package net.snowflake.client.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.snowflake.client.jdbc.internal.microsoft.azure.storage.Constants;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

/* loaded from: input_file:net/snowflake/client/util/SecretDetector.class */
public class SecretDetector {
    private static final int LOOK_AHEAD = 10;
    private static final int MAX_LENGTH = 100000;
    private static final Pattern GENERIC_CREDS_PATTERN = Pattern.compile("([a-z0-9+/%]{18,})", 2);
    private static final Pattern AWS_KEY_PATTERN = Pattern.compile("(aws_key_id)|(aws_secret_key)|(access_key_id)|(secret_access_key)", 2);
    private static final Pattern AWS_TOKEN_PATTERN = Pattern.compile("(accessToken|tempToken|keySecret)\"\\s*:\\s*\"([a-z0-9/+]{32,}={0,2})\"", 2);
    private static final Pattern SAS_TOKEN_PATTERN = Pattern.compile("(sig|signature|AWSAccessKeyId|password|passcode)=(?<secret>[a-z0-9%/+]{16,})", 2);
    private static final Pattern PASSWORD_KEY_PATTERN = Pattern.compile("(password|passcode)=", 2);
    private static final Pattern PRIVATE_KEY_PATTERN = Pattern.compile("-----BEGIN PRIVATE KEY-----\\\\n([a-z0-9/+=\\\\n]{32,})\\\\n-----END PRIVATE KEY-----", 10);
    private static final Pattern PRIVATE_KEY_DATA_PATTERN = Pattern.compile("\"privateKeyData\": \"([a-z0-9/+=\\\\n]{10,})\"", 10);
    private static final SFLogger LOGGER = SFLoggerFactory.getLogger(SecretDetector.class);
    private static String[] SENSITIVE_NAMES = {"access_key_id", "accesstoken", "aws_key_id", "aws_secret_key", "awsaccesskeyid", "keysecret", "passcode", "password", "privatekey", "privatekeydata", "secret_access_key", Constants.QueryConstants.SIGNATURE, "signature", "temptoken"};
    private static Set<String> SENSITIVE_NAME_SET = new HashSet(Arrays.asList(SENSITIVE_NAMES));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/snowflake/client/util/SecretDetector$SecretRange.class */
    public static class SecretRange {
        final int beginPos;
        final int endPos;

        SecretRange(int i, int i2) {
            this.beginPos = i;
            this.endPos = i2;
        }
    }

    public static boolean isSensitive(String str) {
        return SENSITIVE_NAME_SET.contains(str.toLowerCase());
    }

    private static List<SecretRange> getAWSSecretPos(String str) {
        LOGGER.debug("pre-regex getAWSSecretPos");
        Matcher matcher = AWS_KEY_PATTERN.matcher(str);
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            int min = Math.min(matcher.end() + 10, str.length());
            while (min > 0 && min < str.length() && isBase64(str.charAt(min))) {
                min--;
            }
            int min2 = Math.min(matcher.end() + 10, str.length());
            while (min2 < str.length() && isBase64(str.charAt(min2))) {
                min2++;
            }
            if (min < str.length() && min2 <= str.length() && min >= 0 && min2 >= 0) {
                arrayList.add(new SecretRange(min + 1, min2));
            }
        }
        LOGGER.debug("post-regex getAWSSecretPos");
        return arrayList;
    }

    private static List<SecretRange> getGenericSecretPos(String str) {
        LOGGER.debug("pre-regex getGenericSecretPos");
        Matcher matcher = GENERIC_CREDS_PATTERN.matcher(str.length() <= MAX_LENGTH ? str : str.substring(0, MAX_LENGTH));
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            arrayList.add(new SecretRange(matcher.start(), matcher.end()));
        }
        LOGGER.debug("post-regex getGenericSecretPos");
        return arrayList;
    }

    private static List<SecretRange> getSASTokenPos(String str) {
        LOGGER.debug("pre-regex getSASTokenPos");
        Matcher matcher = SAS_TOKEN_PATTERN.matcher(str.length() <= MAX_LENGTH ? str : str.substring(0, MAX_LENGTH));
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            arrayList.add(new SecretRange(matcher.start("secret"), matcher.end("secret")));
        }
        LOGGER.debug("post-regex getSASTokenPos");
        return arrayList;
    }

    private static List<SecretRange> getPasswordPos(String str) {
        LOGGER.debug("pre-regex getPasswordPos");
        Matcher matcher = PASSWORD_KEY_PATTERN.matcher(str.length() <= MAX_LENGTH ? str : str.substring(0, MAX_LENGTH));
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            int end = matcher.end();
            int i = end + 1;
            while (i < str.length() && str.charAt(i) != '&' && str.charAt(i) != '\"') {
                i++;
            }
            arrayList.add(new SecretRange(end, i));
        }
        LOGGER.debug("post-regex getPasswordPos");
        return arrayList;
    }

    private static boolean isBase64(char c) {
        return ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z') || (('0' <= c && c <= '9') || c == '+' || c == '/' || c == '=');
    }

    public static String maskAWSSecret(String str) {
        return maskText(str, getAWSSecretPos(str));
    }

    public static String maskSASToken(String str) {
        return maskText(str, getSASTokenPos(str));
    }

    public static String maskSecrets(String str) {
        List<SecretRange> aWSSecretPos = getAWSSecretPos(str);
        aWSSecretPos.addAll(getAWSSecretPos(str));
        aWSSecretPos.addAll(getSASTokenPos(str));
        aWSSecretPos.addAll(getPasswordPos(str));
        return filterAccessTokens(maskText(str, aWSSecretPos));
    }

    private static String maskText(String str, List<SecretRange> list) {
        if (list.isEmpty()) {
            return str;
        }
        char[] charArray = str.toCharArray();
        for (SecretRange secretRange : list) {
            int i = secretRange.beginPos;
            int i2 = secretRange.endPos;
            for (int i3 = i; i3 < i2; i3++) {
                charArray[i3] = 9786;
            }
        }
        return String.valueOf(charArray);
    }

    public static String filterAccessTokens(String str) {
        Matcher matcher = AWS_TOKEN_PATTERN.matcher(str);
        if (matcher.find()) {
            str = matcher.replaceAll("$1\":\"XXXX\"");
        }
        Matcher matcher2 = SAS_TOKEN_PATTERN.matcher(str);
        if (matcher2.find()) {
            str = matcher2.replaceAll("sig=XXXX");
        }
        Matcher matcher3 = PRIVATE_KEY_PATTERN.matcher(str);
        if (matcher3.find()) {
            str = matcher3.replaceAll("-----BEGIN PRIVATE KEY-----\\\\nXXXX\\\\n-----END PRIVATE KEY-----");
        }
        Matcher matcher4 = PRIVATE_KEY_DATA_PATTERN.matcher(str);
        if (matcher4.find()) {
            str = matcher4.replaceAll("\"privateKeyData\": \"XXXX\"");
        }
        return str;
    }
}
