package com.microsoft.aad.adal4j;

import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.SAML2BearerGrant;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.openid.connect.sdk.id.HashBasedPairwiseSubjectCodec;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/adal4j-1.6.2.jar:com/microsoft/aad/adal4j/AcquireTokenCallable.class */
public class AcquireTokenCallable extends AdalCallable<AuthenticationResult> {
    private AdalAuthorizationGrant authGrant;
    private ClientAuthentication clientAuth;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcquireTokenCallable(AuthenticationContext authenticationContext, AdalAuthorizationGrant adalAuthorizationGrant, ClientAuthentication clientAuthentication, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        super(authenticationContext, authenticationCallback);
        this.authGrant = adalAuthorizationGrant;
        this.clientAuth = clientAuthentication;
        String str = authenticationContext.correlationId;
        if (StringHelper.isBlank(str) && (adalAuthorizationGrant instanceof AdalDeviceCodeAuthorizationGrant)) {
            str = ((AdalDeviceCodeAuthorizationGrant) adalAuthorizationGrant).getCorrelationId();
        }
        this.headers = new ClientDataHttpHeaders(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.microsoft.aad.adal4j.AdalCallable
    public AuthenticationResult execute() throws Exception {
        if (this.authGrant instanceof AdalOAuthAuthorizationGrant) {
            this.authGrant = processPasswordGrant((AdalOAuthAuthorizationGrant) this.authGrant);
        }
        if (this.authGrant instanceof AdalIntegratedAuthorizationGrant) {
            AdalIntegratedAuthorizationGrant adalIntegratedAuthorizationGrant = (AdalIntegratedAuthorizationGrant) this.authGrant;
            this.authGrant = new AdalOAuthAuthorizationGrant(getAuthorizationGrantIntegrated(adalIntegratedAuthorizationGrant.getUserName()), adalIntegratedAuthorizationGrant.getResource());
        }
        return this.context.acquireTokenCommon(this.authGrant, this.clientAuth, this.headers);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.aad.adal4j.AdalCallable
    public void logResult(AuthenticationResult authenticationResult, ClientDataHttpHeaders clientDataHttpHeaders) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        if (StringHelper.isBlank(authenticationResult.getAccessToken())) {
            return;
        }
        String computeSha256Hash = computeSha256Hash(authenticationResult.getAccessToken());
        if (StringHelper.isBlank(authenticationResult.getRefreshToken())) {
            if (this.context.isLogPii()) {
                this.context.log.debug(LogHelper.createMessage(String.format("Access Token with hash '%s' returned", computeSha256Hash), clientDataHttpHeaders.getHeaderCorrelationIdValue()));
                return;
            } else {
                this.context.log.debug(LogHelper.createMessage("Access Token was returned", clientDataHttpHeaders.getHeaderCorrelationIdValue()));
                return;
            }
        }
        String computeSha256Hash2 = computeSha256Hash(authenticationResult.getRefreshToken());
        if (this.context.isLogPii()) {
            this.context.log.debug(LogHelper.createMessage(String.format("Access Token with hash '%s' and Refresh Token with hash '%s' returned", computeSha256Hash, computeSha256Hash2), clientDataHttpHeaders.getHeaderCorrelationIdValue()));
        } else {
            this.context.log.debug(LogHelper.createMessage("Access Token and Refresh Token were returned", clientDataHttpHeaders.getHeaderCorrelationIdValue()));
        }
    }

    private String computeSha256Hash(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance(HashBasedPairwiseSubjectCodec.HASH_ALGORITHM);
        messageDigest.update(str.getBytes("UTF-8"));
        return Base64.encodeBase64URLSafeString(messageDigest.digest());
    }

    private AdalOAuthAuthorizationGrant processPasswordGrant(AdalOAuthAuthorizationGrant adalOAuthAuthorizationGrant) throws Exception {
        if (!(adalOAuthAuthorizationGrant.getAuthorizationGrant() instanceof ResourceOwnerPasswordCredentialsGrant)) {
            return adalOAuthAuthorizationGrant;
        }
        ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) adalOAuthAuthorizationGrant.getAuthorizationGrant();
        UserDiscoveryResponse execute = UserDiscoveryRequest.execute(this.context.authenticationAuthority.getUserRealmEndpoint(resourceOwnerPasswordCredentialsGrant.getUsername()), this.context.proxy, this.context.sslSocketFactory);
        if (execute.isAccountFederated()) {
            WSTrustResponse execute2 = WSTrustRequest.execute(execute.getFederationMetadataUrl(), resourceOwnerPasswordCredentialsGrant.getUsername(), resourceOwnerPasswordCredentialsGrant.getPassword().getValue(), execute.getCloudAudienceUrn(), this.context.proxy, this.context.sslSocketFactory, this.context.isLogPii());
            adalOAuthAuthorizationGrant = new AdalOAuthAuthorizationGrant(execute2.isTokenSaml2() ? new SAML2BearerGrant(new Base64URL(Base64.encodeBase64String(execute2.getToken().getBytes("UTF-8")))) : new SAML11BearerGrant(new Base64URL(Base64.encodeBase64String(execute2.getToken().getBytes()))), adalOAuthAuthorizationGrant.getCustomParameters());
        }
        return adalOAuthAuthorizationGrant;
    }

    AuthorizationGrant getAuthorizationGrantIntegrated(String str) throws Exception {
        UserDiscoveryResponse execute = UserDiscoveryRequest.execute(this.context.authenticationAuthority.getUserRealmEndpoint(URLEncoder.encode(str, "UTF-8")), this.context.proxy, this.context.sslSocketFactory);
        if (execute.isAccountFederated() && "WSTrust".equalsIgnoreCase(execute.getFederationProtocol())) {
            WSTrustResponse execute2 = WSTrustRequest.execute(execute.getFederationMetadataUrl(), execute.getCloudAudienceUrn(), this.context.proxy, this.context.sslSocketFactory, this.context.isLogPii());
            return execute2.isTokenSaml2() ? new SAML2BearerGrant(new Base64URL(Base64.encodeBase64String(execute2.getToken().getBytes("UTF-8")))) : new SAML11BearerGrant(new Base64URL(Base64.encodeBase64String(execute2.getToken().getBytes())));
        }
        if (execute.isAccountManaged()) {
            throw new AuthenticationException("Password is required for managed user");
        }
        throw new AuthenticationException("Unknown User Type");
    }
}
