package com.oracle.bmc.auth.internal;

import com.oracle.bmc.auth.ResourcePrincipalAuthenticationDetailsProvider;
import com.oracle.bmc.auth.SessionKeySupplier;
import com.oracle.bmc.auth.internal.GetResourcePrincipalTokenResponse;
import com.oracle.bmc.auth.internal.X509FederationClient;
import com.oracle.bmc.circuitbreaker.CircuitBreakerConfiguration;
import com.oracle.bmc.http.ClientConfigurator;
import com.oracle.bmc.http.client.HttpClient;
import com.oracle.bmc.http.client.Method;
import com.oracle.bmc.http.internal.ClientCall;
import com.oracle.bmc.http.signing.DefaultRequestSigner;
import com.oracle.bmc.http.signing.RequestSigner;
import com.oracle.bmc.requests.BmcRequest;
import com.oracle.bmc.util.internal.StringUtils;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/oracle/bmc/auth/internal/ResourcePrincipalsV3FederationClient.class */
public class ResourcePrincipalsV3FederationClient extends AbstractFederationClient {
    private static final Logger LOG = LoggerFactory.getLogger(ResourcePrincipalsV3FederationClient.class);
    private final ClientConfigurator clientConfigurator;
    private final ResourcePrincipalAuthenticationDetailsProvider leafAuthDetailsProvider;
    private final String resourcePrincipalTokenUrl;
    private final String resourcePrincipalSessionTokenEndpoint;
    private final String OPC_PARENT_RPT_URL_HEADER = "opc-parent-rpt-url";

    public ResourcePrincipalsV3FederationClient(String str, String str2, SessionKeySupplier sessionKeySupplier, ResourcePrincipalAuthenticationDetailsProvider resourcePrincipalAuthenticationDetailsProvider, ClientConfigurator clientConfigurator, CircuitBreakerConfiguration circuitBreakerConfiguration) {
        super(str, null, str2, sessionKeySupplier, resourcePrincipalAuthenticationDetailsProvider, clientConfigurator, circuitBreakerConfiguration, new ArrayList());
        this.OPC_PARENT_RPT_URL_HEADER = "opc-parent-rpt-url";
        this.resourcePrincipalTokenUrl = str;
        this.resourcePrincipalSessionTokenEndpoint = str2;
        this.leafAuthDetailsProvider = resourcePrincipalAuthenticationDetailsProvider;
        this.clientConfigurator = clientConfigurator;
    }

    @Override // com.oracle.bmc.auth.internal.AbstractFederationClient, com.oracle.bmc.auth.internal.FederationClient
    public String getSecurityToken() {
        return (this.securityTokenAdapter == null || !this.securityTokenAdapter.isValid()) ? refreshAndGetSecurityTokenInner(false, Optional.empty(), true) : this.securityTokenAdapter.getSecurityToken();
    }

    @Override // com.oracle.bmc.auth.internal.AbstractFederationClient, com.oracle.bmc.auth.ProvidesConfigurableRefresh
    public String refreshAndGetSecurityTokenIfExpiringWithin(Duration duration, boolean z) {
        return refreshAndGetSecurityTokenInner(true, Optional.of(duration), z);
    }

    @Override // com.oracle.bmc.auth.internal.AbstractFederationClient, com.oracle.bmc.auth.ProvidesConfigurableRefresh
    public String refreshAndGetSecurityTokenIfExpiringWithin(Duration duration) {
        return refreshAndGetSecurityTokenInner(true, Optional.of(duration), true);
    }

    @Override // com.oracle.bmc.auth.internal.AbstractFederationClient
    protected SecurityTokenAdapter getSecurityTokenFromServer() {
        LOG.info("Getting/Refreshing RPST leaf from the auth server");
        this.leafAuthDetailsProvider.refresh();
        KeyPair keyPair = this.sessionKeySupplier.getKeyPair();
        if (keyPair == null) {
            throw new IllegalStateException("Keypair for session was not provided");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("Public key is not present");
        }
        return getSecurityTokenFromServerInner(rSAPublicKey, 1, this.resourcePrincipalTokenUrl, this.resourcePrincipalTokenClient, this.federationClient);
    }

    protected SecurityTokenAdapter getSecurityTokenFromServerInner(RSAPublicKey rSAPublicKey, int i, String str, HttpClient httpClient, HttpClient httpClient2) {
        GetResourcePrincipalTokenResponse.ResponseWrapper callSync = prepareRptCall(httpClient).method(Method.GET).logger(LOG, "ResourcePrincipalsFederationClient").callSync();
        GetResourcePrincipalTokenResponse getResourcePrincipalTokenResponse = callSync.body;
        Map<String, List<String>> headers = callSync.getHeaders();
        String str2 = null;
        if (headers != null && !headers.isEmpty()) {
            str2 = headers.get("opc-parent-rpt-url") != null ? headers.get("opc-parent-rpt-url").get(0) : null;
        }
        SecurityTokenAdapter requestSessionToken = requestSessionToken(httpClient2, new GetResourcePrincipalSessionTokenRequest(getResourcePrincipalTokenResponse.getResourcePrincipalToken(), getResourcePrincipalTokenResponse.getServicePrincipalSessionToken(), AuthUtils.base64EncodeNoChunking(rSAPublicKey)));
        if (i > 9) {
            return requestSessionToken;
        }
        if (StringUtils.isBlank(str2) || (!StringUtils.isBlank(str2) && str2.equalsIgnoreCase(str))) {
            return requestSessionToken;
        }
        RequestSigner createRequestSigner = DefaultRequestSigner.createRequestSigner(new ResourcePrincipalAuthenticationDetailsProvider(new FixedContentResourcePrincipalFederationClient(requestSessionToken.getSecurityToken(), this.sessionKeySupplier), this.sessionKeySupplier, this.leafAuthDetailsProvider.getRegion()));
        return getSecurityTokenFromServerInner(rSAPublicKey, i + 1, str2, makeClient(str2, createRequestSigner), makeClient(this.resourcePrincipalSessionTokenEndpoint, createRequestSigner));
    }

    protected ClientCall<?, GetResourcePrincipalTokenResponse.ResponseWrapper, ?> prepareRptCall(HttpClient httpClient) {
        return ClientCall.builder(httpClient, new BmcRequest(), GetResourcePrincipalTokenResponse.ResponseWrapper.Builder::new).handleBody(GetResourcePrincipalTokenResponse.class, (builder, getResourcePrincipalTokenResponse) -> {
            builder.body = getResourcePrincipalTokenResponse;
        }).handleResponseHeaderString("opc-parent-rpt-url", (builder2, str) -> {
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            HashMap hashMap = new HashMap();
            hashMap.put("opc-parent-rpt-url", arrayList);
            builder2.headers(hashMap);
        }).clientConfigurator(this.clientConfigurator).circuitBreaker(this.circuitBreaker);
    }

    protected SecurityTokenAdapter requestSessionToken(HttpClient httpClient, final GetResourcePrincipalSessionTokenRequest getResourcePrincipalSessionTokenRequest) {
        return new SecurityTokenAdapter(((X509FederationClient.FederationResponseWrapper) ClientCall.builder(httpClient, new BmcRequest<GetResourcePrincipalSessionTokenRequest>() { // from class: com.oracle.bmc.auth.internal.ResourcePrincipalsV3FederationClient.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.oracle.bmc.requests.BmcRequest
            public GetResourcePrincipalSessionTokenRequest getBody$() {
                return getResourcePrincipalSessionTokenRequest;
            }
        }, X509FederationClient.FederationResponseWrapper.Builder::new).method(Method.POST).logger(LOG, "ResourcePrincipalsFederationClient").handleBody(X509FederationClient.SecurityToken.class, (builder, securityToken) -> {
            builder.token = securityToken;
        }).clientConfigurator(this.clientConfigurator).appendPathPart("v1").appendPathPart("resourcePrincipalSessionToken").circuitBreaker(this.circuitBreaker).hasBody().callSync()).token.getToken(), this.sessionKeySupplier);
    }
}
