package com.teradata.jdbc.jdbc;

import com.teradata.jdbc.Const;
import com.teradata.jdbc.URLParameters;
import com.teradata.jdbc.Utility;
import com.teradata.jdbc.encode.Encoder;
import com.teradata.jdbc.jdbc_4.ifsupport.EscapeConstants;
import com.teradata.jdbc.jdbc_4.logging.Log;
import com.teradata.jdbc.jdbc_4.parcel.Parcel;
import com.teradata.jdbc.jdbc_4.util.ErrorFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.sql.SQLException;

/* loaded from: input_file:com/teradata/jdbc/jdbc/BearerFlow.class */
public class BearerFlow {
    public static void bearerFlow(GenericTeradataConnection genericTeradataConnection, String str, String str2) throws SQLException {
        URLParameters uRLParameters = genericTeradataConnection.getURLParameters();
        Log log = genericTeradataConnection.getLog();
        if (str != null && str.length() > 0) {
            throw ErrorFactory.makeDriverJDBCException("TJ1572", uRLParameters.getLogMech());
        }
        if (str2 != null && str2.length() > 0) {
            throw ErrorFactory.makeDriverJDBCException("TJ1573", uRLParameters.getLogMech());
        }
        if (uRLParameters.getOAuthScopes() != null) {
            throw ErrorFactory.makeDriverJDBCException("TJ1574", Const.URL_OAUTH_SCOPES, uRLParameters.getLogMech());
        }
        String coalesce = Utility.coalesce(uRLParameters.getJWSAlgorithm(), "RS256");
        if (!coalesce.equals("RS256") && !coalesce.equals("RS384") && !coalesce.equals("RS512")) {
            throw ErrorFactory.makeDriverJDBCException("TJ843", Const.URL_JWS_ALGORITHM, coalesce);
        }
        genericTeradataConnection.m_extraClientAttributes.sJWSAlgorithm = coalesce;
        String str3 = "SHA" + coalesce.substring(2) + "withRSA";
        if (log.isDebugEnabled()) {
            log.debug("sJWSAlgorithm=" + coalesce);
            log.debug("sKeyFactory=RSA");
            log.debug("sSignatureAlgorithm=" + str3);
        }
        if (uRLParameters.getLogData() != null && uRLParameters.getLogData().length() > 0) {
            throw ErrorFactory.makeDriverJDBCException("TJ1574", Const.URL_LOGON_METHOD_DATA, uRLParameters.getLogMech());
        }
        if (uRLParameters.getJWSPrivateKey() == null || uRLParameters.getJWSPrivateKey().length() == 0) {
            throw ErrorFactory.makeDriverJDBCException("TJ1582", Const.URL_JWS_PRIVATE_KEY, uRLParameters.getLogMech());
        }
        String[] strArr = new String[1];
        PrivateKey loadPrivateKeyFromFile = Utility.loadPrivateKeyFromFile(log, "RSA", uRLParameters.getJWSPrivateKey(), strArr);
        String loadX509Thumbprint = (uRLParameters.getJWSCert() == null || uRLParameters.getJWSCert().length() <= 0) ? null : loadX509Thumbprint(log, loadPrivateKeyFromFile, uRLParameters.getJWSPrivateKey(), uRLParameters.getJWSCert());
        GenericTeradataConnection makeLogMechNoneConnection = ConnectionFactory.makeLogMechNoneConnection(genericTeradataConnection);
        if (makeLogMechNoneConnection.getGtwConfig() == null || makeLogMechNoneConnection.getGtwConfig().getIdentityProviderURL() == null || makeLogMechNoneConnection.getGtwConfig().getIdentityProviderClientID() == null) {
            throw ErrorFactory.makeDriverJDBCException("TJ1579", uRLParameters.getLogMech());
        }
        String coalesce2 = Utility.coalesce(uRLParameters.getOIDCMetadata(), makeLogMechNoneConnection.getGtwConfig().getIdentityProviderURL());
        String oIDCClientID = uRLParameters.getOIDCClientID();
        if (oIDCClientID == null) {
            oIDCClientID = makeLogMechNoneConnection.getGtwConfig().getIdentityProviderClientID();
        }
        String oIDCScope = uRLParameters.getOIDCScope();
        if (oIDCScope == null) {
            oIDCScope = makeLogMechNoneConnection.getGtwConfig().getOIDCScope();
        }
        if (oIDCScope == null) {
            oIDCScope = "openid";
        }
        if (log.isDebugEnabled()) {
            log.debug("sIdProURL=" + coalesce2);
            log.debug("sClientID=" + oIDCClientID);
            log.debug("sOIDCScope=" + oIDCScope);
        }
        String replaceFirst = coalesce2.replaceFirst("/+$", Const.URL_LSS_TYPE_DEFAULT);
        if (replaceFirst.length() == 0 || oIDCClientID.length() == 0) {
            throw ErrorFactory.makeDriverJDBCException("TJ1579", uRLParameters.getLogMech());
        }
        if (!replaceFirst.toLowerCase().endsWith("/.well-known/openid-configuration")) {
            replaceFirst = replaceFirst + "/.well-known/openid-configuration";
            if (log.isDebugEnabled()) {
                log.debug("Modified sIdProURL=" + replaceFirst);
            }
        }
        Utility.HttpResponse doHttpRequest = Utility.doHttpRequest(uRLParameters, log, "GET", replaceFirst, null, null, true, new int[]{Parcel.PCLRECOVERABLEPROTOCOL});
        genericTeradataConnection.m_extraClientAttributes.sIdpProxyUsed = doHttpRequest.sProxyUsed;
        genericTeradataConnection.m_extraClientAttributes.sIdpProtocol = doHttpRequest.sProtocol;
        genericTeradataConnection.m_extraClientAttributes.sIdpCipher = doHttpRequest.sCipher;
        genericTeradataConnection.m_extraClientAttributes.sIdpCertStatus = doHttpRequest.sCertStatus;
        String str4 = doHttpRequest.sBody;
        String stringFromJSON = Utility.getStringFromJSON("token_endpoint", str4, "TJ1544", replaceFirst);
        String str5 = "{\"alg\": \"" + coalesce + EscapeConstants.DOUBLE_QUOTE + (strArr[0] != null ? ", \"kid\": \"" + strArr[0] + EscapeConstants.DOUBLE_QUOTE : Const.URL_LSS_TYPE_DEFAULT) + ", \"typ\": \"JWT\"" + (loadX509Thumbprint != null ? ", \"x5t\": \"" + loadX509Thumbprint + EscapeConstants.DOUBLE_QUOTE : Const.URL_LSS_TYPE_DEFAULT) + EscapeConstants.END_ESCAPE;
        genericTeradataConnection.m_extraClientAttributes.sJWTHeaderParams = ((strArr[0] != null ? " kid" : Const.URL_LSS_TYPE_DEFAULT) + (loadX509Thumbprint != null ? " x5t" : Const.URL_LSS_TYPE_DEFAULT)).trim().replace(' ', ',');
        String str6 = oIDCClientID;
        String str7 = oIDCClientID;
        String l = Long.toString((System.currentTimeMillis() / 1000) + 60);
        String base64Encode = Utility.base64Encode(true, Utility.getRandomBytes(16));
        String str8 = "{\"iss\": \"" + str6 + EscapeConstants.DOUBLE_QUOTE + ", \"sub\": \"" + str7 + EscapeConstants.DOUBLE_QUOTE + ", \"aud\": \"" + stringFromJSON + EscapeConstants.DOUBLE_QUOTE + ", \"exp\": " + l + ", \"jti\": \"" + base64Encode + EscapeConstants.DOUBLE_QUOTE + EscapeConstants.END_ESCAPE;
        if (log.isDebugEnabled()) {
            log.debug("sJSON=" + str4);
            log.debug("sTokenURL=" + stringFromJSON);
            log.debug("sIssuer=" + str6);
            log.debug("sSubject=" + str7);
            log.debug("sAudience=" + stringFromJSON);
            log.debug("sExpiration=" + l);
            log.debug("sUniqueID=" + base64Encode);
            log.debug("sJWTHeader=" + str5);
            log.debug("sPayload=" + str8);
        }
        String makeJWT = Utility.makeJWT(log, str5, str8, str3, loadPrivateKeyFromFile);
        String str9 = "grant_type=client_credentials&scope=" + Utility.safeForURL(oIDCScope) + "&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=" + makeJWT;
        if (log.isDebugEnabled()) {
            log.debug("sSignedJWT=" + makeJWT);
            log.debug("sFormData=" + str9);
        }
        TokenCache.completeUncachedOIDCFlow(genericTeradataConnection, str, replaceFirst, oIDCClientID, oIDCScope, stringFromJSON, Utility.doHttpRequest(uRLParameters, log, "POST", stringFromJSON, new String[]{"Content-Type: application/x-www-form-urlencoded"}, Encoder.encodeStringUTF8(str9), true, new int[]{Parcel.PCLRECOVERABLEPROTOCOL}).sBody);
    }

    private static void verifyMatchingKeys(Log log, PrivateKey privateKey, String str, X509Certificate x509Certificate, String str2) throws SQLException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (log.isDebugEnabled()) {
            log.debug("verifyMatchingKeys: privkey class=" + privateKey.getClass().getName() + " pubkey class=" + publicKey.getClass().getName());
        }
        if (!(privateKey instanceof RSAPrivateCrtKey)) {
            throw ErrorFactory.makeDriverJDBCException("TJ1590", str, Const.URL_JWS_PRIVATE_KEY, "RSAPrivateCrtKey");
        }
        if (!(publicKey instanceof RSAPublicKey)) {
            throw ErrorFactory.makeDriverJDBCException("TJ1591", str2, Const.URL_JWS_CERT, "RSAPublicKey");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        boolean z = rSAPrivateCrtKey.getModulus().equals(rSAPublicKey.getModulus()) && rSAPrivateCrtKey.getPublicExponent().equals(rSAPublicKey.getPublicExponent());
        if (log.isDebugEnabled()) {
            log.debug("verifyMatchingKeys: bMatchingKeyPair=" + z);
        }
        if (!z) {
            throw ErrorFactory.makeDriverJDBCException("TJ1592", str, Const.URL_JWS_PRIVATE_KEY, str2, Const.URL_JWS_CERT);
        }
    }

    private static String loadX509Thumbprint(Log log, PrivateKey privateKey, String str, String str2) throws SQLException {
        X509Certificate x509Certificate = Utility.loadCertificatesFromPEMFile(str2, log, Const.URL_JWS_CERT, "TJ1589")[0];
        verifyMatchingKeys(log, privateKey, str, x509Certificate, str2);
        try {
            byte[] hashBytes = Utility.hashBytes(log, "SHA-1", x509Certificate.getEncoded());
            String base64Encode = Utility.base64Encode(true, hashBytes);
            if (log.isDebugEnabled()) {
                log.debug("loadX509Thumbprint: abyThumbprint=" + Utility.formatByteArrayAsHexDigits(hashBytes));
                log.debug("loadX509Thumbprint: sThumbprintBase64=" + base64Encode);
            }
            return base64Encode;
        } catch (CertificateEncodingException e) {
            throw Utility.wrapEx(e, ErrorFactory.makeDriverJDBCException("TJ1589", str2, Const.URL_JWS_CERT));
        }
    }
}
