package com.veertu.ankaMgmtSdk;

import com.veertu.ankaMgmtSdk.exceptions.AnkaMgmtException;
import com.veertu.ankaMgmtSdk.exceptions.ClientException;
import com.veertu.plugin.anka.AnkaMgmtCloud;
import hudson.ProxyConfiguration;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import jenkins.model.Jenkins;
import org.apache.http.HttpHost;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContexts;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.json.JSONObject;

/* loaded from: input_file:com/veertu/ankaMgmtSdk/UakAuthenticator.class */
public class UakAuthenticator {
    private final int maxRetries = 3;
    private final List<String> mgmtURLs;
    private final boolean skipTLSVerification;
    private final String rootCA;
    private final String id;
    private PrivateKey key;

    public UakAuthenticator(List<String> list, boolean z, String str, String str2, String str3) {
        this.mgmtURLs = list;
        this.skipTLSVerification = z;
        this.rootCA = str;
        this.id = str2;
        try {
            this.key = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption), RSAPrivateKey.getInstance(ASN1Primitive.fromByteArray(Base64.getDecoder().decode(str3.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "").replaceAll("\\s", ""))))).getEncoded()));
        } catch (Exception e) {
            AnkaMgmtCloud.Log("Failed to initialize RSA private key: " + e.getMessage());
        }
    }

    public NameValuePair getAuthorization() throws AnkaMgmtException, ClientException {
        if (this.key == null) {
            throw new AnkaMgmtException("Failed to initialize RSA private key for " + this.id);
        }
        return new BasicNameValuePair("Authorization", String.format("Bearer %s", TapShakeRequest(TapHandRequest())));
    }

    private String TapHandRequest() throws AnkaMgmtException, ClientException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("id", this.id);
        byte[] decode = Base64.getDecoder().decode(postRequest("/tap/v1/hand", jSONObject.toString()));
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            cipher.init(2, this.key, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT));
            return new String(cipher.doFinal(decode));
        } catch (Exception e) {
            throw new AnkaMgmtException("Failed to decrypt response: " + e.getMessage());
        }
    }

    private String TapShakeRequest(String str) throws AnkaMgmtException, ClientException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("id", this.id);
        jSONObject.put("secret", str);
        return Base64.getEncoder().encodeToString(new JSONObject(postRequest("/tap/v1/shake", jSONObject.toString())).getJSONObject("data").toString().getBytes());
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0162, code lost:
    
        throw new com.veertu.ankaMgmtSdk.exceptions.ClientException("Failed to send request to any of the endpoints");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String postRequest(java.lang.String r7, java.lang.String r8) throws com.veertu.ankaMgmtSdk.exceptions.ClientException {
        /*
            Method dump skipped, instructions count: 355
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.veertu.ankaMgmtSdk.UakAuthenticator.postRequest(java.lang.String, java.lang.String):java.lang.String");
    }

    private CloseableHttpClient createHttpClient(boolean z, String str) throws Exception {
        return applyJenkinsProxy(HttpClients.custom().setSSLSocketFactory(z ? new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial((KeyStore) null, TrustAllStrategy.INSTANCE).build(), NoopHostnameVerifier.INSTANCE) : (str == null || str.isEmpty()) ? SSLConnectionSocketFactory.getSocketFactory() : createCustomSSLSocketFactory(str))).build();
    }

    private SSLConnectionSocketFactory createCustomSSLSocketFactory(String str) throws Exception {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(bouncyCastleProvider).getCertificate((X509CertificateHolder) new PEMParser(new StringReader(str)).readObject());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setCertificateEntry("rootCA", certificate);
        return new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()).build());
    }

    private HttpClientBuilder applyJenkinsProxy(HttpClientBuilder httpClientBuilder) {
        ProxyConfiguration proxyConfiguration;
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull != null && (proxyConfiguration = instanceOrNull.proxy) != null && proxyConfiguration.name != null && !proxyConfiguration.name.isEmpty()) {
            httpClientBuilder.setProxy(new HttpHost(proxyConfiguration.name, proxyConfiguration.port));
            if (proxyConfiguration.getUserName() != null && !proxyConfiguration.getUserName().isEmpty()) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(proxyConfiguration.name, proxyConfiguration.port), new UsernamePasswordCredentials(proxyConfiguration.getUserName(), proxyConfiguration.getPassword()));
                httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
            }
        }
        return httpClientBuilder;
    }
}
