUser());
        return Tuples.pair(str, properties2);
    }

    @Override // org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy
    public Connection getConnectionImpl(DataSourceWithStatistics dataSourceWithStatistics, Identity identity) throws ConnectionException {
        try {
            return dataSourceWithStatistics.getDataSource().getConnection();
        } catch (SQLException e) {
            throw new ConnectionException(e);
        }
    }

    @Override // org.finos.legend.engine.plan.execution.stores.relational.connection.authentication.AuthenticationStrategy
    public AuthenticationStrategyKey getKey() {
        return new SnowflakePublicAuthenticationStrategyKey(this.privateKeyVaultReference, this.passPhraseVaultReference, this.publicUserName);
    }

    private PrivateKeyCredential resolveCredential(Properties properties, String str, String str2, String str3) {
        IdentityState identityStateUsing = ConnectionStateManager.getInstance().getIdentityStateUsing(properties);
        return !identityStateUsing.getCredentialSupplier().isPresent() ? new PrivateKeyCredential(str3, getEncryptedPrivateKey(str, str2)) : super.getDatabaseCredential(identityStateUsing);
    }

    private PrivateKey getEncryptedPrivateKey(String str, String str2) {
        String value = Vault.INSTANCE.getValue(str);
        String value2 = Vault.INSTANCE.getValue(str2);
        if (value == null || value2 == null) {
            throw new RuntimeException("Can't find the privateKey (" + str + ") or the passPhrase (" + str2 + ") in the vault");
        }
        if (!value.startsWith("-----BEGIN ENCRYPTED PRIVATE KEY-----")) {
            value = "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + Iterate.makeString(Splitter.fixedLength(64).split(value), "\n") + "\n-----END ENCRYPTED PRIVATE KEY-----";
        }
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(value));
            try {
                Object readObject = pEMParser.readObject();
                if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                    throw new UnsupportedOperationException(readObject.getClass() + " is not supported yet");
                }
                PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) readObject;
                if (!"1.2.840.113549.1.5.3".equals(pKCS8EncryptedPrivateKeyInfo.getEncryptionAlgorithm().getAlgorithm().toString())) {
                    Security.addProvider(new BouncyCastleProvider());
                    PrivateKey privateKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build(value2.toCharArray())));
                    pEMParser.close();
                    return privateKey;
                }
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(Base64.decodeBase64(value.replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", "").replace("-----END ENCRYPTED PRIVATE KEY-----", "")));
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(value2.toCharArray()))));
                pEMParser.close();
                return generatePrivate;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
