package io.trino.plugin.password.salesforce;

import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.collect.ImmutableSet;
import com.google.common.escape.Escaper;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.common.xml.XmlEscapers;
import com.google.inject.Inject;
import io.airlift.http.client.HttpClient;
import io.airlift.http.client.Request;
import io.airlift.http.client.StaticBodyGenerator;
import io.airlift.http.client.StringResponseHandler;
import io.airlift.log.Logger;
import io.trino.collect.cache.NonEvictableLoadingCache;
import io.trino.collect.cache.SafeCaches;
import io.trino.plugin.password.Credential;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.PasswordAuthenticator;
import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:io/trino/plugin/password/salesforce/SalesforceBasicAuthenticator.class */
public class SalesforceBasicAuthenticator implements PasswordAuthenticator {
    private static final Logger log = Logger.get(SalesforceBasicAuthenticator.class);
    private final Set<String> allowedOrganizations;
    private final HttpClient httpClient;
    private final NonEvictableLoadingCache<Credential, Principal> userCache;

    @Inject
    public SalesforceBasicAuthenticator(SalesforceConfig salesforceConfig, @SalesforceAuthenticationClient HttpClient httpClient) {
        this.allowedOrganizations = ImmutableSet.copyOf(salesforceConfig.getOrgSet());
        this.httpClient = (HttpClient) Objects.requireNonNull(httpClient, "httpClient is null");
        this.userCache = SafeCaches.buildNonEvictableCache(CacheBuilder.newBuilder().maximumSize(salesforceConfig.getCacheSize()).expireAfterWrite(salesforceConfig.getCacheExpireDuration().toMillis(), TimeUnit.MILLISECONDS), CacheLoader.from(this::doLogin));
    }

    public Principal createAuthenticatedPrincipal(String str, String str2) {
        try {
            return (Principal) this.userCache.getUnchecked(new Credential(str, str2));
        } catch (UncheckedExecutionException e) {
            Throwables.throwIfInstanceOf(e.getCause(), AccessDeniedException.class);
            throw e;
        }
    }

    private Principal doLogin(Credential credential) {
        log.debug("Logging into Salesforce.");
        String user = credential.getUser();
        String password = credential.getPassword();
        Escaper xmlContentEscaper = XmlEscapers.xmlContentEscaper();
        StringResponseHandler.StringResponse stringResponse = (StringResponseHandler.StringResponse) this.httpClient.execute(new Request.Builder().setUri(URI.create("https://login.salesforce.com/services/Soap/u/" + "46.0")).setHeader("Content-Type", "text/xml;charset=UTF-8").setHeader("SOAPAction", "login").setMethod("POST").setBodyGenerator(StaticBodyGenerator.createStaticBodyGenerator(String.format("<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<env:Envelope xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"\nxmlns:urn=\"urn:enterprise.soap.sforce.com\"\n   xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n   xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <env:Header>\n     <urn:CallOptions>\n       <urn:client>presto</urn:client>\n     </urn:CallOptions>\n </env:Header>\n <env:Body>\n   <n1:login xmlns:n1=\"urn:partner.soap.sforce.com\">\n     <n1:username>%s</n1:username>\n     <n1:password>%s</n1:password>\n   </n1:login>\n </env:Body>\n</env:Envelope>\n", xmlContentEscaper.escape(user), xmlContentEscaper.escape(password)), StandardCharsets.UTF_8)).build(), StringResponseHandler.createStringResponseHandler());
        if (stringResponse.getStatusCode() != 200) {
            throw new AccessDeniedException(String.format("Invalid response for login\n.%s", stringResponse.getBody()));
        }
        try {
            Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(new StringReader(stringResponse.getBody())));
            getElementValue(parse, "sessionId");
            String elementValue = getElementValue(parse, "organizationId");
            if (this.allowedOrganizations.equals(ImmutableSet.of("all")) || this.allowedOrganizations.contains(elementValue.toLowerCase(Locale.US))) {
                return new BasicPrincipal(user);
            }
            throw new AccessDeniedException(String.format("Login successful, but for wrong Salesforce org.  Got %s, but expected a different org.", elementValue));
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new RuntimeException(String.format("Error parsing response: %s\n\tReceived error message: %s", stringResponse.getBody(), e.getMessage()));
        }
    }

    private static String getElementValue(Document document, String str) {
        NodeList elementsByTagName = document.getElementsByTagName(str);
        if (elementsByTagName.getLength() == 0) {
            throw new RuntimeException(String.format("Salesforce login response does not contain a '%s' entry", str));
        }
        if (elementsByTagName.getLength() > 1) {
            throw new RuntimeException(String.format("Salesforce login response contains multiple '%s' entries", str));
        }
        String emptyToNull = Strings.emptyToNull(elementsByTagName.item(0).getTextContent());
        if (emptyToNull == null) {
            throw new RuntimeException(String.format("Salesforce login response contains an empty '%s' entry", str));
        }
        return emptyToNull;
    }
}
