package com.oracle.bmc.auth.internal;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.oracle.bmc.auth.ProvidesConfigurableRefresh;
import com.oracle.bmc.auth.SessionKeySupplier;
import com.oracle.bmc.auth.X509CertificateSupplier;
import com.oracle.bmc.circuitbreaker.CircuitBreakerConfiguration;
import com.oracle.bmc.circuitbreaker.OciCircuitBreaker;
import com.oracle.bmc.http.ClientConfigurator;
import com.oracle.bmc.http.Priorities;
import com.oracle.bmc.http.client.HttpClient;
import com.oracle.bmc.http.client.HttpProvider;
import com.oracle.bmc.http.client.Method;
import com.oracle.bmc.http.client.StandardClientProperties;
import com.oracle.bmc.http.internal.AuthnClientFilter;
import com.oracle.bmc.http.internal.CircuitBreakerHelper;
import com.oracle.bmc.http.internal.ClientCall;
import com.oracle.bmc.http.internal.ClientIdFilter;
import com.oracle.bmc.http.internal.LogHeadersFilter;
import com.oracle.bmc.http.signing.SigningStrategy;
import com.oracle.bmc.http.signing.internal.KeySupplier;
import com.oracle.bmc.http.signing.internal.RequestSignerImpl;
import com.oracle.bmc.model.BmcException;
import com.oracle.bmc.requests.BmcRequest;
import com.oracle.bmc.responses.BmcResponse;
import com.oracle.bmc.retrier.RetryConfiguration;
import com.oracle.bmc.util.internal.Validate;
import com.oracle.bmc.waiter.FixedTimeDelayStrategy;
import com.oracle.bmc.waiter.MaxAttemptsTerminationStrategy;
import java.net.URI;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Duration;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.Immutable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient.class */
public class X509FederationClient implements FederationClient, ProvidesConfigurableRefresh {
    private static final String DEFAULT_PURPOSE = "DEFAULT";
    private static final String DEFAULT_FINGERPRINT = "SHA256";
    private final X509CertificateSupplier leafCertificateSupplier;
    private String tenancyId;
    private final Set<X509CertificateSupplier> intermediateCertificateSuppliers;
    private final SessionKeySupplier sessionKeySupplier;
    private final String purpose;
    private final HttpClient httpClient;
    private final ClientConfigurator clientConfigurator;
    private final List<ClientConfigurator> additionalClientConfigurators;
    private final OciCircuitBreaker circuitBreaker;
    private volatile SecurityTokenAdapter securityTokenAdapter;
    private static final RetryConfiguration RETRY_CONFIGURATION = RetryConfiguration.builder().delayStrategy(new FixedTimeDelayStrategy(250)).terminationStrategy(new MaxAttemptsTerminationStrategy(5)).build();
    private static final Logger LOG = LoggerFactory.getLogger(X509FederationClient.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient$FederationRequestWrapper.class */
    public static class FederationRequestWrapper extends BmcRequest<X509FederationRequest> {
        private final X509FederationRequest request;

        FederationRequestWrapper(X509FederationRequest x509FederationRequest) {
            this.request = x509FederationRequest;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.oracle.bmc.requests.BmcRequest
        public X509FederationRequest getBody$() {
            return this.request;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient$FederationResponseWrapper.class */
    public static class FederationResponseWrapper extends BmcResponse {
        final SecurityToken token;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient$FederationResponseWrapper$Builder.class */
        public static class Builder implements BmcResponse.Builder<FederationResponseWrapper> {
            private int status;
            private Map<String, List<String>> headers;
            SecurityToken token;

            /* JADX INFO: Access modifiers changed from: package-private */
            public Builder() {
            }

            private Builder(FederationResponseWrapper federationResponseWrapper) {
                this.status = federationResponseWrapper.get__httpStatusCode__();
                this.token = federationResponseWrapper.token;
            }

            @Override // com.oracle.bmc.responses.BmcResponse.Builder
            public BmcResponse.Builder<FederationResponseWrapper> __httpStatusCode__(int i) {
                this.status = i;
                return this;
            }

            @Override // com.oracle.bmc.responses.BmcResponse.Builder
            public BmcResponse.Builder<FederationResponseWrapper> headers(Map<String, List<String>> map) {
                this.headers = map;
                return this;
            }

            @Override // com.oracle.bmc.responses.BmcResponse.Builder
            public BmcResponse.Builder<FederationResponseWrapper> copy(FederationResponseWrapper federationResponseWrapper) {
                return new Builder(federationResponseWrapper);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.oracle.bmc.responses.BmcResponse.Builder
            public FederationResponseWrapper build() {
                return new FederationResponseWrapper(this.status, this.token);
            }
        }

        FederationResponseWrapper(int i, SecurityToken securityToken) {
            super(i);
            this.token = securityToken;
        }
    }

    /* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient$SecurityToken.class */
    public static class SecurityToken {
        private String token;

        public SecurityToken(@JsonProperty("token") String str) {
            this.token = str;
        }

        public String getToken() {
            return this.token;
        }
    }

    @JsonInclude(JsonInclude.Include.NON_NULL)
    @Immutable
    /* loaded from: input_file:com/oracle/bmc/auth/internal/X509FederationClient$X509FederationRequest.class */
    public static class X509FederationRequest {
        private final Set<String> intermediateCertificates;
        private final String certificate;
        private final String publicKey;
        private final String purpose;
        private final String fingerprintAlgorithm;

        public X509FederationRequest(String str, String str2, Set<String> set, String str3, String str4) {
            this.certificate = (String) Validate.notNull(str2, "certificate must not be null", new Object[0]);
            this.publicKey = (String) Validate.notNull(str, "publicKey must not be null", new Object[0]);
            this.intermediateCertificates = set;
            this.purpose = str3;
            this.fingerprintAlgorithm = str4;
        }

        public Set<String> getIntermediateCertificates() {
            return this.intermediateCertificates;
        }

        public String getCertificate() {
            return this.certificate;
        }

        public String getPublicKey() {
            return this.publicKey;
        }

        public String getPurpose() {
            return this.purpose;
        }

        public String getFingerprintAlgorithm() {
            return this.fingerprintAlgorithm;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof X509FederationRequest)) {
                return false;
            }
            X509FederationRequest x509FederationRequest = (X509FederationRequest) obj;
            if (!x509FederationRequest.canEqual(this)) {
                return false;
            }
            Set<String> intermediateCertificates = getIntermediateCertificates();
            Set<String> intermediateCertificates2 = x509FederationRequest.getIntermediateCertificates();
            if (intermediateCertificates == null) {
                if (intermediateCertificates2 != null) {
                    return false;
                }
            } else if (!intermediateCertificates.equals(intermediateCertificates2)) {
                return false;
            }
            String certificate = getCertificate();
            String certificate2 = x509FederationRequest.getCertificate();
            if (certificate == null) {
                if (certificate2 != null) {
                    return false;
                }
            } else if (!certificate.equals(certificate2)) {
                return false;
            }
            String publicKey = getPublicKey();
            String publicKey2 = x509FederationRequest.getPublicKey();
            if (publicKey == null) {
                if (publicKey2 != null) {
                    return false;
                }
            } else if (!publicKey.equals(publicKey2)) {
                return false;
            }
            String purpose = getPurpose();
            String purpose2 = x509FederationRequest.getPurpose();
            if (purpose == null) {
                if (purpose2 != null) {
                    return false;
                }
            } else if (!purpose.equals(purpose2)) {
                return false;
            }
            String fingerprintAlgorithm = getFingerprintAlgorithm();
            String fingerprintAlgorithm2 = x509FederationRequest.getFingerprintAlgorithm();
            return fingerprintAlgorithm == null ? fingerprintAlgorithm2 == null : fingerprintAlgorithm.equals(fingerprintAlgorithm2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof X509FederationRequest;
        }

        public int hashCode() {
            Set<String> intermediateCertificates = getIntermediateCertificates();
            int hashCode = (1 * 59) + (intermediateCertificates == null ? 43 : intermediateCertificates.hashCode());
            String certificate = getCertificate();
            int hashCode2 = (hashCode * 59) + (certificate == null ? 43 : certificate.hashCode());
            String publicKey = getPublicKey();
            int hashCode3 = (hashCode2 * 59) + (publicKey == null ? 43 : publicKey.hashCode());
            String purpose = getPurpose();
            int hashCode4 = (hashCode3 * 59) + (purpose == null ? 43 : purpose.hashCode());
            String fingerprintAlgorithm = getFingerprintAlgorithm();
            return (hashCode4 * 59) + (fingerprintAlgorithm == null ? 43 : fingerprintAlgorithm.hashCode());
        }
    }

    public X509FederationClient(String str, String str2, X509CertificateSupplier x509CertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> set, ClientConfigurator clientConfigurator, List<ClientConfigurator> list, CircuitBreakerConfiguration circuitBreakerConfiguration) {
        this(str, str2, x509CertificateSupplier, sessionKeySupplier, set, clientConfigurator, list, circuitBreakerConfiguration, DEFAULT_PURPOSE);
    }

    public X509FederationClient(String str, final String str2, final X509CertificateSupplier x509CertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> set, ClientConfigurator clientConfigurator, List<ClientConfigurator> list, CircuitBreakerConfiguration circuitBreakerConfiguration, String str3) {
        this.securityTokenAdapter = null;
        this.leafCertificateSupplier = (X509CertificateSupplier) Validate.notNull(x509CertificateSupplier, "leafCertificateSupplier must not be null", new Object[0]);
        this.sessionKeySupplier = (SessionKeySupplier) Validate.notNull(sessionKeySupplier, "sessionKeySupplier must not be null", new Object[0]);
        this.intermediateCertificateSuppliers = set;
        this.tenancyId = (String) Validate.notNull(str2, "tenancyId must not be null", new Object[0]);
        this.securityTokenAdapter = new SecurityTokenAdapter(null, sessionKeySupplier);
        this.purpose = (String) Validate.notNull(str3, "purpose must not be null", new Object[0]);
        this.clientConfigurator = clientConfigurator;
        this.additionalClientConfigurators = list;
        this.httpClient = HttpProvider.getDefault().newBuilder().baseUri(URI.create(str)).property(StandardClientProperties.ASYNC_POOL_SIZE, 1).registerRequestInterceptor(Priorities.AUTHENTICATION, new AuthnClientFilter(new RequestSignerImpl(new KeySupplier<RSAPrivateKey>() { // from class: com.oracle.bmc.auth.internal.X509FederationClient.1
            @Override // com.oracle.bmc.http.signing.internal.KeySupplier
            @Nonnull
            public Optional<RSAPrivateKey> supplyKey(@Nonnull String str4) {
                RSAPrivateKey privateKey = x509CertificateSupplier.getCertificateAndKeyPair().getPrivateKey();
                if (privateKey instanceof RSAPrivateKey) {
                    return Optional.of(privateKey);
                }
                throw new IllegalArgumentException("Private key was not an RSA private key: " + privateKey.getClass().getSimpleName());
            }
        }, SigningStrategy.STANDARD, new Supplier<String>() { // from class: com.oracle.bmc.auth.internal.X509FederationClient.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public String get() {
                return X509FederationClient.keyIdForX509Request(str2, x509CertificateSupplier.getCertificateAndKeyPair().getCertificate());
            }
        }), Collections.emptyMap())).registerRequestInterceptor(Priorities.HEADER_DECORATOR, new ClientIdFilter()).registerRequestInterceptor(Priorities.USER, new LogHeadersFilter()).build();
        this.circuitBreaker = CircuitBreakerHelper.makeCircuitBreaker(this.httpClient, circuitBreakerConfiguration);
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String getSecurityToken() {
        return this.securityTokenAdapter.isValid() ? this.securityTokenAdapter.getSecurityToken() : refreshAndGetSecurityTokenInner(true, Optional.empty());
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String getStringClaim(String str) {
        refreshAndGetSecurityTokenInner(true, Optional.empty());
        return this.securityTokenAdapter.getStringClaim(str);
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String refreshAndGetSecurityToken() {
        return refreshAndGetSecurityTokenInner(false, Optional.empty());
    }

    /* JADX WARN: Code restructure failed: missing block: B:53:0x0024, code lost:
    
        if (r7.securityTokenAdapter.isValid() == false) goto L13;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String refreshAndGetSecurityTokenInner(boolean r8, java.util.Optional<java.time.Duration> r9) {
        /*
            Method dump skipped, instructions count: 258
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.oracle.bmc.auth.internal.X509FederationClient.refreshAndGetSecurityTokenInner(boolean, java.util.Optional):java.lang.String");
    }

    private SecurityTokenAdapter getSecurityTokenFromServer() {
        LOG.info("Getting security token from the auth server");
        KeyPair keyPair = this.sessionKeySupplier.getKeyPair();
        if (keyPair == null) {
            throw new IllegalStateException("Keypair for session was not provided");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("Public key is not present");
        }
        X509CertificateSupplier.CertificateAndPrivateKeyPair certificateAndKeyPair = this.leafCertificateSupplier.getCertificateAndKeyPair();
        if (certificateAndKeyPair == null) {
            throw new IllegalArgumentException("Certificate and key pair are not present");
        }
        X509Certificate certificate = certificateAndKeyPair.getCertificate();
        if (certificate == null) {
            throw new IllegalArgumentException("Leaf certificate is not present");
        }
        if (certificateAndKeyPair.getPrivateKey() == null) {
            throw new IllegalArgumentException("Leaf certificate's private key is not present");
        }
        try {
            HashSet hashSet = null;
            if (this.intermediateCertificateSuppliers != null && this.intermediateCertificateSuppliers.size() > 0) {
                LOG.debug("Intermediate certificate(s) were supplied");
                hashSet = new HashSet();
                Iterator<X509CertificateSupplier> it = this.intermediateCertificateSuppliers.iterator();
                while (it.hasNext()) {
                    X509CertificateSupplier.CertificateAndPrivateKeyPair certificateAndKeyPair2 = it.next().getCertificateAndKeyPair();
                    if (certificateAndKeyPair2 != null && certificateAndKeyPair2.getCertificate() != null) {
                        hashSet.add(AuthUtils.base64EncodeNoChunking(certificateAndKeyPair2.getCertificate()));
                    }
                }
            }
            return new SecurityTokenAdapter(((FederationResponseWrapper) ClientCall.builder(this.httpClient, new FederationRequestWrapper(new X509FederationRequest(AuthUtils.base64EncodeNoChunking(rSAPublicKey), AuthUtils.base64EncodeNoChunking(certificate), hashSet, this.purpose, DEFAULT_FINGERPRINT)), FederationResponseWrapper.Builder::new).method(Method.POST).logger(LOG, "X509FederationClient").appendPathPart("v1").appendPathPart("x509").handleBody(SecurityToken.class, (builder, securityToken) -> {
                builder.token = securityToken;
            }).retryConfiguration(RETRY_CONFIGURATION).clientConfigurator(this.clientConfigurator).circuitBreaker(this.circuitBreaker).accept("*/*").hasBody().callSync()).token.getToken(), this.sessionKeySupplier);
        } catch (BmcException e) {
            throw e;
        } catch (CertificateException e2) {
            LOG.info("Failed to get encoded x509 certificate");
            throw new IllegalArgumentException("Failed to get encoded x509 certificate", e2);
        }
    }

    @Override // com.oracle.bmc.auth.ProvidesConfigurableRefresh
    public String refreshAndGetSecurityTokenIfExpiringWithin(Duration duration) {
        return refreshAndGetSecurityTokenInner(true, Optional.of(duration));
    }

    public X509CertificateSupplier getLeafCertificateSupplier() {
        return this.leafCertificateSupplier;
    }

    public String getTenancyId() {
        return this.tenancyId;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String keyIdForX509Request(String str, X509Certificate x509Certificate) {
        return String.format("%s/fed-x509-sha256/%s", str, AuthUtils.getFingerPrint(x509Certificate));
    }
}
