package org.apache.hadoop.crypto.key;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.microsoft.aad.adal4j.AsymmetricKeyCredential;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.class */
public class AzureKeyVaultClientAuthenticator extends KeyVaultCredentials {
    private static final Logger logger = LoggerFactory.getLogger(AzureKeyVaultClientAuthenticator.class);
    private final String authClientID;
    private final String authClientSecret;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator$KeyCert.class */
    public static class KeyCert {
        private final X509Certificate certificate;
        private final PrivateKey key;

        public KeyCert(X509Certificate x509Certificate, PrivateKey privateKey) {
            this.certificate = x509Certificate;
            this.key = privateKey;
        }

        public X509Certificate getCertificate() {
            return this.certificate;
        }

        public PrivateKey getKey() {
            return this.key;
        }
    }

    public AzureKeyVaultClientAuthenticator(String str, String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> AzureKeyVaultClientAuthenticator({})", str);
        }
        this.authClientID = str;
        this.authClientSecret = str2;
        if (logger.isDebugEnabled()) {
            logger.debug("<== AzureKeyVaultClientAuthenticator({})", str);
        }
    }

    public AzureKeyVaultClientAuthenticator(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> AzureKeyVaultClientAuthenticator({})", str);
        }
        this.authClientID = str;
        this.authClientSecret = null;
        if (logger.isDebugEnabled()) {
            logger.debug("<== AzureKeyVaultClientAuthenticator({})", str);
        }
    }

    public String doAuthenticate(String str, String str2, String str3) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> doAuthenticate({}, {}, {})", new Object[]{str, str2, str3});
        }
        String accessToken = getAccessTokenFromClientCredentials(str, str2, this.authClientID, this.authClientSecret).getAccessToken();
        if (logger.isDebugEnabled()) {
            logger.debug("<== doAuthenticate({}, {}, {}): ret={}", new Object[]{str, str2, str3, accessToken});
        }
        return accessToken;
    }

    public KeyVaultClient getAuthentication(String str, String str2) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getAuthentication({})", str);
        }
        KeyVaultClient keyVaultClient = null;
        KeyCert keyCert = null;
        if (str.endsWith(".pfx")) {
            try {
                keyCert = readPfx(str, str2);
            } catch (Exception e) {
                throw new Exception("Error while parsing pfx certificate. Error : " + e);
            }
        } else if (str.endsWith(".pem")) {
            try {
                keyCert = readPem(str, str2);
            } catch (Exception e2) {
                throw new Exception("Error while parsing pem certificate. Error : " + e2);
            }
        }
        final KeyCert keyCert2 = keyCert;
        if (keyCert2 != null) {
            final PrivateKey key = keyCert2.getKey();
            keyVaultClient = new KeyVaultClient(new KeyVaultCredentials() { // from class: org.apache.hadoop.crypto.key.AzureKeyVaultClientAuthenticator.1
                public String doAuthenticate(String str3, String str4, String str5) {
                    if (AzureKeyVaultClientAuthenticator.logger.isDebugEnabled()) {
                        AzureKeyVaultClientAuthenticator.logger.debug("==> getAuthentication().doAuthenticate({}, {}, {})", new Object[]{str3, str4, str5});
                    }
                    ExecutorService executorService = null;
                    try {
                        try {
                            executorService = Executors.newFixedThreadPool(1, new ThreadFactoryBuilder().setDaemon(true).setNameFormat("kms-azure-akc_acquireToken_thread").build());
                            String accessToken = ((AuthenticationResult) new AuthenticationContext(str3, false, executorService).acquireToken(str4, AsymmetricKeyCredential.create(AzureKeyVaultClientAuthenticator.this.authClientID, key, keyCert2.getCertificate()), (AuthenticationCallback) null).get()).getAccessToken();
                            if (AzureKeyVaultClientAuthenticator.logger.isDebugEnabled()) {
                                AzureKeyVaultClientAuthenticator.logger.debug("<== getAuthentication().doAuthenticate({}, {}, {})", new Object[]{str3, str4, str5});
                            }
                            if (executorService != null) {
                                executorService.shutdown();
                            }
                            return accessToken;
                        } catch (Exception e3) {
                            throw new RuntimeException("Error while getting authenticated access token from azure key vault with certificate : " + e3);
                        }
                    } catch (Throwable th) {
                        if (executorService != null) {
                            executorService.shutdown();
                        }
                        throw th;
                    }
                }
            });
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== getAuthentication({}): ret={}", str, keyVaultClient);
        }
        return keyVaultClient;
    }

    private static AuthenticationResult getAccessTokenFromClientCredentials(String str, String str2, String str3, String str4) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getAccessTokenFromClientCredentials({}, {}, {})", new Object[]{str, str2, str3});
        }
        ExecutorService executorService = null;
        try {
            try {
                executorService = Executors.newFixedThreadPool(1, new ThreadFactoryBuilder().setDaemon(true).setNameFormat("kms-azure-cc_acquireToken-thread").build());
                AuthenticationResult authenticationResult = (AuthenticationResult) new AuthenticationContext(str, false, executorService).acquireToken(str2, new ClientCredential(str3, str4), (AuthenticationCallback) null).get();
                if (executorService != null) {
                    executorService.shutdown();
                }
                if (authenticationResult == null) {
                    throw new RuntimeException("authentication result was null");
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("<== getAccessTokenFromClientCredentials({}, {}, {})", new Object[]{str, str2, str3});
                }
                return authenticationResult;
            } catch (Exception e) {
                throw new RuntimeException(" Error while getting Access token for client id: " + str3 + " and client secret. Error : " + e);
            }
        } catch (Throwable th) {
            if (executorService != null) {
                executorService.shutdown();
            }
            throw th;
        }
    }

    private KeyCert readPem(String str, String str2) throws IOException, CertificateException, OperatorCreationException, PKCSException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> readPem({})", str);
        }
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pEMParser = new PEMParser(new FileReader(str));
        PrivateKey privateKey = null;
        X509Certificate x509Certificate = null;
        Object readObject = pEMParser.readObject();
        while (true) {
            Object obj = readObject;
            if (obj == null) {
                break;
            }
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
            if (obj instanceof X509CertificateHolder) {
                x509Certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) obj);
            } else if (obj instanceof PKCS8EncryptedPrivateKeyInfo) {
                privateKey = provider.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str2.toCharArray())));
            } else if (obj instanceof PrivateKeyInfo) {
                privateKey = provider.getPrivateKey((PrivateKeyInfo) obj);
            }
            readObject = pEMParser.readObject();
        }
        KeyCert keyCert = new KeyCert(x509Certificate, privateKey);
        pEMParser.close();
        if (logger.isDebugEnabled()) {
            logger.debug("<== readPem({})", str);
        }
        return keyCert;
    }

    private KeyCert readPfx(String str, String str2) throws NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        logger.debug("==> readPfx({})", str);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            KeyCert keyCert = null;
            boolean z = false;
            KeyStore keyStore = KeyStore.getInstance("pkcs12", "SunJSSE");
            keyStore.load(fileInputStream, str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            String str3 = "";
            while (aliases.hasMoreElements()) {
                str3 = aliases.nextElement();
                z = keyStore.isKeyEntry(str3);
                if (z) {
                    break;
                }
            }
            if (z) {
                keyCert = new KeyCert((X509Certificate) keyStore.getCertificate(str3), (PrivateKey) keyStore.getKey(str3, str2.toCharArray()));
            }
            logger.debug("<== readPfx({})", str);
            KeyCert keyCert2 = keyCert;
            fileInputStream.close();
            return keyCert2;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
