package net.snowflake.client.core.auth.oauth;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.dpop.DefaultDPoPProofFactory;
import com.nimbusds.oauth2.sdk.dpop.JWKThumbprintConfirmation;
import com.nimbusds.openid.connect.sdk.Nonce;
import java.net.URI;
import java.net.URISyntaxException;
import net.snowflake.client.core.SFException;
import net.snowflake.client.core.SnowflakeJdbcInternalApi;
import net.snowflake.client.jdbc.ErrorCode;
import org.apache.http.client.methods.HttpRequestBase;

@SnowflakeJdbcInternalApi
/* loaded from: input_file:net/snowflake/client/core/auth/oauth/DPoPUtil.class */
public class DPoPUtil {
    private final ECKey jwk;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DPoPUtil() throws SFException {
        try {
            this.jwk = new ECKeyGenerator(Curve.P_256).generate();
        } catch (JOSEException e) {
            throw new SFException(ErrorCode.INTERNAL_ERROR, "Error during DPoP JWK initialization: " + e.getMessage());
        }
    }

    public DPoPUtil(String str) throws SFException {
        try {
            this.jwk = ECKey.parse(str);
        } catch (Exception e) {
            throw new SFException(ErrorCode.INTERNAL_ERROR, "Error during DPoP JWK initialization: " + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPublicKey() {
        return this.jwk.toJSONString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JWKThumbprintConfirmation getThumbprint() throws SFException {
        try {
            return JWKThumbprintConfirmation.of(this.jwk);
        } catch (JOSEException e) {
            throw new SFException(ErrorCode.INTERNAL_ERROR, "Error during JWK thumbprint generation: " + e.getMessage());
        }
    }

    public void addDPoPProofHeaderToRequest(HttpRequestBase httpRequestBase, String str) throws SFException {
        httpRequestBase.setHeader("DPoP", generateDPoPProof(httpRequestBase, str).serialize());
    }

    private SignedJWT generateDPoPProof(HttpRequestBase httpRequestBase, String str) throws SFException {
        try {
            DefaultDPoPProofFactory defaultDPoPProofFactory = new DefaultDPoPProofFactory(this.jwk, JWSAlgorithm.ES256);
            return str != null ? defaultDPoPProofFactory.createDPoPJWT(httpRequestBase.getMethod(), httpRequestBase.getURI(), new Nonce(str)) : defaultDPoPProofFactory.createDPoPJWT(httpRequestBase.getMethod(), getUriWithoutQuery(httpRequestBase.getURI()));
        } catch (Exception e) {
            throw new SFException(ErrorCode.INTERNAL_ERROR, " Error during DPoP proof generation: " + e.getMessage());
        }
    }

    private URI getUriWithoutQuery(URI uri) throws URISyntaxException {
        return new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null);
    }
}
