package org.apache.flink.shaded.net.snowflake.client.util;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.JsonNode;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.node.ArrayNode;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.node.ObjectNode;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.fasterxml.jackson.databind.node.TextNode;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.microsoft.azure.storage.Constants;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONArray;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONObject;
import org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONStyle;

/* loaded from: input_file:org/apache/flink/shaded/net/snowflake/client/util/SecretDetector.class */
public class SecretDetector {
    private static final int MAX_LENGTH = 100000;
    private static final Pattern AWS_KEY_PATTERN = Pattern.compile("(aws_key_id|aws_secret_key|access_key_id|secret_access_key)(\\s*=\\s*)'([^']+)'", 2);
    private static final Pattern AWS_TOKEN_PATTERN = Pattern.compile("(accessToken|tempToken|keySecret)\"\\s*:\\s*\"([a-z0-9/+]{32,}={0,2})\"", 2);
    private static final Pattern SAS_TOKEN_PATTERN = Pattern.compile("(sig|signature|AWSAccessKeyId|password|passcode)=([a-z0-9%/+]{16,})", 2);
    private static final Pattern PASSWORD_PATTERN = Pattern.compile("(password|passcode|pwd)(['\"\\s:=]+)([a-z0-9!\"#$%&'\\()*+,-./:;<=>?@\\[\\]^_`\\{|\\}~]{6,})", 2);
    private static final Pattern PRIVATE_KEY_PATTERN = Pattern.compile("-----BEGIN PRIVATE KEY-----\\\\n([a-z0-9/+=\\\\n]{32,})\\\\n-----END PRIVATE KEY-----", 10);
    private static final Pattern PRIVATE_KEY_DATA_PATTERN = Pattern.compile("\"privateKeyData\": \"([a-z0-9/+=\\\\n]{10,})\"", 10);
    private static final Pattern CONNECTION_TOKEN_PATTERN = Pattern.compile("(token|assertion content)(['\"\\s:=]+)([a-z0-9=/_\\-+]{8,})", 2);
    private static String[] SENSITIVE_NAMES = {"access_key_id", "accesstoken", "aws_key_id", "aws_secret_key", "awsaccesskeyid", "keysecret", "passcode", "password", "privatekey", "privatekeydata", "secret_access_key", Constants.QueryConstants.SIGNATURE, "signature", "temptoken"};
    private static Set<String> SENSITIVE_NAME_SET = new HashSet(Arrays.asList(SENSITIVE_NAMES));

    /* loaded from: input_file:org/apache/flink/shaded/net/snowflake/client/util/SecretDetector$SecretDetectorJSONStyle.class */
    public static class SecretDetectorJSONStyle extends JSONStyle {
        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONStyle
        public void objectNext(Appendable appendable) throws IOException {
            appendable.append(", ");
        }

        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONStyle
        public void arrayStop(Appendable appendable) throws IOException {
            appendable.append("] ");
        }

        @Override // org.apache.flink.shaded.net.snowflake.client.jdbc.internal.net.minidev.json.JSONStyle
        public void arrayNextElm(Appendable appendable) throws IOException {
            appendable.append(", ");
        }
    }

    public static boolean isSensitive(String str) {
        return SENSITIVE_NAME_SET.contains(str.toLowerCase());
    }

    private static boolean isSensitiveParameter(String str) {
        return isSensitive(str) || Pattern.compile(".*?(password|pwd|token|proxyuser).*?", 2).matcher(str).matches();
    }

    public static String maskParameterValue(String str, String str2) {
        return isSensitiveParameter(str) ? "****" : str2;
    }

    private static String filterAWSKeys(String str) {
        Matcher matcher = AWS_KEY_PATTERN.matcher(str.length() <= 100000 ? str : str.substring(0, 100000));
        return matcher.find() ? matcher.replaceAll("$1$2'****'") : str;
    }

    private static String filterSASTokens(String str) {
        Matcher matcher = SAS_TOKEN_PATTERN.matcher(str.length() <= 100000 ? str : str.substring(0, 100000));
        return matcher.find() ? matcher.replaceAll("$1=****") : str;
    }

    private static String filterPassword(String str) {
        Matcher matcher = PASSWORD_PATTERN.matcher(str.length() <= 100000 ? str : str.substring(0, 100000));
        return matcher.find() ? matcher.replaceAll("$1$2**** ") : str;
    }

    private static String filterConnectionTokens(String str) {
        Matcher matcher = CONNECTION_TOKEN_PATTERN.matcher(str.length() <= 100000 ? str : str.substring(0, 100000));
        return matcher.find() ? matcher.replaceAll("$1$2****") : str;
    }

    public static String maskAWSSecret(String str) {
        return filterAWSKeys(str);
    }

    public static String maskSASToken(String str) {
        return filterSASTokens(str);
    }

    public static String maskSecrets(String str) {
        return filterAccessTokens(filterConnectionTokens(filterPassword(filterSASTokens(filterAWSKeys(str)))));
    }

    public static String filterAccessTokens(String str) {
        Matcher matcher = AWS_TOKEN_PATTERN.matcher(str);
        if (matcher.find()) {
            str = matcher.replaceAll("$1\":\"XXXX\"");
        }
        Matcher matcher2 = SAS_TOKEN_PATTERN.matcher(str);
        if (matcher2.find()) {
            str = matcher2.replaceAll("$1=XXXX");
        }
        Matcher matcher3 = PRIVATE_KEY_PATTERN.matcher(str);
        if (matcher3.find()) {
            str = matcher3.replaceAll("-----BEGIN PRIVATE KEY-----\\\\nXXXX\\\\n-----END PRIVATE KEY-----");
        }
        Matcher matcher4 = PRIVATE_KEY_DATA_PATTERN.matcher(str);
        if (matcher4.find()) {
            str = matcher4.replaceAll("\"privateKeyData\": \"XXXX\"");
        }
        return str;
    }

    public static JSONObject maskJsonObject(JSONObject jSONObject) {
        for (Map.Entry<String, Object> entry : jSONObject.entrySet()) {
            if (entry.getValue() instanceof String) {
                entry.setValue(maskSecrets((String) entry.getValue()));
            } else if (entry.getValue() instanceof JSONArray) {
                maskJsonArray((JSONArray) entry.getValue());
            } else if (entry.getValue() instanceof JSONObject) {
                maskJsonObject((JSONObject) entry.getValue());
            }
        }
        return jSONObject;
    }

    public static JSONArray maskJsonArray(JSONArray jSONArray) {
        for (int i = 0; i < jSONArray.size(); i++) {
            Object obj = jSONArray.get(i);
            if (obj instanceof JSONObject) {
                maskJsonObject((JSONObject) obj);
            } else if (obj instanceof JSONArray) {
                maskJsonArray((JSONArray) obj);
            } else if (obj instanceof String) {
                jSONArray.set(i, maskSecrets((String) obj));
            }
        }
        return jSONArray;
    }

    public static JsonNode maskJacksonNode(JsonNode jsonNode) {
        if (jsonNode.isTextual()) {
            String maskSecrets = maskSecrets(jsonNode.textValue());
            if (!maskSecrets.equals(jsonNode.textValue())) {
                return new TextNode(maskSecrets);
            }
        } else if (jsonNode.isObject()) {
            ObjectNode objectNode = (ObjectNode) jsonNode;
            Iterator<String> fieldNames = objectNode.fieldNames();
            while (fieldNames.hasNext()) {
                String next = fieldNames.next();
                JsonNode maskJacksonNode = maskJacksonNode(objectNode.get(next));
                if (objectNode.get(next).isTextual()) {
                    objectNode.set(next, maskJacksonNode);
                }
            }
        } else if (jsonNode.isArray()) {
            ArrayNode arrayNode = (ArrayNode) jsonNode;
            for (int i = 0; i < arrayNode.size(); i++) {
                JsonNode maskJacksonNode2 = maskJacksonNode(arrayNode.get(i));
                if (arrayNode.get(i).isTextual()) {
                    arrayNode.set(i, maskJacksonNode2);
                }
            }
        }
        return jsonNode;
    }
}
