package com.microsoft.commondatamodel.objectmodel.storage;

import com.microsoft.aad.msal4j.AzureCloudEndpoint;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.commondatamodel.objectmodel.utilities.StringUtils;
import com.microsoft.commondatamodel.objectmodel.utilities.network.TokenProvider;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/microsoft/commondatamodel/objectmodel/storage/AdlsAdapterAuthenticator.class */
class AdlsAdapterAuthenticator {
    private static final String HMAC_SHA256 = "HmacSHA256";
    private static final String HTTP_AUTHORIZATION = "Authorization";
    private static final String HTTP_XMS_DATE = "x-ms-date";
    private static final String HTTP_XMS_VERSION = "x-ms-version";
    private static final Set<String> SCOPE = Collections.singleton("https://storage.azure.com/.default");
    private ConfidentialClientApplication context;
    private String sasToken;
    private IAuthenticationResult lastAuthenticationResult;
    private String sharedKey = null;
    private String clientId = null;
    private String secret = null;
    private String tenant = null;
    private TokenProvider tokenProvider = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, String> buildAuthenticationHeader(String str, String str2, String str3, String str4) throws NoSuchAlgorithmException, InvalidKeyException, URISyntaxException, UnsupportedEncodingException {
        if (this.sharedKey != null) {
            return buildAuthenticationHeaderWithSharedKey(str, str2, str3, str4);
        }
        if (this.tokenProvider != null) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("authorization", this.tokenProvider.getToken());
            return linkedHashMap;
        }
        if (this.clientId == null || this.tenant == null || this.secret == null) {
            throw new StorageAdapterException("ADLS adapter is not configured with any auth method");
        }
        return buildAuthenticationHeaderWithClientIdAndSecret();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String buildSasAuthenticatedUrl(String str) {
        return str + (str.contains("?") ? "&" : "?") + this.sasToken;
    }

    private Map<String, String> buildAuthenticationHeaderWithSharedKey(String str, String str2, String str3, String str4) throws URISyntaxException, NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(HTTP_XMS_DATE, DateTimeFormatter.RFC_1123_DATE_TIME.format(ZonedDateTime.now(ZoneOffset.ofHours(0))));
        linkedHashMap.put(HTTP_XMS_VERSION, "2018-06-17");
        int length = str3 != null ? str3.getBytes().length : 0;
        URI uri = new URI(str);
        StringBuilder sb = new StringBuilder();
        sb.append(str2).append("\n");
        sb.append("\n");
        sb.append("\n");
        sb.append(length != 0 ? Integer.valueOf(length) : "").append("\n");
        sb.append("\n");
        sb.append(str4 != null ? str4 : "").append("\n");
        sb.append("\n");
        sb.append("\n");
        sb.append("\n");
        sb.append("\n");
        sb.append("\n");
        sb.append("\n");
        for (Map.Entry entry : linkedHashMap.entrySet()) {
            sb.append((String) entry.getKey()).append(":").append((String) entry.getValue()).append("\n");
        }
        String str5 = uri.getHost().split("\\.")[0];
        sb.append("/").append(str5);
        sb.append(uri.getRawPath());
        if (!StringUtils.isNullOrEmpty(uri.getQuery())) {
            for (String str6 : uri.getRawQuery().split("&")) {
                String[] split = str6.split("=");
                sb.append("\n").append(split[0].toLowerCase()).append(":").append(URLDecoder.decode(split[1], "UTF-8"));
            }
        }
        Mac mac = Mac.getInstance(HMAC_SHA256);
        mac.init(new SecretKeySpec(Base64.decodeBase64(this.sharedKey.getBytes()), HMAC_SHA256));
        linkedHashMap.put(HTTP_AUTHORIZATION, "SharedKey " + str5 + ":" + Base64.encodeBase64String(mac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8))));
        return linkedHashMap;
    }

    private Map<String, String> buildAuthenticationHeaderWithClientIdAndSecret() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (needsRefreshToken()) {
            refreshToken();
        }
        linkedHashMap.put("authorization", "Bearer " + this.lastAuthenticationResult.accessToken());
        return linkedHashMap;
    }

    private boolean needsRefreshToken() {
        if (this.lastAuthenticationResult == null) {
            return true;
        }
        return this.lastAuthenticationResult.expiresOnDate().before(new Date());
    }

    private void refreshToken() {
        buildContext();
        try {
            IAuthenticationResult iAuthenticationResult = (IAuthenticationResult) this.context.acquireToken(ClientCredentialParameters.builder(SCOPE).build()).join();
            if (iAuthenticationResult == null || iAuthenticationResult.accessToken() == null) {
                throw new StorageAdapterException("Received invalid ADLS Adapter's authentication result. The result might be null, or missing access token from the authentication result.");
            }
            this.lastAuthenticationResult = iAuthenticationResult;
        } catch (Exception e) {
            throw new StorageAdapterException("There was an error while acquiring ADLS Adapter's Token with client ID/secret authentication. Exception: ", e);
        }
    }

    private void buildContext() {
        if (this.context == null) {
            try {
                this.context = ConfidentialClientApplication.builder(this.clientId, ClientCredentialFactory.createFromSecret(this.secret)).authority(AzureCloudEndpoint.AzurePublic.endpoint + this.tenant).build();
            } catch (MalformedURLException e) {
                throw new StorageAdapterException("There was an error while building context. Exception: ", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSharedKey() {
        return this.sharedKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSharedKey(String str) {
        this.sharedKey = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTenant() {
        return this.tenant;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTenant(String str) {
        this.tenant = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getClientId() {
        return this.clientId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientId(String str) {
        this.clientId = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSecret() {
        return this.secret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecret(String str) {
        this.secret = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSasToken() {
        return this.sasToken;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSasToken(String str) {
        this.sasToken = str != null ? str.startsWith("?") ? str.substring(1) : str : null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenProvider getTokenProvider() {
        return this.tokenProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTokenProvider(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }
}
