package com.microsoft.jenkins.azuread;

import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import com.github.scribejava.core.model.OAuthConstants;
import com.microsoft.graph.authentication.TokenCredentialAuthProvider;
import com.microsoft.graph.httpcore.HttpClients;
import com.microsoft.graph.requests.GraphServiceClient;
import hudson.ProxyConfiguration;
import hudson.util.Secret;
import io.jenkins.plugins.azuresdk.HttpClientRetriever;
import jenkins.model.Jenkins;
import jenkins.util.JenkinsJVM;
import okhttp3.Credentials;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/GraphClientCache.class */
public class GraphClientCache {
    private static final int TEN = 10;
    private static final LoadingCache<GraphClientCacheKey, GraphServiceClient<Request>> TOKEN_CACHE = Caffeine.newBuilder().maximumSize(10).build(GraphClientCache::createGraphClient);

    private static GraphServiceClient<Request> createGraphClient(GraphClientCacheKey graphClientCacheKey) {
        GraphServiceClient<Request> buildClient = GraphServiceClient.builder().httpClient((GraphServiceClient.Builder<OkHttpClient, Request>) addProxyToHttpClientIfRequired(HttpClients.createDefault(new TokenCredentialAuthProvider(getClientSecretCredential(graphClientCacheKey))).newBuilder()).build()).buildClient();
        String azureEnvironmentName = graphClientCacheKey.getAzureEnvironmentName();
        if (!azureEnvironmentName.equals(AzureEnvironment.AZURE_PUBLIC_CLOUD)) {
            buildClient.setServiceRoot(AzureEnvironment.getServiceRoot(azureEnvironmentName));
        }
        return buildClient;
    }

    static ClientSecretCredential getClientSecretCredential(GraphClientCacheKey graphClientCacheKey) {
        return new ClientSecretCredentialBuilder().clientId(graphClientCacheKey.getClientId()).clientSecret(graphClientCacheKey.getClientSecret()).tenantId(graphClientCacheKey.getTenantId()).authorityHost(AzureEnvironment.getAuthorityHost(graphClientCacheKey.getAzureEnvironmentName())).httpClient(HttpClientRetriever.get()).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GraphServiceClient<Request> getClient(GraphClientCacheKey graphClientCacheKey) {
        return (GraphServiceClient) TOKEN_CACHE.get(graphClientCacheKey);
    }

    public static GraphServiceClient<Request> getClient(AzureSecurityRealm azureSecurityRealm) {
        return (GraphServiceClient) TOKEN_CACHE.get(new GraphClientCacheKey(azureSecurityRealm.getClientId(), Secret.toString(azureSecurityRealm.getClientSecret()), azureSecurityRealm.getTenant(), azureSecurityRealm.getAzureEnvironmentName()));
    }

    public static OkHttpClient.Builder addProxyToHttpClientIfRequired(OkHttpClient.Builder builder) {
        ProxyConfiguration proxy;
        if (JenkinsJVM.isJenkinsJVM() && (proxy = Jenkins.get().getProxy()) != null && StringUtils.isNotBlank(proxy.getName())) {
            builder = builder.proxy(proxy.createProxy("graph.microsoft.com"));
            if (StringUtils.isNotBlank(proxy.getUserName())) {
                builder = builder.proxyAuthenticator((route, response) -> {
                    return response.request().newBuilder().header(OAuthConstants.HEADER, Credentials.basic(proxy.getUserName(), proxy.getSecretPassword().getPlainText())).build();
                });
            }
        }
        return builder;
    }
}
