package oracle.jdbc.driver;

import com.google.common.net.HttpHeaders;
import com.ibm.db2.jcc.a.b.c;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import javax.security.auth.DestroyFailedException;
import oracle.jdbc.AccessToken;
import oracle.jdbc.driver.DMSFactory;
import oracle.jdbc.internal.OpaqueString;
import oracle.jdbc.logging.annotations.Blind;
import oracle.jdbc.logging.runtime.TraceControllerImpl;
import oracle.net.nt.CustomSSLSocketFactory;
import oracle.sql.json.OracleJsonFactory;

/* loaded from: input_file:oracle/jdbc/driver/JsonWebToken.class */
public final class JsonWebToken implements AccessToken {
    private final OpaqueString token;
    private final OpaqueString privateKey;
    private final long exp;
    private static final int CACHES_SIZE = 128;
    private static final OracleJsonFactory JSON_FACTORY = new OracleJsonFactory();
    private static final DateTimeFormatter DATE_FORMATTER = DateTimeFormatter.ofPattern("E, dd MMM uuuu HH:mm:ss z", Locale.US);
    private static final byte[] BEGIN_PRIVATE_KEY_UTF8 = "-----BEGIN PRIVATE KEY-----".getBytes(StandardCharsets.UTF_8);
    private static final byte[] END_PRIVATE_KEY_UTF8 = "-----END PRIVATE KEY-----".getBytes(StandardCharsets.UTF_8);
    private static final byte[] LINE_SEPARATOR = "\n".getBytes(StandardCharsets.UTF_8);
    private static final Map<Builder, JsonWebTokenCache> CACHES = Collections.synchronizedMap(new LinkedHashMap<Builder, JsonWebTokenCache>(16, 0.75f, true) { // from class: oracle.jdbc.driver.JsonWebToken.1
        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<Builder, JsonWebTokenCache> entry) {
            return size() > 128;
        }
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/jdbc/driver/JsonWebToken$Builder.class */
    public static final class Builder {
        private String endPoint;
        private String tenancy;
        private String compartment;
        private String database;
        private String user;
        private OpaqueString password;
        private Properties sqlNetOptions;

        private Builder() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder endPoint(String str) {
            this.endPoint = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder tenancy(String str) {
            this.tenancy = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder compartment(String str) {
            this.compartment = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder database(String str) {
            this.database = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder user(String str) {
            this.user = str;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder password(@Blind OpaqueString opaqueString) {
            this.password = opaqueString;
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Builder sqlNetOptions(Properties properties) {
            this.sqlNetOptions = (Properties) properties.clone();
            return this;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Blind
        public JsonWebToken build() throws IOException {
            try {
                return ((JsonWebTokenCache) JsonWebToken.CACHES.computeIfAbsent(this, builder -> {
                    return JsonWebTokenCache.create(() -> {
                        try {
                            return JsonWebToken.requestBearerToken(this);
                        } catch (IOException e) {
                            throw new UncheckedIOException(e);
                        }
                    });
                })).get();
            } catch (UncheckedIOException e) {
                throw e.getCause();
            }
        }

        public boolean equals(Object obj) {
            return this == obj || ((obj instanceof Builder) && Objects.equals(this.endPoint, ((Builder) obj).endPoint) && Objects.equals(this.tenancy, ((Builder) obj).tenancy) && Objects.equals(this.compartment, ((Builder) obj).compartment) && Objects.equals(this.database, ((Builder) obj).database) && Objects.equals(this.user, ((Builder) obj).user) && Objects.equals(this.password, ((Builder) obj).password) && Objects.equals(this.sqlNetOptions, ((Builder) obj).sqlNetOptions));
        }

        public int hashCode() {
            return Objects.hash(this.endPoint, this.tenancy, this.compartment, this.database, this.user, this.password, this.sqlNetOptions);
        }
    }

    private JsonWebToken(@Blind OpaqueString opaqueString, @Blind OpaqueString opaqueString2) {
        this.token = opaqueString;
        this.privateKey = opaqueString2;
        this.exp = ((Long) opaqueString.map(JsonWebToken::parseExp)).longValue();
    }

    public OpaqueString token() {
        return this.token;
    }

    @Blind
    public byte[] sign(@Blind byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        if (this.privateKey == null) {
            return null;
        }
        PrivateKey decodeKey = decodeKey(this.privateKey);
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(decodeKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            tryDestroyKey(decodeKey);
            return sign;
        } catch (Throwable th) {
            tryDestroyKey(decodeKey);
            throw th;
        }
    }

    public long exp() {
        return this.exp;
    }

    @Blind
    public String toString() {
        return super.toString();
    }

    public boolean equals(Object obj) {
        return obj == this || ((obj instanceof JsonWebToken) && Objects.equals(this.token, ((JsonWebToken) obj).token) && Objects.equals(this.privateKey, ((JsonWebToken) obj).privateKey));
    }

    public int hashCode() {
        return Objects.hash(this.token, this.privateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Blind
    public static JsonWebToken fromFile(Path path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return new JsonWebToken(readTokenFile(path.resolve("token")), readPemFile(path.resolve("oci_db_key.pem")));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Builder requestBuilder() {
        return new Builder();
    }

    @Blind
    public static JsonWebToken createProofOfPossessionToken(@Blind char[] cArr, @Blind PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new JsonWebToken(OpaqueString.newOpaqueString(cArr), encodeKey(privateKey));
    }

    @Blind
    private static OpaqueString readTokenFile(Path path) throws IOException {
        byte[] readAllBytes = Files.readAllBytes(path);
        try {
            CharBuffer decode = StandardCharsets.UTF_8.decode(ByteBuffer.wrap(readAllBytes));
            try {
                char[] cArr = new char[decode.remaining()];
                decode.get(cArr);
                OpaqueString newOpaqueString = OpaqueString.newOpaqueString(cArr);
                decode.clear();
                decode.put(new char[decode.remaining()]);
                Arrays.fill(readAllBytes, (byte) 0);
                return newOpaqueString;
            } catch (Throwable th) {
                decode.clear();
                decode.put(new char[decode.remaining()]);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(readAllBytes, (byte) 0);
            throw th2;
        }
    }

    @Blind
    private static OpaqueString readPemFile(Path path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] readAllBytes = Files.readAllBytes(path);
        try {
            int findTag = findTag(readAllBytes, 0, BEGIN_PRIVATE_KEY_UTF8);
            if (findTag == -1) {
                throw new IOException(path + " does not contain: " + new String(BEGIN_PRIVATE_KEY_UTF8, StandardCharsets.UTF_8));
            }
            int length = findTag + BEGIN_PRIVATE_KEY_UTF8.length + LINE_SEPARATOR.length;
            int findTag2 = findTag(readAllBytes, length, END_PRIVATE_KEY_UTF8);
            if (findTag2 == -1) {
                throw new IOException(path + " does not contain: " + new String(END_PRIVATE_KEY_UTF8, StandardCharsets.UTF_8));
            }
            byte[] copyOfRange = Arrays.copyOfRange(readAllBytes, length, findTag2);
            try {
                OpaqueString decodeBase64Key = decodeBase64Key(copyOfRange);
                Arrays.fill(copyOfRange, (byte) 0);
                Arrays.fill(readAllBytes, (byte) 0);
                return decodeBase64Key;
            } catch (Throwable th) {
                Arrays.fill(copyOfRange, (byte) 0);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(readAllBytes, (byte) 0);
            throw th2;
        }
    }

    @Blind
    private static OpaqueString decodeBase64Key(@Blind byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] decode = Base64.getMimeDecoder().decode(bArr);
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decode));
            try {
                OpaqueString encodeKey = encodeKey(generatePrivate);
                tryDestroyKey(generatePrivate);
                Arrays.fill(decode, (byte) 0);
                return encodeKey;
            } catch (Throwable th) {
                tryDestroyKey(generatePrivate);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(decode, (byte) 0);
            throw th2;
        }
    }

    private static int findTag(@Blind byte[] bArr, int i, byte[] bArr2) {
        while (i < bArr.length) {
            if (arrayEquals(bArr, i, bArr2)) {
                return i;
            }
            int arrayIndexOf = arrayIndexOf(bArr, i, LINE_SEPARATOR);
            if (arrayIndexOf == -1) {
                return -1;
            }
            i = arrayIndexOf + 1;
        }
        return -1;
    }

    private static int arrayIndexOf(@Blind byte[] bArr, int i, byte[] bArr2) {
        for (int i2 = i; i2 < bArr.length; i2++) {
            if (arrayEquals(bArr, i2, bArr2)) {
                return i2;
            }
        }
        return -1;
    }

    private static boolean arrayEquals(@Blind byte[] bArr, int i, byte[] bArr2) {
        if (i + bArr2.length > bArr.length) {
            return false;
        }
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            if (bArr[i2 + i] != bArr2[i2]) {
                return false;
            }
        }
        return true;
    }

    @Blind
    private static OpaqueString encodeKey(@Blind PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] encoded = ((PKCS8EncodedKeySpec) KeyFactory.getInstance("RSA").getKeySpec(privateKey, PKCS8EncodedKeySpec.class)).getEncoded();
        try {
            char[] cArr = new char[encoded.length];
            for (int i = 0; i < encoded.length; i++) {
                cArr[i] = (char) encoded[i];
            }
            OpaqueString newOpaqueString = OpaqueString.newOpaqueString(cArr);
            Arrays.fill(encoded, (byte) 0);
            return newOpaqueString;
        } catch (Throwable th) {
            Arrays.fill(encoded, (byte) 0);
            throw th;
        }
    }

    @Blind
    private static PrivateKey decodeKey(@Blind OpaqueString opaqueString) throws NoSuchAlgorithmException, InvalidKeySpecException {
        char[] chars = opaqueString.getChars();
        try {
            byte[] bArr = new byte[chars.length];
            for (int i = 0; i < chars.length; i++) {
                try {
                    bArr[i] = (byte) chars[i];
                } catch (Throwable th) {
                    Arrays.fill(bArr, (byte) 0);
                    throw th;
                }
            }
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
            Arrays.fill(bArr, (byte) 0);
            Arrays.fill(chars, (char) 0);
            return generatePrivate;
        } catch (Throwable th2) {
            Arrays.fill(chars, (char) 0);
            throw th2;
        }
    }

    private static void tryDestroyKey(@Blind PrivateKey privateKey) {
        try {
            privateKey.destroy();
        } catch (DestroyFailedException e) {
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x00ff: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:68:0x00ff */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x0104: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:70:0x0104 */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.io.ByteArrayInputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    private static long parseExp(@Blind char[] cArr) {
        ?? r11;
        ?? r12;
        int i = 0;
        while (i < cArr.length && cArr[i] != '.') {
            i++;
        }
        int i2 = i + 1;
        if (i2 > cArr.length) {
            throw new IllegalArgumentException("Failed to identify payload of JWT");
        }
        int i3 = i2;
        while (i3 < cArr.length && cArr[i3] != '.') {
            i3++;
        }
        if (i3 == cArr.length) {
            throw new IllegalArgumentException("Failed to identify payload of JWT");
        }
        byte[] bArr = new byte[i3 - i2];
        for (int i4 = 0; i4 < bArr.length; i4++) {
            try {
                bArr[i4] = (byte) cArr[i4 + i2];
            } catch (Throwable th) {
                Arrays.fill(bArr, (byte) 0);
                throw th;
            }
        }
        byte[] decode = Base64.getMimeDecoder().decode(bArr);
        try {
            try {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                    Throwable th2 = null;
                    new TraceControllerImpl().suspend();
                    try {
                        long j = JSON_FACTORY.createJsonTextValue(byteArrayInputStream).asJsonObject().getLong("exp");
                        new TraceControllerImpl().resume();
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        Arrays.fill(bArr, (byte) 0);
                        return j;
                    } catch (Throwable th4) {
                        new TraceControllerImpl().resume();
                        throw th4;
                    }
                } finally {
                    Arrays.fill(decode, (byte) 0);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th5) {
            if (r11 != 0) {
                if (r12 != 0) {
                    try {
                        r11.close();
                    } catch (Throwable th6) {
                        r12.addSuppressed(th6);
                    }
                } else {
                    r11.close();
                }
            }
            throw th5;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r2v6, types: [java.time.ZonedDateTime] */
    @Blind
    public static AccessToken requestBearerToken(Builder builder) throws IOException {
        URL url = new URL(builder.endPoint);
        if (!"https".equalsIgnoreCase(url.getProtocol())) {
            throw new IllegalArgumentException("Protocol of endpoint is not https: " + url.getProtocol());
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        httpsURLConnection.setRequestMethod("POST");
        httpsURLConnection.setRequestProperty("Content-Type", c.s);
        httpsURLConnection.setRequestProperty("Accept-Type", c.s);
        Properties properties = builder.sqlNetOptions;
        DMSFactory dMSFactory = new DMSFactory();
        dMSFactory.getClass();
        httpsURLConnection.setSSLSocketFactory(CustomSSLSocketFactory.getSSLSocketFactory(properties, new DMSFactory.DMSNoun()));
        httpsURLConnection.setRequestProperty(HttpHeaders.DATE, LocalDateTime.now().atZone((ZoneId) ZoneOffset.UTC).format(DATE_FORMATTER));
        httpsURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, createAuthorization(builder.user, builder.password));
        httpsURLConnection.setDoOutput(true);
        OutputStream outputStream = httpsURLConnection.getOutputStream();
        Throwable th = null;
        try {
            try {
                Object[] objArr = new Object[2];
                objArr[0] = builder.compartment == null ? "*" : builder.database == null ? builder.compartment : builder.compartment + "::" + builder.database;
                objArr[1] = builder.tenancy;
                outputStream.write(String.format("{\"scope\": \"urn:oracle:db::id::%s\", \"tenantId\": \"%s\"}", objArr).getBytes(StandardCharsets.UTF_8));
                outputStream.flush();
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                InputStream inputStream = httpsURLConnection.getInputStream();
                Throwable th3 = null;
                try {
                    OpaqueString newOpaqueString = OpaqueString.newOpaqueString(JSON_FACTORY.createJsonTextValue(inputStream).asJsonObject().getString("token"));
                    if (newOpaqueString.isNull()) {
                        throw new IOException("JSON response does not contain a token");
                    }
                    JsonWebToken jsonWebToken = new JsonWebToken(newOpaqueString, null);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return jsonWebToken;
                } catch (Throwable th5) {
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (outputStream != null) {
                if (th != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th7;
        }
    }

    @Blind
    private static String createAuthorization(String str, @Blind OpaqueString opaqueString) {
        byte[] bytes = (str + ":").getBytes(StandardCharsets.UTF_8);
        ByteBuffer byteBuffer = (ByteBuffer) opaqueString.map(cArr -> {
            return StandardCharsets.UTF_8.encode(CharBuffer.wrap(cArr));
        });
        try {
            byte[] bArr = new byte[bytes.length + byteBuffer.remaining()];
            try {
                System.arraycopy(bytes, 0, bArr, 0, bytes.length);
                byteBuffer.get(bArr, bytes.length, byteBuffer.remaining());
                String str2 = "Basic " + Base64.getEncoder().encodeToString(bArr);
                Arrays.fill(bArr, (byte) 0);
                byteBuffer.clear();
                byteBuffer.put(new byte[byteBuffer.remaining()]);
                return str2;
            } catch (Throwable th) {
                Arrays.fill(bArr, (byte) 0);
                throw th;
            }
        } catch (Throwable th2) {
            byteBuffer.clear();
            byteBuffer.put(new byte[byteBuffer.remaining()]);
            throw th2;
        }
    }
}
