package com.oracle.bmc.auth.internal;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.oracle.bmc.auth.exception.InstancePrincipalUnavailableException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.2.48.jar:com/oracle/bmc/auth/internal/AuthUtils.class */
public class AuthUtils {
    private static final Logger LOG = LoggerFactory.getLogger(AuthUtils.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();

    public static String getFingerPrint(X509Certificate x509Certificate) {
        Preconditions.checkNotNull(x509Certificate);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return formatStringWithSeparator(getHex(messageDigest.digest()));
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new Error(e.getMessage());
        }
    }

    private static String formatStringWithSeparator(String str) {
        int length = str.length();
        char[] cArr = new char[((length * 3) / 2) - 1];
        int i = 0;
        for (int i2 = 0; i2 < length - 2; i2 += 2) {
            int i3 = i;
            int i4 = i + 1;
            cArr[i3] = str.charAt(i2);
            int i5 = i4 + 1;
            cArr[i4] = str.charAt(i2 + 1);
            i = i5 + 1;
            cArr[i5] = ':';
        }
        cArr[i] = str.charAt(length - 2);
        cArr[i + 1] = str.charAt(length - 1);
        return String.valueOf(cArr);
    }

    private static String getHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    public static Optional<RSAPublicKey> toPublicKeyFromJson(String str) {
        Preconditions.checkArgument(!StringUtils.isBlank(str));
        Optional<JWK> jwk = toJwk(str);
        return !jwk.isPresent() ? Optional.absent() : toPublicKeyFromJwk(jwk.get());
    }

    public static Optional<JWK> toJwk(String str) {
        Preconditions.checkArgument(!StringUtils.isBlank(str));
        try {
            return Optional.of((JWK) OBJECT_MAPPER.readValue(str, JWK.class));
        } catch (IOException e) {
            LOG.debug("Exception reading or de-serializing jwk", e);
            return Optional.absent();
        }
    }

    public static Optional<RSAPublicKey> toPublicKeyFromJwk(JWK jwk) {
        Preconditions.checkNotNull(jwk);
        try {
            return Optional.of((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(jwk.getModulus())), new BigInteger(1, Base64.decodeBase64(jwk.getPublicExponent())))));
        } catch (Exception e) {
            LOG.debug("Failed to construct public key from JWK", e);
            return Optional.absent();
        }
    }

    public static byte[] toByteArrayFromRSAPrivateKey(RSAPrivateKey rSAPrivateKey) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(rSAPrivateKey);
                    jcaPEMWriter.flush();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return byteArrayOutputStream.toByteArray();
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Unable to write PEM object", e);
        }
    }

    public static String base64EncodeNoChunking(RSAPublicKey rSAPublicKey) {
        return new String(Base64.encodeBase64(rSAPublicKey.getEncoded(), false), StandardCharsets.UTF_8);
    }

    public static String base64EncodeNoChunking(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new String(Base64.encodeBase64(x509Certificate.getEncoded(), false), StandardCharsets.UTF_8);
    }

    public static String getTenantIdFromCertificate(X509Certificate x509Certificate) {
        Preconditions.checkNotNull(x509Certificate);
        for (RDN rdn : new X500Name(x509Certificate.getSubjectX500Principal().getName()).getRDNs(BCStyle.OU)) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                String obj = attributeTypeAndValue.getValue().toString();
                if (obj.startsWith("opc-tenant:")) {
                    return obj.substring("opc-tenant:".length());
                }
            }
        }
        throw new InstancePrincipalUnavailableException("The certificate does not contain tenant id.");
    }

    private AuthUtils() {
    }
}
