package com.azure.security.keyvault.jca;

import com.azure.keyvault.jca.com.fasterxml.jackson.annotation.JsonProperty;
import com.azure.keyvault.jca.org.apache.hc.core5.http.HttpHeaders;
import com.azure.security.keyvault.jca.rest.CertificateBundle;
import com.azure.security.keyvault.jca.rest.CertificateItem;
import com.azure.security.keyvault.jca.rest.CertificateListResult;
import com.azure.security.keyvault.jca.rest.SecretBundle;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/azure/security/keyvault/jca/KeyVaultClient.class */
class KeyVaultClient extends DelegateRestClient {
    private static final Logger LOGGER = Logger.getLogger(KeyVaultClient.class.getName());
    private static final String API_VERSION_POSTFIX = "?api-version=7.1";
    private final String keyVaultUri;
    private String tenantId;
    private String clientId;
    private String clientSecret;

    KeyVaultClient(String str) {
        super(RestClientFactory.createClient());
        LOGGER.log(Level.INFO, "Using KeyVault: {0}", str);
        this.keyVaultUri = str.endsWith("/") ? str : str + "/";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultClient(String str, String str2, String str3, String str4) {
        this(str);
        this.tenantId = str2;
        this.clientId = str3;
        this.clientSecret = str4;
    }

    private String getAccessToken() {
        LOGGER.entering("KeyVaultClient", "getAccessToken");
        String str = null;
        try {
            AuthClient authClient = new AuthClient();
            String encode = URLEncoder.encode("https://vault.azure.net", "UTF-8");
            str = (this.tenantId == null || this.clientId == null || this.clientSecret == null) ? authClient.getAccessToken(encode) : authClient.getAccessToken(encode, this.tenantId, this.clientId, this.clientSecret);
        } catch (UnsupportedEncodingException e) {
            LOGGER.log(Level.WARNING, "Unsupported encoding", (Throwable) e);
        }
        LOGGER.exiting("KeyVaultClient", "getAccessToken", str);
        return str;
    }

    public List<String> getAliases() {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put(HttpHeaders.AUTHORIZATION, "Bearer " + getAccessToken());
        String str = get(String.format("%scertificates%s", this.keyVaultUri, API_VERSION_POSTFIX), hashMap);
        CertificateListResult certificateListResult = null;
        if (str != null) {
            certificateListResult = (CertificateListResult) JsonConverterFactory.createJsonConverter().fromJson(str, CertificateListResult.class);
        }
        if (certificateListResult != null && certificateListResult.getValue().size() > 0) {
            Iterator<CertificateItem> it = certificateListResult.getValue().iterator();
            while (it.hasNext()) {
                String id = it.next().getId();
                arrayList.add(id.substring(id.indexOf("certificates") + "certificates".length() + 1));
            }
        }
        return arrayList;
    }

    private CertificateBundle getCertificateBundle(String str) {
        CertificateBundle certificateBundle = null;
        HashMap hashMap = new HashMap();
        hashMap.put(HttpHeaders.AUTHORIZATION, "Bearer " + getAccessToken());
        String str2 = get(String.format("%scertificates/%s%s", this.keyVaultUri, str, API_VERSION_POSTFIX), hashMap);
        if (str2 != null) {
            certificateBundle = (CertificateBundle) JsonConverterFactory.createJsonConverter().fromJson(str2, CertificateBundle.class);
        }
        return certificateBundle;
    }

    public Certificate getCertificate(String str) {
        LOGGER.entering("KeyVaultClient", "getCertificate", str);
        LOGGER.log(Level.INFO, "Getting certificate for alias: {0}", str);
        X509Certificate x509Certificate = null;
        CertificateBundle certificateBundle = getCertificateBundle(str);
        if (certificateBundle != null && certificateBundle.getCer() != null) {
            try {
                x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(certificateBundle.getCer())));
            } catch (CertificateException e) {
                LOGGER.log(Level.WARNING, "Certificate error", (Throwable) e);
            }
        }
        LOGGER.exiting("KeyVaultClient", "getCertificate", x509Certificate);
        return x509Certificate;
    }

    public Key getKey(String str, char[] cArr) {
        LOGGER.entering("KeyVaultClient", "getKey", new Object[]{str, cArr});
        LOGGER.log(Level.INFO, "Getting key for alias: {0}", str);
        Key key = null;
        CertificateBundle certificateBundle = getCertificateBundle(str);
        if (((Boolean) Optional.ofNullable(certificateBundle).map((v0) -> {
            return v0.getPolicy();
        }).map((v0) -> {
            return v0.getKey_props();
        }).map((v0) -> {
            return v0.isExportable();
        }).orElse(false)).booleanValue()) {
            String sid = certificateBundle.getSid();
            HashMap hashMap = new HashMap();
            hashMap.put(HttpHeaders.AUTHORIZATION, "Bearer " + getAccessToken());
            String str2 = get(sid + API_VERSION_POSTFIX, hashMap);
            if (str2 != null) {
                SecretBundle secretBundle = (SecretBundle) JsonConverterFactory.createJsonConverter().fromJson(str2, SecretBundle.class);
                try {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                    keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(secretBundle.getValue())), JsonProperty.USE_DEFAULT_NAME.toCharArray());
                    key = keyStore.getKey(keyStore.aliases().nextElement(), JsonProperty.USE_DEFAULT_NAME.toCharArray());
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                    LOGGER.log(Level.WARNING, "Unable to decode key", e);
                }
            }
        }
        LOGGER.exiting("KeyVaultClient", "getKey", key);
        return key;
    }
}
