package com.oracle.bmc.auth;

import com.oracle.bmc.auth.X509CertificateSupplier;
import com.oracle.bmc.auth.internal.X509CertificateWithOriginalPem;
import com.oracle.bmc.http.signing.internal.PEMFileRSAPrivateKeySupplier;
import com.oracle.bmc.util.StreamUtils;
import java.beans.ConstructorProperties;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.annotation.Nonnull;
import javax.security.auth.Refreshable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-2.46.0.jar:com/oracle/bmc/auth/URLBasedX509CertificateSupplier.class */
public class URLBasedX509CertificateSupplier implements X509CertificateSupplier, Refreshable {
    private static final boolean EXPERIMENTAL_SUPPRESS_X509_WORKAROUND = Boolean.getBoolean("oci.sdk.experimental.suppressX509Workaround");
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) URLBasedX509CertificateSupplier.class);
    private final AtomicReference<X509CertificateSupplier.CertificateAndPrivateKeyPair> certificateAndKeyPair;
    private final ResourceDetails certificateDetails;
    private final ResourceDetails privateKeyDetails;
    private final char[] privateKeyPassphraseCharacters;

    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-2.46.0.jar:com/oracle/bmc/auth/URLBasedX509CertificateSupplier$ResourceDetails.class */
    public static class ResourceDetails {
        private final URL url;
        private final Map<String, String> headers;

        /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-2.46.0.jar:com/oracle/bmc/auth/URLBasedX509CertificateSupplier$ResourceDetails$ResourceDetailsBuilder.class */
        public static class ResourceDetailsBuilder {
            private URL url;
            private Map<String, String> headers;

            ResourceDetailsBuilder() {
            }

            public ResourceDetailsBuilder url(URL url) {
                this.url = url;
                return this;
            }

            public ResourceDetailsBuilder headers(Map<String, String> map) {
                this.headers = map;
                return this;
            }

            public ResourceDetails build() {
                return new ResourceDetails(this.url, this.headers);
            }

            public String toString() {
                return "URLBasedX509CertificateSupplier.ResourceDetails.ResourceDetailsBuilder(url=" + this.url + ", headers=" + this.headers + ")";
            }
        }

        @ConstructorProperties({"url", "headers"})
        ResourceDetails(URL url, Map<String, String> map) {
            this.url = url;
            this.headers = map;
        }

        public static ResourceDetailsBuilder builder() {
            return new ResourceDetailsBuilder();
        }

        public URL getUrl() {
            return this.url;
        }

        public Map<String, String> getHeaders() {
            return this.headers;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResourceDetails)) {
                return false;
            }
            ResourceDetails resourceDetails = (ResourceDetails) obj;
            if (!resourceDetails.canEqual(this)) {
                return false;
            }
            URL url = getUrl();
            URL url2 = resourceDetails.getUrl();
            if (url == null) {
                if (url2 != null) {
                    return false;
                }
            } else if (!url.equals(url2)) {
                return false;
            }
            Map<String, String> headers = getHeaders();
            Map<String, String> headers2 = resourceDetails.getHeaders();
            return headers == null ? headers2 == null : headers.equals(headers2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof ResourceDetails;
        }

        public int hashCode() {
            URL url = getUrl();
            int hashCode = (1 * 59) + (url == null ? 43 : url.hashCode());
            Map<String, String> headers = getHeaders();
            return (hashCode * 59) + (headers == null ? 43 : headers.hashCode());
        }

        public String toString() {
            return "URLBasedX509CertificateSupplier.ResourceDetails(url=" + getUrl() + ", headers=" + getHeaders() + ")";
        }
    }

    public URLBasedX509CertificateSupplier(ResourceDetails resourceDetails, ResourceDetails resourceDetails2, char[] cArr) {
        this.certificateAndKeyPair = new AtomicReference<>(null);
        this.certificateDetails = resourceDetails;
        this.privateKeyDetails = resourceDetails2;
        this.privateKeyPassphraseCharacters = cArr;
        refresh();
    }

    public URLBasedX509CertificateSupplier(URL url, URL url2, char[] cArr) {
        this(ResourceDetails.builder().url(url).build(), ResourceDetails.builder().url(url2).build(), cArr);
    }

    @Deprecated
    public URLBasedX509CertificateSupplier(URL url, URL url2, String str) {
        this(url, url2, str != null ? str.toCharArray() : null);
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    @Deprecated
    public X509Certificate getCertificate() {
        return this.certificateAndKeyPair.get().getCertificate();
    }

    public void refresh() {
        String readRawCertificate = readRawCertificate(this.certificateDetails);
        X509Certificate readCertificate = readCertificate(readRawCertificate);
        RSAPrivateKey readPrivateKey = readPrivateKey(this.privateKeyDetails, this.privateKeyPassphraseCharacters);
        if (EXPERIMENTAL_SUPPRESS_X509_WORKAROUND) {
            this.certificateAndKeyPair.set(new X509CertificateSupplier.CertificateAndPrivateKeyPair(readCertificate, readPrivateKey));
        } else {
            this.certificateAndKeyPair.set(new X509CertificateSupplier.CertificateAndPrivateKeyPair(new X509CertificateWithOriginalPem(readCertificate, readRawCertificate), readPrivateKey));
        }
    }

    public boolean isCurrent() {
        return false;
    }

    private static X509Certificate readCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (CertificateException e) {
            throw new IllegalArgumentException("Invalid certificate.", e);
        }
    }

    private static String readRawCertificate(ResourceDetails resourceDetails) {
        IOException iOException = null;
        for (int i = 0; i < 3; i++) {
            try {
                InputStream resourceStream = getResourceStream(resourceDetails);
                Throwable th = null;
                try {
                    try {
                        String streamUtils = StreamUtils.toString(resourceStream, StandardCharsets.UTF_8);
                        if (resourceStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                resourceStream.close();
                            }
                        }
                        return streamUtils;
                    } finally {
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                    break;
                }
            } catch (IOException e) {
                LOG.info("Attempt {} to open stream of certificate failed.", Integer.valueOf(i + 1), e);
                iOException = e;
                try {
                    Thread.sleep(TimeUnit.SECONDS.toMillis(30L));
                } catch (InterruptedException e2) {
                    LOG.debug("Thread interrupted while waiting to make next readRawCertificate call to instance metadata service", (Throwable) e2);
                    Thread.currentThread().interrupt();
                }
            }
        }
        throw new IllegalArgumentException("Open stream of certificate failed.", iOException);
    }

    private static InputStream getResourceStream(@Nonnull ResourceDetails resourceDetails) throws IOException {
        if (resourceDetails == null) {
            throw new NullPointerException("resourceDetails is marked non-null but is null");
        }
        Objects.requireNonNull(resourceDetails.getUrl(), "Resource url cannot be null.");
        URLConnection openConnection = resourceDetails.getUrl().openConnection();
        if (resourceDetails.getHeaders() != null) {
            Map<String, String> headers = resourceDetails.getHeaders();
            openConnection.getClass();
            headers.forEach(openConnection::setRequestProperty);
        }
        return openConnection.getInputStream();
    }

    private static RSAPrivateKey readPrivateKey(ResourceDetails resourceDetails, char[] cArr) {
        if (resourceDetails == null || resourceDetails.getUrl() == null) {
            return null;
        }
        Throwable th = null;
        for (int i = 0; i < 3; i++) {
            try {
                InputStream resourceStream = getResourceStream(resourceDetails);
                Throwable th2 = null;
                try {
                    try {
                        RSAPrivateKey orElse = new PEMFileRSAPrivateKeySupplier(resourceStream, cArr).supplyKey(null).orElse(null);
                        if (resourceStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                resourceStream.close();
                            }
                        }
                        return orElse;
                    } catch (Throwable th4) {
                        th2 = th4;
                        throw th4;
                    }
                } catch (Throwable th5) {
                    if (resourceStream != null) {
                        if (th2 != null) {
                            try {
                                resourceStream.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            resourceStream.close();
                        }
                    }
                    throw th5;
                }
            } catch (PEMFileRSAPrivateKeySupplier.PEMFileRSAPrivateKeySupplierException | IOException e) {
                LOG.info("Attempt {} to read private key failed. ", Integer.valueOf(i + 1), e);
                th = e;
                try {
                    Thread.sleep(TimeUnit.SECONDS.toMillis(30L));
                } catch (InterruptedException e2) {
                    LOG.debug("Thread interrupted while waiting to make next readPrivateKey call to instance metadata service ", (Throwable) e2);
                    Thread.currentThread().interrupt();
                }
            }
        }
        throw new IllegalArgumentException("No file for private key ", th);
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    @Deprecated
    public RSAPrivateKey getPrivateKey() {
        return getCertificateAndKeyPair().getPrivateKey();
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    public X509CertificateSupplier.CertificateAndPrivateKeyPair getCertificateAndKeyPair() {
        return this.certificateAndKeyPair.get();
    }

    static {
        LOG.info("suppressX509Workaround flag set to {}", Boolean.valueOf(EXPERIMENTAL_SUPPRESS_X509_WORKAROUND));
    }
}
