package com.microsoft.kiota.authentication;

import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import io.opentelemetry.api.GlobalOpenTelemetry;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.context.Context;
import io.opentelemetry.context.Scope;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/microsoft/kiota/authentication/AzureIdentityAccessTokenProvider.class */
public class AzureIdentityAccessTokenProvider implements AccessTokenProvider {
    private final TokenCredential creds;
    private final List<String> _scopes;
    private final AllowedHostsValidator _hostValidator;
    private final ObservabilityOptions _observabilityOptions;
    private final boolean _isCaeEnabled;
    private static final HashSet<String> localhostStrings = new HashSet<>(Arrays.asList("localhost", "[::1]", "::1", "127.0.0.1"));
    private static final String ClaimsKey = "claims";
    private static final String parentSpanKey = "parent-span";

    public AzureIdentityAccessTokenProvider(@Nonnull TokenCredential tokenCredential, @Nonnull String[] strArr, @Nonnull String... strArr2) {
        this(tokenCredential, strArr, null, strArr2);
    }

    public AzureIdentityAccessTokenProvider(@Nonnull TokenCredential tokenCredential, @Nonnull String[] strArr, @Nullable ObservabilityOptions observabilityOptions, @Nonnull String... strArr2) {
        this(tokenCredential, strArr, observabilityOptions, true, strArr2);
    }

    public AzureIdentityAccessTokenProvider(@Nonnull TokenCredential tokenCredential, @Nonnull String[] strArr, @Nullable ObservabilityOptions observabilityOptions, boolean z, @Nonnull String... strArr2) {
        this.creds = (TokenCredential) Objects.requireNonNull(tokenCredential, "parameter tokenCredential cannot be null");
        if (strArr2 == null) {
            this._scopes = new ArrayList();
        } else {
            this._scopes = new ArrayList(Arrays.asList(strArr2));
        }
        if (strArr == null || strArr.length == 0) {
            this._hostValidator = new AllowedHostsValidator(new String[0]);
        } else {
            this._hostValidator = new AllowedHostsValidator(strArr);
        }
        if (observabilityOptions == null) {
            this._observabilityOptions = new ObservabilityOptions();
        } else {
            this._observabilityOptions = observabilityOptions;
        }
        this._isCaeEnabled = z;
    }

    @Nonnull
    public String getAuthorizationToken(@Nonnull URI uri, @Nullable Map<String, Object> map) {
        ArrayList arrayList;
        Span startSpan = (map != null && map.containsKey(parentSpanKey) && (map.get(parentSpanKey) instanceof Span)) ? GlobalOpenTelemetry.getTracer(this._observabilityOptions.getTracerInstrumentationName()).spanBuilder("getAuthorizationToken").setParent(Context.current().with((Span) map.get(parentSpanKey))).startSpan() : GlobalOpenTelemetry.getTracer(this._observabilityOptions.getTracerInstrumentationName()).spanBuilder("getAuthorizationToken").startSpan();
        try {
            try {
                Scope makeCurrent = startSpan.makeCurrent();
                try {
                    if (!this._hostValidator.isUrlHostValid(uri)) {
                        startSpan.setAttribute("com.microsoft.kiota.authentication.is_url_valid", false);
                        if (makeCurrent != null) {
                            makeCurrent.close();
                        }
                        return "";
                    }
                    if (!uri.getScheme().equalsIgnoreCase("https") && !isLocalhostUrl(uri.getHost())) {
                        startSpan.setAttribute("com.microsoft.kiota.authentication.is_url_valid", false);
                        throw new IllegalArgumentException("Only https is supported");
                    }
                    startSpan.setAttribute("com.microsoft.kiota.authentication.is_url_valid", true);
                    String str = null;
                    if (map != null && map.containsKey(ClaimsKey) && (map.get(ClaimsKey) instanceof String)) {
                        try {
                            str = new String(Base64.getDecoder().decode((String) map.get(ClaimsKey)), "UTF-8");
                        } catch (UnsupportedEncodingException e) {
                            startSpan.recordException(e);
                        }
                    }
                    startSpan.setAttribute("com.microsoft.kiota.authentication.additional_claims_provided", (str == null || str.isEmpty()) ? false : true);
                    if (this._scopes.isEmpty()) {
                        arrayList = new ArrayList();
                        arrayList.add(uri.getScheme() + "://" + uri.getHost() + "/.default");
                    } else {
                        arrayList = new ArrayList(this._scopes);
                    }
                    TokenRequestContext tokenRequestContext = new TokenRequestContext();
                    tokenRequestContext.setScopes(arrayList);
                    tokenRequestContext.setCaeEnabled(this._isCaeEnabled);
                    startSpan.setAttribute("com.microsoft.kiota.authentication.scopes", String.join("|", arrayList));
                    if (str != null && !str.isEmpty()) {
                        tokenRequestContext.setClaims(str);
                    }
                    String token = this.creds.getTokenSync(tokenRequestContext).getToken();
                    if (makeCurrent != null) {
                        makeCurrent.close();
                    }
                    startSpan.end();
                    return token;
                } catch (Throwable th) {
                    if (makeCurrent != null) {
                        try {
                            makeCurrent.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IllegalArgumentException e2) {
                startSpan.recordException(e2);
                throw e2;
            }
        } finally {
            startSpan.end();
        }
    }

    @Nonnull
    public AllowedHostsValidator getAllowedHostsValidator() {
        return this._hostValidator;
    }

    private static boolean isLocalhostUrl(@Nonnull String str) {
        Objects.requireNonNull(str);
        return localhostStrings.contains(str.toLowerCase(Locale.ROOT));
    }
}
