package net.snowflake.client.core;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import java.util.Date;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.jdbc.internal.amazonaws.ClientConfiguration;
import net.snowflake.client.jdbc.internal.com.nimbusds.jose.JOSEException;
import net.snowflake.client.jdbc.internal.com.nimbusds.jose.JWSAlgorithm;
import net.snowflake.client.jdbc.internal.com.nimbusds.jose.JWSHeader;
import net.snowflake.client.jdbc.internal.com.nimbusds.jose.crypto.RSASSASigner;
import net.snowflake.client.jdbc.internal.com.nimbusds.jwt.JWTClaimsSet;
import net.snowflake.client.jdbc.internal.com.nimbusds.jwt.SignedJWT;
import net.snowflake.client.jdbc.internal.google.common.base.Strings;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/snowflake/client/core/SessionUtilKeyPair.class */
public class SessionUtilKeyPair {
    private final String userName;
    private final String accountName;
    private final PrivateKey privateKey;
    private PublicKey publicKey;
    private static final String ISSUER_FMT = "%s.%s.%s";
    private static final String SUBJECT_FMT = "%s.%s";

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionUtilKeyPair(PrivateKey privateKey, String str, String str2, String str3, String str4) throws SFException {
        this.publicKey = null;
        this.userName = str4.toUpperCase();
        this.accountName = str3.toUpperCase();
        if (!Strings.isNullOrEmpty(str) && privateKey != null) {
            throw new SFException(ErrorCode.INVALID_OR_UNSUPPORTED_PRIVATE_KEY, "Cannot have both private key value and private key file.");
        }
        this.privateKey = Strings.isNullOrEmpty(str) ? privateKey : extractPrivateKeyFromFile(str, str2);
        if (!(this.privateKey instanceof RSAPrivateCrtKey)) {
            throw new SFException(ErrorCode.INVALID_OR_UNSUPPORTED_PRIVATE_KEY, "Use java.security.interfaces.RSAPrivateCrtKey.class for the private key");
        }
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) this.privateKey;
        try {
            this.publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new SFException(e, ErrorCode.INTERNAL_ERROR, "Error retrieving public key");
        }
    }

    private PrivateKey extractPrivateKeyFromFile(String str, String str2) throws SFException {
        try {
            String str3 = new String(Files.readAllBytes(Paths.get(str, new String[0])));
            if (Strings.isNullOrEmpty(str2)) {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(str3.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", ""))));
            }
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(Base64.getMimeDecoder().decode(str3.replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", "").replace("-----END ENCRYPTED PRIVATE KEY-----", "")));
            return KeyFactory.getInstance("RSA").generatePrivate(encryptedPrivateKeyInfo.getKeySpec(SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(str2.toCharArray()))));
        } catch (IOException | IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new SFException(e, ErrorCode.INVALID_OR_UNSUPPORTED_PRIVATE_KEY, str);
        }
    }

    public String issueJwtToken() throws SFException {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        String format = String.format(SUBJECT_FMT, this.accountName, this.userName);
        String format2 = String.format(ISSUER_FMT, this.accountName, this.userName, calculatePublicKeyFingerprint(this.publicKey));
        Date date = new Date(System.currentTimeMillis());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), builder.issuer(format2).subject(format).issueTime(date).expirationTime(new Date(date.getTime() + ClientConfiguration.DEFAULT_CONNECTION_MAX_IDLE_MILLIS)).build());
        try {
            signedJWT.sign(new RSASSASigner(this.privateKey));
            return signedJWT.serialize();
        } catch (JOSEException e) {
            throw new SFException(e, ErrorCode.FAILED_TO_GENERATE_JWT, new Object[0]);
        }
    }

    private String calculatePublicKeyFingerprint(PublicKey publicKey) throws SFException {
        try {
            return "SHA256:" + net.snowflake.client.jdbc.internal.apache.commons.codec.binary.Base64.encodeBase64String(MessageDigest.getInstance("SHA-256").digest(publicKey.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            throw new SFException(e, ErrorCode.INTERNAL_ERROR, "Error when calculating fingerprint");
        }
    }
}
