package oracle.jdbc.provider.oci.authentication;

import com.oracle.bmc.Region;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpServer;
import java.awt.Desktop;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.stream.Collectors;
import oracle.jdbc.provider.parameter.ParameterSet;
import oracle.jdbc.provider.util.JsonWebTokenParser;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/jdbc/provider/oci/authentication/InteractiveAuthentication.class */
public final class InteractiveAuthentication {
    private static final byte[] SCRIPT_RESPONSE = "<script type='text/javascript'>\n  hash = window.location.hash\n  window.location.hash = '';\n  \n  // Remove the leading '#' from the URL fragment\n  if (hash[0] === '#') {\n      hash = hash.substr(1)\n  }\n  \n  function reqListener () {\n      document.write('Authorization completed! Please close this window and return to your application.')\n      document.close();\n  }\n  \n  var oReq = new XMLHttpRequest();\n  oReq.addEventListener(\"load\", reqListener);\n  oReq.open(\"GET\", \"/token?\" + hash);\n  oReq.send();\n</script>".getBytes(StandardCharsets.UTF_8);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/jdbc/provider/oci/authentication/InteractiveAuthentication$LoginResult.class */
    public static final class LoginResult {
        final String securityToken;
        final String idToken;

        private LoginResult(String str, String str2) {
            this.securityToken = str;
            this.idToken = str2;
        }

        Region getIssuerRegion() {
            String str = (String) JsonWebTokenParser.parseClaims(this.idToken).get("issuer_region");
            if (str == null) {
                throw new IllegalStateException("id_token does not contain an issuer_region claim");
            }
            return Region.fromRegionCode(str);
        }

        static LoginResult fromUriQuery(String str) {
            if (str == null) {
                throw new IllegalStateException("Query section not included in request on /token endpoint");
            }
            Map map = (Map) Arrays.stream(str.split("&")).map(str2 -> {
                return str2.split("=");
            }).collect(Collectors.toMap(strArr -> {
                return strArr[0];
            }, strArr2 -> {
                return strArr2.length == 1 ? "" : strArr2[1];
            }));
            String str3 = (String) map.get("security_token");
            if (str3 == null) {
                throw new IllegalStateException("Query section does not include a security_token in request on /token endpoint");
            }
            String str4 = (String) map.get("id_token");
            if (str4 == null) {
                throw new IllegalStateException("Query section does not include a id_token in request on /token endpoint");
            }
            return new LoginResult(str3, str4);
        }
    }

    private InteractiveAuthentication() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InteractiveAuthenticationDetails getSessionToken(ParameterSet parameterSet) {
        Region region = (Region) parameterSet.getOptional(AuthenticationDetailsFactory.REGION);
        InetSocketAddress inetSocketAddress = new InetSocketAddress("localhost", 8181);
        CompletableFuture<LoginResult> acceptRedirect = acceptRedirect(inetSocketAddress);
        try {
            KeyPair generateKeyPair = generateKeyPair();
            openBrowser(region, generateKeyPair.getPublic(), inetSocketAddress);
            LoginResult awaitLogin = awaitLogin(acceptRedirect);
            if (region == null) {
                region = awaitLogin.getIssuerRegion();
            }
            InteractiveAuthenticationDetails interactiveAuthenticationDetails = new InteractiveAuthenticationDetails(region, awaitLogin.securityToken, generateKeyPair);
            acceptRedirect.cancel(true);
            return interactiveAuthenticationDetails;
        } catch (Throwable th) {
            acceptRedirect.cancel(true);
            throw th;
        }
    }

    private static KeyPair generateKeyPair() {
        try {
            return KeyPairGenerator.getInstance("RSA").generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private static CompletableFuture<LoginResult> acceptRedirect(InetSocketAddress inetSocketAddress) {
        try {
            HttpServer create = HttpServer.create(inetSocketAddress, 0);
            CompletableFuture<LoginResult> completableFuture = new CompletableFuture<>();
            create.createContext("/", httpExchange -> {
                try {
                    handleScriptRequest(httpExchange);
                } catch (Exception e) {
                    completableFuture.completeExceptionally(e);
                }
            });
            create.createContext("/token", httpExchange2 -> {
                try {
                    completableFuture.complete(handleTokenRequest(httpExchange2));
                } catch (Exception e) {
                    completableFuture.completeExceptionally(e);
                }
            });
            create.setExecutor((Executor) null);
            create.start();
            completableFuture.whenComplete((loginResult, th) -> {
                create.stop(0);
            });
            return completableFuture;
        } catch (IOException e) {
            throw new IllegalStateException("Failed to create an HTTP server", e);
        }
    }

    private static void handleScriptRequest(HttpExchange httpExchange) {
        try {
            Objects.requireNonNull(httpExchange);
            AutoCloseable autoCloseable = httpExchange::close;
            try {
                httpExchange.sendResponseHeaders(200, SCRIPT_RESPONSE.length);
                httpExchange.getResponseBody().write(SCRIPT_RESPONSE);
                if (autoCloseable != null) {
                    autoCloseable.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Failed to handle HTTP request", e);
        }
    }

    private static LoginResult handleTokenRequest(HttpExchange httpExchange) {
        try {
            Objects.requireNonNull(httpExchange);
            AutoCloseable autoCloseable = httpExchange::close;
            try {
                LoginResult fromUriQuery = LoginResult.fromUriQuery(httpExchange.getRequestURI().getQuery());
                httpExchange.sendResponseHeaders(200, -1L);
                if (autoCloseable != null) {
                    autoCloseable.close();
                }
                return fromUriQuery;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Failed to handle HTTP request", e);
        }
    }

    private static void openBrowser(Region region, PublicKey publicKey, InetSocketAddress inetSocketAddress) {
        try {
            Desktop desktop = Desktop.getDesktop();
            StringBuilder sb = new StringBuilder();
            Object[] objArr = new Object[2];
            objArr[0] = region == null ? "oci" : region.getRegionId();
            objArr[1] = region == null ? "oraclecloud.com" : region.getRealm().getSecondLevelDomain();
            desktop.browse(URI.create(sb.append(String.format("https://login.%s.%s/v1/oauth2/authorize", objArr)).append("?action=login&client_id=iaas_console&response_type=").append(encodeUrlParameter("token id_token")).append("&nonce=").append(encodeUrlParameter(UUID.randomUUID().toString())).append("&scope=openid&public_key=").append(encodeUrlParameter(Base64.getUrlEncoder().encodeToString(encodeJwk(publicKey).getBytes(StandardCharsets.UTF_8)))).append("&redirect_uri=").append(encodeUrlParameter(String.format("http://%s:%d", inetSocketAddress.getHostName(), Integer.valueOf(inetSocketAddress.getPort())))).toString()));
        } catch (IOException e) {
            throw new IllegalStateException("Failed to open a web browser", e);
        }
    }

    private static String encodeJwk(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            return String.format("{ \"kty\": \"RSA\", \"n\": \"%s\", \"e\": \"%s\", \"kid\": \"Ignored\" }", Base64.getUrlEncoder().encodeToString(((RSAPublicKey) publicKey).getModulus().toByteArray()), Base64.getUrlEncoder().encodeToString(((RSAPublicKey) publicKey).getPublicExponent().toByteArray()));
        }
        throw new IllegalStateException("Not an RSA public key: " + publicKey.getClass());
    }

    private static String encodeUrlParameter(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    private static LoginResult awaitLogin(CompletableFuture<LoginResult> completableFuture) {
        try {
            return completableFuture.get();
        } catch (InterruptedException e) {
            throw new IllegalStateException("Interactive authentication interrupted", e);
        } catch (ExecutionException e2) {
            throw new IllegalStateException(e2);
        }
    }
}
