package com.microsoft.azure.credentials;

import com.microsoft.aad.adal4j.AsymmetricKeyCredential;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationException;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.management.apigeneration.Beta;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

@Beta(Beta.SinceVersion.V1_2_0)
/* loaded from: input_file:WEB-INF/lib/azure-client-authentication-1.2.0.jar:com/microsoft/azure/credentials/DelegatedTokenCredentials.class */
public class DelegatedTokenCredentials extends AzureTokenCredentials {
    private Map<String, AuthenticationResult> tokens;
    private String redirectUrl;
    private String authorizationCode;
    private ApplicationTokenCredentials applicationCredentials;
    private RefreshTokenClient refreshTokenClient;

    /* loaded from: input_file:WEB-INF/lib/azure-client-authentication-1.2.0.jar:com/microsoft/azure/credentials/DelegatedTokenCredentials$ResponseMode.class */
    public enum ResponseMode {
        QUERY("query"),
        FORM_DATA("form_data");

        private String value;

        ResponseMode(String str) {
            this.value = str;
        }
    }

    public DelegatedTokenCredentials(ApplicationTokenCredentials applicationTokenCredentials, String str) {
        super(applicationTokenCredentials.environment(), applicationTokenCredentials.domain());
        this.applicationCredentials = applicationTokenCredentials;
        this.tokens = new ConcurrentHashMap();
        this.redirectUrl = str;
        this.refreshTokenClient = new RefreshTokenClient(applicationTokenCredentials.environment().activeDirectoryEndpoint(), proxy());
    }

    public DelegatedTokenCredentials(ApplicationTokenCredentials applicationTokenCredentials, String str, String str2) {
        super(applicationTokenCredentials.environment(), applicationTokenCredentials.domain());
        this.tokens = new ConcurrentHashMap();
        this.redirectUrl = str;
        this.authorizationCode = str2;
        this.refreshTokenClient = new RefreshTokenClient(applicationTokenCredentials.environment().activeDirectoryEndpoint(), proxy());
    }

    public static DelegatedTokenCredentials fromFile(File file, String str) throws IOException {
        return new DelegatedTokenCredentials(ApplicationTokenCredentials.fromFile(file), str);
    }

    public static DelegatedTokenCredentials fromFile(File file, String str, String str2) throws IOException {
        return new DelegatedTokenCredentials(ApplicationTokenCredentials.fromFile(file), str, str2);
    }

    public String clientId() {
        return this.applicationCredentials.clientId();
    }

    public String generateAuthenticationUrl() {
        return String.format("%s/%s/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&response_mode=query&state=%s", environment().activeDirectoryEndpoint(), domain(), clientId(), this.redirectUrl, UUID.randomUUID());
    }

    public String generateAuthenticationUrl(ResponseMode responseMode, String str) {
        return String.format("%s/%s/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&response_mode=%s&state=%s", environment().activeDirectoryEndpoint(), domain(), clientId(), this.redirectUrl, responseMode.value, str);
    }

    public void setAuthorizationCode(String str) {
        this.authorizationCode = str;
    }

    @Override // com.microsoft.azure.credentials.AzureTokenCredentials
    public synchronized String getToken(String str) throws IOException {
        AuthenticationResult authenticationResult = this.tokens.get(str);
        if (authenticationResult != null && authenticationResult.getExpiresOnDate().after(new Date())) {
            return authenticationResult.getAccessToken();
        }
        boolean z = authenticationResult != null;
        if (authenticationResult == null && !this.tokens.isEmpty()) {
            authenticationResult = (AuthenticationResult) new ArrayList(this.tokens.values()).get(0);
            z = authenticationResult.isMultipleResourceRefreshToken();
        }
        if (z) {
            authenticationResult = acquireAccessTokenFromRefreshToken(str, authenticationResult.getRefreshToken(), authenticationResult.isMultipleResourceRefreshToken());
        }
        if (authenticationResult == null) {
            authenticationResult = acquireNewAccessToken(str);
        }
        this.tokens.put(str, authenticationResult);
        return authenticationResult.getAccessToken();
    }

    AuthenticationResult acquireNewAccessToken(String str) throws IOException {
        if (this.authorizationCode == null) {
            throw new IllegalArgumentException("You must acquire an authorization code by redirecting to the authentication URL");
        }
        String str2 = environment().activeDirectoryEndpoint() + domain();
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        AuthenticationContext authenticationContext = new AuthenticationContext(str2, false, newSingleThreadExecutor);
        if (proxy() != null) {
            authenticationContext.setProxy(proxy());
        }
        try {
            try {
                if (this.applicationCredentials.clientSecret() != null) {
                    AuthenticationResult authenticationResult = authenticationContext.acquireTokenByAuthorizationCode(this.authorizationCode, new URI(this.redirectUrl), new ClientCredential(this.applicationCredentials.clientId(), this.applicationCredentials.clientSecret()), str, (AuthenticationCallback) null).get();
                    newSingleThreadExecutor.shutdown();
                    return authenticationResult;
                }
                if (this.applicationCredentials.clientCertificate() != null && this.applicationCredentials.clientCertificatePassword() != null) {
                    AuthenticationResult authenticationResult2 = authenticationContext.acquireTokenByAuthorizationCode(this.authorizationCode, new URI(this.redirectUrl), AsymmetricKeyCredential.create(this.applicationCredentials.clientId(), new ByteArrayInputStream(this.applicationCredentials.clientCertificate()), this.applicationCredentials.clientCertificatePassword()), str, (AuthenticationCallback) null).get();
                    newSingleThreadExecutor.shutdown();
                    return authenticationResult2;
                }
                if (this.applicationCredentials.clientCertificate() == null) {
                    throw new AuthenticationException("Please provide either a non-null secret or a non-null certificate.");
                }
                AuthenticationResult authenticationResult3 = authenticationContext.acquireTokenByAuthorizationCode(this.authorizationCode, new URI(this.redirectUrl), AsymmetricKeyCredential.create(clientId(), ApplicationTokenCredentials.privateKeyFromPem(new String(this.applicationCredentials.clientCertificate())), ApplicationTokenCredentials.publicKeyFromPem(new String(this.applicationCredentials.clientCertificate()))), str, (AuthenticationCallback) null).get();
                newSingleThreadExecutor.shutdown();
                return authenticationResult3;
            } catch (Exception e) {
                throw new IOException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }

    private AuthenticationResult acquireAccessTokenFromRefreshToken(String str, String str2, boolean z) throws IOException {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            AuthenticationResult refreshToken = this.refreshTokenClient.refreshToken(domain(), clientId(), str, str2, z);
            newSingleThreadExecutor.shutdown();
            return refreshToken;
        } catch (Exception e) {
            newSingleThreadExecutor.shutdown();
            return null;
        } catch (Throwable th) {
            newSingleThreadExecutor.shutdown();
            throw th;
        }
    }
}
