package com.microsoft.alm.auth.pat;

import com.microsoft.alm.auth.oauth.AzureAuthority;
import com.microsoft.alm.auth.oauth.Global;
import com.microsoft.alm.helpers.Action;
import com.microsoft.alm.helpers.Debug;
import com.microsoft.alm.helpers.Guid;
import com.microsoft.alm.helpers.HttpClient;
import com.microsoft.alm.helpers.StringContent;
import com.microsoft.alm.helpers.StringHelper;
import com.microsoft.alm.secret.Token;
import com.microsoft.alm.secret.TokenType;
import com.microsoft.alm.secret.VsoTokenScope;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/microsoft/alm/auth/pat/VsoAzureAuthority.class */
public class VsoAzureAuthority extends AzureAuthority {
    public static final int RequestTimeout = 15000;
    private static final String ALL_ACCOUNTS = "all_accounts";
    private static final Logger logger = LoggerFactory.getLogger(VsoAzureAuthority.class);
    private static final Pattern TOKEN_PATTERN = Pattern.compile("\"token\"\\s*:\\s*\"([^\"]+)\"", 2);
    private static final Pattern INSTANCE_ID_PATTERN = Pattern.compile("\"instanceId\"\\s*:\\s*\"([^\"]+)\"", 2);

    public Token generatePersonalAccessToken(URI uri, Token token, VsoTokenScope vsoTokenScope, boolean z, boolean z2, String str) {
        Debug.Assert(uri != null, "The targetUri parameter is null");
        Debug.Assert((token == null || StringHelper.isNullOrWhiteSpace(token.Value) || (token.Type != TokenType.Access && token.Type != TokenType.Federated)) ? false : true, "The accessToken parameter is null or invalid");
        Debug.Assert(vsoTokenScope != null, "The tokenScope parameter is invalid");
        logger.debug("VsoAzureAuthority::generatePersonalAccessToken");
        try {
            HttpClient httpClient = new HttpClient(Global.getUserAgent());
            logger.debug("   using token to acquire personal access token");
            token.contributeHeader(httpClient.Headers);
            if (!z2 && !populateTokenTargetId(uri, token)) {
                return null;
            }
            HttpURLConnection post = httpClient.post(URI.create(z ? "https://app.vssps.visualstudio.com/_apis/token/sessiontokens?api-version=1.0&tokentype=compact" : "https://app.vssps.visualstudio.com/_apis/token/sessiontokens?api-version=1.0"), getAccessTokenRequestBody(token, vsoTokenScope, z2, str));
            if (post.getResponseCode() != 200) {
                return null;
            }
            Token parsePersonalAccessTokenFromJson = parsePersonalAccessTokenFromJson(HttpClient.readToString(post));
            if (parsePersonalAccessTokenFromJson != null) {
                logger.debug("   personal access token acquisition succeeded.");
            }
            return parsePersonalAccessTokenFromJson;
        } catch (IOException e) {
            throw new Error(e);
        }
    }

    public boolean populateTokenTargetId(URI uri, Token token) {
        Debug.Assert(uri != null && uri.isAbsolute(), "The targetUri parameter is null or invalid");
        Debug.Assert((token == null || StringHelper.isNullOrWhiteSpace(token.Value) || (token.Type != TokenType.Access && token.Type != TokenType.Federated)) ? false : true, "The accessToken parameter is null or invalid");
        logger.debug("VsoAzureAuthority::populateTokenTargetId");
        String str = null;
        try {
            str = parseInstanceIdFromJson(HttpClient.readToString(createConnectionDataRequest(uri, token)));
        } catch (IOException e) {
            logger.debug("   server returned " + e.getMessage());
        }
        AtomicReference atomicReference = new AtomicReference();
        if (!Guid.tryParse(str, atomicReference)) {
            return false;
        }
        logger.debug("   target identity is " + str);
        token.setTargetIdentity((UUID) atomicReference.get());
        return true;
    }

    static Token parsePersonalAccessTokenFromJson(String str) {
        Token token = null;
        if (!StringHelper.isNullOrWhiteSpace(str)) {
            Matcher matcher = TOKEN_PATTERN.matcher(str);
            if (matcher.find()) {
                token = new Token(matcher.group(1), TokenType.Personal);
            }
        }
        return token;
    }

    static String parseInstanceIdFromJson(String str) {
        String str2 = null;
        Matcher matcher = INSTANCE_ID_PATTERN.matcher(str);
        if (matcher.find()) {
            str2 = matcher.group(1);
        }
        return str2;
    }

    private StringContent getAccessTokenRequestBody(Token token, VsoTokenScope vsoTokenScope, boolean z, String str) {
        Debug.Assert(token != null && (token.Type == TokenType.Access || token.Type == TokenType.Federated), "The accessToken parameter is null or invalid");
        Debug.Assert(vsoTokenScope != null, "The tokenScope parameter is null");
        String uuid = z ? ALL_ACCOUNTS : token.getTargetIdentity().toString();
        logger.debug("   creating access token scoped to '" + vsoTokenScope + "' for '" + uuid + "'");
        return StringContent.createJson(String.format("{ \"scope\" : \"%1$s\", \"targetAccounts\" : [\"%2$s\"], \"displayName\" : \"%3$s\" }", vsoTokenScope, uuid, str));
    }

    private HttpURLConnection createConnectionDataRequest(URI uri, Token token) throws IOException {
        Debug.Assert(uri != null && uri.isAbsolute(), "The targetUri parameter is null or invalid");
        Debug.Assert(token != null && (token.Type == TokenType.Access || token.Type == TokenType.Federated), "The token parameter is null or invalid");
        logger.debug("VsoAzureAuthority::createConnectionDataRequest");
        HttpClient httpClient = new HttpClient(Global.getUserAgent());
        URI createConnectionDataUri = createConnectionDataUri(uri);
        logger.debug("   validating token");
        token.contributeHeader(httpClient.Headers);
        return httpClient.get(createConnectionDataUri, new Action<HttpURLConnection>() { // from class: com.microsoft.alm.auth.pat.VsoAzureAuthority.1
            public void call(HttpURLConnection httpURLConnection) {
                httpURLConnection.setConnectTimeout(VsoAzureAuthority.RequestTimeout);
            }
        });
    }

    private URI createConnectionDataUri(URI uri) {
        Debug.Assert((uri != null) & uri.isAbsolute(), "The targetUri parameter is null or invalid");
        return URI.create(String.format("https://%1$s/_apis/connectiondata", uri.getHost()));
    }
}
