package com.microsoft.azure.spring.cloud.context.core.impl;

import com.microsoft.azure.credentials.AppServiceMSICredentials;
import com.microsoft.azure.credentials.ApplicationTokenCredentials;
import com.microsoft.azure.credentials.AzureTokenCredentials;
import com.microsoft.azure.credentials.MSICredentials;
import com.microsoft.azure.spring.cloud.context.core.api.CredentialsProvider;
import com.microsoft.azure.spring.cloud.context.core.config.AzureManagedIdentityProperties;
import com.microsoft.azure.spring.cloud.context.core.config.AzureProperties;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.lang.NonNull;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/microsoft/azure/spring/cloud/context/core/impl/DefaultCredentialsProvider.class */
public class DefaultCredentialsProvider implements CredentialsProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCredentialsProvider.class);
    private static final String TEMP_CREDENTIAL_FILE_PREFIX = "azure";
    private static final String TEMP_CREDENTIAL_FILE_SUFFIX = "credential";
    private static final String ENV_MSI_ENDPOINT = "MSI_ENDPOINT";
    private static final String ENV_MSI_SECRET = "MSI_SECRET";
    private final AzureTokenCredentials credentials;

    public DefaultCredentialsProvider(AzureProperties azureProperties) {
        this.credentials = initCredentials(azureProperties);
    }

    private File createTempCredentialFile(@NonNull InputStream inputStream) throws IOException {
        File createTempFile = File.createTempFile(TEMP_CREDENTIAL_FILE_PREFIX, TEMP_CREDENTIAL_FILE_SUFFIX);
        createTempFile.deleteOnExit();
        FileUtils.copyInputStreamToFile(inputStream, createTempFile);
        return createTempFile;
    }

    private AzureTokenCredentials initCredentials(AzureProperties azureProperties) {
        if (azureProperties.isMsiEnabled()) {
            AzureTokenCredentials mSIToken = getMSIToken(azureProperties);
            mSIToken.withDefaultSubscriptionId(azureProperties.getSubscriptionId());
            return mSIToken;
        }
        try {
            return ApplicationTokenCredentials.fromFile(createTempCredentialFile(new DefaultResourceLoader().getResource(azureProperties.getCredentialFilePath()).getInputStream()));
        } catch (IOException e) {
            LOGGER.error("Credential file path not found.", e);
            throw new IllegalArgumentException("Credential file path not found", e);
        }
    }

    private boolean isAppService() {
        return StringUtils.hasText(System.getenv(ENV_MSI_ENDPOINT)) && StringUtils.hasText(System.getenv(ENV_MSI_SECRET));
    }

    private AzureTokenCredentials getMSIToken(AzureProperties azureProperties) {
        AzureManagedIdentityProperties managedIdentity = azureProperties.getManagedIdentity();
        if (isAppService()) {
            AppServiceMSICredentials appServiceMSICredentials = new AppServiceMSICredentials(azureProperties.getEnvironment());
            if (managedIdentity != null && StringUtils.hasText(managedIdentity.getClientId())) {
                appServiceMSICredentials.withClientId(managedIdentity.getClientId());
            }
            return appServiceMSICredentials;
        }
        MSICredentials mSICredentials = new MSICredentials();
        if (managedIdentity != null) {
            if (StringUtils.hasText(managedIdentity.getClientId())) {
                mSICredentials.withClientId(managedIdentity.getClientId());
            }
            if (StringUtils.hasText(managedIdentity.getObjectId())) {
                mSICredentials.withObjectId(managedIdentity.getObjectId());
            }
        }
        return mSICredentials;
    }

    @Override // com.microsoft.azure.spring.cloud.context.core.api.CredentialsProvider
    public AzureTokenCredentials getCredentials() {
        return this.credentials;
    }
}
