package com.onelogin.aws.assume.role.cli;

import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLResult;
import com.amazonaws.services.securitytoken.model.AssumedRoleUser;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.util.StringUtils;
import com.onelogin.saml2.authn.SamlResponse;
import com.onelogin.saml2.http.HttpRequest;
import com.onelogin.sdk.conn.Client;
import com.onelogin.sdk.model.Device;
import com.onelogin.sdk.model.MFA;
import com.onelogin.sdk.model.SAMLEndpointResponse;
import java.util.HashMap;
import java.util.List;
import java.util.Scanner;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/onelogin/aws/assume/role/cli/OneloginAWSCLI.class */
public class OneloginAWSCLI {
    /* JADX WARN: Multi-variable type inference failed */
    public static void main(String[] strArr) throws Exception {
        String next;
        Client client = new Client();
        client.getAccessToken();
        Scanner scanner = new Scanner(System.in);
        try {
            System.out.print("OneLogin Username: ");
            String next2 = scanner.next();
            System.out.print("OneLogin Password: ");
            try {
                next = String.valueOf(System.console().readPassword());
            } catch (Exception e) {
                next = scanner.next();
            }
            System.out.print("AWS App ID: ");
            String next3 = scanner.next();
            System.out.print("Onelogin Instance Sub Domain: ");
            String next4 = scanner.next();
            SAMLEndpointResponse sAMLAssertion = client.getSAMLAssertion(next2, next, next3, next4);
            String type = sAMLAssertion.getType();
            while (type.equals("pending")) {
                TimeUnit.SECONDS.sleep(30L);
                sAMLAssertion = client.getSAMLAssertion(next2, next, next3, next4);
                type = sAMLAssertion.getType();
            }
            String str = null;
            if (type.equals("success")) {
                if (sAMLAssertion.getMFA() != null) {
                    MFA mfa = sAMLAssertion.getMFA();
                    List<Device> devices = mfa.getDevices();
                    System.out.println();
                    System.out.println("MFA Required");
                    System.out.println("Authenticate using one of these devices:");
                    System.out.println("-----------------------------------------------------------------------");
                    for (int i = 0; i < devices.size(); i++) {
                        System.out.println(" " + i + " | " + devices.get(i).getType());
                    }
                    System.out.println("-----------------------------------------------------------------------");
                    System.out.print("\nSelect the desired MFA Device [0-" + (devices.size() - 1) + "]: ");
                    Device device = devices.get(Integer.valueOf(scanner.next()).intValue());
                    Long valueOf = Long.valueOf(device.getID());
                    System.out.print("Enter the token for " + device.getType() + ": ");
                    str = client.getSAMLAssertionVerifying(next3, valueOf.toString(), mfa.getStateToken(), scanner.next(), null).getSAMLResponse();
                } else {
                    str = sAMLAssertion.getSAMLResponse();
                }
            }
            HashMap<String, List<String>> attributes = new SamlResponse(null, new HttpRequest("http://example.com").addParameter("SAMLResponse", str)).getAttributes();
            if (attributes.containsKey("https://aws.amazon.com/SAML/Attributes/Role")) {
                String str2 = "";
                List<String> list = attributes.get("https://aws.amazon.com/SAML/Attributes/Role");
                if (list.size() > 1) {
                    System.out.println("\nAvailable AWS Roles");
                    System.out.println("-----------------------------------------------------------------------");
                    for (int i2 = 0; i2 < list.size(); i2++) {
                        String[] split = list.get(i2).split(":");
                        System.out.println(" " + i2 + " | " + split[5].replace("role/", "") + " (Account " + split[4] + ")");
                    }
                    System.out.println("-----------------------------------------------------------------------");
                    System.out.print("Select the desired Role [0-" + (list.size() - 1) + "]: ");
                    str2 = list.get(Integer.valueOf(scanner.next()).intValue());
                } else if (list.size() == 1) {
                    str2 = list.get(0);
                } else {
                    System.out.print("SAMLResponse from Identity Provider does not contain available AWS Role for this user");
                }
                if (!str2.isEmpty()) {
                    String[] split2 = str2.split(StringUtils.COMMA_SEPARATOR);
                    AssumeRoleWithSAMLRequest withSAMLAssertion = new AssumeRoleWithSAMLRequest().withPrincipalArn(split2[1]).withRoleArn(split2[0]).withSAMLAssertion(str);
                    String name = Regions.DEFAULT_REGION.getName();
                    System.out.print("AWS Region (" + name + "): ");
                    String next5 = scanner.next();
                    if (next5.isEmpty() || next5.equals("-")) {
                        next5 = name;
                    }
                    AssumeRoleWithSAMLResult assumeRoleWithSAML = ((AWSSecurityTokenServiceClientBuilder) ((AWSSecurityTokenServiceClientBuilder) AWSSecurityTokenServiceClientBuilder.standard().withRegion(next5)).withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials("", "")))).build().assumeRoleWithSAML(withSAMLAssertion);
                    Credentials credentials = assumeRoleWithSAML.getCredentials();
                    AssumedRoleUser assumedRoleUser = assumeRoleWithSAML.getAssumedRoleUser();
                    System.out.println();
                    System.out.println("Assumed Role User: " + assumedRoleUser.getArn());
                    System.out.println("-----------------------------------------------------------------------");
                    System.out.println("| Success!                                                            |");
                    System.out.println("|                                                                     |");
                    System.out.println("| Temporary AWS Credentials Granted via OneLogin                      |");
                    System.out.println("|                                                                     |");
                    System.out.println("| Copy/Paste to set these as environment variables                    |");
                    System.out.println("-----------------------------------------------------------------------");
                    System.out.println();
                    System.out.println("export AWS_SESSION_TOKEN=" + credentials.getSessionToken());
                    System.out.println();
                    System.out.println("export AWS_ACCESS_KEY_ID=" + credentials.getAccessKeyId());
                    System.out.println();
                    System.out.println("export AWS_SECRET_ACCESS_KEY=" + credentials.getSecretAccessKey());
                    System.out.println();
                }
            } else {
                System.out.print("SAMLResponse from Identity Provider does not contain AWS Role info");
            }
        } finally {
            scanner.close();
        }
    }
}
