package com.microsoft.sqlserver.jdbc;

import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.IntegratedWindowsAuthenticationParameters;
import com.microsoft.aad.msal4j.InteractiveRequestParameters;
import com.microsoft.aad.msal4j.MsalInteractionRequiredException;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.SilentParameters;
import com.microsoft.aad.msal4j.SystemBrowserOptions;
import com.microsoft.aad.msal4j.UserNamePasswordParameters;
import com.microsoft.sqlserver.jdbc.SQLServerConnection;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.kerberos.KerberosPrincipal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/mssql-jdbc-12.4.2.jre8.jar:com/microsoft/sqlserver/jdbc/SQLServerMSAL4JUtils.class */
public class SQLServerMSAL4JUtils {
    static final String REDIRECTURI = "http://localhost";
    static final String SLASH_DEFAULT = "/.default";
    static final String ACCESS_TOKEN_EXPIRE = "access token expires: ";
    private static final String LOGCONTEXT = "MSAL version " + PublicClientApplication.class.getPackage().getImplementationVersion() + ": ";
    private static final Logger logger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SQLServerMSAL4JUtils");

    private SQLServerMSAL4JUtils() {
        throw new UnsupportedOperationException(SQLServerException.getErrString("R_notSupported"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SqlAuthenticationToken getSqlFedAuthToken(SQLServerConnection.SqlFedAuthInfo sqlFedAuthInfo, String str, String str2, String str3) throws SQLServerException {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(LOGCONTEXT + str3 + ": get FedAuth token for user: " + str);
        }
        try {
            try {
                IAuthenticationResult iAuthenticationResult = (IAuthenticationResult) PublicClientApplication.builder("7f98cb04-cd1e-40df-9140-3bf7e2cea4db").executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build().acquireToken(UserNamePasswordParameters.builder(Collections.singleton(sqlFedAuthInfo.spn + SLASH_DEFAULT), str, str2.toCharArray()).build()).get();
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest(LOGCONTEXT + (iAuthenticationResult.account() != null ? iAuthenticationResult.account().username() + ": " : ACCESS_TOKEN_EXPIRE + iAuthenticationResult.expiresOnDate()));
                }
                SqlAuthenticationToken sqlAuthenticationToken = new SqlAuthenticationToken(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
                newSingleThreadExecutor.shutdown();
                return sqlAuthenticationToken;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new SQLServerException(e.getMessage(), e);
            } catch (MalformedURLException | ExecutionException e2) {
                throw getCorrectedException(e2, str, str3);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SqlAuthenticationToken getSqlFedAuthTokenPrincipal(SQLServerConnection.SqlFedAuthInfo sqlFedAuthInfo, String str, String str2, String str3) throws SQLServerException {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(LOGCONTEXT + str3 + ": get FedAuth token for principal: " + str);
        }
        String str4 = sqlFedAuthInfo.spn.endsWith(SLASH_DEFAULT) ? sqlFedAuthInfo.spn : sqlFedAuthInfo.spn + SLASH_DEFAULT;
        HashSet hashSet = new HashSet();
        hashSet.add(str4);
        try {
            try {
                IAuthenticationResult iAuthenticationResult = (IAuthenticationResult) ConfidentialClientApplication.builder(str, ClientCredentialFactory.createFromSecret(str2)).executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build().acquireToken(ClientCredentialParameters.builder(hashSet).build()).get();
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest(LOGCONTEXT + (iAuthenticationResult.account() != null ? iAuthenticationResult.account().username() + ": " : ACCESS_TOKEN_EXPIRE + iAuthenticationResult.expiresOnDate()));
                }
                SqlAuthenticationToken sqlAuthenticationToken = new SqlAuthenticationToken(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
                newSingleThreadExecutor.shutdown();
                return sqlAuthenticationToken;
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new SQLServerException(e.getMessage(), e);
            } catch (MalformedURLException | ExecutionException e2) {
                throw getCorrectedException(e2, str, str3);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SqlAuthenticationToken getSqlFedAuthTokenPrincipalCertificate(SQLServerConnection.SqlFedAuthInfo sqlFedAuthInfo, String str, String str2, String str3, String str4, String str5, String str6) throws SQLServerException {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(LOGCONTEXT + str6 + ": get FedAuth token for principal certificate: " + str);
        }
        String str7 = sqlFedAuthInfo.spn.endsWith(SLASH_DEFAULT) ? sqlFedAuthInfo.spn : sqlFedAuthInfo.spn + SLASH_DEFAULT;
        HashSet hashSet = new HashSet();
        hashSet.add(str7);
        try {
            ConfidentialClientApplication confidentialClientApplication = null;
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(str2);
                    try {
                        KeyStore loadPKCS12KeyStore = SQLServerCertificateUtils.loadPKCS12KeyStore(str2, str3);
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.finest(LOGCONTEXT + "certificate type: " + loadPKCS12KeyStore.getType());
                            Enumeration<String> aliases = loadPKCS12KeyStore.aliases();
                            while (aliases.hasMoreElements()) {
                                X509Certificate x509Certificate = (X509Certificate) loadPKCS12KeyStore.getCertificate(aliases.nextElement());
                                x509Certificate.checkValidity();
                                logger.finest(LOGCONTEXT + "certificate: " + x509Certificate.toString());
                            }
                        }
                        confidentialClientApplication = ConfidentialClientApplication.builder(str, ClientCredentialFactory.createFromCertificate(fileInputStream, str3)).executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build();
                        fileInputStream.close();
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e) {
                    throw new SQLServerException(SQLServerException.getErrString("R_readCertError") + e.getMessage(), (String) null, 0, (Throwable) null);
                } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest(LOGCONTEXT + "Error loading PKCS12 certificate: " + e2.getMessage());
                    }
                }
                if (confidentialClientApplication == null) {
                    X509Certificate x509Certificate2 = (X509Certificate) SQLServerCertificateUtils.loadCertificate(str2);
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest(LOGCONTEXT + "certificate type: " + x509Certificate2.getType());
                        x509Certificate2.checkValidity();
                        logger.finest(LOGCONTEXT + "certificate: " + x509Certificate2.toString());
                    }
                    confidentialClientApplication = ConfidentialClientApplication.builder(str, ClientCredentialFactory.createFromCertificate(SQLServerCertificateUtils.loadPrivateKey(str4, str5), x509Certificate2)).executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build();
                }
                IAuthenticationResult iAuthenticationResult = (IAuthenticationResult) confidentialClientApplication.acquireToken(ClientCredentialParameters.builder(hashSet).build()).get();
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest(LOGCONTEXT + (iAuthenticationResult.account() != null ? iAuthenticationResult.account().username() + ": " : ACCESS_TOKEN_EXPIRE + iAuthenticationResult.expiresOnDate()));
                }
                SqlAuthenticationToken sqlAuthenticationToken = new SqlAuthenticationToken(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
                newSingleThreadExecutor.shutdown();
                return sqlAuthenticationToken;
            } catch (InterruptedException e3) {
                Thread.currentThread().interrupt();
                throw new SQLServerException(e3.getMessage(), e3);
            } catch (GeneralSecurityException e4) {
                throw new SQLServerException(SQLServerException.getErrString("R_readCertError") + e4.getMessage(), (String) null, 0, (Throwable) null);
            } catch (Exception e5) {
                throw getCorrectedException(e5, str, str6);
            }
        } catch (Throwable th3) {
            newSingleThreadExecutor.shutdown();
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SqlAuthenticationToken getSqlFedAuthTokenIntegrated(SQLServerConnection.SqlFedAuthInfo sqlFedAuthInfo, String str) throws SQLServerException {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal("username");
        String name = kerberosPrincipal.getName();
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(LOGCONTEXT + str + ": get FedAuth token integrated, user: " + name + "realm name:" + kerberosPrincipal.getRealm());
        }
        try {
            try {
                try {
                    IAuthenticationResult iAuthenticationResult = (IAuthenticationResult) PublicClientApplication.builder("7f98cb04-cd1e-40df-9140-3bf7e2cea4db").executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build().acquireToken(IntegratedWindowsAuthenticationParameters.builder(Collections.singleton(sqlFedAuthInfo.spn + SLASH_DEFAULT), name).build()).get();
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest(LOGCONTEXT + (iAuthenticationResult.account() != null ? iAuthenticationResult.account().username() + ": " : ACCESS_TOKEN_EXPIRE + iAuthenticationResult.expiresOnDate()));
                    }
                    SqlAuthenticationToken sqlAuthenticationToken = new SqlAuthenticationToken(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
                    newSingleThreadExecutor.shutdown();
                    return sqlAuthenticationToken;
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    throw new SQLServerException(e.getMessage(), e);
                }
            } catch (IOException | ExecutionException e2) {
                throw getCorrectedException(e2, name, str);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SqlAuthenticationToken getSqlFedAuthTokenInteractive(SQLServerConnection.SqlFedAuthInfo sqlFedAuthInfo, String str, String str2) throws SQLServerException {
        IAuthenticationResult iAuthenticationResult;
        IAccount accountByUsername;
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest(LOGCONTEXT + str2 + ": get FedAuth token interactive for user: " + str);
        }
        try {
            try {
                PublicClientApplication build = PublicClientApplication.builder("7f98cb04-cd1e-40df-9140-3bf7e2cea4db").executorService(newSingleThreadExecutor).setTokenCacheAccessAspect(PersistentTokenCacheAccessAspect.getInstance()).authority(sqlFedAuthInfo.stsurl).build();
                CompletableFuture completableFuture = null;
                try {
                    Set<IAccount> set = (Set) build.getAccounts().join();
                    if (logger.isLoggable(Level.FINEST)) {
                        StringBuilder sb = new StringBuilder();
                        if (set != null) {
                            for (IAccount iAccount : set) {
                                if (sb.length() != 0) {
                                    sb.append(", ");
                                }
                                sb.append(iAccount.username());
                            }
                        }
                        logger.finest(LOGCONTEXT + "Accounts in cache = " + ((Object) sb) + ", size = " + (set == null ? null : Integer.valueOf(set.size())) + ", user = " + str);
                    }
                    if (null != set && !set.isEmpty() && null != str && !str.isEmpty() && null != (accountByUsername = getAccountByUsername(set, str))) {
                        if (logger.isLoggable(Level.FINEST)) {
                            logger.finest(LOGCONTEXT + "Silent authentication for user:" + str);
                        }
                        completableFuture = build.acquireTokenSilently(SilentParameters.builder(Collections.singleton(sqlFedAuthInfo.spn + SLASH_DEFAULT), accountByUsername).build());
                    }
                } catch (MsalInteractionRequiredException e) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.FINEST, e, () -> {
                            return LOGCONTEXT + "Need to get token interactively: " + e.reason().toString();
                        });
                    }
                }
                if (null != completableFuture) {
                    iAuthenticationResult = (IAuthenticationResult) completableFuture.get();
                } else {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.finest(LOGCONTEXT + "Interactive authentication");
                    }
                    iAuthenticationResult = (IAuthenticationResult) build.acquireToken(InteractiveRequestParameters.builder(new URI(REDIRECTURI)).systemBrowserOptions(SystemBrowserOptions.builder().htmlMessageSuccess(SQLServerResource.getResource("R_MSALAuthComplete")).build()).loginHint(str).scopes(Collections.singleton(sqlFedAuthInfo.spn + SLASH_DEFAULT)).build()).get();
                }
                if (logger.isLoggable(Level.FINEST)) {
                    logger.finest(LOGCONTEXT + (iAuthenticationResult.account() != null ? iAuthenticationResult.account().username() + ": " : ACCESS_TOKEN_EXPIRE + iAuthenticationResult.expiresOnDate()));
                }
                SqlAuthenticationToken sqlAuthenticationToken = new SqlAuthenticationToken(iAuthenticationResult.accessToken(), iAuthenticationResult.expiresOnDate());
                newSingleThreadExecutor.shutdown();
                return sqlAuthenticationToken;
            } catch (Throwable th) {
                newSingleThreadExecutor.shutdown();
                throw th;
            }
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new SQLServerException(e2.getMessage(), e2);
        } catch (MalformedURLException | URISyntaxException | ExecutionException e3) {
            throw getCorrectedException(e3, str, str2);
        }
    }

    private static IAccount getAccountByUsername(Set<IAccount> set, String str) {
        if (set.isEmpty()) {
            return null;
        }
        for (IAccount iAccount : set) {
            if (iAccount.username().equalsIgnoreCase(str)) {
                return iAccount;
            }
        }
        return null;
    }

    private static SQLServerException getCorrectedException(Exception exc, String str, String str2) {
        Object[] objArr = {str, str2};
        if (null == exc.getCause() || null == exc.getCause().getMessage()) {
            return new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_MSALExecution") + " " + exc.getMessage()).format(objArr), null);
        }
        String replaceAll = exc.getCause().getMessage().replaceAll("\\\\r\\\\n", "\r\n").replaceAll("\\{", "\"").replaceAll("\\}", "\"");
        return new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_MSALExecution") + " " + replaceAll).format(objArr), (String) null, 0, new ExecutionException(new RuntimeException(replaceAll)));
    }
}
