package com.azure.identity;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.Configuration;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClient;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.IdentitySyncClient;
import com.azure.identity.implementation.util.LoggingUtil;
import com.azure.identity.implementation.util.ValidationUtil;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/identity/WorkloadIdentityCredential.class */
public class WorkloadIdentityCredential implements TokenCredential {
    private static final ClientLogger LOGGER = new ClientLogger(WorkloadIdentityCredential.class);
    private final IdentityClient identityClient;
    private final IdentitySyncClient identitySyncClient;
    private final IdentityClientOptions identityClientOptions;

    /* JADX INFO: Access modifiers changed from: package-private */
    public WorkloadIdentityCredential(String str, String str2, String str3, IdentityClientOptions identityClientOptions) {
        ValidationUtil.validateTenantIdCharacterRange(str, LOGGER);
        Configuration clone = identityClientOptions.getConfiguration() == null ? Configuration.getGlobalConfiguration().clone() : identityClientOptions.getConfiguration();
        String str4 = CoreUtils.isNullOrEmpty(str) ? clone.get("AZURE_TENANT_ID") : str;
        String str5 = CoreUtils.isNullOrEmpty(str3) ? clone.get("AZURE_FEDERATED_TOKEN_FILE") : str3;
        String str6 = CoreUtils.isNullOrEmpty(str2) ? clone.get("AZURE_CLIENT_ID") : str2;
        if (CoreUtils.isNullOrEmpty(str4) || CoreUtils.isNullOrEmpty(str5) || CoreUtils.isNullOrEmpty(str6) || CoreUtils.isNullOrEmpty(identityClientOptions.getAuthorityHost())) {
            this.identityClient = null;
            this.identitySyncClient = null;
        } else {
            IdentityClientBuilder identityClientOptions2 = new IdentityClientBuilder().clientAssertionPath(str5).clientId(str6).tenantId(str4).identityClientOptions(identityClientOptions);
            this.identityClient = identityClientOptions2.build();
            this.identitySyncClient = identityClientOptions2.buildSyncClient();
        }
        this.identityClientOptions = identityClientOptions;
    }

    public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
        return this.identityClient == null ? Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.identityClientOptions, new CredentialUnavailableException("WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/java/identity/workloadidentitycredential/troubleshoot"))) : this.identityClient.authenticateWithWorkloadIdentityConfidentialClient(tokenRequestContext);
    }

    public AccessToken getTokenSync(TokenRequestContext tokenRequestContext) {
        if (this.identitySyncClient == null) {
            throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.identityClientOptions, new CredentialUnavailableException("WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/java/identity/workloadidentitycredential/troubleshoot"));
        }
        return this.identitySyncClient.authenticateWithWorkloadIdentityConfidentialClient(tokenRequestContext);
    }

    String getClientId() {
        return this.identityClient.getClientId();
    }
}
