package oracle.jdbc.provider.oci.oauth;

import com.oracle.bmc.auth.AbstractAuthenticationDetailsProvider;
import com.oracle.bmc.identitydataplane.DataplaneClient;
import com.oracle.bmc.identitydataplane.model.GenerateScopedAccessTokenDetails;
import com.oracle.bmc.identitydataplane.model.SecurityToken;
import com.oracle.bmc.identitydataplane.requests.GenerateScopedAccessTokenRequest;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.Base64;
import javax.security.auth.DestroyFailedException;
import oracle.jdbc.AccessToken;
import oracle.jdbc.provider.cache.CachedResourceFactory;
import oracle.jdbc.provider.factory.Resource;
import oracle.jdbc.provider.factory.ResourceFactory;
import oracle.jdbc.provider.oci.OciResourceFactory;
import oracle.jdbc.provider.parameter.Parameter;
import oracle.jdbc.provider.parameter.ParameterSet;
import oracle.jdbc.provider.util.JsonWebTokenParser;

/* loaded from: input_file:oracle/jdbc/provider/oci/oauth/AccessTokenFactory.class */
public final class AccessTokenFactory extends OciResourceFactory<AccessToken> {
    public static final Parameter<String> SCOPE = Parameter.create(new Parameter.Attribute[]{Parameter.CommonAttribute.REQUIRED});
    private static final ResourceFactory<AccessToken> INSTANCE = CachedResourceFactory.create(new AccessTokenFactory());

    private AccessTokenFactory() {
    }

    public static ResourceFactory<AccessToken> getInstance() {
        return INSTANCE;
    }

    @Override // oracle.jdbc.provider.oci.OciResourceFactory
    public Resource<AccessToken> request(AbstractAuthenticationDetailsProvider abstractAuthenticationDetailsProvider, ParameterSet parameterSet) {
        KeyPair generateKeyPair = generateKeyPair();
        try {
            Resource<AccessToken> createResource = createResource(requestSecurityToken(abstractAuthenticationDetailsProvider, (String) parameterSet.getRequired(SCOPE), generateKeyPair.getPublic()), generateKeyPair.getPrivate());
            tryDestroy(generateKeyPair.getPrivate());
            return createResource;
        } catch (Throwable th) {
            tryDestroy(generateKeyPair.getPrivate());
            throw th;
        }
    }

    private static KeyPair generateKeyPair() {
        try {
            return KeyPairGenerator.getInstance("RSA").generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to generated a proof of possession key pair. See cause for details.", e);
        }
    }

    private static SecurityToken requestSecurityToken(AbstractAuthenticationDetailsProvider abstractAuthenticationDetailsProvider, String str, PublicKey publicKey) {
        DataplaneClient build = DataplaneClient.builder().build(abstractAuthenticationDetailsProvider);
        try {
            SecurityToken securityToken = build.generateScopedAccessToken(GenerateScopedAccessTokenRequest.builder().generateScopedAccessTokenDetails(GenerateScopedAccessTokenDetails.builder().publicKey(Base64.getEncoder().encodeToString(publicKey.getEncoded())).scope(str).build()).build()).getSecurityToken();
            if (build != null) {
                build.close();
            }
            return securityToken;
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static Resource<AccessToken> createResource(SecurityToken securityToken, PrivateKey privateKey) {
        String token = securityToken.getToken();
        OffsetDateTime parseExp = JsonWebTokenParser.parseExp(token);
        char[] charArray = token.toCharArray();
        try {
            AccessToken createJsonWebToken = AccessToken.createJsonWebToken(charArray, privateKey);
            Arrays.fill(charArray, (char) 0);
            return Resource.createExpiringResource(createJsonWebToken, parseExp, true);
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    private static void tryDestroy(PrivateKey privateKey) {
        try {
            privateKey.destroy();
        } catch (DestroyFailedException e) {
        }
    }
}
