package com.databricks.client.spark.oauth;

import com.databricks.client.jdbc.common.OAuthSettings;
import com.databricks.client.jdbc.common.SSLSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc.oauth.OAuthFactory;
import com.databricks.client.jdbc42.internal.apache.http.client.config.RequestConfig;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpPost;
import com.databricks.client.jdbc42.internal.nimbusjose.JOSEException;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSAlgorithm;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSHeader;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSSigner;
import com.databricks.client.jdbc42.internal.nimbusjose.crypto.ECDSASigner;
import com.databricks.client.jdbc42.internal.nimbusjose.crypto.RSASSASigner;
import com.databricks.client.jdbc42.internal.nimbusjwt.JWTClaimsSet;
import com.databricks.client.jdbc42.internal.nimbusjwt.SignedJWT;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.io.FileReader;
import java.net.URI;
import java.security.PrivateKey;
import java.security.Security;
import java.security.interfaces.ECPrivateKey;
import java.sql.Timestamp;
import java.time.LocalDateTime;
import java.util.UUID;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:com/databricks/client/spark/oauth/SparkOAuthFactory.class */
public class SparkOAuthFactory extends OAuthFactory {
    private static final String RS256_KEY = "RS256";
    private static final String RS384_KEY = "RS384";
    private static final String RS512_KEY = "RS512 ";
    private static final String PS256_KEY = "PS256";
    private static final String PS384_KEY = "PS384";
    private static final String PS512_KEY = "PS512";
    private static final String ES256_KEY = "ES256";
    private static final String ES384_KEY = "ES384";
    private static final String ES512_KEY = "ES512";

    public static String JWTCredentialOAuth(OAuthSettings oAuthSettings, SSLSettings sSLSettings, ILogger iLogger) throws ErrorException {
        LogUtilities.logFunctionEntrance(iLogger, oAuthSettings, sSLSettings, iLogger);
        oAuthSettings.OAuthClientAssertion = fetchAccessToken(getPrivateKey(oAuthSettings), oAuthSettings).serialize();
        URI serverURI = getServerURI(oAuthSettings);
        HttpPost requestParams = setRequestParams(oAuthSettings, new HttpPost(serverURI));
        requestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        String executeRequest = executeRequest(oAuthSettings, serverURI, requestParams);
        String parseJsonResponse = parseJsonResponse(executeRequest.toString(), "access_token");
        setExpiryTime(executeRequest, oAuthSettings, iLogger);
        if (null == parseJsonResponse) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
        }
        return parseJsonResponse;
    }

    private static PrivateKey getPrivateKey(OAuthSettings oAuthSettings) throws ErrorException {
        Security.addProvider(new BouncyCastleProvider());
        try {
            PEMParser pEMParser = new PEMParser(new FileReader(oAuthSettings.OAuth2KeyFilePath));
            while (true) {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
                }
                try {
                    return parseSegment(oAuthSettings, readObject);
                } catch (Exception e) {
                }
            }
        } catch (Exception e2) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e2.getMessage()});
        }
    }

    private static PrivateKey parseSegment(OAuthSettings oAuthSettings, Object obj) throws ErrorException {
        try {
            try {
                oAuthSettings.OAuthJWTKeyType = "ECDSA";
                return checkSegment(oAuthSettings, obj, "SunEC");
            } catch (PEMException e) {
                oAuthSettings.OAuthJWTKeyType = "RSA";
                return checkSegment(oAuthSettings, obj, "SunRsaSign");
            }
        } catch (Exception e2) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e2.getMessage()});
        }
    }

    private static PrivateKey checkSegment(OAuthSettings oAuthSettings, Object obj, String str) throws OperatorCreationException, PKCSException, PEMException {
        PrivateKeyInfo privateKeyInfo;
        if (oAuthSettings.OAuth2KeyPassphrase != null) {
            JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
            jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider("BC");
            privateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(oAuthSettings.OAuth2KeyPassphrase.toCharArray()));
        } else {
            privateKeyInfo = ((PEMKeyPair) obj).getPrivateKeyInfo();
        }
        return new JcaPEMKeyConverter().setProvider(str).getPrivateKey(privateKeyInfo);
    }

    private static SignedJWT fetchAccessToken(PrivateKey privateKey, OAuthSettings oAuthSettings) throws ErrorException {
        JWSSigner eCDSASigner;
        JWSHeader buildECHeader;
        if (oAuthSettings.OAuthJWTKeyType.equals("RSA")) {
            eCDSASigner = new RSASSASigner(privateKey);
            buildECHeader = buildRSAHeader(oAuthSettings);
        } else {
            if (!oAuthSettings.OAuthJWTKeyType.equals("ECDSA")) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
            }
            try {
                eCDSASigner = new ECDSASigner((ECPrivateKey) privateKey);
                buildECHeader = buildECHeader(oAuthSettings);
            } catch (JOSEException e) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage()});
            }
        }
        String str = oAuthSettings.m_authClientID;
        Timestamp valueOf = Timestamp.valueOf(LocalDateTime.now());
        SignedJWT signedJWT = new SignedJWT(buildECHeader, new JWTClaimsSet.Builder().issuer(str).subject(str).issueTime(valueOf).expirationTime(valueOf).audience(oAuthSettings.m_authorizationUrl).jwtID(UUID.randomUUID().toString()).build());
        try {
            signedJWT.sign(eCDSASigner);
            return signedJWT;
        } catch (JOSEException e2) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e2.getMessage()});
        }
    }

    private static JWSHeader buildECHeader(OAuthSettings oAuthSettings) throws ErrorException {
        JWSHeader build;
        if (oAuthSettings.OAuthJWTAssertionAlgorithm == null) {
            oAuthSettings.OAuthJWTAssertionAlgorithm = ES256_KEY;
        }
        if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(ES256_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(oAuthSettings.OAuth2KeyID).build();
        } else if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(ES384_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.ES384).keyID(oAuthSettings.OAuth2KeyID).build();
        } else {
            if (!oAuthSettings.OAuthJWTAssertionAlgorithm.equals(ES512_KEY)) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.INVALID_ASSERTION_ALGORITHM_ERROR.name());
            }
            build = new JWSHeader.Builder(JWSAlgorithm.ES512).keyID(oAuthSettings.OAuth2KeyID).build();
        }
        return build;
    }

    private static JWSHeader buildRSAHeader(OAuthSettings oAuthSettings) throws ErrorException {
        JWSHeader build;
        if (oAuthSettings.OAuthJWTAssertionAlgorithm == null) {
            oAuthSettings.OAuthJWTAssertionAlgorithm = RS256_KEY;
        }
        if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(RS256_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(oAuthSettings.OAuth2KeyID).build();
        } else if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(RS384_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS384).keyID(oAuthSettings.OAuth2KeyID).build();
        } else if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(RS512_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS512).keyID(oAuthSettings.OAuth2KeyID).build();
        } else if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(PS256_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.PS256).keyID(oAuthSettings.OAuth2KeyID).build();
        } else if (oAuthSettings.OAuthJWTAssertionAlgorithm.equals(PS384_KEY)) {
            build = new JWSHeader.Builder(JWSAlgorithm.PS384).keyID(oAuthSettings.OAuth2KeyID).build();
        } else {
            if (!oAuthSettings.OAuthJWTAssertionAlgorithm.equals(PS512_KEY)) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.INVALID_ASSERTION_ALGORITHM_ERROR.name(), oAuthSettings.OAuthJWTAssertionAlgorithm);
            }
            build = new JWSHeader.Builder(JWSAlgorithm.PS512).keyID(oAuthSettings.OAuth2KeyID).build();
        }
        return build;
    }
}
