package com.azure.identity.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.http.HttpResponse;
import com.azure.core.util.CoreUtils;
import com.azure.identity.CredentialUnavailableException;
import com.azure.identity.DeviceCodeInfo;
import com.azure.identity.implementation.util.IdentityUtil;
import com.azure.identity.implementation.util.LoggingUtil;
import com.azure.identity.implementation.util.ScopeUtil;
import com.azure.identity.implementation.util.ValidationUtil;
import com.microsoft.aad.msal4j.AppTokenProviderParameters;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.SilentParameters;
import com.microsoft.aad.msal4j.TokenProviderResult;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import reactor.core.publisher.Mono;

/* loaded from: input_file:applicationinsights-agent-3.4.18.jar:inst/com/azure/identity/implementation/IdentitySyncClient.classdata */
public class IdentitySyncClient extends IdentityClientBase {
    private final SynchronousAccessor<PublicClientApplication> publicClientApplicationAccessor;
    private final SynchronousAccessor<PublicClientApplication> publicClientApplicationAccessorWithCae;
    private final SynchronousAccessor<ConfidentialClientApplication> confidentialClientApplicationAccessor;
    private final SynchronousAccessor<ConfidentialClientApplication> confidentialClientApplicationAccessorWithCae;
    private final SynchronousAccessor<ConfidentialClientApplication> managedIdentityConfidentialClientApplicationAccessor;
    private final SynchronousAccessor<ConfidentialClientApplication> workloadIdentityConfidentialClientApplicationAccessor;
    private final SynchronousAccessor<String> clientAssertionAccessor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentitySyncClient(String str, String str2, String str3, String str4, String str5, String str6, Supplier<String> supplier, InputStream inputStream, String str7, boolean z, Duration duration, IdentityClientOptions identityClientOptions) {
        super(str, str2, str3, str4, str5, str6, supplier, inputStream, str7, z, duration, identityClientOptions);
        this.publicClientApplicationAccessor = new SynchronousAccessor<>(() -> {
            return getPublicClient(z, false);
        });
        this.publicClientApplicationAccessorWithCae = new SynchronousAccessor<>(() -> {
            return getPublicClient(z, true);
        });
        this.confidentialClientApplicationAccessor = new SynchronousAccessor<>(() -> {
            return getConfidentialClient(false);
        });
        this.confidentialClientApplicationAccessorWithCae = new SynchronousAccessor<>(() -> {
            return getConfidentialClient(true);
        });
        this.managedIdentityConfidentialClientApplicationAccessor = new SynchronousAccessor<>(() -> {
            return getManagedIdentityConfidentialClient();
        });
        this.workloadIdentityConfidentialClientApplicationAccessor = new SynchronousAccessor<>(() -> {
            return getWorkloadIdentityConfidentialClient();
        });
        this.clientAssertionAccessor = duration == null ? new SynchronousAccessor<>(() -> {
            return parseClientAssertion();
        }, Duration.ofMinutes(5L)) : new SynchronousAccessor<>(() -> {
            return parseClientAssertion();
        }, duration);
    }

    private String parseClientAssertion() {
        if (this.clientAssertionFilePath == null) {
            throw LOGGER.logExceptionAsError(new IllegalStateException("Client Assertion File Path is not provided. It should be provided to authenticate with client assertion."));
        }
        try {
            return new String(Files.readAllBytes(Paths.get(this.clientAssertionFilePath, new String[0])), StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e));
        }
    }

    public AccessToken authenticateWithConfidentialClient(TokenRequestContext tokenRequestContext) {
        ConfidentialClientApplication value = getConfidentialClientInstance(tokenRequestContext).getValue();
        ClientCredentialParameters.ClientCredentialParametersBuilder tenant = ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (this.clientAssertionSupplier != null) {
            tenant.clientCredential(ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplier.get()));
        }
        try {
            return new MsalToken(value.acquireToken(tenant.build()).get());
        } catch (InterruptedException | ExecutionException e) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e));
        }
    }

    private SynchronousAccessor<ConfidentialClientApplication> getConfidentialClientInstance(TokenRequestContext tokenRequestContext) {
        return tokenRequestContext.isCaeEnabled() ? this.confidentialClientApplicationAccessorWithCae : this.confidentialClientApplicationAccessor;
    }

    private SynchronousAccessor<PublicClientApplication> getPublicClientInstance(TokenRequestContext tokenRequestContext) {
        return tokenRequestContext.isCaeEnabled() ? this.publicClientApplicationAccessorWithCae : this.publicClientApplicationAccessor;
    }

    public AccessToken authenticateWithManagedIdentityConfidentialClient(TokenRequestContext tokenRequestContext) {
        try {
            return new MsalToken(this.managedIdentityConfidentialClientApplicationAccessor.getValue().acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options)).build()).get());
        } catch (Exception e) {
            throw new CredentialUnavailableException("Managed Identity authentication is not available.", e);
        }
    }

    public AccessToken authenticateWithConfidentialClientCache(TokenRequestContext tokenRequestContext) {
        ConfidentialClientApplication value = getConfidentialClientInstance(tokenRequestContext).getValue();
        SilentParameters.SilentParametersBuilder tenant = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            tenant.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            tenant.forceRefresh(true);
        }
        try {
            try {
                MsalToken msalToken = new MsalToken(value.acquireTokenSilently(tenant.build()).get());
                if (OffsetDateTime.now().isBefore(msalToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET))) {
                    return msalToken;
                }
                throw new IllegalStateException("Received token is close to expiry.");
            } catch (MalformedURLException e) {
                throw LOGGER.logExceptionAsError(new RuntimeException(e.getMessage(), e));
            }
        } catch (InterruptedException | ExecutionException e2) {
            throw LOGGER.logExceptionAsError(new ClientAuthenticationException(e2.getMessage(), (HttpResponse) null, (Throwable) e2));
        }
    }

    public MsalToken authenticateWithPublicClientCache(TokenRequestContext tokenRequestContext, IAccount iAccount) {
        PublicClientApplication value = getPublicClientInstance(tokenRequestContext).getValue();
        SilentParameters.SilentParametersBuilder builder = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes()));
        if (tokenRequestContext.getClaims() != null) {
            builder.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            builder.forceRefresh(true);
        }
        if (iAccount != null) {
            builder = builder.account(iAccount);
        }
        builder.tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        try {
            MsalToken msalToken = new MsalToken(value.acquireTokenSilently(builder.build()).get());
            if (OffsetDateTime.now().isBefore(msalToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET))) {
                return msalToken;
            }
            SilentParameters.SilentParametersBuilder forceRefresh = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).forceRefresh(true);
            if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
                forceRefresh.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            }
            if (iAccount != null) {
                forceRefresh = forceRefresh.account(iAccount);
            }
            forceRefresh.tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
            try {
                return new MsalToken(value.acquireTokenSilently(forceRefresh.build()).get());
            } catch (InterruptedException | ExecutionException e) {
                throw LOGGER.logExceptionAsError(new ClientAuthenticationException(e.getMessage(), (HttpResponse) null, (Throwable) e));
            } catch (MalformedURLException e2) {
                throw LOGGER.logExceptionAsError(new RuntimeException(e2.getMessage(), e2));
            }
        } catch (InterruptedException | ExecutionException e3) {
            throw LOGGER.logExceptionAsError(new ClientAuthenticationException(e3.getMessage(), (HttpResponse) null, (Throwable) e3));
        } catch (MalformedURLException e4) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e4.getMessage(), e4));
        }
    }

    public MsalToken authenticateWithUsernamePassword(TokenRequestContext tokenRequestContext, String str, String str2) {
        try {
            return new MsalToken(getPublicClientInstance(tokenRequestContext).getValue().acquireToken(buildUsernamePasswordFlowParameters(tokenRequestContext, str, str2).build()).get());
        } catch (Exception e) {
            throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Failed to acquire token with username and password. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/usernamepasswordcredential/troubleshoot", (HttpResponse) null, (Throwable) e));
        }
    }

    public MsalToken authenticateWithDeviceCode(TokenRequestContext tokenRequestContext, Consumer<DeviceCodeInfo> consumer) {
        try {
            return new MsalToken(getPublicClientInstance(tokenRequestContext).getValue().acquireToken(buildDeviceCodeFlowParameters(tokenRequestContext, consumer).build()).get());
        } catch (Exception e) {
            throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Failed to acquire token with device code.", (HttpResponse) null, (Throwable) e));
        }
    }

    public MsalToken authenticateWithBrowserInteraction(TokenRequestContext tokenRequestContext, Integer num, String str, String str2) {
        try {
            try {
                return new MsalToken(getPublicClientInstance(tokenRequestContext).getValue().acquireToken(buildInteractiveRequestParameters(tokenRequestContext, str2, new URI(num != null ? "http://localhost:" + num : str != null ? str : "http://localhost")).build()).get());
            } catch (Exception e) {
                throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Failed to acquire token with Interactive Browser Authentication.", (HttpResponse) null, (Throwable) e));
            }
        } catch (URISyntaxException e2) {
            throw LOGGER.logExceptionAsError(new RuntimeException(e2));
        }
    }

    public AccessToken authenticateWithAzureCli(TokenRequestContext tokenRequestContext) {
        StringBuilder sb = new StringBuilder("az account get-access-token --output json --resource ");
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        try {
            ScopeUtil.validateScope(scopesToResource);
            sb.append(scopesToResource);
            String resolveTenantId = IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options);
            ValidationUtil.validateTenantIdCharacterRange(resolveTenantId, LOGGER);
            if (!CoreUtils.isNullOrEmpty(resolveTenantId)) {
                sb.append(" --tenant ").append(resolveTenantId);
            }
            try {
                return getTokenFromAzureCLIAuthentication(sb);
            } catch (RuntimeException e) {
                if (e instanceof CredentialUnavailableException) {
                    throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, (CredentialUnavailableException) e);
                }
                throw LOGGER.logExceptionAsError(e);
            }
        } catch (IllegalArgumentException e2) {
            throw LOGGER.logExceptionAsError(e2);
        }
    }

    public AccessToken authenticateWithAzureDeveloperCli(TokenRequestContext tokenRequestContext) {
        StringBuilder sb = new StringBuilder("azd auth token --output json --scope ");
        List<String> scopes = tokenRequestContext.getScopes();
        if (scopes.size() == 0) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("Missing scope in request"));
        }
        scopes.forEach(str -> {
            try {
                ScopeUtil.validateScope(str);
            } catch (IllegalArgumentException e) {
                throw LOGGER.logExceptionAsError(e);
            }
        });
        sb.append(String.join(" --scope ", scopes));
        String resolveTenantId = IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options);
        ValidationUtil.validateTenantIdCharacterRange(resolveTenantId, LOGGER);
        if (!CoreUtils.isNullOrEmpty(resolveTenantId)) {
            sb.append(" --tenant-id ").append(resolveTenantId);
        }
        try {
            return getTokenFromAzureDeveloperCLIAuthentication(sb);
        } catch (RuntimeException e) {
            if (e instanceof CredentialUnavailableException) {
                throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, (CredentialUnavailableException) e);
            }
            throw LOGGER.logExceptionAsError(e);
        }
    }

    public AccessToken authenticateWithOBO(TokenRequestContext tokenRequestContext) {
        try {
            return new MsalToken(getConfidentialClientInstance(tokenRequestContext).getValue().acquireToken(buildOBOFlowParameters(tokenRequestContext)).get());
        } catch (Exception e) {
            throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Failed to acquire token with On Behalf Of Authentication.", (HttpResponse) null, (Throwable) e));
        }
    }

    public AccessToken authenticateWithExchangeTokenSync(TokenRequestContext tokenRequestContext) {
        try {
            return authenticateWithExchangeTokenHelper(tokenRequestContext, this.clientAssertionAccessor.getValue());
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    @Override // com.azure.identity.implementation.IdentityClientBase
    Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> getWorkloadIdentityTokenProvider() {
        return appTokenProviderParameters -> {
            TokenRequestContext tenantId = new TokenRequestContext().setScopes(new ArrayList(appTokenProviderParameters.scopes)).setClaims(appTokenProviderParameters.claims).setTenantId(appTokenProviderParameters.tenantId);
            AccessToken authenticateWithExchangeTokenSync = authenticateWithExchangeTokenSync(tenantId);
            Supplier supplier = () -> {
                TokenProviderResult tokenProviderResult = new TokenProviderResult();
                tokenProviderResult.setAccessToken(authenticateWithExchangeTokenSync.getToken());
                tokenProviderResult.setTenantId(tenantId.getTenantId());
                tokenProviderResult.setExpiresInSeconds(authenticateWithExchangeTokenSync.getExpiresAt().toEpochSecond());
                return tokenProviderResult;
            };
            return this.options.getExecutorService() != null ? CompletableFuture.supplyAsync(supplier, this.options.getExecutorService()) : CompletableFuture.supplyAsync(supplier);
        };
    }

    public AccessToken authenticateWithWorkloadIdentityConfidentialClient(TokenRequestContext tokenRequestContext) {
        try {
            return new MsalToken(this.workloadIdentityConfidentialClientApplicationAccessor.getValue().acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options)).build()).get());
        } catch (Exception e) {
            throw new CredentialUnavailableException("Managed Identity authentication is not available.", e);
        }
    }

    public IdentityClientOptions getIdentityClientOptions() {
        return this.options;
    }

    @Override // com.azure.identity.implementation.IdentityClientBase
    Mono<AccessToken> getTokenFromTargetManagedIdentity(TokenRequestContext tokenRequestContext) {
        return null;
    }
}
