package com.oracle.bmc.auth.internal;

import com.oracle.bmc.InternalSdk;
import com.oracle.bmc.auth.exception.InstancePrincipalUnavailableException;
import com.oracle.bmc.http.client.Serializer;
import com.oracle.bmc.util.internal.Validate;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Optional;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shaded.com.oracle.oci.javasdk.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import shaded.com.oracle.oci.javasdk.org.glassfish.jersey.logging.LoggingFeature;

/* loaded from: input_file:com/oracle/bmc/auth/internal/AuthUtils.class */
public class AuthUtils {
    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
    private static final Logger LOG = LoggerFactory.getLogger(AuthUtils.class);

    private AuthUtils() {
    }

    public static String getFingerPrint(X509Certificate x509Certificate) {
        Validate.notNull(x509Certificate, "certificate may not be null", new Object[0]);
        try {
            byte[] encodedCertificate = getEncodedCertificate(x509Certificate);
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.update(encodedCertificate);
            return formatStringWithSeparator(getHex(messageDigest.digest()));
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new Error(e.getMessage());
        }
    }

    private static String formatStringWithSeparator(String str) {
        int length = str.length();
        char[] cArr = new char[((length * 3) / 2) - 1];
        int i = 0;
        for (int i2 = 0; i2 < length - 2; i2 += 2) {
            int i3 = i;
            int i4 = i + 1;
            cArr[i3] = str.charAt(i2);
            int i5 = i4 + 1;
            cArr[i4] = str.charAt(i2 + 1);
            i = i5 + 1;
            cArr[i5] = ':';
        }
        cArr[i] = str.charAt(length - 2);
        cArr[i + 1] = str.charAt(length - 1);
        return String.valueOf(cArr);
    }

    private static String getHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    public static Optional<RSAPublicKey> toPublicKeyFromJson(String str) {
        Validate.notBlank(str, "JSON for public key may not be blank", new Object[0]);
        Optional<JWK> jwk = toJwk(str);
        return !jwk.isPresent() ? Optional.empty() : toPublicKeyFromJwk(jwk.get());
    }

    public static Optional<JWK> toJwk(String str) {
        Validate.notBlank(str, "JSON for JWK may not be blank", new Object[0]);
        try {
            return Optional.of((JWK) Serializer.getDefault().readValue(str, JWK.class));
        } catch (IOException e) {
            LOG.debug("Exception reading or de-serializing jwk", e);
            return Optional.empty();
        }
    }

    public static Optional<RSAPublicKey> toPublicKeyFromJwk(JWK jwk) {
        Validate.notNull(jwk, "JWK may not be null", new Object[0]);
        try {
            return Optional.of((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, base64Decode(jwk.getModulus())), new BigInteger(1, base64Decode(jwk.getPublicExponent())))));
        } catch (Exception e) {
            LOG.debug("Failed to construct public key from JWK", e);
            return Optional.empty();
        }
    }

    @InternalSdk(backwardCompatibilityRequired = true)
    public static byte[] toByteArrayFromRSAPrivateKey(RSAPrivateKey rSAPrivateKey) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream, StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(rSAPrivateKey);
                    jcaPEMWriter.flush();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return byteArrayOutputStream.toByteArray();
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Unable to write PEM object", e);
        }
    }

    public static String base64EncodeNoChunking(RSAPublicKey rSAPublicKey) {
        return new String(Base64.getEncoder().encode(rSAPublicKey.getEncoded()), StandardCharsets.UTF_8);
    }

    public static String base64EncodeNoChunking(X509Certificate x509Certificate) throws CertificateEncodingException {
        return new String(Base64.getEncoder().encode(getEncodedCertificate(x509Certificate)), StandardCharsets.UTF_8);
    }

    private static byte[] getEncodedCertificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        return x509Certificate instanceof X509CertificateWithOriginalPem ? getEncodedCertificateFromPem(((X509CertificateWithOriginalPem) x509Certificate).getPemEncodedCertificate()) : x509Certificate.getEncoded();
    }

    public static byte[] base64Decode(String str) {
        if (str == null) {
            return null;
        }
        return Base64.getDecoder().decode(str.replace('-', '+').replace('_', '/'));
    }

    static byte[] getEncodedCertificateFromPem(String str) {
        return base64Decode(str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replace(LoggingFeature.DEFAULT_SEPARATOR, "").replace("\r", ""));
    }

    public static String getTenantIdFromCertificate(X509Certificate x509Certificate) {
        Validate.notNull(x509Certificate, "certificate may not be null", new Object[0]);
        X500Name x500Name = new X500Name(x509Certificate.getSubjectX500Principal().getName());
        Optional<String> value = getValue(x500Name, BCStyle.OU, "opc-tenant");
        if (!value.isPresent()) {
            value = getValue(x500Name, BCStyle.O, "opc-identity");
        }
        if (value.isPresent()) {
            return value.get();
        }
        throw new InstancePrincipalUnavailableException("The certificate does not contain tenant id.");
    }

    private static Optional<String> getValue(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str) {
        String str2 = str + ":";
        for (RDN rdn : x500Name.getRDNs(aSN1ObjectIdentifier)) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                String obj = attributeTypeAndValue.getValue().toString();
                if (obj.startsWith(str2)) {
                    return Optional.of(obj.substring(str2.length()));
                }
            }
        }
        return Optional.empty();
    }
}
