package com.microsoft.azure.credentials;

import com.google.common.io.BaseEncoding;
import com.microsoft.aad.adal4j.AsymmetricKeyCredential;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationException;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.AzureEnvironment;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/azure-client-authentication-1.5.4.jar:com/microsoft/azure/credentials/ApplicationTokenCredentials.class */
public class ApplicationTokenCredentials extends AzureTokenCredentials {
    private Map<String, AuthenticationResult> tokens;
    private String clientId;
    private String clientSecret;
    private byte[] clientCertificate;
    private String clientCertificatePassword;

    public ApplicationTokenCredentials(String str, String str2, String str3, AzureEnvironment azureEnvironment) {
        super(azureEnvironment, str2);
        this.clientId = str;
        this.clientSecret = str3;
        this.tokens = new HashMap();
    }

    public ApplicationTokenCredentials(String str, String str2, byte[] bArr, String str3, AzureEnvironment azureEnvironment) {
        super(azureEnvironment, str2);
        this.clientId = str;
        this.clientCertificate = bArr;
        this.clientCertificatePassword = str3;
        this.tokens = new HashMap();
    }

    public static ApplicationTokenCredentials fromFile(File file) throws IOException {
        return AuthFile.parse(file).generateCredentials();
    }

    public String clientId() {
        return this.clientId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String clientSecret() {
        return this.clientSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] clientCertificate() {
        return this.clientCertificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String clientCertificatePassword() {
        return this.clientCertificatePassword;
    }

    @Override // com.microsoft.azure.credentials.AzureTokenCredentials
    public synchronized String getToken(String str) throws IOException {
        AuthenticationResult authenticationResult = this.tokens.get(str);
        if (authenticationResult == null || authenticationResult.getExpiresOnDate().before(new Date())) {
            authenticationResult = acquireAccessToken(str);
        }
        this.tokens.put(str, authenticationResult);
        return authenticationResult.getAccessToken();
    }

    private AuthenticationResult acquireAccessToken(String str) throws IOException {
        String str2 = environment().activeDirectoryEndpoint() + domain();
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        AuthenticationContext authenticationContext = new AuthenticationContext(str2, false, newSingleThreadExecutor);
        if (proxy() != null) {
            authenticationContext.setProxy(proxy());
        }
        if (sslSocketFactory() != null) {
            authenticationContext.setSslSocketFactory(sslSocketFactory());
        }
        try {
            try {
                if (this.clientSecret != null) {
                    AuthenticationResult authenticationResult = authenticationContext.acquireToken(str, new ClientCredential(clientId(), this.clientSecret), (AuthenticationCallback) null).get();
                    newSingleThreadExecutor.shutdown();
                    return authenticationResult;
                }
                if (this.clientCertificate != null && this.clientCertificatePassword != null) {
                    AuthenticationResult authenticationResult2 = authenticationContext.acquireToken(str, AsymmetricKeyCredential.create(this.clientId, new ByteArrayInputStream(this.clientCertificate), this.clientCertificatePassword), (AuthenticationCallback) null).get();
                    newSingleThreadExecutor.shutdown();
                    return authenticationResult2;
                }
                if (this.clientCertificate == null) {
                    throw new AuthenticationException("Please provide either a non-null secret or a non-null certificate.");
                }
                AuthenticationResult authenticationResult3 = authenticationContext.acquireToken(str, AsymmetricKeyCredential.create(clientId(), privateKeyFromPem(new String(this.clientCertificate)), publicKeyFromPem(new String(this.clientCertificate))), (AuthenticationCallback) null).get();
                newSingleThreadExecutor.shutdown();
                return authenticationResult3;
            } catch (Exception e) {
                throw new IOException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey privateKeyFromPem(String str) {
        Matcher matcher = Pattern.compile("(?s)-----BEGIN PRIVATE KEY-----.*-----END PRIVATE KEY-----").matcher(str);
        matcher.find();
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(BaseEncoding.base64().decode(matcher.group().replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replace(StringUtils.LF, "").replace(StringUtils.CR, ""))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate publicKeyFromPem(String str) {
        Matcher matcher = Pattern.compile("(?s)-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----").matcher(str);
        matcher.find();
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(matcher.group().getBytes()));
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
