package com.oracle.bmc.auth;

import com.oracle.bmc.auth.X509CertificateSupplier;
import com.oracle.bmc.http.signing.internal.PEMFileRSAPrivateKeySupplier;
import com.oracle.bmc.util.StreamUtils;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Refreshable;

/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.3.1.jar:com/oracle/bmc/auth/URLBasedX509CertificateSupplier.class */
public class URLBasedX509CertificateSupplier implements X509CertificateSupplier, Refreshable {
    private final AtomicReference<X509CertificateSupplier.CertificateAndPrivateKeyPair> certificateAndKeyPair = new AtomicReference<>(null);
    private final URL certificateUrl;
    private final URL privateKeyUrl;
    private final char[] privateKeyPassphraseCharacters;

    public URLBasedX509CertificateSupplier(URL url, URL url2, char[] cArr) {
        this.certificateUrl = url;
        this.privateKeyUrl = url2;
        this.privateKeyPassphraseCharacters = cArr;
        refresh();
    }

    @Deprecated
    public URLBasedX509CertificateSupplier(URL url, URL url2, String str) {
        this.certificateUrl = url;
        this.privateKeyUrl = url2;
        this.privateKeyPassphraseCharacters = str != null ? str.toCharArray() : null;
        refresh();
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    @Deprecated
    public X509Certificate getCertificate() {
        return this.certificateAndKeyPair.get().getCertificate();
    }

    public void refresh() {
        this.certificateAndKeyPair.set(new X509CertificateSupplier.CertificateAndPrivateKeyPair(readCertificate(this.certificateUrl), readPrivateKey(this.privateKeyUrl, this.privateKeyPassphraseCharacters)));
    }

    public boolean isCurrent() {
        return false;
    }

    private static X509Certificate readCertificate(URL url) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = url.openStream();
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                StreamUtils.closeQuietly(inputStream);
                return x509Certificate;
            } catch (IOException e) {
                throw new IllegalArgumentException("Open stream of certificate failed.", e);
            } catch (CertificateException e2) {
                throw new IllegalArgumentException("Invalid certificate.", e2);
            }
        } catch (Throwable th) {
            StreamUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static RSAPrivateKey readPrivateKey(URL url, char[] cArr) {
        if (url == null) {
            return null;
        }
        try {
            return new PEMFileRSAPrivateKeySupplier(url.openStream(), cArr).getKey(null).orNull();
        } catch (IOException e) {
            throw new IllegalArgumentException("No file for private key", e);
        }
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    @Deprecated
    public RSAPrivateKey getPrivateKey() {
        return getCertificateAndKeyPair().getPrivateKey();
    }

    @Override // com.oracle.bmc.auth.X509CertificateSupplier
    public X509CertificateSupplier.CertificateAndPrivateKeyPair getCertificateAndKeyPair() {
        return this.certificateAndKeyPair.get();
    }
}
