package com.microsoft.aad.msal4j;

import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.SerializeException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.http.CommonContentTypes;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/microsoft/aad/msal4j/TokenRequest.class */
public class TokenRequest {
    Logger log = LoggerFactory.getLogger(TokenRequest.class);
    private final URL url;
    private final MsalRequest msalRequest;
    private final ServiceBundle serviceBundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenRequest(URL url, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        this.url = url;
        this.serviceBundle = serviceBundle;
        this.msalRequest = msalRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult executeOauthRequestAndProcessResponse() throws ParseException, AuthenticationException, SerializeException, IOException {
        HttpEvent createHttpEvent = createHttpEvent();
        TelemetryHelper createTelemetryHelper = this.serviceBundle.getTelemetryManager().createTelemetryHelper(this.msalRequest.requestContext().getTelemetryRequestId(), this.msalRequest.application().clientId(), createHttpEvent, false);
        Throwable th = null;
        try {
            HTTPResponse send = toOauthHttpRequest().send();
            addResponseHeadersToHttpEvent(createHttpEvent, send);
            if (send.getStatusCode() != 200) {
                TokenErrorResponse parse = TokenErrorResponse.parse(send);
                ErrorObject errorObject = parse.getErrorObject();
                if (AuthenticationErrorCode.AUTHORIZATION_PENDING.toString().equals(errorObject.getCode())) {
                    createHttpEvent.setOauthErrorCode(AuthenticationErrorCode.AUTHORIZATION_PENDING.toString());
                    throw new AuthenticationException(AuthenticationErrorCode.AUTHORIZATION_PENDING, errorObject.getDescription());
                }
                if (400 == errorObject.getHTTPStatusCode() && AuthenticationErrorCode.INTERACTION_REQUIRED.toString().equals(errorObject.getCode())) {
                    createHttpEvent.setOauthErrorCode(AuthenticationErrorCode.INTERACTION_REQUIRED.toString());
                    throw new ClaimsChallengeException(parse.toJSONObject().toJSONString(), getClaims(send.getContent()));
                }
                createHttpEvent.setOauthErrorCode(StringHelper.isBlank(errorObject.getCode()) ? AuthenticationErrorCode.UNKNOWN.toString() : errorObject.getCode());
                throw new AuthenticationException(parse.toJSONObject().toJSONString());
            }
            TokenResponse parseHttpResponse = TokenResponse.parseHttpResponse(send);
            OIDCTokens oIDCTokens = parseHttpResponse.getOIDCTokens();
            String str = null;
            if (oIDCTokens.getRefreshToken() != null) {
                str = oIDCTokens.getRefreshToken().getValue();
            }
            AccountCacheEntity accountCacheEntity = null;
            if (oIDCTokens.getIDToken() != null) {
                IdToken idToken = (IdToken) JsonHelper.convertJsonToObject(oIDCTokens.getIDToken().getParsedParts()[1].decodeToString(), IdToken.class);
                if (!StringHelper.isBlank(parseHttpResponse.getClientInfo())) {
                    accountCacheEntity = this.msalRequest.application().authenticationAuthority.authorityType == AuthorityType.B2C ? AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.url.getHost(), idToken, ((B2CAuthority) this.msalRequest.application().authenticationAuthority).policy) : AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.url.getHost(), idToken);
                }
            }
            long time = new Date().getTime() / 1000;
            return AuthenticationResult.builder().accessToken(oIDCTokens.getAccessToken().getValue()).refreshToken(str).familyId(parseHttpResponse.getFoci()).idToken(oIDCTokens.getIDTokenString()).environment(this.url.getHost()).expiresOn(time + parseHttpResponse.getExpiresIn()).extExpiresOn(parseHttpResponse.getExtExpiresIn() > 0 ? time + parseHttpResponse.getExtExpiresIn() : 0L).accountCacheEntity(accountCacheEntity).scopes(parseHttpResponse.getScope()).build();
        } finally {
            if (createTelemetryHelper != null) {
                if (0 != 0) {
                    try {
                        createTelemetryHelper.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    createTelemetryHelper.close();
                }
            }
        }
    }

    private void addResponseHeadersToHttpEvent(HttpEvent httpEvent, HTTPResponse hTTPResponse) {
        XmsClientTelemetryInfo parseXmsTelemetryInfo;
        httpEvent.setHttpResponseStatus(Integer.valueOf(hTTPResponse.getStatusCode()));
        if (!StringHelper.isBlank(hTTPResponse.getHeaderValue("User-Agent"))) {
            httpEvent.setUserAgent(hTTPResponse.getHeaderValue("User-Agent"));
        }
        if (!StringHelper.isBlank(hTTPResponse.getHeaderValue("x-ms-request-id"))) {
            httpEvent.setRequestIdHeader(hTTPResponse.getHeaderValue("x-ms-request-id"));
        }
        if (StringHelper.isBlank(hTTPResponse.getHeaderValue("x-ms-clitelem")) || (parseXmsTelemetryInfo = XmsClientTelemetryInfo.parseXmsTelemetryInfo(hTTPResponse.getHeaderValue("x-ms-clitelem"))) == null) {
            return;
        }
        httpEvent.setXmsClientTelemetryInfo(parseXmsTelemetryInfo);
    }

    private HttpEvent createHttpEvent() {
        HttpEvent httpEvent = new HttpEvent();
        httpEvent.setHttpMethod("POST");
        try {
            httpEvent.setHttpPath(this.url.toURI());
            if (!StringHelper.isBlank(this.url.getQuery())) {
                httpEvent.setQueryParameters(this.url.getQuery());
            }
        } catch (URISyntaxException e) {
            this.log.warn(LogHelper.createMessage("Setting URL telemetry fields failed: " + LogHelper.getPiiScrubbedDetails(e), this.msalRequest.headers().getHeaderCorrelationIdValue()));
        }
        return httpEvent;
    }

    private String getClaims(String str) {
        JsonElement jsonElement = new JsonParser().parse(str).getAsJsonObject().get("claims");
        if (jsonElement != null) {
            return jsonElement.getAsString();
        }
        return null;
    }

    OAuthHttpRequest toOauthHttpRequest() throws SerializeException {
        if (this.url == null) {
            throw new SerializeException("The endpoint URI is not specified");
        }
        OAuthHttpRequest oAuthHttpRequest = new OAuthHttpRequest(HTTPRequest.Method.POST, this.url, this.msalRequest.headers().getReadonlyHeaderMap(), this.serviceBundle);
        oAuthHttpRequest.setContentType(CommonContentTypes.APPLICATION_URLENCODED);
        oAuthHttpRequest.setQuery(URLUtils.serializeParameters(this.msalRequest.msalAuthorizationGrant().toParameters()));
        if (this.msalRequest.application().clientAuthentication != null) {
            this.msalRequest.application().clientAuthentication.applyTo(oAuthHttpRequest);
        }
        return oAuthHttpRequest;
    }

    Logger getLog() {
        return this.log;
    }

    URL getUrl() {
        return this.url;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MsalRequest getMsalRequest() {
        return this.msalRequest;
    }

    ServiceBundle getServiceBundle() {
        return this.serviceBundle;
    }
}
