package com.palantir.foundry.sql.driver.config;

import com.palantir.foundry.sql.api.SerializationProtocol;
import com.palantir.foundry.sql.api.SqlDialect;
import com.palantir.foundry.sql.driver.auth.AuthMethod;
import com.palantir.foundry.sql.driver.clients.FixedProxySelector;
import com.palantir.foundry.sql.driver.config.ImmutableCommonDriverConfig;
import com.palantir.foundry.sql.driver.logging.DriverLoggerFactory;
import com.palantir.foundry.sql.windows.crypto.WinCrypto;
import com.palantir.logsafe.Arg;
import com.palantir.logsafe.DoNotLog;
import com.palantir.logsafe.Preconditions;
import com.palantir.logsafe.SafeArg;
import com.palantir.logsafe.UnsafeArg;
import com.palantir.logsafe.exceptions.SafeIllegalStateException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.sql.SQLException;
import java.sql.SQLInvalidAuthorizationSpecException;
import java.time.Duration;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import org.slf4j.Logger;
import shadow.palantir.driver.com.google.common.base.Strings;
import shadow.palantir.driver.com.palantir.conjure.java.api.config.service.BasicCredentials;
import shadow.palantir.driver.com.palantir.conjure.java.api.config.service.UserAgent;
import shadow.palantir.driver.com.palantir.conjure.java.api.config.ssl.SslConfiguration;
import shadow.palantir.driver.com.palantir.tokens.auth.AuthHeader;
import shadow.palantir.driver.com.palantir.tokens.auth.BearerToken;
import shadow.palantir.driver.org.apache.commons.lang3.StringUtils;
import shadow.palantir.driver.org.immutables.value.Value;

@DoNotLog
@Value.Immutable
/* loaded from: input_file:com/palantir/foundry/sql/driver/config/CommonDriverConfig.class */
public abstract class CommonDriverConfig {
    private static final Logger log = DriverLoggerFactory.getLogger(CommonDriverConfig.class);
    private static final byte[] APP_ENTROPY = "302324c34aa24bdfb6852bt2515a59b1".getBytes(StandardCharsets.US_ASCII);

    /* loaded from: input_file:com/palantir/foundry/sql/driver/config/CommonDriverConfig$Builder.class */
    public static final class Builder extends ImmutableCommonDriverConfig.Builder {
    }

    public abstract AuthMethod authMethod();

    public abstract SqlDialect sqlDialect();

    public abstract SerializationProtocol serializationProtocol();

    public abstract NetworkClientConfig networkClientConfig();

    public abstract Optional<String> restrictedTable();

    public abstract Optional<String> restrictedDataset();

    public abstract Optional<String> catalog();

    public abstract Optional<String> schema();

    public abstract Optional<String> branch();

    public abstract Optional<Duration> failOnReadDelay();

    @Value.Default
    public boolean reversedCatalogSchema() {
        return false;
    }

    @Value.Default
    public boolean enableStatementTracing() {
        return false;
    }

    @Value.Default
    public boolean reloadableStreams() {
        return false;
    }

    @Value.Derived
    public ClientApp clientApp() {
        return (ClientApp) networkClientConfig().clientAgent().map(agent -> {
            try {
                return (ClientApp) Enum.valueOf(ClientApp.class, agent.name().toUpperCase(Locale.ENGLISH));
            } catch (IllegalArgumentException e) {
                return ClientApp.UNKNOWN;
            }
        }).orElse(ClientApp.UNKNOWN);
    }

    public static CommonDriverConfig of(Map<String, String> map, String str, String str2, String str3) throws SQLException {
        log.info("Driver config keys that have been set: {}", UnsafeArg.of("properties", map.keySet()));
        Optional<String> param = getParam(map, CommonConstants.BRANCH_KEY, Strings::emptyToNull);
        SqlDialect sqlDialect = (SqlDialect) getParam(map, CommonConstants.SQL_DIALECT_KEY, SqlDialect::valueOf, CommonConstants.DEFAULT_DIALECT);
        SerializationProtocol serializationProtocol = (SerializationProtocol) getParam(map, CommonConstants.SERIALIZATION_PROTOCOL_KEY, SerializationProtocol::valueOf, CommonConstants.DEFAULT_SERIALIZATION_PROTOCOL);
        NetworkClientConfig buildNetworkConfig = buildNetworkConfig(str, str2, map);
        return builder().networkClientConfig(buildNetworkConfig).authMethod(buildTokenSupplier(map, str3)).restrictedTable(getParam(map, "table")).restrictedDataset(getParam(map, "dataset")).catalog(getParam(map, CommonConstants.CATALOG_KEY)).schema(getParam(map, CommonConstants.SCHEMA_KEY)).reversedCatalogSchema(getBooleanParam(map, CommonConstants.REVERSED_CATALOG_SCHEMA_KEY, false)).branch(param).sqlDialect(sqlDialect).serializationProtocol(serializationProtocol).failOnReadDelay(getParam(map, CommonConstants.FAIL_ON_READ_DELAY_SECONDS_KEY, str4 -> {
            return Duration.ofSeconds(Integer.parseInt(str4));
        })).enableStatementTracing(getBooleanParam(map, CommonConstants.STATEMENT_TRACING_KEY, false)).reloadableStreams(getBooleanParam(map, CommonConstants.RELOADABLE_STREAMS_KEY, false)).build();
    }

    private static NetworkClientConfig buildNetworkConfig(String str, String str2, Map<String, String> map) {
        String prependIfMissing = StringUtils.prependIfMissing(StringUtils.appendIfMissing(str, "/", new CharSequence[0]), "https://", new CharSequence[0]);
        Optional<? extends SslConfiguration> map2 = getParam(map, CommonConstants.TRUST_STORE_KEY, str3 -> {
            return Paths.get(str3, new String[0]);
        }).map(SslConfiguration::of);
        UserAgent.Agent of = UserAgent.Agent.of(str2, CommonConstants.DRIVER_VERSION.getValue());
        Optional<String> param = getParam(map, CommonConstants.CLIENT_AGENT_KEY);
        Optional<String> param2 = getParam(map, CommonConstants.CLIENT_AGENT_VERSION_KEY);
        Optional<U> map3 = param.map(str4 -> {
            return UserAgent.Agent.of(str4, (String) param2.orElse(UserAgent.Agent.DEFAULT_VERSION));
        });
        Optional<U> map4 = getParam(map, CommonConstants.PROXY_HOST_KEY).map(str5 -> {
            return buildProxySelector(str5, getParam(map, CommonConstants.PROXY_PORT_KEY).orElseThrow(() -> {
                return new SafeIllegalStateException("If proxyHost is set then proxyPort must also be set", new Arg[0]);
            }));
        });
        Optional<U> map5 = getParam(map, CommonConstants.PROXY_USERNAME_KEY).map(str6 -> {
            return BasicCredentials.of(str6, getParam(map, CommonConstants.PROXY_PASSWORD_KEY).orElseThrow(() -> {
                return new SafeIllegalStateException("If proxyUsername is set then proxyPassword must also be set", new Arg[0]);
            }));
        });
        boolean booleanValue = ((Boolean) getParam(map, CommonConstants.ENABLE_PROXY_AUTO_DETECT_KEY, Boolean::valueOf, true)).booleanValue();
        Optional<? extends Duration> param3 = getParam(map, CommonConstants.CONNECT_TIMEOUT, CommonDriverConfig::toDuration);
        Optional<? extends Duration> param4 = getParam(map, "readTimeout", CommonDriverConfig::toDuration);
        return NetworkClientConfig.builder().baseUrl(prependIfMissing).sslConfig(map2).driverAgent(of).clientAgent((Optional<? extends UserAgent.Agent>) map3).proxy((Optional<? extends ProxySelector>) map4).proxyCredentials((Optional<? extends BasicCredentials>) map5).enableProxyAutoDetect(booleanValue).connectTimeout(param3).readTimeout(param4).writeTimeout(getParam(map, "readTimeout", CommonDriverConfig::toDuration)).build();
    }

    @DoNotLog
    private static AuthMethod buildTokenSupplier(Map<String, String> map, String str) throws SQLException {
        String orElse = getParam(map, CommonConstants.AUTH_METHOD_KEY).orElse("");
        if (!orElse.equalsIgnoreCase(CommonConstants.OAUTH_FLOW_AUTH) && !orElse.equalsIgnoreCase(CommonConstants.CLIENT_CREDENTIALS_AUTH)) {
            AuthHeader authHeader = (AuthHeader) getParam(map, str).map(str2 -> {
                return AuthHeader.of(BearerToken.valueOf(str2));
            }).orElseThrow(() -> {
                return new SQLInvalidAuthorizationSpecException("Authentication token is not set");
            });
            validateTokenLength(authHeader);
            return AuthMethod.Token.of(authHeader);
        }
        Preconditions.checkState(!map.containsKey(str) || map.get(str).isEmpty(), "Token and OAuth cannot both be specified");
        String orElseThrow = getParam(map, CommonConstants.OAUTH_CLIENT_ID_KEY).orElseThrow(() -> {
            return new SQLException("Client ID must be specified if using OAuth");
        });
        Optional<String> param = getParam(map, CommonConstants.OAUTH_CLIENT_SECRET_KEY);
        if (orElse.equalsIgnoreCase(CommonConstants.OAUTH_FLOW_AUTH)) {
            return AuthMethod.OAuth.of(orElseThrow, param, ((Integer) getParam(map, CommonConstants.OAUTH_REDIRECT_PORT_KEY).map(Integer::valueOf).orElse(Integer.valueOf(CommonConstants.DEFAULT_REDIRECT_PORT))).intValue());
        }
        Preconditions.checkState(param.isPresent(), "Client secret is required for client credentials auth");
        return AuthMethod.ClientCredentials.of(orElseThrow, param.get());
    }

    private static void validateTokenLength(AuthHeader authHeader) {
        int length = authHeader.getBearerToken().getToken().length();
        if (length < 160) {
            log.error("Passed a token that has been shortened to length {} and is therefore invalid. This can occur when using client programs that truncate stored passwords, and it will result in a failure to authenticate.", SafeArg.of("tokenLength", Integer.valueOf(length)));
        } else {
            log.debug("Passed a token of length {}", SafeArg.of("tokenLength", Integer.valueOf(length)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ProxySelector buildProxySelector(String str, String str2) {
        return new FixedProxySelector(new Proxy(Proxy.Type.HTTP, InetSocketAddress.createUnresolved(str, Integer.parseInt(str2))));
    }

    private static boolean getBooleanParam(Map<String, String> map, String str, boolean z) {
        return ((Boolean) getParam(map, str, Boolean::parseBoolean, Boolean.valueOf(z))).booleanValue();
    }

    private static Optional<String> getParam(Map<String, String> map, String str) {
        return getParam(map, str, Function.identity());
    }

    private static <T> T getParam(Map<String, String> map, String str, Function<String, T> function, T t) {
        return (T) getParam(map, str, function).orElse(t);
    }

    private static <T> Optional<T> getParam(Map<String, String> map, String str, Function<String, T> function) {
        return Optional.ofNullable(map.get(str)).map(str2 -> {
            return WinCrypto.maybeDecrypt(str2, APP_ENTROPY);
        }).map(function);
    }

    private static Duration toDuration(String str) {
        return Duration.ofSeconds(Integer.valueOf(str).intValue());
    }

    public static Builder builder() {
        return new Builder();
    }
}
