package com.databricks.client.spark.oauth;

import com.databricks.client.hivecommon.HiveJDBCSettings;
import com.databricks.client.jdbc.common.OAuthSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc.oauth.ClientCredentialOAuthProvider;
import com.databricks.client.jdbc42.internal.apache.thrift.TException;
import com.databricks.client.jdbc42.internal.nimbusjose.JOSEException;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSAlgorithm;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSHeader;
import com.databricks.client.jdbc42.internal.nimbusjose.JWSSigner;
import com.databricks.client.jdbc42.internal.nimbusjose.crypto.ECDSASigner;
import com.databricks.client.jdbc42.internal.nimbusjose.crypto.RSASSASigner;
import com.databricks.client.jdbc42.internal.nimbusjwt.JWTClaimsSet;
import com.databricks.client.jdbc42.internal.nimbusjwt.SignedJWT;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.sql.Timestamp;
import java.time.LocalDateTime;
import java.util.UUID;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:com/databricks/client/spark/oauth/ClientCredential_JWT_OAuthProvider.class */
public class ClientCredential_JWT_OAuthProvider extends ClientCredentialOAuthProvider {
    private final String RS256_KEY = "RS256";
    private final String RS384_KEY = "RS384";
    private final String RS512_KEY = "RS512 ";
    private final String PS256_KEY = "PS256";
    private final String PS384_KEY = "PS384";
    private final String PS512_KEY = "PS512";
    private final String ES256_KEY = "ES256";
    private final String ES384_KEY = "ES384";
    private final String ES512_KEY = "ES512";
    private final String RSA_KEY = "RSA";
    private final String DSA_KEY = "ECDSA";
    private final String RSA_SEGMENT_KEY = "SunRsaSign";
    private final String DSA_SEGMENT_KEY = "SunEC";

    public ClientCredential_JWT_OAuthProvider(HiveJDBCSettings hiveJDBCSettings, ILogger iLogger) throws ErrorException {
        super(hiveJDBCSettings, iLogger);
        this.RS256_KEY = "RS256";
        this.RS384_KEY = "RS384";
        this.RS512_KEY = "RS512 ";
        this.PS256_KEY = "PS256";
        this.PS384_KEY = "PS384";
        this.PS512_KEY = "PS512";
        this.ES256_KEY = "ES256";
        this.ES384_KEY = "ES384";
        this.ES512_KEY = "ES512";
        this.RSA_KEY = "RSA";
        this.DSA_KEY = "ECDSA";
        this.RSA_SEGMENT_KEY = "SunRsaSign";
        this.DSA_SEGMENT_KEY = "SunEC";
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
    }

    @Override // com.databricks.client.jdbc.oauth.ClientCredentialOAuthProvider, com.databricks.client.jdbc.oauth.OauthProvider
    public void obtainAccessToken() throws TException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        try {
            if (hasValidDatabricksToken()) {
                return;
            }
            if (!this.m_settings.m_enableTestOverrideAuthorizationUrl.booleanValue()) {
                this.m_settings.m_oAuthSettings.m_authorizationUrl = this.m_settings.m_oAuthSettings.m_Oauth2TokenEndpoint;
            }
            if (this.m_settings.m_oAuthSettings.m_OAuthUseJWTAssertion.booleanValue()) {
                SignedJWT fetchAccessToken = fetchAccessToken(getPrivateKey(this.m_oAuthSettings), this.m_oAuthSettings);
                this.m_oAuthSettings.m_OAuthClientAssertion = fetchAccessToken.serialize();
            }
            super.obtainAccessToken();
        } catch (ErrorException e) {
            throw new TException(getDetailedErrorExceptionMessage(e), e.getCause());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0043, code lost:
    
        throw com.databricks.client.jdbc.core.DSDriver.s_CommonMessages.createGeneralException(com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.PrivateKey getPrivateKey(com.databricks.client.jdbc.common.OAuthSettings r8) throws com.databricks.client.support.exceptions.ErrorException {
        /*
            r7 = this;
            org.bouncycastle.jce.provider.BouncyCastleProvider r0 = new org.bouncycastle.jce.provider.BouncyCastleProvider
            r1 = r0
            r1.<init>()
            int r0 = java.security.Security.addProvider(r0)
            org.bouncycastle.openssl.PEMParser r0 = new org.bouncycastle.openssl.PEMParser     // Catch: java.lang.Exception -> L44
            r1 = r0
            java.io.FileReader r2 = new java.io.FileReader     // Catch: java.lang.Exception -> L44
            r3 = r2
            r4 = r8
            java.lang.String r4 = r4.m_OAuth2KeyFilePath     // Catch: java.lang.Exception -> L44
            r3.<init>(r4)     // Catch: java.lang.Exception -> L44
            r1.<init>(r2)     // Catch: java.lang.Exception -> L44
            r9 = r0
        L1e:
            r0 = r9
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Exception -> L44
            r1 = r0
            r10 = r1
            if (r0 == 0) goto L33
            r0 = r7
            r1 = r8
            r2 = r10
            java.security.PrivateKey r0 = r0.parseSegment(r1, r2)     // Catch: java.lang.Exception -> L2e java.lang.Exception -> L44
            return r0
        L2e:
            r11 = move-exception
            goto L1e
        L33:
            com.databricks.client.support.exceptions.ExceptionBuilder r0 = com.databricks.client.jdbc.core.DSDriver.s_CommonMessages     // Catch: java.lang.Exception -> L44
            com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey r1 = com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST     // Catch: java.lang.Exception -> L44
            java.lang.String r1 = r1.name()     // Catch: java.lang.Exception -> L44
            com.databricks.client.support.exceptions.ErrorException r0 = r0.createGeneralException(r1)     // Catch: java.lang.Exception -> L44
            r11 = r0
            r0 = r11
            throw r0     // Catch: java.lang.Exception -> L44
        L44:
            r9 = move-exception
            com.databricks.client.support.exceptions.ExceptionBuilder r0 = com.databricks.client.jdbc.core.DSDriver.s_CommonMessages
            com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey r1 = com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST
            java.lang.String r1 = r1.name()
            r2 = 1
            java.lang.String[] r2 = new java.lang.String[r2]
            r3 = r2
            r4 = 0
            r5 = r9
            java.lang.String r5 = r5.getMessage()
            r3[r4] = r5
            com.databricks.client.support.exceptions.ErrorException r0 = r0.createGeneralException(r1, r2)
            r10 = r0
            r0 = r10
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.databricks.client.spark.oauth.ClientCredential_JWT_OAuthProvider.getPrivateKey(com.databricks.client.jdbc.common.OAuthSettings):java.security.PrivateKey");
    }

    private PrivateKey parseSegment(OAuthSettings oAuthSettings, Object obj) throws ErrorException {
        try {
            try {
                oAuthSettings.m_OAuthJWTKeyType = "ECDSA";
                return checkSegment(oAuthSettings, obj, "SunEC");
            } catch (PEMException e) {
                oAuthSettings.m_OAuthJWTKeyType = "RSA";
                return checkSegment(oAuthSettings, obj, "SunRsaSign");
            }
        } catch (Exception e2) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e2.getMessage()});
        }
    }

    private PrivateKey checkSegment(OAuthSettings oAuthSettings, Object obj, String str) throws OperatorCreationException, PKCSException, PEMException {
        PrivateKeyInfo privateKeyInfo;
        if (oAuthSettings.m_OAuth2KeyPassphrase != null) {
            JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
            jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider("BC");
            privateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(oAuthSettings.m_OAuth2KeyPassphrase.toCharArray()));
        } else {
            try {
                privateKeyInfo = ((PEMKeyPair) obj).getPrivateKeyInfo();
            } catch (ClassCastException e) {
                privateKeyInfo = (PrivateKeyInfo) obj;
            }
        }
        return new JcaPEMKeyConverter().setProvider(str).getPrivateKey(privateKeyInfo);
    }

    private SignedJWT fetchAccessToken(PrivateKey privateKey, OAuthSettings oAuthSettings) throws ErrorException {
        JWSSigner eCDSASigner;
        JWSHeader buildECHeader;
        if (oAuthSettings.m_OAuthJWTKeyType.equals("RSA")) {
            eCDSASigner = new RSASSASigner(privateKey);
            buildECHeader = buildRSAHeader(oAuthSettings);
        } else {
            if (!oAuthSettings.m_OAuthJWTKeyType.equals("ECDSA")) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
            }
            try {
                eCDSASigner = new ECDSASigner((ECPrivateKey) privateKey);
                buildECHeader = buildECHeader(oAuthSettings);
            } catch (JOSEException e) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage()});
            }
        }
        String str = oAuthSettings.m_authClientID;
        Timestamp valueOf = Timestamp.valueOf(LocalDateTime.now());
        SignedJWT signedJWT = new SignedJWT(buildECHeader, new JWTClaimsSet.Builder().issuer(str).subject(str).issueTime(valueOf).expirationTime(valueOf).audience(oAuthSettings.m_authorizationUrl).jwtID(UUID.randomUUID().toString()).build());
        try {
            signedJWT.sign(eCDSASigner);
            return signedJWT;
        } catch (JOSEException e2) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e2.getMessage()});
        }
    }

    private JWSHeader buildECHeader(OAuthSettings oAuthSettings) throws ErrorException {
        JWSHeader build;
        if (oAuthSettings.m_OAuthJWTAssertionAlgorithm == null) {
            oAuthSettings.m_OAuthJWTAssertionAlgorithm = "ES256";
        }
        if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("ES256")) {
            build = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("ES384")) {
            build = new JWSHeader.Builder(JWSAlgorithm.ES384).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else {
            if (!oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("ES512")) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.INVALID_ASSERTION_ALGORITHM_ERROR.name());
            }
            build = new JWSHeader.Builder(JWSAlgorithm.ES512).keyID(oAuthSettings.m_OAuth2KeyID).build();
        }
        return build;
    }

    private JWSHeader buildRSAHeader(OAuthSettings oAuthSettings) throws ErrorException {
        JWSHeader build;
        if (oAuthSettings.m_OAuthJWTAssertionAlgorithm == null) {
            oAuthSettings.m_OAuthJWTAssertionAlgorithm = "RS256";
        }
        if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("RS256")) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("RS384")) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS384).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("RS512 ")) {
            build = new JWSHeader.Builder(JWSAlgorithm.RS512).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("PS256")) {
            build = new JWSHeader.Builder(JWSAlgorithm.PS256).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else if (oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("PS384")) {
            build = new JWSHeader.Builder(JWSAlgorithm.PS384).keyID(oAuthSettings.m_OAuth2KeyID).build();
        } else {
            if (!oAuthSettings.m_OAuthJWTAssertionAlgorithm.equals("PS512")) {
                throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.INVALID_ASSERTION_ALGORITHM_ERROR.name(), oAuthSettings.m_OAuthJWTAssertionAlgorithm);
            }
            build = new JWSHeader.Builder(JWSAlgorithm.PS512).keyID(oAuthSettings.m_OAuth2KeyID).build();
        }
        return build;
    }
}
