package com.onelogin.aws.assume.role.cli;

import ch.qos.logback.core.joran.action.Action;
import ch.qos.logback.core.joran.util.beans.BeanUtil;
import ch.qos.logback.core.rolling.helper.DateTokenConverter;
import ch.qos.logback.core.rolling.helper.IntegerTokenConverter;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfilesConfigFileWriter;
import com.amazonaws.auth.profile.internal.Profile;
import com.amazonaws.auth.profile.internal.ProfileKeyConstants;
import com.amazonaws.profile.path.AwsProfileFileLocationProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleWithSAMLResult;
import com.amazonaws.services.securitytoken.model.AssumedRoleUser;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.util.StringUtils;
import com.onelogin.saml2.authn.SamlResponse;
import com.onelogin.saml2.http.HttpRequest;
import com.onelogin.sdk.conn.Client;
import com.onelogin.sdk.model.Device;
import com.onelogin.sdk.model.MFA;
import com.onelogin.sdk.model.SAMLEndpointResponse;
import java.io.File;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
import java.util.concurrent.TimeUnit;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.oltu.oauth2.common.OAuth;

/* loaded from: input_file:com/onelogin/aws/assume/role/cli/OneloginAWSCLI.class */
public class OneloginAWSCLI {
    private static int time = 45;
    private static int loop = 1;
    private static String profileName = null;
    private static File file = null;
    private static String oneloginUsernameOrEmail = null;
    private static String appId = null;
    private static String oneloginDomain = null;
    private static String awsRegion = null;
    private static String ip = null;

    public static Boolean commandParser(String[] strArr) {
        String optionValue;
        String optionValue2;
        String optionValue3;
        String optionValue4;
        String optionValue5;
        String optionValue6;
        String optionValue7;
        DefaultParser defaultParser = new DefaultParser();
        Options buildOptions = buildOptions();
        try {
            CommandLine parse = defaultParser.parse(buildOptions, strArr);
            if (parse.hasOption("help")) {
                new HelpFormatter().printHelp("onelogin-aws-cli.jar [options]", buildOptions);
                System.out.println("");
                return false;
            }
            if (parse.hasOption("time")) {
                String optionValue8 = parse.getOptionValue("time");
                if (optionValue8 != null && !optionValue8.isEmpty()) {
                    time = Integer.parseInt(optionValue8);
                }
                if (time < 15) {
                    time = 15;
                }
                if (time > 60) {
                    time = 60;
                }
            }
            if (parse.hasOption("loop") && (optionValue7 = parse.getOptionValue("loop")) != null && !optionValue7.isEmpty()) {
                loop = Integer.parseInt(optionValue7);
            }
            if (parse.hasOption("profile")) {
                String optionValue9 = parse.getOptionValue("profile");
                if (optionValue9 == null || optionValue9.isEmpty()) {
                    profileName = "default";
                } else {
                    profileName = optionValue9;
                }
            }
            if (parse.hasOption(Action.FILE_ATTRIBUTE) && (optionValue6 = parse.getOptionValue(Action.FILE_ATTRIBUTE)) != null && !optionValue6.isEmpty()) {
                file = new File(optionValue6);
            }
            if (parse.hasOption(OAuth.OAUTH_USERNAME) && (optionValue5 = parse.getOptionValue(OAuth.OAUTH_USERNAME)) != null && !optionValue5.isEmpty()) {
                oneloginUsernameOrEmail = optionValue5;
            }
            if (parse.hasOption("subdomain") && (optionValue4 = parse.getOptionValue("subdomain")) != null && !optionValue4.isEmpty()) {
                oneloginDomain = optionValue4;
            }
            if (parse.hasOption("appid") && (optionValue3 = parse.getOptionValue("appid")) != null && !optionValue3.isEmpty()) {
                appId = optionValue3;
            }
            if (parse.hasOption(ProfileKeyConstants.REGION) && (optionValue2 = parse.getOptionValue(ProfileKeyConstants.REGION)) != null && !optionValue2.isEmpty()) {
                awsRegion = optionValue2;
            }
            if (parse.hasOption("ip") && (optionValue = parse.getOptionValue("ip")) != null && !optionValue.isEmpty()) {
                ip = optionValue;
            }
            return true;
        } catch (ParseException e) {
            System.err.println("Encountered exception while parsing" + e.getMessage());
            return false;
        }
    }

    public static Options buildOptions() {
        Options options = new Options();
        options.addOption("h", "help", false, "Show the help guide");
        options.addOption("t", "time", true, "Sleep time between iterations, in minutes  [15-60 min]");
        options.addOption("l", "loop", true, "Number of iterations");
        options.addOption("p", "profile", true, "Save temporary AWS credentials using that profile name");
        options.addOption("f", Action.FILE_ATTRIBUTE, true, "Set a custom path to save the AWS credentials. (if not used, default AWS path is used)");
        options.addOption("r", ProfileKeyConstants.REGION, true, "Set the AWS region.");
        options.addOption("a", "appid", true, "Set AWS App ID.");
        options.addOption(DateTokenConverter.CONVERTER_KEY, "subdomain", true, "Onelogin Instance Sub Domain.");
        options.addOption("u", OAuth.OAUTH_USERNAME, true, "Onelogin username.");
        options.addOption(IntegerTokenConverter.CONVERTER_KEY, "ip", true, "Set the IP Address to bypass MFA if the IP was whitelisted");
        return options;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void main(String[] strArr) throws Exception {
        System.out.println("\nOneLogin AWS Assume Role Tool\n");
        if (commandParser(strArr).booleanValue()) {
            Client client = new Client();
            client.getAccessToken();
            Scanner scanner = new Scanner(System.in);
            try {
                String str = null;
                Map map = null;
                String str2 = null;
                String str3 = null;
                String name = Regions.DEFAULT_REGION.getName();
                for (int i = 0; i < loop; i++) {
                    if (i == 0) {
                        System.out.print("OneLogin Username: ");
                        if (oneloginUsernameOrEmail == null) {
                            oneloginUsernameOrEmail = scanner.next();
                        } else {
                            System.out.println(oneloginUsernameOrEmail);
                        }
                        System.out.print("OneLogin Password: ");
                        try {
                            str = String.valueOf(System.console().readPassword());
                        } catch (Exception e) {
                            str = scanner.next();
                        }
                        System.out.print("AWS App ID: ");
                        if (appId == null) {
                            appId = scanner.next();
                        } else {
                            System.out.println(appId);
                        }
                        System.out.print("Onelogin Instance Sub Domain: ");
                        if (oneloginDomain == null) {
                            oneloginDomain = scanner.next();
                        } else {
                            System.out.println(oneloginDomain);
                        }
                        System.out.print("IP Address: ");
                        if (ip == null || ip.isEmpty()) {
                            scanner.skip("\n");
                            ip = scanner.nextLine();
                            ip = ip.replaceAll("\\s+", "");
                        } else {
                            System.out.println(ip);
                        }
                        if (ip.isEmpty() || ip.equals("\n")) {
                            ip = null;
                        }
                    } else {
                        TimeUnit.MINUTES.sleep(time);
                    }
                    Map<String, Object> samlResponse = getSamlResponse(client, scanner, oneloginUsernameOrEmail, str, appId, oneloginDomain, map, ip);
                    map = (Map) samlResponse.get("mfaVerifyInfo");
                    String str4 = (String) samlResponse.get("samlResponse");
                    if (i == 0) {
                        HashMap<String, List<String>> attributes = new SamlResponse(null, new HttpRequest("http://example.com").addParameter("SAMLResponse", str4)).getAttributes();
                        if (attributes.containsKey("https://aws.amazon.com/SAML/Attributes/Role")) {
                            String str5 = "";
                            List<String> list = attributes.get("https://aws.amazon.com/SAML/Attributes/Role");
                            if (list.size() == 1) {
                                String[] split = list.get(0).split(":");
                                System.out.println("Role selected: " + split[5].replace("role/", "") + " (Account " + split[4] + ")");
                                str5 = list.get(0);
                            } else if (list.size() > 1) {
                                System.out.println("\nAvailable AWS Roles");
                                System.out.println("-----------------------------------------------------------------------");
                                for (int i2 = 0; i2 < list.size(); i2++) {
                                    String[] split2 = list.get(i2).split(":");
                                    System.out.println(" " + i2 + " | " + split2[5].replace("role/", "") + " (Account " + split2[4] + ")");
                                }
                                System.out.println("-----------------------------------------------------------------------");
                                System.out.print("Select the desired Role [0-" + (list.size() - 1) + "]: ");
                                str5 = list.get(Integer.valueOf(scanner.next()).intValue());
                            } else {
                                System.out.print("SAMLResponse from Identity Provider does not contain available AWS Role for this user");
                                System.exit(0);
                            }
                            if (!str5.isEmpty()) {
                                String[] split3 = str5.split(StringUtils.COMMA_SEPARATOR);
                                str2 = split3[0];
                                str3 = split3[1];
                            }
                        } else {
                            System.out.print("SAMLResponse from Identity Provider does not contain AWS Role info");
                            System.exit(0);
                        }
                    }
                    AssumeRoleWithSAMLRequest withSAMLAssertion = new AssumeRoleWithSAMLRequest().withPrincipalArn(str3).withRoleArn(str2).withSAMLAssertion(str4);
                    if (i == 0) {
                        if (awsRegion == null) {
                            System.out.print("AWS Region (" + name + "): ");
                            awsRegion = scanner.next();
                            if (awsRegion.isEmpty() || awsRegion.equals(HelpFormatter.DEFAULT_OPT_PREFIX)) {
                                awsRegion = name;
                            }
                        } else {
                            System.out.print("AWS Region: " + awsRegion);
                        }
                    }
                    AssumeRoleWithSAMLResult assumeRoleWithSAML = ((AWSSecurityTokenServiceClientBuilder) ((AWSSecurityTokenServiceClientBuilder) AWSSecurityTokenServiceClientBuilder.standard().withRegion(awsRegion)).withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials("", "")))).build().assumeRoleWithSAML(withSAMLAssertion);
                    Credentials credentials = assumeRoleWithSAML.getCredentials();
                    AssumedRoleUser assumedRoleUser = assumeRoleWithSAML.getAssumedRoleUser();
                    if (profileName == null && file == null) {
                        String str6 = System.getProperty("os.name").toLowerCase().contains("win") ? BeanUtil.PREFIX_SETTER : "export";
                        System.out.println("\n-----------------------------------------------------------------------\n");
                        System.out.println("Success!\n");
                        System.out.println("Assumed Role User: " + assumedRoleUser.getArn() + "\n");
                        System.out.println("Temporary AWS Credentials Granted via OneLogin\n");
                        System.out.println("Copy/Paste to set these as environment variables\n");
                        System.out.println("-----------------------------------------------------------------------\n");
                        System.out.println(str6 + " AWS_SESSION_TOKEN=" + credentials.getSessionToken());
                        System.out.println();
                        System.out.println(str6 + " AWS_ACCESS_KEY_ID=" + credentials.getAccessKeyId());
                        System.out.println();
                        System.out.println(str6 + " AWS_SECRET_ACCESS_KEY=" + credentials.getSecretAccessKey());
                        System.out.println();
                    } else {
                        if (file == null) {
                            file = AwsProfileFileLocationProvider.DEFAULT_CREDENTIALS_LOCATION_PROVIDER.getLocation();
                        }
                        if (profileName == null) {
                            profileName = "default";
                        }
                        HashMap hashMap = new HashMap();
                        hashMap.put(ProfileKeyConstants.AWS_ACCESS_KEY_ID, credentials.getAccessKeyId());
                        hashMap.put(ProfileKeyConstants.AWS_SECRET_ACCESS_KEY, credentials.getSecretAccessKey());
                        hashMap.put(ProfileKeyConstants.AWS_SESSION_TOKEN, credentials.getSessionToken());
                        hashMap.put(ProfileKeyConstants.REGION, awsRegion);
                        ProfilesConfigFileWriter.modifyOneProfile(file, profileName, new Profile(profileName, hashMap, null));
                        System.out.println("\n-----------------------------------------------------------------------");
                        System.out.println("Success!\n");
                        System.out.println("Temporary AWS Credentials Granted via OneLogin\n");
                        System.out.println("Updated AWS profile '" + profileName + "' located at " + file.getAbsolutePath());
                        if (loop > i + 1) {
                            System.out.println("This process will regenerate credentials " + (loop - (i + 1)) + " more times.\n");
                            System.out.println("Press Ctrl + C to exit");
                        }
                    }
                }
            } finally {
                scanner.close();
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, Object> getSamlResponse(Client client, Scanner scanner, String str, String str2, String str3, String str4, Map<String, String> map, String str5) throws Exception {
        String str6;
        String str7;
        String str8;
        Integer valueOf;
        String str9 = null;
        Map hashMap = new HashMap();
        SAMLEndpointResponse sAMLAssertion = client.getSAMLAssertion(str, str2, str3, str4, str5);
        String type = sAMLAssertion.getType();
        while (true) {
            str6 = type;
            if (!str6.equals("pending")) {
                break;
            }
            TimeUnit.SECONDS.sleep(30L);
            sAMLAssertion = client.getSAMLAssertion(str, str2, str3, str4, str5);
            type = sAMLAssertion.getType();
        }
        if (str6.equals("success")) {
            if (sAMLAssertion.getMFA() != null) {
                MFA mfa = sAMLAssertion.getMFA();
                List<Device> devices = mfa.getDevices();
                if (map == null) {
                    System.out.println();
                    System.out.println("MFA Required");
                    System.out.println("Authenticate using one of these devices:");
                } else {
                    str9 = map.get("deviceId");
                    if (!checkDeviceExists(devices, Long.valueOf(Long.parseLong(str9))).booleanValue()) {
                        System.out.println();
                        System.out.println("The device selected with ID " + str9 + " is not available anymore");
                        System.out.println("Those are the devices available now:");
                        map = null;
                    }
                }
                if (map == null) {
                    System.out.println("-----------------------------------------------------------------------");
                    if (devices.size() == 1) {
                        valueOf = 0;
                    } else {
                        for (int i = 0; i < devices.size(); i++) {
                            System.out.println(" " + i + " | " + devices.get(i).getType());
                        }
                        System.out.println("-----------------------------------------------------------------------");
                        System.out.print("\nSelect the desired MFA Device [0-" + (devices.size() - 1) + "]: ");
                        valueOf = Integer.valueOf(scanner.next());
                    }
                    Device device = devices.get(valueOf.intValue());
                    str9 = Long.valueOf(device.getID()).toString();
                    System.out.print("Enter the OTP Token for " + device.getType() + ": ");
                    str7 = scanner.next();
                    str8 = mfa.getStateToken();
                    map = new HashMap();
                    map.put("otpToken", str7);
                    map.put("stateToken", str8);
                } else {
                    str7 = map.get("otpToken");
                    str8 = map.get("stateToken");
                }
                hashMap = verifyToken(client, scanner, str3, str9, str8, str7, map);
            } else {
                hashMap.put("samlResponse", sAMLAssertion.getSAMLResponse());
                hashMap.put("mfaVerifyInfo", map);
            }
        }
        return hashMap;
    }

    public static Map<String, Object> getSamlResponse(Client client, Scanner scanner, String str, String str2, String str3, String str4, Map<String, String> map) throws Exception {
        return getSamlResponse(client, scanner, str, str2, str3, str4, map, null);
    }

    public static Boolean checkDeviceExists(List<Device> list, Long l) {
        Iterator<Device> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getID() == l.longValue()) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, Object> verifyToken(Client client, Scanner scanner, String str, String str2, String str3, String str4, Map<String, String> map) {
        Map hashMap = new HashMap();
        try {
            SAMLEndpointResponse sAMLAssertionVerifying = client.getSAMLAssertionVerifying(str, str2, str3, str4, null);
            map.put("otpToken", str4);
            hashMap.put("samlResponse", sAMLAssertionVerifying.getSAMLResponse());
            hashMap.put("mfaVerifyInfo", map);
        } catch (Exception e) {
            System.out.print("The OTP Token was invalid, please introduce a new one: ");
            hashMap = verifyToken(client, scanner, str, str2, str3, scanner.next(), map);
        }
        return hashMap;
    }
}
