package com.oracle.bmc.auth;

import com.google.common.base.Optional;
import com.google.common.collect.ImmutableMap;
import com.oracle.bmc.InternalSdk;
import com.oracle.bmc.Realm;
import com.oracle.bmc.Region;
import com.oracle.bmc.Service;
import com.oracle.bmc.Services;
import com.oracle.bmc.auth.AbstractAuthenticationDetailsProvider;
import com.oracle.bmc.auth.AbstractFederationClientAuthenticationDetailsProviderBuilder;
import com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider;
import com.oracle.bmc.auth.URLBasedX509CertificateSupplier;
import com.oracle.bmc.auth.internal.AuthUtils;
import com.oracle.bmc.auth.internal.FederationClient;
import com.oracle.bmc.auth.internal.X509FederationClient;
import com.oracle.bmc.circuitbreaker.CircuitBreakerConfiguration;
import com.oracle.bmc.util.CircuitBreakerUtils;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashSet;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InternalSdk
/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.26.0.jar:com/oracle/bmc/auth/AbstractFederationClientAuthenticationDetailsProviderBuilder.class */
public abstract class AbstractFederationClientAuthenticationDetailsProviderBuilder<B extends AbstractFederationClientAuthenticationDetailsProviderBuilder<B, P>, P extends AbstractAuthenticationDetailsProvider> extends AbstractRequestingAuthenticationDetailsProvider.Builder<B> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractFederationClientAuthenticationDetailsProviderBuilder.class);
    protected static final Service SERVICE = Services.serviceBuilder().serviceName("AUTH").serviceEndpointPrefix("auth").build();
    protected static final String METADATA_SERVICE_BASE_URL = "http://169.254.169.254/opc/v2/";
    protected static final String FALLBACK_METADATA_SERVICE_URL = "http://169.254.169.254/opc/v1/";
    private static final String AUTHORIZATION_HEADER_VALUE = "Bearer Oracle";
    protected String federationEndpoint;
    protected X509CertificateSupplier leafCertificateSupplier;
    protected String tenancyId;
    private CircuitBreakerConfiguration circuitBreakerConfiguration;
    protected volatile String metadataBaseUrl = METADATA_SERVICE_BASE_URL;
    private volatile boolean wasFallbackCheckExecuted = false;
    private String purpose = null;
    protected Region region = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.26.0.jar:com/oracle/bmc/auth/AbstractFederationClientAuthenticationDetailsProviderBuilder$SessionKeySupplierImpl.class */
    public static class SessionKeySupplierImpl implements SessionKeySupplier {
        private static final KeyPairGenerator GENERATOR;
        private KeyPair keyPair;

        private SessionKeySupplierImpl() {
            this.keyPair = null;
            this.keyPair = GENERATOR.generateKeyPair();
        }

        @Override // com.oracle.bmc.auth.SessionKeySupplier
        public KeyPair getKeyPair() {
            return this.keyPair;
        }

        @Override // com.oracle.bmc.auth.SessionKeySupplier
        @Deprecated
        public RSAPublicKey getPublicKey() {
            return (RSAPublicKey) this.keyPair.getPublic();
        }

        @Override // com.oracle.bmc.auth.SessionKeySupplier
        @Deprecated
        public RSAPrivateKey getPrivateKey() {
            return (RSAPrivateKey) this.keyPair.getPrivate();
        }

        @Override // com.oracle.bmc.auth.SessionKeySupplier
        public void refreshKeys() {
            this.keyPair = GENERATOR.generateKeyPair();
        }

        static {
            try {
                GENERATOR = KeyPairGenerator.getInstance("RSA");
                GENERATOR.initialize(2048);
            } catch (NoSuchAlgorithmException e) {
                throw new Error(e.getMessage(), e);
            }
        }
    }

    public B metadataBaseUrl(String str) {
        this.metadataBaseUrl = str;
        if (!this.metadataBaseUrl.endsWith("/")) {
            this.metadataBaseUrl += "/";
        }
        return this;
    }

    public B federationEndpoint(String str) {
        this.federationEndpoint = str;
        return this;
    }

    public B leafCertificateSupplier(X509CertificateSupplier x509CertificateSupplier) {
        this.leafCertificateSupplier = x509CertificateSupplier;
        return this;
    }

    public B tenancyId(String str) {
        this.tenancyId = str;
        return this;
    }

    protected B purpose(String str) {
        this.purpose = str;
        return this;
    }

    public B circuitBreakerConfigurator(CircuitBreakerConfiguration circuitBreakerConfiguration) {
        this.circuitBreakerConfiguration = circuitBreakerConfiguration;
        return this;
    }

    public P build() {
        SessionKeySupplier sessionKeySupplierImpl = this.sessionKeySupplier != null ? this.sessionKeySupplier : new SessionKeySupplierImpl();
        this.federationClient = createFederationClient(sessionKeySupplierImpl);
        return buildProvider(sessionKeySupplierImpl);
    }

    protected FederationClient createFederationClient(SessionKeySupplier sessionKeySupplier) {
        CircuitBreakerConfiguration defaultCircuitBreakerConfig = this.circuitBreakerConfiguration != null ? this.circuitBreakerConfiguration : CircuitBreakerUtils.getDefaultCircuitBreakerConfig();
        return this.purpose != null ? new X509FederationClient(this.federationEndpoint, this.tenancyId, this.leafCertificateSupplier, sessionKeySupplier, this.intermediateCertificateSuppliers, this.federationClientConfigurator, this.additionalFederationClientConfigurators, defaultCircuitBreakerConfig, this.purpose) : new X509FederationClient(this.federationEndpoint, this.tenancyId, this.leafCertificateSupplier, sessionKeySupplier, this.intermediateCertificateSuppliers, this.federationClientConfigurator, this.additionalFederationClientConfigurators, defaultCircuitBreakerConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void autoDetectUsingMetadataUrl() {
        autoDetectEndpointUsingMetadataUrl();
        autoDetectCertificatesUsingMetadataUrl();
    }

    protected String autoDetectEndpointUsingMetadataUrl() {
        if (this.federationEndpoint == null) {
            executeInstanceFallback();
            String str = (String) ClientBuilder.newClient().target(getMetadataBaseUrl() + "instance/").path("region").request(MediaType.TEXT_PLAIN).header("Authorization", AUTHORIZATION_HEADER_VALUE).get(String.class);
            LOG.info("Looking up region for {}", str);
            try {
                this.region = Region.fromRegionCodeOrId(str);
                LOG.info("Using region {}", this.region.getRegionId());
            } catch (IllegalArgumentException e) {
                LOG.warn("Region not supported by this version of the SDK, registering region '{}' under OC1", str, e);
                this.region = Region.register(str, Realm.OC1);
            }
            Optional<String> endpoint = this.region.getEndpoint(SERVICE);
            if (!endpoint.isPresent()) {
                throw new IllegalArgumentException("Endpoint for " + SERVICE + " is not known in region " + this.region);
            }
            this.federationEndpoint = endpoint.get();
        }
        return this.federationEndpoint;
    }

    protected void autoDetectCertificatesUsingMetadataUrl() {
        try {
            if (!this.wasFallbackCheckExecuted) {
                LOG.info(" Executing fallback check for certificates as federation endpoint was already set to {}", getFederationEndpoint());
                executeInstanceFallback();
            }
            if (this.leafCertificateSupplier == null) {
                this.leafCertificateSupplier = new URLBasedX509CertificateSupplier(getMetadataResourceDetails("identity/cert.pem"), getMetadataResourceDetails("identity/key.pem"), (char[]) null);
            }
            if (this.tenancyId == null) {
                this.tenancyId = AuthUtils.getTenantIdFromCertificate(this.leafCertificateSupplier.getCertificateAndKeyPair().getCertificate());
            }
            if (this.intermediateCertificateSuppliers == null) {
                this.intermediateCertificateSuppliers = new HashSet();
                this.intermediateCertificateSuppliers.add(new URLBasedX509CertificateSupplier(getMetadataResourceDetails("identity/intermediate.pem"), (URLBasedX509CertificateSupplier.ResourceDetails) null, (char[]) null));
            }
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException("The metadata service url is invalid.", e);
        }
    }

    private void executeInstanceFallback() {
        try {
            Response response = ClientBuilder.newClient().target(getMetadataBaseUrl() + "instance/").path("id").request(MediaType.TEXT_PLAIN).header("Authorization", AUTHORIZATION_HEADER_VALUE).get();
            LOG.info("Rest call to verify if v2 endpoint exists, response from v2 was {}", Integer.valueOf(response.getStatus()));
            if (response.getStatus() == 404) {
                LOG.warn("Falling back to v1, response from v2 was {}", Integer.valueOf(response.getStatus()));
                this.metadataBaseUrl = FALLBACK_METADATA_SERVICE_URL;
            } else if (!Response.Status.Family.SUCCESSFUL.equals(response.getStatusInfo().getFamily())) {
                throw new RuntimeException("Rest call to v2 endpoint failed : HTTP error code : " + response.getStatus());
            }
            this.wasFallbackCheckExecuted = true;
            LOG.info(" Metadata base url on executing instance fallback is {}", getMetadataBaseUrl());
        } catch (RuntimeException e) {
            LOG.warn("Rest call to v2 endpoint failed & cannot fallback as it's not 404 ", (Throwable) e);
        }
    }

    private URLBasedX509CertificateSupplier.ResourceDetails getMetadataResourceDetails(String str) throws MalformedURLException {
        return URLBasedX509CertificateSupplier.ResourceDetails.builder().url(new URL(getMetadataBaseUrl() + str)).headers(ImmutableMap.of("Authorization", AUTHORIZATION_HEADER_VALUE)).build();
    }

    protected abstract P buildProvider(SessionKeySupplier sessionKeySupplier);

    public String getMetadataBaseUrl() {
        return this.metadataBaseUrl;
    }

    public String getFederationEndpoint() {
        return this.federationEndpoint;
    }

    public X509CertificateSupplier getLeafCertificateSupplier() {
        return this.leafCertificateSupplier;
    }

    public String getTenancyId() {
        return this.tenancyId;
    }

    public Region getRegion() {
        return this.region;
    }
}
