package com.microsoft.sqlserver.jdbc;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.SilentParameters;
import java.net.MalformedURLException;
import java.text.MessageFormat;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.HashSet;
import java.util.concurrent.CompletableFuture;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/mssql-jdbc-11.2.1.jre11.jar:com/microsoft/sqlserver/jdbc/KeyVaultTokenCredential.class */
class KeyVaultTokenCredential implements TokenCredential {
    private static final String NULL_VALUE = "R_NullValue";
    private final String clientId;
    private final String clientSecret;
    private final SQLServerKeyVaultAuthenticationCallback authenticationCallback;
    private String authorization;
    private ConfidentialClientApplication confidentialClientApplication;
    private String resource;
    private String scope;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultTokenCredential(String str, String str2) throws SQLServerException {
        if (null == str || str.isEmpty()) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString(NULL_VALUE)).format(new Object[]{"Client ID"}), null);
        }
        if (null == str2 || str2.isEmpty()) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString(NULL_VALUE)).format(new Object[]{"Client Secret"}), null);
        }
        this.clientId = str;
        this.clientSecret = str2;
        this.authenticationCallback = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultTokenCredential(SQLServerKeyVaultAuthenticationCallback sQLServerKeyVaultAuthenticationCallback) {
        this.authenticationCallback = sQLServerKeyVaultAuthenticationCallback;
        this.clientId = null;
        this.clientSecret = null;
    }

    public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
        return null != this.authenticationCallback ? Mono.just(new AccessToken(this.authenticationCallback.getAccessToken(this.authorization, this.resource, this.scope), OffsetDateTime.MIN)) : authenticateWithConfidentialClientCache(tokenRequestContext).onErrorResume(th -> {
            return Mono.empty();
        }).switchIfEmpty(Mono.defer(() -> {
            return authenticateWithConfidentialClient(tokenRequestContext);
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultTokenCredential setAuthorization(String str) {
        if (null != this.authorization && this.authorization.equals(str)) {
            return this;
        }
        this.authorization = str;
        this.confidentialClientApplication = getConfidentialClientApplication();
        return this;
    }

    private ConfidentialClientApplication getConfidentialClientApplication() {
        if (null == this.clientId) {
            throw new IllegalArgumentException(new MessageFormat(SQLServerException.getErrString(NULL_VALUE)).format(new Object[]{"Client ID"}), null);
        }
        if (null == this.authorization) {
            throw new IllegalArgumentException(new MessageFormat(SQLServerException.getErrString(NULL_VALUE)).format(new Object[]{"Authorization"}), null);
        }
        if (null == this.clientSecret) {
            throw new IllegalArgumentException(new MessageFormat(SQLServerException.getErrString(NULL_VALUE)).format(new Object[]{"Client Secret"}), null);
        }
        try {
            return ConfidentialClientApplication.builder(this.clientId, ClientCredentialFactory.createFromSecret(this.clientSecret)).authority(this.authorization).build();
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    private Mono<AccessToken> authenticateWithConfidentialClientCache(TokenRequestContext tokenRequestContext) {
        return Mono.fromFuture(() -> {
            try {
                return this.confidentialClientApplication.acquireTokenSilently(SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).build());
            } catch (MalformedURLException e) {
                return getFailedCompletableFuture(new RuntimeException(e));
            }
        }).map(iAuthenticationResult -> {
            return new AccessToken(iAuthenticationResult.accessToken(), OffsetDateTime.ofInstant(iAuthenticationResult.expiresOnDate().toInstant(), ZoneOffset.UTC));
        }).filter(accessToken -> {
            return !accessToken.isExpired();
        });
    }

    private CompletableFuture<IAuthenticationResult> getFailedCompletableFuture(Exception exc) {
        CompletableFuture<IAuthenticationResult> completableFuture = new CompletableFuture<>();
        completableFuture.completeExceptionally(exc);
        return completableFuture;
    }

    private Mono<AccessToken> authenticateWithConfidentialClient(TokenRequestContext tokenRequestContext) {
        return Mono.fromFuture(() -> {
            return this.confidentialClientApplication.acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).build());
        }).map(iAuthenticationResult -> {
            return new AccessToken(iAuthenticationResult.accessToken(), OffsetDateTime.ofInstant(iAuthenticationResult.expiresOnDate().toInstant(), ZoneOffset.UTC));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setResource(String str) {
        this.resource = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setScope(String str) {
        this.scope = str;
    }
}
