package com.azure.identity;

import com.azure.core.credentials.AccessToken;
import com.azure.core.http.ProxyOptions;
import com.azure.core.implementation.serializer.SerializerAdapter;
import com.azure.core.implementation.serializer.SerializerEncoding;
import com.azure.core.implementation.serializer.jackson.JacksonAdapter;
import com.azure.core.implementation.util.ScopeUtil;
import com.azure.identity.implementation.MSIToken;
import com.azure.identity.implementation.util.Adal4jUtil;
import com.microsoft.aad.adal4j.AsymmetricKeyCredential;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.ClientCredential;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Random;
import java.util.Scanner;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import reactor.core.Exceptions;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/identity/IdentityClient.class */
public final class IdentityClient {
    private final IdentityClientOptions options;
    private final SerializerAdapter adapter;
    private static final Random RANDOM = new Random();

    public IdentityClient() {
        this.adapter = JacksonAdapter.createDefaultSerializerAdapter();
        this.options = new IdentityClientOptions();
    }

    public IdentityClient(IdentityClientOptions identityClientOptions) {
        this.adapter = JacksonAdapter.createDefaultSerializerAdapter();
        this.options = identityClientOptions;
    }

    public Mono<AccessToken> authenticateWithClientSecret(String str, String str2, String str3, String[] strArr) {
        String scopesToResource = ScopeUtil.scopesToResource(strArr);
        String str4 = this.options.authorityHost().replaceAll("/+$", "") + "/" + str;
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        AuthenticationContext createAuthenticationContext = createAuthenticationContext(newSingleThreadExecutor, str4, this.options.proxyOptions());
        return Mono.create(monoSink -> {
            createAuthenticationContext.acquireToken(scopesToResource, new ClientCredential(str2, str3), Adal4jUtil.authenticationDelegate(monoSink));
        }).map(authenticationResult -> {
            return new AccessToken(authenticationResult.getAccessToken(), OffsetDateTime.ofInstant(authenticationResult.getExpiresOnDate().toInstant(), ZoneOffset.UTC));
        }).doFinally(signalType -> {
            newSingleThreadExecutor.shutdown();
        });
    }

    public Mono<AccessToken> authenticateWithPfxCertificate(String str, String str2, String str3, String str4, String[] strArr) {
        String scopesToResource = ScopeUtil.scopesToResource(strArr);
        String str5 = this.options.authorityHost().replaceAll("/+$", "") + "/" + str;
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        AuthenticationContext createAuthenticationContext = createAuthenticationContext(newSingleThreadExecutor, str5, this.options.proxyOptions());
        return Mono.create(monoSink -> {
            try {
                createAuthenticationContext.acquireToken(scopesToResource, Adal4jUtil.createAsymmetricKeyCredential(str2, Files.readAllBytes(Paths.get(str3, new String[0])), str4), Adal4jUtil.authenticationDelegate(monoSink));
            } catch (IOException e) {
                monoSink.error(e);
            }
        }).map(authenticationResult -> {
            return new AccessToken(authenticationResult.getAccessToken(), OffsetDateTime.ofInstant(authenticationResult.getExpiresOnDate().toInstant(), ZoneOffset.UTC));
        }).doFinally(signalType -> {
            newSingleThreadExecutor.shutdown();
        });
    }

    public Mono<AccessToken> authenticateWithPemCertificate(String str, String str2, String str3, String[] strArr) {
        String scopesToResource = ScopeUtil.scopesToResource(strArr);
        String str4 = this.options.authorityHost().replaceAll("/+$", "") + "/" + str;
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        AuthenticationContext createAuthenticationContext = createAuthenticationContext(newSingleThreadExecutor, str4, this.options.proxyOptions());
        return Mono.create(monoSink -> {
            try {
                createAuthenticationContext.acquireToken(scopesToResource, AsymmetricKeyCredential.create(str2, Adal4jUtil.privateKeyFromPem(Files.readAllBytes(Paths.get(str3, new String[0]))), Adal4jUtil.publicKeyFromPem(Files.readAllBytes(Paths.get(str3, new String[0])))), Adal4jUtil.authenticationDelegate(monoSink));
            } catch (IOException e) {
                monoSink.error(e);
            }
        }).map(authenticationResult -> {
            return new AccessToken(authenticationResult.getAccessToken(), OffsetDateTime.ofInstant(authenticationResult.getExpiresOnDate().toInstant(), ZoneOffset.UTC));
        }).doFinally(signalType -> {
            newSingleThreadExecutor.shutdown();
        });
    }

    private static AuthenticationContext createAuthenticationContext(ExecutorService executorService, String str, ProxyOptions proxyOptions) {
        try {
            AuthenticationContext authenticationContext = new AuthenticationContext(str, false, executorService);
            if (proxyOptions != null) {
                authenticationContext.setProxy(new Proxy(proxyOptions.type() == ProxyOptions.Type.HTTP ? Proxy.Type.HTTP : Proxy.Type.SOCKS, proxyOptions.address()));
            }
            return authenticationContext;
        } catch (MalformedURLException e) {
            throw Exceptions.propagate(e);
        }
    }

    public Mono<AccessToken> authenticateToManagedIdentityEnpoint(String str, String str2, String str3, String[] strArr) {
        String scopesToResource = ScopeUtil.scopesToResource(strArr);
        HttpURLConnection httpURLConnection = null;
        StringBuilder sb = new StringBuilder();
        try {
            sb.append("resource=");
            sb.append(URLEncoder.encode(scopesToResource, "UTF-8"));
            sb.append("&api-version=");
            sb.append(URLEncoder.encode("2017-09-01", "UTF-8"));
            if (str3 != null) {
                sb.append("&client_id=");
                sb.append(URLEncoder.encode(str3, "UTF-8"));
            }
            try {
                try {
                    httpURLConnection = (HttpURLConnection) new URL(String.format("%s?%s", str, sb)).openConnection();
                    httpURLConnection.setRequestMethod("GET");
                    if (str2 != null) {
                        httpURLConnection.setRequestProperty("Secret", str2);
                    }
                    httpURLConnection.setRequestProperty("Metadata", "true");
                    httpURLConnection.connect();
                    Scanner useDelimiter = new Scanner(httpURLConnection.getInputStream(), StandardCharsets.UTF_8.name()).useDelimiter("\\A");
                    Mono<AccessToken> just = Mono.just(this.adapter.deserialize(useDelimiter.hasNext() ? useDelimiter.next() : "", MSIToken.class, SerializerEncoding.JSON));
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return just;
                } catch (IOException e) {
                    Mono<AccessToken> error = Mono.error(e);
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return error;
                }
            } catch (Throwable th) {
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        } catch (IOException e2) {
            return Mono.error(e2);
        }
    }

    public Mono<AccessToken> authenticateToIMDSEndpoint(String str, String[] strArr) {
        String scopesToResource = ScopeUtil.scopesToResource(strArr);
        StringBuilder sb = new StringBuilder();
        try {
            sb.append("api-version=");
            sb.append(URLEncoder.encode("2018-02-01", "UTF-8"));
            sb.append("&resource=");
            sb.append(URLEncoder.encode(scopesToResource, "UTF-8"));
            if (str != null) {
                sb.append("&client_id=");
                sb.append(URLEncoder.encode(str, "UTF-8"));
            }
            int i = 1;
            while (true) {
                if (i > this.options.maxRetry()) {
                    break;
                }
                URL url = null;
                HttpURLConnection httpURLConnection = null;
                try {
                    url = new URL(String.format("http://169.254.169.254/metadata/identity/oauth2/token?%s", sb.toString()));
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setRequestMethod("GET");
                    httpURLConnection.setRequestProperty("Metadata", "true");
                    httpURLConnection.connect();
                    Scanner useDelimiter = new Scanner(httpURLConnection.getInputStream(), StandardCharsets.UTF_8.name()).useDelimiter("\\A");
                    Mono<AccessToken> just = Mono.just(this.adapter.deserialize(useDelimiter.hasNext() ? useDelimiter.next() : "", MSIToken.class, SerializerEncoding.JSON));
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return just;
                } catch (IOException e) {
                    if (httpURLConnection == null) {
                        Mono<AccessToken> error = Mono.error(new RuntimeException(String.format("Could not connect to the url: %s.", url), e));
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return error;
                    }
                    try {
                        try {
                            int responseCode = httpURLConnection.getResponseCode();
                            if (responseCode != 410 && responseCode != 429 && responseCode != 404 && (responseCode < 500 || responseCode > 599)) {
                                Mono<AccessToken> error2 = Mono.error(new RuntimeException("Couldn't acquire access token from IMDS, verify your objectId, clientId or msiResourceId", e));
                                if (httpURLConnection != null) {
                                    httpURLConnection.disconnect();
                                }
                                return error2;
                            }
                            int intValue = this.options.retryTimeout().apply(Integer.valueOf(RANDOM.nextInt(i))).intValue();
                            int i2 = (responseCode != 410 || intValue >= 70000) ? intValue : 70000;
                            i++;
                            if (i > this.options.maxRetry()) {
                                if (httpURLConnection != null) {
                                    httpURLConnection.disconnect();
                                }
                                return Mono.error(new RuntimeException(String.format("MSI: Failed to acquire tokens after retrying %s times", Integer.valueOf(this.options.maxRetry()))));
                            }
                            sleep(i2);
                            if (httpURLConnection != null) {
                                httpURLConnection.disconnect();
                            }
                        } catch (IOException e2) {
                            Mono<AccessToken> error3 = Mono.error(e2);
                            if (httpURLConnection != null) {
                                httpURLConnection.disconnect();
                            }
                            return error3;
                        }
                    } catch (Throwable th) {
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        throw th;
                    }
                }
            }
        } catch (IOException e3) {
            return Mono.error(e3);
        }
    }

    private static void sleep(int i) {
        try {
            Thread.sleep(i);
        } catch (InterruptedException e) {
            throw new RuntimeException(e);
        }
    }
}
