package com.oracle.bmc.auth;

import com.google.common.base.Optional;
import com.oracle.bmc.Region;
import com.oracle.bmc.Service;
import com.oracle.bmc.Services;
import com.oracle.bmc.auth.AbstractRequestingAuthenticationDetailsProvider;
import com.oracle.bmc.auth.internal.FederationClient;
import com.oracle.bmc.auth.internal.X509FederationClient;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.MediaType;

@AuthCachingPolicy(cacheKeyId = false, cachePrivateKey = false)
/* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.3.1.jar:com/oracle/bmc/auth/InstancePrincipalsAuthenticationDetailsProvider.class */
public class InstancePrincipalsAuthenticationDetailsProvider extends AbstractRequestingAuthenticationDetailsProvider implements RegionProvider, RefreshableOnNotAuthenticatedProvider<String> {
    private final Region region;

    /* loaded from: input_file:WEB-INF/lib/oci-java-sdk-common-1.3.1.jar:com/oracle/bmc/auth/InstancePrincipalsAuthenticationDetailsProvider$InstancePrincipalsAuthenticationDetailsProviderBuilder.class */
    public static class InstancePrincipalsAuthenticationDetailsProviderBuilder extends AbstractRequestingAuthenticationDetailsProvider.Builder<InstancePrincipalsAuthenticationDetailsProviderBuilder> {
        private static final Service SERVICE = Services.serviceBuilder().serviceName("AUTH").serviceEndpointPrefix("auth").build();
        private static final String METADATA_SERVICE_BASE_URL = "http://169.254.169.254/opc/v1/";
        private String federationEndpoint;
        private X509CertificateSupplier leafCertificateSupplier;

        public InstancePrincipalsAuthenticationDetailsProviderBuilder federationEndpoint(String str) {
            this.federationEndpoint = str;
            return this;
        }

        public InstancePrincipalsAuthenticationDetailsProviderBuilder leafCertificateSupplier(X509CertificateSupplier x509CertificateSupplier) {
            this.leafCertificateSupplier = x509CertificateSupplier;
            return this;
        }

        public InstancePrincipalsAuthenticationDetailsProvider build() {
            Region region = null;
            if (this.federationEndpoint == null) {
                region = Region.fromRegionCodeOrId((String) ClientBuilder.newClient().target("http://169.254.169.254/opc/v1/instance/").path("region").request(MediaType.TEXT_PLAIN).get(String.class));
                Optional<String> endpoint = region.getEndpoint(SERVICE);
                if (!endpoint.isPresent()) {
                    throw new IllegalArgumentException("Endpoint for " + SERVICE + " is not known in region " + region);
                }
                this.federationEndpoint = endpoint.get();
            }
            try {
                if (this.leafCertificateSupplier == null) {
                    this.leafCertificateSupplier = new URLBasedX509CertificateSupplier(new URL("http://169.254.169.254/opc/v1/identity/cert.pem"), new URL("http://169.254.169.254/opc/v1/identity/key.pem"), (char[]) null);
                }
                if (this.intermediateCertificateSuppliers == null) {
                    this.intermediateCertificateSuppliers = new HashSet();
                    this.intermediateCertificateSuppliers.add(new URLBasedX509CertificateSupplier(new URL("http://169.254.169.254/opc/v1/identity/intermediate.pem"), (URL) null, (char[]) null));
                }
                SessionKeySupplier sessionKeySupplierImpl = this.sessionKeySupplier != null ? this.sessionKeySupplier : new AbstractRequestingAuthenticationDetailsProvider.SessionKeySupplierImpl();
                this.federationClient = new X509FederationClient(this.federationEndpoint, this.leafCertificateSupplier, sessionKeySupplierImpl, this.intermediateCertificateSuppliers, this.federationClientConfigurator);
                return new InstancePrincipalsAuthenticationDetailsProvider(this.federationClient, sessionKeySupplierImpl, region);
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("The metadata service url is invalid.", e);
            }
        }
    }

    private InstancePrincipalsAuthenticationDetailsProvider(FederationClient federationClient, SessionKeySupplier sessionKeySupplier, Region region) {
        super(federationClient, sessionKeySupplier);
        this.region = region;
    }

    public static InstancePrincipalsAuthenticationDetailsProviderBuilder builder() {
        return new InstancePrincipalsAuthenticationDetailsProviderBuilder();
    }

    @Deprecated
    public String refreshSecurityToken() {
        return this.federationClient.refreshAndGetSecurityToken();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.oracle.bmc.auth.RefreshableOnNotAuthenticatedProvider
    public String refresh() {
        return this.federationClient.refreshAndGetSecurityToken();
    }

    @Override // com.oracle.bmc.auth.RegionProvider
    public Region getRegion() {
        return this.region;
    }
}
