package org.apache.hadoop.crypto.key;

import com.microsoft.aad.adal4j.AsymmetricKeyCredential;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.class */
public class AzureKeyVaultClientAuthenticator extends KeyVaultCredentials {
    static final Logger logger = LoggerFactory.getLogger(AzureKeyVaultClientAuthenticator.class);
    private String authClientID;
    private String authClientSecret;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator$KeyCert.class */
    public static class KeyCert {
        X509Certificate certificate;
        PrivateKey key;

        KeyCert() {
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public void setCertificate(X509Certificate x509Certificate) {
            this.certificate = x509Certificate;
        }

        public PrivateKey getKey() {
            return this.key;
        }

        public void setKey(PrivateKey privateKey) {
            this.key = privateKey;
        }
    }

    public AzureKeyVaultClientAuthenticator(String str, String str2) {
        this.authClientID = str;
        this.authClientSecret = str2;
    }

    public AzureKeyVaultClientAuthenticator(String str) {
        this.authClientID = str;
    }

    public String doAuthenticate(String str, String str2, String str3) {
        return getAccessTokenFromClientCredentials(str, str2, this.authClientID, this.authClientSecret).getAccessToken();
    }

    private static AuthenticationResult getAccessTokenFromClientCredentials(String str, String str2, String str3, String str4) {
        ExecutorService executorService = null;
        try {
            try {
                executorService = Executors.newFixedThreadPool(1);
                AuthenticationResult authenticationResult = (AuthenticationResult) new AuthenticationContext(str, false, executorService).acquireToken(str2, new ClientCredential(str3, str4), (AuthenticationCallback) null).get();
                executorService.shutdown();
                if (authenticationResult == null) {
                    throw new RuntimeException("authentication result was null");
                }
                return authenticationResult;
            } catch (Exception e) {
                throw new RuntimeException(" Error while getting Access token for client id: " + str3 + " and client secret. Error : " + e);
            }
        } catch (Throwable th) {
            executorService.shutdown();
            throw th;
        }
    }

    public KeyVaultClient getAuthentication(String str, String str2) throws Exception {
        KeyCert keyCert = null;
        if (str.endsWith(".pfx")) {
            try {
                keyCert = readPfx(str, str2);
            } catch (Exception e) {
                throw new Exception("Error while parsing pfx certificate. Error : " + e);
            }
        } else if (str.endsWith(".pem")) {
            try {
                keyCert = readPem(str, str2);
            } catch (Exception e2) {
                throw new Exception("Error while parsing pem certificate. Error : " + e2);
            }
        }
        final KeyCert keyCert2 = keyCert;
        if (keyCert2 == null) {
            return null;
        }
        final PrivateKey key = keyCert2.getKey();
        return new KeyVaultClient(new KeyVaultCredentials() { // from class: org.apache.hadoop.crypto.key.AzureKeyVaultClientAuthenticator.1
            public String doAuthenticate(String str3, String str4, String str5) {
                try {
                    return ((AuthenticationResult) new AuthenticationContext(str3, false, Executors.newFixedThreadPool(1)).acquireToken(str4, AsymmetricKeyCredential.create(AzureKeyVaultClientAuthenticator.this.authClientID, key, keyCert2.getCertificate()), (AuthenticationCallback) null).get()).getAccessToken();
                } catch (Exception e3) {
                    throw new RuntimeException("Error while getting authenticated access token from azure key vault with certificate : " + e3);
                }
            }
        });
    }

    private KeyCert readPem(String str, String str2) throws IOException, CertificateException, OperatorCreationException, PKCSException {
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pEMParser = new PEMParser(new FileReader(new File(str)));
        PrivateKey privateKey = null;
        X509Certificate x509Certificate = null;
        Object readObject = pEMParser.readObject();
        while (true) {
            Object obj = readObject;
            if (obj == null) {
                KeyCert keyCert = new KeyCert();
                keyCert.setCertificate(x509Certificate);
                keyCert.setKey(privateKey);
                pEMParser.close();
                return keyCert;
            }
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            if (obj instanceof X509CertificateHolder) {
                x509Certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) obj);
            }
            if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
                privateKey = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str2.toCharArray())));
            }
            if (obj instanceof PrivateKeyInfo) {
                privateKey = provider.getPrivateKey((PrivateKeyInfo) obj);
            }
            readObject = pEMParser.readObject();
        }
    }

    private KeyCert readPfx(String str, String str2) throws NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                KeyCert keyCert = new KeyCert();
                boolean z = false;
                KeyStore keyStore = KeyStore.getInstance("pkcs12", "SunJSSE");
                keyStore.load(fileInputStream, str2.toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                String str3 = "";
                while (aliases.hasMoreElements()) {
                    str3 = aliases.nextElement();
                    boolean isKeyEntry = keyStore.isKeyEntry(str3);
                    z = isKeyEntry;
                    if (isKeyEntry) {
                        break;
                    }
                }
                if (z) {
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str3);
                    PrivateKey privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
                    keyCert.setCertificate(x509Certificate);
                    keyCert.setKey(privateKey);
                }
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return keyCert;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
