package com.oracle.bmc.auth.internal;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.oracle.bmc.auth.SessionKeySupplier;
import com.oracle.bmc.auth.X509CertificateSupplier;
import com.oracle.bmc.circuitbreaker.CircuitBreakerConfiguration;
import com.oracle.bmc.http.ClientConfigurator;
import com.oracle.bmc.http.internal.ResponseConversionFunctionFactory;
import com.oracle.bmc.http.internal.RestClient;
import com.oracle.bmc.http.internal.WithHeaders;
import com.oracle.bmc.http.internal.WrappedInvocationBuilder;
import com.oracle.bmc.http.internal.WrappedWebTarget;
import com.oracle.bmc.model.BmcException;
import com.oracle.bmc.requests.BmcRequest;
import java.net.URI;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.concurrent.Immutable;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Refreshable;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.36.0.jar:com/oracle/bmc/auth/internal/X509FederationClient.class */
public class X509FederationClient implements FederationClient {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) X509FederationClient.class);
    private static final Function<Response, WithHeaders<SecurityToken>> SECURITY_TOKEN_FN = new ResponseConversionFunctionFactory().create(SecurityToken.class);
    private static final String DEFAULT_PURPOSE = "DEFAULT";
    private static final String DEFAULT_FINGERPRINT = "SHA256";
    private final X509CertificateSupplier leafCertificateSupplier;
    private String tenancyId;
    private final Set<X509CertificateSupplier> intermediateCertificateSuppliers;
    private final SessionKeySupplier sessionKeySupplier;
    private final String purpose;
    private final RestClient federationHttpClient;
    private volatile SecurityTokenAdapter securityTokenAdapter;

    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.36.0.jar:com/oracle/bmc/auth/internal/X509FederationClient$SecurityToken.class */
    public static class SecurityToken {
        private String token;

        public SecurityToken(@JsonProperty("token") String str) {
            this.token = str;
        }

        public String getToken() {
            return this.token;
        }
    }

    @JsonInclude(JsonInclude.Include.NON_NULL)
    @Immutable
    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.36.0.jar:com/oracle/bmc/auth/internal/X509FederationClient$X509FederationRequest.class */
    public static class X509FederationRequest {
        private final Set<String> intermediateCertificates;
        private final String certificate;
        private final String publicKey;
        private final String purpose;
        private final String fingerprintAlgorithm;

        public X509FederationRequest(String str, String str2, Set<String> set, String str3, String str4) {
            this.certificate = (String) Preconditions.checkNotNull(str2);
            this.publicKey = (String) Preconditions.checkNotNull(str);
            this.intermediateCertificates = set;
            this.purpose = str3;
            this.fingerprintAlgorithm = str4;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof X509FederationRequest)) {
                return false;
            }
            X509FederationRequest x509FederationRequest = (X509FederationRequest) obj;
            if (!x509FederationRequest.canEqual(this)) {
                return false;
            }
            Set<String> intermediateCertificates = getIntermediateCertificates();
            Set<String> intermediateCertificates2 = x509FederationRequest.getIntermediateCertificates();
            if (intermediateCertificates == null) {
                if (intermediateCertificates2 != null) {
                    return false;
                }
            } else if (!intermediateCertificates.equals(intermediateCertificates2)) {
                return false;
            }
            String certificate = getCertificate();
            String certificate2 = x509FederationRequest.getCertificate();
            if (certificate == null) {
                if (certificate2 != null) {
                    return false;
                }
            } else if (!certificate.equals(certificate2)) {
                return false;
            }
            String publicKey = getPublicKey();
            String publicKey2 = x509FederationRequest.getPublicKey();
            if (publicKey == null) {
                if (publicKey2 != null) {
                    return false;
                }
            } else if (!publicKey.equals(publicKey2)) {
                return false;
            }
            String purpose = getPurpose();
            String purpose2 = x509FederationRequest.getPurpose();
            if (purpose == null) {
                if (purpose2 != null) {
                    return false;
                }
            } else if (!purpose.equals(purpose2)) {
                return false;
            }
            String fingerprintAlgorithm = getFingerprintAlgorithm();
            String fingerprintAlgorithm2 = x509FederationRequest.getFingerprintAlgorithm();
            return fingerprintAlgorithm == null ? fingerprintAlgorithm2 == null : fingerprintAlgorithm.equals(fingerprintAlgorithm2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof X509FederationRequest;
        }

        public int hashCode() {
            Set<String> intermediateCertificates = getIntermediateCertificates();
            int hashCode = (1 * 59) + (intermediateCertificates == null ? 43 : intermediateCertificates.hashCode());
            String certificate = getCertificate();
            int hashCode2 = (hashCode * 59) + (certificate == null ? 43 : certificate.hashCode());
            String publicKey = getPublicKey();
            int hashCode3 = (hashCode2 * 59) + (publicKey == null ? 43 : publicKey.hashCode());
            String purpose = getPurpose();
            int hashCode4 = (hashCode3 * 59) + (purpose == null ? 43 : purpose.hashCode());
            String fingerprintAlgorithm = getFingerprintAlgorithm();
            return (hashCode4 * 59) + (fingerprintAlgorithm == null ? 43 : fingerprintAlgorithm.hashCode());
        }

        public Set<String> getIntermediateCertificates() {
            return this.intermediateCertificates;
        }

        public String getCertificate() {
            return this.certificate;
        }

        public String getPublicKey() {
            return this.publicKey;
        }

        public String getPurpose() {
            return this.purpose;
        }

        public String getFingerprintAlgorithm() {
            return this.fingerprintAlgorithm;
        }
    }

    public X509FederationClient(String str, String str2, X509CertificateSupplier x509CertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> set, ClientConfigurator clientConfigurator, List<ClientConfigurator> list, CircuitBreakerConfiguration circuitBreakerConfiguration) {
        this(str, str2, x509CertificateSupplier, sessionKeySupplier, set, clientConfigurator, list, circuitBreakerConfiguration, DEFAULT_PURPOSE);
    }

    public X509FederationClient(String str, String str2, X509CertificateSupplier x509CertificateSupplier, SessionKeySupplier sessionKeySupplier, Set<X509CertificateSupplier> set, ClientConfigurator clientConfigurator, List<ClientConfigurator> list, CircuitBreakerConfiguration circuitBreakerConfiguration, String str3) {
        this.securityTokenAdapter = null;
        this.leafCertificateSupplier = (X509CertificateSupplier) Preconditions.checkNotNull(x509CertificateSupplier);
        this.sessionKeySupplier = (SessionKeySupplier) Preconditions.checkNotNull(sessionKeySupplier);
        this.intermediateCertificateSuppliers = set;
        this.tenancyId = (String) Preconditions.checkNotNull(str2);
        this.federationHttpClient = RestClientUtils.createRestClient(str, clientConfigurator, list, this, circuitBreakerConfiguration);
        this.securityTokenAdapter = new SecurityTokenAdapter(null, sessionKeySupplier);
        this.purpose = (String) Preconditions.checkNotNull(str3);
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String getSecurityToken() {
        return this.securityTokenAdapter.isValid() ? this.securityTokenAdapter.getSecurityToken() : refreshAndGetSecurityTokenInner(true);
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String getStringClaim(String str) {
        refreshAndGetSecurityTokenInner(true);
        return this.securityTokenAdapter.getStringClaim(str);
    }

    @Override // com.oracle.bmc.auth.internal.FederationClient
    public String refreshAndGetSecurityToken() {
        return refreshAndGetSecurityTokenInner(false);
    }

    private String refreshAndGetSecurityTokenInner(boolean z) {
        synchronized (this) {
            if (z) {
                if (this.securityTokenAdapter.isValid()) {
                    return this.securityTokenAdapter.getSecurityToken();
                }
            }
            LOG.info("Refreshing session keys.");
            this.sessionKeySupplier.refreshKeys();
            if (this.leafCertificateSupplier instanceof Refreshable) {
                try {
                    this.leafCertificateSupplier.refresh();
                    if (this.purpose.equals(DEFAULT_PURPOSE)) {
                        if (!this.tenancyId.equals(AuthUtils.getTenantIdFromCertificate(this.leafCertificateSupplier.getCertificateAndKeyPair().getCertificate()))) {
                            throw new IllegalArgumentException("The tenancy id should never be changed in cert file!");
                        }
                    }
                } catch (RefreshFailedException e) {
                    throw new BmcException(false, "Can't refresh the leaf certification!", (Throwable) e, (String) null);
                }
            }
            Iterator<X509CertificateSupplier> it = this.intermediateCertificateSuppliers.iterator();
            while (it.hasNext()) {
                Refreshable refreshable = (X509CertificateSupplier) it.next();
                if (refreshable instanceof Refreshable) {
                    try {
                        refreshable.refresh();
                    } catch (RefreshFailedException e2) {
                        throw new BmcException(false, "Can't refresh the intermediate certification!", (Throwable) e2, (String) null);
                    }
                }
            }
            this.securityTokenAdapter = getSecurityTokenFromServer();
            return this.securityTokenAdapter.getSecurityToken();
        }
    }

    private SecurityTokenAdapter getSecurityTokenFromServer() {
        LOG.info("Getting security token from the auth server");
        KeyPair keyPair = this.sessionKeySupplier.getKeyPair();
        if (keyPair == null) {
            throw new IllegalStateException("Keypair for session was not provided");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("Public key is not present");
        }
        X509CertificateSupplier.CertificateAndPrivateKeyPair certificateAndKeyPair = this.leafCertificateSupplier.getCertificateAndKeyPair();
        if (certificateAndKeyPair == null) {
            throw new IllegalArgumentException("Certificate and key pair are not present");
        }
        X509Certificate certificate = certificateAndKeyPair.getCertificate();
        if (certificate == null) {
            throw new IllegalArgumentException("Leaf certificate is not present");
        }
        if (certificateAndKeyPair.getPrivateKey() == null) {
            throw new IllegalArgumentException("Leaf certificate's private key is not present");
        }
        try {
            HashSet hashSet = null;
            if (this.intermediateCertificateSuppliers != null && this.intermediateCertificateSuppliers.size() > 0) {
                LOG.debug("Intermediate certificate(s) were supplied");
                hashSet = new HashSet();
                Iterator<X509CertificateSupplier> it = this.intermediateCertificateSuppliers.iterator();
                while (it.hasNext()) {
                    X509CertificateSupplier.CertificateAndPrivateKeyPair certificateAndKeyPair2 = it.next().getCertificateAndKeyPair();
                    if (certificateAndKeyPair2 != null && certificateAndKeyPair2.getCertificate() != null) {
                        hashSet.add(AuthUtils.base64EncodeNoChunking(certificateAndKeyPair2.getCertificate()));
                    }
                }
            }
            X509FederationRequest x509FederationRequest = new X509FederationRequest(AuthUtils.base64EncodeNoChunking(rSAPublicKey), AuthUtils.base64EncodeNoChunking(certificate), hashSet, this.purpose, "SHA256");
            WrappedWebTarget path = this.federationHttpClient.getBaseTarget().path("v1").path("x509");
            return new SecurityTokenAdapter(SECURITY_TOKEN_FN.apply(makeCall(path.request(), path.getUri(), x509FederationRequest)).getItem().getToken(), this.sessionKeySupplier);
        } catch (BmcException e) {
            throw e;
        } catch (CertificateException e2) {
            LOG.info("Failed to get encoded x509 certificate");
            throw new IllegalArgumentException("Failed to get encoded x509 certificate", e2);
        }
    }

    @VisibleForTesting
    Response makeCall(Invocation.Builder builder, URI uri, X509FederationRequest x509FederationRequest) {
        BmcException bmcException = null;
        WrappedInvocationBuilder wrappedInvocationBuilder = new WrappedInvocationBuilder(builder, uri);
        for (int i = 0; i < 5; i++) {
            try {
                return this.federationHttpClient.post(wrappedInvocationBuilder, x509FederationRequest, new BmcRequest());
            } catch (BmcException e) {
                bmcException = e;
                try {
                    Thread.sleep(250L);
                } catch (InterruptedException e2) {
                    LOG.debug("Thread interrupted while waiting to make next call to federation service", (Throwable) e2);
                    Thread.currentThread().interrupt();
                }
            }
        }
        throw bmcException;
    }

    public X509CertificateSupplier getLeafCertificateSupplier() {
        return this.leafCertificateSupplier;
    }

    public String getTenancyId() {
        return this.tenancyId;
    }
}
