package oracle.jdbc.driver.oauth;

import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import java.util.function.Supplier;
import java.util.logging.Level;
import oracle.jdbc.AccessToken;
import oracle.jdbc.OracleConnection;
import oracle.jdbc.diagnostics.Diagnosable;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.jdbc.driver.DatabaseError;
import oracle.jdbc.driver.PasswordAuthentication;
import oracle.jdbc.driver.resource.DriverResources;
import oracle.jdbc.driver.resource.ResourceProvider;
import oracle.jdbc.driver.resource.ResourceType;
import oracle.jdbc.internal.OpaqueString;
import oracle.jdbc.logging.annotations.Blind;

/* loaded from: input_file:WEB-INF/lib/ojdbc8-23.3.0.23.09.jar:oracle/jdbc/driver/oauth/AccessTokenBuilder.class */
public final class AccessTokenBuilder {
    private Supplier<? extends AccessToken> tokenSupplier;
    private String passwordAuthentication;
    private String userName;
    private OpaqueString password;
    private boolean isSepsCredentials;
    private OpaqueString accessToken;
    private String tokenAuthentication;
    private String tokenLocation;
    private String ociIamUrl;
    private Properties tlsConfig;
    private String ociConfigFile;
    private String ociProfile;
    private String ociTenancy;
    private String ociCompartment;
    private String ociDatabase;
    private String azureDatabaseApplicationIdUri;
    private String tenantId;
    private String clientId;
    private OpaqueString clientSecret;
    private String clientCertificate;
    private OpaqueString clientCertificatePassword;
    private String redirectUri;
    private DriverResources driverResources;
    private final Diagnosable diagnosable;
    private static final String CLASS_NAME = AccessTokenBuilder.class.getName();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/ojdbc8-23.3.0.23.09.jar:oracle/jdbc/driver/oauth/AccessTokenBuilder$TokenAuthentication.class */
    public enum TokenAuthentication {
        OCI_TOKEN(null),
        OCI_API_KEY("config-file"),
        OCI_INSTANCE_PRINCIPAL("instance-principal"),
        OCI_RESOURCE_PRINCIPAL("resource-principal"),
        OCI_DELEGATION_TOKEN("cloud-shell"),
        OCI_INTERACTIVE("interactive"),
        OCI_DEFAULT("auto-detect"),
        OAUTH(null),
        AZURE_SERVICE_PRINCIPAL("service-principal"),
        AZURE_MANAGED_IDENTITY("managed-identity"),
        AZURE_DEVICE_CODE("device-code"),
        AZURE_INTERACTIVE("interactive"),
        AZURE_DEFAULT("auto-detect");

        private final String parameterValue;
        private static final Map<String, TokenAuthentication> PROPERTY_VALUES;

        TokenAuthentication(String str) {
            this.parameterValue = str;
        }

        boolean isInteractive() {
            switch (this) {
                case OCI_INTERACTIVE:
                case AZURE_DEVICE_CODE:
                case AZURE_INTERACTIVE:
                    return true;
                default:
                    return false;
            }
        }

        static boolean isInteractive(String str) {
            TokenAuthentication tokenAuthentication;
            if (str == null || (tokenAuthentication = PROPERTY_VALUES.get(str)) == null) {
                return false;
            }
            return tokenAuthentication.isInteractive();
        }

        static TokenAuthentication parseProperty(String str) throws SQLException {
            if (str == null) {
                return null;
            }
            TokenAuthentication tokenAuthentication = PROPERTY_VALUES.get(str);
            if (tokenAuthentication == null) {
                throw ((SQLException) DatabaseError.formatSqlException(null, 1721, null, null, str, OracleConnection.CONNECTION_PROPERTY_TOKEN_AUTHENTICATION).fillInStackTrace());
            }
            return tokenAuthentication;
        }

        static {
            TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
            for (TokenAuthentication tokenAuthentication : values()) {
                treeMap.put(tokenAuthentication.name(), tokenAuthentication);
            }
            PROPERTY_VALUES = Collections.unmodifiableMap(treeMap);
        }
    }

    public AccessTokenBuilder(Diagnosable diagnosable) {
        this.diagnosable = diagnosable;
    }

    public AccessTokenBuilder tokenSupplier(Supplier<? extends AccessToken> supplier) {
        this.tokenSupplier = supplier;
        return this;
    }

    public AccessTokenBuilder accessToken(OpaqueString opaqueString) {
        this.accessToken = opaqueString;
        return this;
    }

    public AccessTokenBuilder passwordAuthentication(String str) {
        this.passwordAuthentication = str;
        return this;
    }

    public AccessTokenBuilder userName(String str) {
        this.userName = str;
        return this;
    }

    public AccessTokenBuilder password(OpaqueString opaqueString) {
        this.password = opaqueString;
        return this;
    }

    public AccessTokenBuilder isSepsCredentials(boolean z) {
        this.isSepsCredentials = z;
        return this;
    }

    public AccessTokenBuilder tokenAuthentication(String str) {
        this.tokenAuthentication = str;
        return this;
    }

    public AccessTokenBuilder tokenLocation(String str) {
        this.tokenLocation = str;
        return this;
    }

    public AccessTokenBuilder ociIamUrl(String str) {
        this.ociIamUrl = str;
        return this;
    }

    public AccessTokenBuilder tlsConfig(Properties properties) {
        this.tlsConfig = properties;
        return this;
    }

    public AccessTokenBuilder ociConfigFile(String str) {
        this.ociConfigFile = str;
        return this;
    }

    public AccessTokenBuilder ociProfile(String str) {
        this.ociProfile = str;
        return this;
    }

    public AccessTokenBuilder ociTenancy(String str) {
        this.ociTenancy = str;
        return this;
    }

    public AccessTokenBuilder ociCompartment(String str) {
        this.ociCompartment = str;
        return this;
    }

    public AccessTokenBuilder ociDatabase(String str) {
        this.ociDatabase = str;
        return this;
    }

    public AccessTokenBuilder azureDatabaseApplicationIdUri(String str) {
        this.azureDatabaseApplicationIdUri = str;
        return this;
    }

    public AccessTokenBuilder tenantId(String str) {
        this.tenantId = str;
        return this;
    }

    public AccessTokenBuilder clientId(String str) {
        this.clientId = str;
        return this;
    }

    public AccessTokenBuilder clientSecret(OpaqueString opaqueString) {
        this.clientSecret = opaqueString;
        return this;
    }

    public AccessTokenBuilder clientCertificate(String str) {
        this.clientCertificate = str;
        return this;
    }

    public AccessTokenBuilder clientCertificatePassword(OpaqueString opaqueString) {
        this.clientCertificatePassword = opaqueString;
        return this;
    }

    public AccessTokenBuilder redirectUri(String str) {
        this.redirectUri = str;
        return this;
    }

    public AccessTokenBuilder driverResources(DriverResources driverResources) {
        this.driverResources = driverResources;
        return this;
    }

    @Blind
    public AccessToken build() throws SQLException {
        boolean z = (this.userName == null || this.userName.isEmpty()) ? false : true;
        if (this.isSepsCredentials || (!z && (OpaqueString.isNull(this.password) || this.password.isEmpty()))) {
            if (this.tokenSupplier != null) {
                return getTokenFromSupplier();
            }
            if (!OpaqueString.isNull(this.accessToken)) {
                return getTokenFromProperty();
            }
            if (this.tokenAuthentication != null) {
                return getTokenFromTokenAuthentication();
            }
            if (this.driverResources != null && this.driverResources.isProviderConfigured(ResourceType.ACCESS_TOKEN)) {
                return getTokenFromProvider();
            }
        }
        return (!this.isSepsCredentials && z && TokenAuthentication.isInteractive(this.tokenAuthentication)) ? getTokenFromTokenAuthentication() : getTokenFromPasswordAuthentication();
    }

    @Blind
    private AccessToken getTokenFromSupplier() throws SQLException {
        try {
            this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromSupplier", "Getting access token from a Supplier<AccessToken>", null, null);
            AccessToken accessToken = this.tokenSupplier.get();
            if (accessToken != null) {
                return accessToken;
            }
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "A null value was output by the Supplier configured with  OracleDataSource.setTokenSupplier(Supplier)").fillInStackTrace());
        } catch (RuntimeException e) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "An exception was thrown by the Supplier configured with  OracleDataSource.setTokenSupplier(Supplier).", e).fillInStackTrace());
        }
    }

    @Blind
    private AccessToken getTokenFromProperty() throws SQLException {
        this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromProperty", "Getting access token configured with oracle.jdbc.accessToken ", null, null);
        char[] chars = this.accessToken.getChars();
        try {
            try {
                AccessToken createJsonWebToken = AccessToken.createJsonWebToken(chars);
                Arrays.fill(chars, (char) 0);
                return createJsonWebToken;
            } catch (Exception e) {
                SQLException formatSqlException = DatabaseError.formatSqlException(null, 1721, null, e, "[OMITTED]", OracleConnection.CONNECTION_PROPERTY_ACCESS_TOKEN);
                throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, DatabaseError.ORAERROR_INVALID_TOKEN, formatSqlException.getMessage() + ": " + e.getMessage(), formatSqlException).fillInStackTrace());
            }
        } catch (Throwable th) {
            Arrays.fill(chars, (char) 0);
            throw th;
        }
    }

    private AccessToken getTokenFromTokenAuthentication() throws SQLException {
        TokenAuthentication parseProperty = TokenAuthentication.parseProperty(this.tokenAuthentication);
        switch (parseProperty) {
            case OCI_TOKEN:
            case OAUTH:
                return getTokenFromFile(parseProperty);
            case OCI_API_KEY:
            case OCI_INSTANCE_PRINCIPAL:
            case OCI_RESOURCE_PRINCIPAL:
            case OCI_DELEGATION_TOKEN:
            case OCI_INTERACTIVE:
            case OCI_DEFAULT:
                return getTokenFromOciPlugin(parseProperty);
            case AZURE_SERVICE_PRINCIPAL:
            case AZURE_MANAGED_IDENTITY:
            case AZURE_DEVICE_CODE:
            case AZURE_INTERACTIVE:
            case AZURE_DEFAULT:
                return getTokenFromAzurePlugin(parseProperty);
            default:
                throw new IllegalStateException("Unexpected value: " + parseProperty);
        }
    }

    @Blind
    private AccessToken getTokenFromFile(TokenAuthentication tokenAuthentication) throws SQLException {
        Path path;
        this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromFile", "Getting access token from the file system. tokenAuthentication={0}, tokenLocation={1}", null, null, this.tokenAuthentication, this.tokenLocation);
        boolean z = TokenAuthentication.OCI_TOKEN == tokenAuthentication;
        if (!z && TokenAuthentication.OAUTH != tokenAuthentication) {
            throw ((SQLException) DatabaseError.formatSqlException(null, 1721, null, null, this.tokenAuthentication, OracleConnection.CONNECTION_PROPERTY_TOKEN_AUTHENTICATION).fillInStackTrace());
        }
        if (this.tokenLocation != null) {
            path = Paths.get(this.tokenLocation, new String[0]);
        } else {
            if (!z) {
                throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.tokenAuthentication=" + this.tokenAuthentication, null, OracleConnection.CONNECTION_PROPERTY_TOKEN_LOCATION).fillInStackTrace());
            }
            String property = System.getProperty("user.home");
            if (property == null) {
                throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, "System property \"user.home\" is not set. The default token location can not be resolved", 1718).fillInStackTrace());
            }
            path = Paths.get(property, ".oci", "db-token");
        }
        try {
            return z ? JsonWebToken.fromOciFile(path) : JsonWebToken.fromFile(path);
        } catch (IOException e) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "Connection property oracle.jdbc.tokenLocation locates a token file or private key file that can not be read.", e).fillInStackTrace());
        } catch (IllegalArgumentException e2) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, DatabaseError.ORAERROR_INVALID_TOKEN, "An invalid token was configured by connection property oracle.jdbc.tokenLocation", e2).fillInStackTrace());
        } catch (GeneralSecurityException e3) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "Connection property oracle.jdbc.tokenLocation locates a private key file that can not be read.", e3).fillInStackTrace());
        } catch (SQLException e4) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "Connection property oracle.jdbc.tokenLocation locates a private key file that cannot be read.", e4).fillInStackTrace());
        }
    }

    private AccessToken getTokenFromOciPlugin(TokenAuthentication tokenAuthentication) throws SQLException {
        this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromOciPlugin", "Getting access token from the OCI token provider. tokenAuthentication={0}, ociTenancy={1}, ociCompartment={2}, ociDatabase={3}, ociConfigFile={4}, ociProfile={5}", null, null, tokenAuthentication, this.ociTenancy, this.ociCompartment, this.ociDatabase, this.ociConfigFile, this.ociProfile);
        ResourceProvider.Builder parameterValue = ResourceProvider.builder("ojdbc-provider-oci-token", ResourceType.ACCESS_TOKEN).parameterValue("authenticationMethod", tokenAuthentication.parameterValue).parameterValue("scope", composeOciScope()).parameterValue("tenantId", this.ociTenancy).parameterValue("configFile", this.ociConfigFile).parameterValue("profile", this.ociProfile);
        if (tokenAuthentication.isInteractive()) {
            parameterValue.parameterValue("username", this.userName);
        }
        return (AccessToken) parameterValue.build().getResource();
    }

    private String composeOciScope() throws SQLException {
        if (this.ociCompartment != null || this.ociDatabase == null) {
            return "urn:oracle:db::id::" + (this.ociCompartment == null ? "*" : this.ociDatabase == null ? this.ociCompartment : this.ociCompartment + "::" + this.ociDatabase);
        }
        throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.ociDatabase is set.", null, OracleConnection.CONNECTION_PROPERTY_OCI_COMPARTMENT).fillInStackTrace());
    }

    @Blind
    private AccessToken getTokenFromAzurePlugin(TokenAuthentication tokenAuthentication) throws SQLException {
        String str = this.clientId;
        OpaqueString opaqueString = this.clientSecret;
        if (this.isSepsCredentials && TokenAuthentication.AZURE_SERVICE_PRINCIPAL == tokenAuthentication) {
            if (str == null) {
                this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromAzurePlugin", "Using SEPS username as client ID.", null, null);
                str = this.userName;
            }
            if (OpaqueString.isNull(opaqueString) && this.clientCertificate == null) {
                this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromAzurePlugin", "Using SEPS password as client secret.", null, null);
                opaqueString = this.password;
            }
        }
        this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromAzurePlugin", "Getting access token from the Azure token provider. tokenAuthentication={0}, clientId={1}, isClientSecretConfigured={2}, clientCertificate={3}, isClientCertificatePasswordConfigured={4}, redirectUri={5}, tenantId={6}, azureDatabaseApplicationIdUri={7}", null, null, tokenAuthentication, str, Boolean.valueOf(!OpaqueString.isNull(opaqueString)), this.clientCertificate, Boolean.valueOf(!OpaqueString.isNull(this.clientCertificatePassword)), this.redirectUri, this.tenantId, this.azureDatabaseApplicationIdUri);
        ResourceProvider.Builder<?, AccessToken> parameterValue = createAzureTokenBuilder(tokenAuthentication.parameterValue).parameterValue("clientId", str).parameterValue("clientSecret", opaqueString).parameterValue("clientCertificatePath", this.clientCertificate).parameterValue("clientCertificatePassword", this.clientCertificatePassword).parameterValue("redirectUri", this.redirectUri);
        if (tokenAuthentication.isInteractive()) {
            parameterValue.parameterValue("username", this.userName);
        }
        return parameterValue.build().getResource();
    }

    private ResourceProvider.Builder<?, AccessToken> createAzureTokenBuilder(String str) throws SQLException {
        return ResourceProvider.builder("ojdbc-provider-azure-token", ResourceType.ACCESS_TOKEN).parameterValue("authenticationMethod", str).parameterValue("scope", composeAzureScope()).parameterValue("tenantId", this.tenantId);
    }

    private String composeAzureScope() throws SQLException {
        if (this.azureDatabaseApplicationIdUri == null) {
            throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.tokenAuthentication is set to " + this.tokenAuthentication, null, OracleConnection.CONNECTION_PROPERTY_AZURE_DB_APP_ID_URI).fillInStackTrace());
        }
        return this.azureDatabaseApplicationIdUri + "/.default";
    }

    private AccessToken getTokenFromPasswordAuthentication() throws SQLException {
        switch (PasswordAuthentication.parseProperty(this.passwordAuthentication)) {
            case OCI_TOKEN:
                return getTokenFromIam();
            case AZURE_TOKEN:
                this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromPasswordAuthentication", "Getting access token from the Azure token provider using password authentication. clientId={0}, tenantId={1}, azureDatabaseApplicationIdUri={2}", null, null, this.clientId, this.tenantId, this.azureDatabaseApplicationIdUri);
                return createAzureTokenBuilder("password").parameterValue("clientId", this.clientId).parameterValue("username", this.userName).parameterValue("password", this.password).build().getResource();
            default:
                return null;
        }
    }

    @Blind
    private AccessToken getTokenFromIam() throws SQLException {
        if (this.ociIamUrl == null) {
            throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.passwordAuthentication=" + PasswordAuthentication.OCI_TOKEN, null, OracleConnection.CONNECTION_PROPERTY_OCI_IAM_URL).fillInStackTrace());
        }
        if (this.ociTenancy == null) {
            throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.passwordAuthentication=" + PasswordAuthentication.OCI_TOKEN, null, OracleConnection.CONNECTION_PROPERTY_OCI_TENANCY).fillInStackTrace());
        }
        if (this.ociDatabase != null && this.ociCompartment == null) {
            throw ((SQLException) DatabaseError.formatSqlException(null, 1722, "This property must be set when oracle.jdbc.ociDatabase is set.", null, OracleConnection.CONNECTION_PROPERTY_OCI_COMPARTMENT).fillInStackTrace());
        }
        if (this.userName == null) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "A user name must be provided when connection property oracle.jdbc.passwordAuthentication=" + PasswordAuthentication.OCI_TOKEN).fillInStackTrace());
        }
        if (this.password == null || this.password.isNull()) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "A password must be provided when connection property oracle.jdbc.passwordAuthentication=" + PasswordAuthentication.OCI_TOKEN).fillInStackTrace());
        }
        try {
            this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromIam", "Getting access token from IAM using password authentication. ociIamUrl={0}, ociTenancy={1}, ociCompartment={2}, ociDatabase={3}", null, null, this.ociIamUrl, this.ociTenancy, this.ociCompartment, this.ociDatabase);
            return IamDataplaneClient.requestBuilder().endPoint(this.ociIamUrl).tenancy(this.ociTenancy).compartment(this.ociCompartment).database(this.ociDatabase).user(this.userName).password(this.password).tlsConfig(this.tlsConfig).build();
        } catch (IOException e) {
            throw ((SQLException) DatabaseError.createSqlException((oracle.jdbc.internal.OracleConnection) null, 1718, "Failed to request a token from IAM endpoint: " + this.ociIamUrl + ", with tenant OCID: " + this.ociTenancy + (this.ociCompartment == null ? "" : ", with compartment OCID: " + this.ociCompartment) + (this.ociDatabase == null ? "" : ", with database OCID: " + this.ociDatabase), e).fillInStackTrace());
        }
    }

    @Blind
    private AccessToken getTokenFromProvider() throws SQLException {
        this.diagnosable.debug(Level.FINER, SecurityLabel.UNKNOWN, CLASS_NAME, "getTokenFromProvider", "Getting access token from AccessTokenProvider identified by oracle.jdbc.provider.accessToken", null, null);
        return (AccessToken) this.driverResources.getResource(ResourceType.ACCESS_TOKEN);
    }
}
