package com.microsoft.azure.keyvault.authentication;

import com.microsoft.azure.keyvault.messagesecurity.HttpMessageSecurity;
import com.microsoft.azure.keyvault.webkey.JsonWebKey;
import com.microsoft.rest.credentials.ServiceClientCredentials;
import java.io.IOException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:com/microsoft/azure/keyvault/authentication/KeyVaultCredentials.class */
public abstract class KeyVaultCredentials implements ServiceClientCredentials {
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String BEARER_TOKEP_REFIX = "Bearer ";
    private static final String CLIENT_ENCRYPTION_KEY_TYPE = "RSA";
    private static final int CLIENT_ENCRYPTION_KEY_SIZE = 2048;
    private List<String> supportedMethods = Arrays.asList("sign", "verify", "encrypt", "decrypt", "wrapkey", "unwrapkey");
    private JsonWebKey clientEncryptionKey = null;
    private final ChallengeCache cache = new ChallengeCache();

    public void applyCredentialsFilter(OkHttpClient.Builder builder) {
        builder.addInterceptor(new Interceptor() { // from class: com.microsoft.azure.keyvault.authentication.KeyVaultCredentials.1
            public Response intercept(Interceptor.Chain chain) throws IOException {
                Pair buildAuthenticatedRequest;
                Request request = chain.request();
                Map<String, String> cachedChallenge = KeyVaultCredentials.this.cache.getCachedChallenge(chain.request().url());
                if (cachedChallenge != null) {
                    buildAuthenticatedRequest = KeyVaultCredentials.this.buildAuthenticatedRequest(request, cachedChallenge);
                } else {
                    Response proceed = chain.proceed(KeyVaultCredentials.this.buildEmptyRequest(request));
                    if (proceed.code() != 401) {
                        return proceed;
                    }
                    try {
                        buildAuthenticatedRequest = KeyVaultCredentials.this.buildAuthenticatedRequest(request, proceed);
                        proceed.close();
                    } catch (Throwable th) {
                        proceed.close();
                        throw th;
                    }
                }
                Response proceed2 = chain.proceed((Request) buildAuthenticatedRequest.getLeft());
                return proceed2.code() == 200 ? ((HttpMessageSecurity) buildAuthenticatedRequest.getRight()).unprotectResponse(proceed2) : proceed2;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Request, HttpMessageSecurity> buildAuthenticatedRequest(Request request, Map<String, String> map) throws IOException {
        Boolean supportsMessageProtection = supportsMessageProtection(request.url().toString(), map);
        if (supportsMessageProtection.booleanValue() && this.clientEncryptionKey == null) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CLIENT_ENCRYPTION_KEY_TYPE);
                keyPairGenerator.initialize(CLIENT_ENCRYPTION_KEY_SIZE);
                this.clientEncryptionKey = JsonWebKey.fromRSA(keyPairGenerator.generateKeyPair()).withKid(UUID.randomUUID().toString());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        AuthenticationResult authenticationCredentials = getAuthenticationCredentials(supportsMessageProtection, map);
        if (authenticationCredentials == null) {
            return null;
        }
        HttpMessageSecurity httpMessageSecurity = new HttpMessageSecurity(authenticationCredentials.getAuthToken(), supportsMessageProtection.booleanValue() ? authenticationCredentials.getPopKey() : "", supportsMessageProtection.booleanValue() ? map.get("x-ms-message-encryption-key") : "", supportsMessageProtection.booleanValue() ? map.get("x-ms-message-signing-key") : "", this.clientEncryptionKey);
        return Pair.of(httpMessageSecurity.protectRequest(request), httpMessageSecurity);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Pair<Request, HttpMessageSecurity> buildAuthenticatedRequest(Request request, Response response) throws IOException {
        Map<String, String> extractChallenge = extractChallenge(response.header(WWW_AUTHENTICATE), BEARER_TOKEP_REFIX);
        extractChallenge.put("x-ms-message-encryption-key", response.header("x-ms-message-encryption-key"));
        extractChallenge.put("x-ms-message-signing-key", response.header("x-ms-message-signing-key"));
        this.cache.addCachedChallenge(request.url(), extractChallenge);
        return buildAuthenticatedRequest(request, extractChallenge);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Request buildEmptyRequest(Request request) {
        return request.method().equalsIgnoreCase("get") ? request : request.newBuilder().method(request.method(), RequestBody.create(MediaType.parse("application/json"), "{}")).build();
    }

    private Boolean supportsMessageProtection(String str, Map<String, String> map) {
        if ("true".equals(map.get("supportspop")) && str.toLowerCase().contains("/keys/")) {
            String[] split = str.split("\\?")[0].split("/");
            return Boolean.valueOf(this.supportedMethods.contains(split[split.length - 1]));
        }
        return false;
    }

    private AuthenticationResult getAuthenticationCredentials(Boolean bool, Map<String, String> map) {
        String str = map.get("authorization");
        if (str == null) {
            str = map.get("authorization_uri");
        }
        return doAuthenticate(str, map.get("resource"), map.get("scope"), bool.booleanValue() ? "pop" : "bearer");
    }

    private static Map<String, String> extractChallenge(String str, String str2) {
        if (!isValidChallenge(str, str2)) {
            return null;
        }
        String[] split = str.toLowerCase().replace(str2.toLowerCase(), "").split(", ");
        HashMap hashMap = new HashMap();
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            hashMap.put(split2[0].replaceAll("\"", ""), split2[1].replaceAll("\"", ""));
        }
        return hashMap;
    }

    private static boolean isValidChallenge(String str, String str2) {
        return (str == null || str.isEmpty() || !str.toLowerCase().startsWith(str2.toLowerCase())) ? false : true;
    }

    public String doAuthenticate(String str, String str2, String str3) {
        return "";
    }

    public AuthenticationResult doAuthenticate(String str, String str2, String str3, String str4) {
        return new AuthenticationResult(doAuthenticate(str, str2, str3), "");
    }
}
