package oracle.jdbc.driver.oauth;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.sql.SQLException;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Base64;
import java.util.function.Supplier;
import oracle.jdbc.AccessToken;
import oracle.jdbc.internal.OpaquePrivateKey;
import oracle.jdbc.internal.OpaqueString;
import oracle.jdbc.logging.annotations.Blind;
import oracle.sql.json.OracleJsonException;
import oracle.sql.json.OracleJsonFactory;
import oracle.sql.json.OracleJsonNumber;
import oracle.sql.json.OracleJsonValue;

/* loaded from: input_file:oracle/jdbc/driver/oauth/JsonWebToken.class */
public final class JsonWebToken extends OpaqueAccessToken {
    private JsonWebToken(@Blind OpaqueString opaqueString, OffsetDateTime offsetDateTime, @Blind OpaquePrivateKey opaquePrivateKey) {
        super(opaqueString, offsetDateTime, opaquePrivateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Blind
    public static JsonWebToken fromOciFile(Path path) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, SQLException {
        char[] readTokenFile = readTokenFile(path.resolve("token"));
        try {
            JsonWebToken jsonWebToken = new JsonWebToken(OpaqueString.newOpaqueString(readTokenFile), parseExp(readTokenFile), OpaquePrivateKey.fromPemFile(path.resolve("oci_db_key.pem")));
            Arrays.fill(readTokenFile, (char) 0);
            return jsonWebToken;
        } catch (Throwable th) {
            Arrays.fill(readTokenFile, (char) 0);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Blind
    public static JsonWebToken fromFile(Path path) throws IOException {
        char[] readTokenFile = Files.isDirectory(path, new LinkOption[0]) ? readTokenFile(path.resolve("token")) : readTokenFile(path);
        try {
            JsonWebToken jsonWebToken = new JsonWebToken(OpaqueString.newOpaqueString(readTokenFile), parseExp(readTokenFile), null);
            Arrays.fill(readTokenFile, (char) 0);
            return jsonWebToken;
        } catch (Throwable th) {
            Arrays.fill(readTokenFile, (char) 0);
            throw th;
        }
    }

    @Blind
    public static JsonWebToken createProofOfPossessionToken(@Blind char[] cArr, @Blind PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new JsonWebToken(OpaqueString.newOpaqueString((char[]) cArr.clone()), parseExp(cArr), OpaquePrivateKey.fromPrivateKey(privateKey));
    }

    @Blind
    public static JsonWebToken createBearerToken(@Blind char[] cArr) {
        return new JsonWebToken(OpaqueString.newOpaqueString((char[]) cArr.clone()), parseExp(cArr), null);
    }

    @Blind
    private static char[] readTokenFile(Path path) throws IOException {
        requireValidSize(Files.size(path));
        byte[] readAllBytes = Files.readAllBytes(path);
        try {
            CharBuffer decode = detectCharacterSet(readAllBytes).decode(ByteBuffer.wrap(readAllBytes));
            try {
                char[] cArr = new char[decode.remaining()];
                decode.get(cArr);
                decode.clear();
                decode.put(new char[decode.remaining()]);
                Arrays.fill(readAllBytes, (byte) 0);
                return cArr;
            } catch (Throwable th) {
                decode.clear();
                decode.put(new char[decode.remaining()]);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(readAllBytes, (byte) 0);
            throw th2;
        }
    }

    private static Charset detectCharacterSet(@Blind byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return StandardCharsets.UTF_8;
        }
        if (bArr.length % 2 != 0) {
            return StandardCharsets.UTF_8;
        }
        if (bArr[0] == -2 && bArr[1] == -1) {
            return StandardCharsets.UTF_16BE;
        }
        if (bArr[0] == -1 && bArr[1] == -2) {
            return StandardCharsets.UTF_16LE;
        }
        for (int i = 0; i < bArr.length && bArr[i] == 0; i += 2) {
            if (i == bArr.length - 2) {
                return StandardCharsets.UTF_16BE;
            }
        }
        for (int i2 = 0; i2 < bArr.length && bArr[i2 + 1] == 0; i2 += 2) {
            if (i2 == bArr.length - 2) {
                return StandardCharsets.UTF_16LE;
            }
        }
        return StandardCharsets.UTF_8;
    }

    /* JADX WARN: Finally extract failed */
    private static OffsetDateTime parseExp(@Blind char[] cArr) {
        requireValidSize(cArr.length);
        int i = 0;
        while (i < cArr.length && cArr[i] != '.') {
            i++;
        }
        int i2 = i + 1;
        if (i2 > cArr.length) {
            throw new IllegalArgumentException("Failed to identify payload of JWT");
        }
        int i3 = i2;
        while (i3 < cArr.length && cArr[i3] != '.') {
            i3++;
        }
        if (i3 == cArr.length) {
            throw new IllegalArgumentException("Failed to identify payload of JWT");
        }
        byte[] bArr = new byte[i3 - i2];
        for (int i4 = 0; i4 < bArr.length; i4++) {
            try {
                bArr[i4] = (byte) cArr[i4 + i2];
            } finally {
                Arrays.fill(bArr, (byte) 0);
            }
        }
        byte[] decode = Base64.getMimeDecoder().decode(bArr);
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                try {
                    OracleJsonValue oracleJsonValue = new OracleJsonFactory().createJsonTextValue(byteArrayInputStream).asJsonObject().get("exp");
                    byteArrayInputStream.close();
                    Arrays.fill(decode, (byte) 0);
                    if (oracleJsonValue == null) {
                        throw new IllegalArgumentException("JWT is missing an exp claim");
                    }
                    if (oracleJsonValue instanceof OracleJsonNumber) {
                        return Instant.ofEpochSecond(oracleJsonValue.asJsonNumber().longValue()).atOffset(ZoneOffset.UTC);
                    }
                    throw new IllegalArgumentException("JWT has an exp claim with a non-numeric value of type: " + oracleJsonValue.getOracleJsonType());
                } catch (Throwable th) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                Arrays.fill(decode, (byte) 0);
                throw th3;
            }
        } catch (IOException e) {
            throw new IllegalArgumentException("Failed to read JWT payload", e);
        } catch (ClassCastException | OracleJsonException e2) {
            throw new IllegalArgumentException("JWT payload is not JSON", e2);
        }
    }

    private static void requireValidSize(long j) {
        if (j > 16000) {
            throw new IllegalArgumentException("JWT of size " + j + " bytes exceeds the maximum accepted length of 16kb");
        }
    }

    public static AccessTokenCache<JsonWebToken> createCache(Supplier<? extends AccessToken> supplier) {
        return AccessTokenCache.create(() -> {
            AccessToken accessToken = (AccessToken) supplier.get();
            if (accessToken instanceof JsonWebToken) {
                return (JsonWebToken) accessToken;
            }
            throw new IllegalArgumentException("token supplier has output an unrecognized object type: " + accessToken.getClass());
        });
    }
}
