package com.microsoft.alm.auth.oauth;

import com.microsoft.alm.auth.PromptBehavior;
import com.microsoft.alm.helpers.Action;
import com.microsoft.alm.helpers.Debug;
import com.microsoft.alm.helpers.Guid;
import com.microsoft.alm.helpers.HttpClient;
import com.microsoft.alm.helpers.ObjectExtensions;
import com.microsoft.alm.helpers.QueryString;
import com.microsoft.alm.helpers.StringContent;
import com.microsoft.alm.helpers.StringHelper;
import com.microsoft.alm.helpers.UriHelper;
import com.microsoft.alm.oauth2.useragent.AuthorizationException;
import com.microsoft.alm.oauth2.useragent.AuthorizationResponse;
import com.microsoft.alm.oauth2.useragent.UserAgent;
import com.microsoft.alm.oauth2.useragent.UserAgentImpl;
import com.microsoft.alm.secret.TokenPair;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/microsoft/alm/auth/oauth/AzureAuthority.class */
public class AzureAuthority {
    private static final Logger logger = LoggerFactory.getLogger(AzureAuthority.class);
    public static final String AuthorityHostUrlBase = "https://login.microsoftonline.com";
    public static final String CommonTenant = "common";
    public static final String DefaultAuthorityHostUrl = "https://login.microsoftonline.com";
    private static final String VSTS_BASE_DOMAIN = "visualstudio.com";
    private static final String VSTS_RESOURCE_TENANT_HEADER = "X-VSS-ResourceTenant";
    private final UserAgent userAgent;
    private final AzureDeviceFlow azureDeviceFlow;
    private String authorityHostUrl;

    public AzureAuthority() {
        this("https://login.microsoftonline.com");
    }

    public AzureAuthority(String str) {
        this(str, new UserAgentImpl(), new AzureDeviceFlow());
    }

    AzureAuthority(String str, UserAgent userAgent, AzureDeviceFlow azureDeviceFlow) {
        Debug.Assert(UriHelper.isWellFormedUriString(str), "The authorityHostUrl parameter is invalid.");
        Debug.Assert(userAgent != null, "The userAgent parameter is null.");
        this.authorityHostUrl = str;
        this.userAgent = userAgent;
        this.azureDeviceFlow = azureDeviceFlow;
    }

    static URI createAuthorizationEndpointUri(String str, String str2, String str3, URI uri, UserIdentifier userIdentifier, String str4, PromptBehavior promptBehavior, String str5) {
        QueryString queryString = new QueryString();
        queryString.put("resource", str2);
        queryString.put("client_id", str3);
        queryString.put("response_type", "code");
        queryString.put("redirect_uri", uri.toString());
        if (!userIdentifier.isAnyUser() && (userIdentifier.getType() == UserIdentifierType.OPTIONAL_DISPLAYABLE_ID || userIdentifier.getType() == UserIdentifierType.REQUIRED_DISPLAYABLE_ID)) {
            queryString.put("login_hint", userIdentifier.getId());
        }
        if (str4 != null) {
            queryString.put("state", str4);
        }
        Object obj = null;
        switch (promptBehavior) {
            case ALWAYS:
                obj = "login";
                break;
            case NEVER:
                obj = "attempt_none";
                break;
        }
        if (obj != null) {
            queryString.put("prompt", obj);
        }
        StringBuilder sb = new StringBuilder(str);
        sb.append("/oauth2/authorize?");
        sb.append(queryString.toString());
        if (!StringHelper.isNullOrWhiteSpace(str5)) {
            sb.append('&').append((CharSequence) str5, str5.charAt(0) == '&' ? 1 : 0, str5.length());
        }
        try {
            return new URI(sb.toString());
        } catch (URISyntaxException e) {
            throw new Error(e);
        }
    }

    static URI createTokenEndpointUri(String str) {
        try {
            return new URI(str + "/oauth2/token");
        } catch (URISyntaxException e) {
            throw new Error(e);
        }
    }

    static StringContent createTokenRequest(String str, String str2, String str3, URI uri, UUID uuid) {
        QueryString queryString = new QueryString();
        queryString.put("resource", str);
        queryString.put("client_id", str2);
        queryString.put("grant_type", "authorization_code");
        queryString.put("code", str3);
        queryString.put("redirect_uri", uri.toString());
        if (uuid != null && !Guid.Empty.equals(uuid)) {
            queryString.put("client-request-id", uuid.toString());
            queryString.put("return-client-request-id", "true");
        }
        return StringContent.createUrlEncoded(queryString);
    }

    public static UUID detectTenantId(URI uri) {
        AtomicReference atomicReference = new AtomicReference(Guid.Empty);
        if (!StringHelper.endsWithIgnoreCase(uri.getHost(), VSTS_BASE_DOMAIN)) {
            return null;
        }
        try {
            String headerField = new HttpClient(Global.getUserAgent()).head(uri, new Action<HttpURLConnection>() { // from class: com.microsoft.alm.auth.oauth.AzureAuthority.1
                public void call(HttpURLConnection httpURLConnection) {
                    httpURLConnection.setInstanceFollowRedirects(false);
                }
            }).getHeaderField(VSTS_RESOURCE_TENANT_HEADER);
            if (StringHelper.isNullOrWhiteSpace(headerField) || !Guid.tryParse(headerField, atomicReference) || Guid.Empty.equals(atomicReference.get())) {
                return null;
            }
            return (UUID) atomicReference.get();
        } catch (IOException e) {
            throw new Error(e);
        }
    }

    public TokenPair acquireToken(String str, String str2, URI uri, String str3) throws AuthorizationException {
        Debug.Assert(!StringHelper.isNullOrWhiteSpace(str), "The clientId parameter is null or empty");
        Debug.Assert(!StringHelper.isNullOrWhiteSpace(str2), "The resource parameter is null or empty");
        Debug.Assert(uri != null, "The redirectUri parameter is null");
        Debug.Assert(uri.isAbsolute(), "The redirectUri parameter is not an absolute Uri");
        logger.debug("AzureAuthority::acquireToken");
        TokenPair tokenPair = null;
        String acquireAuthorizationCode = acquireAuthorizationCode(str2, str, uri, (String) ObjectExtensions.coalesce(str3, ""));
        if (acquireAuthorizationCode == null) {
            logger.debug("   token acquisition failed.");
            return null;
        }
        HttpClient httpClient = new HttpClient(Global.getUserAgent());
        try {
            HttpURLConnection post = httpClient.post(createTokenEndpointUri(this.authorityHostUrl), createTokenRequest(str2, str, acquireAuthorizationCode, uri, null), new Action<HttpURLConnection>() { // from class: com.microsoft.alm.auth.oauth.AzureAuthority.2
                public void call(HttpURLConnection httpURLConnection) {
                    httpURLConnection.setUseCaches(false);
                }
            });
            httpClient.ensureOK(post);
            tokenPair = new TokenPair(HttpClient.readToString(post));
            logger.debug("   token acquisition succeeded.");
        } catch (IOException e) {
            logger.debug("   token acquisition failed.");
            logger.debug("   IOException: {}", e);
        }
        return tokenPair;
    }

    public TokenPair acquireToken(String str, String str2, URI uri, Action<DeviceFlowResponse> action) throws AuthorizationException {
        Debug.Assert(!StringHelper.isNullOrWhiteSpace(str), "The clientId parameter is null or empty");
        Debug.Assert(!StringHelper.isNullOrWhiteSpace(str2), "The resource parameter is null or empty");
        Debug.Assert(uri != null, "The redirectUri parameter is null");
        Debug.Assert(action != null, "The callback parameter is null");
        logger.debug("AzureAuthority::acquireToken");
        this.azureDeviceFlow.setResource(str2);
        this.azureDeviceFlow.setRedirectUri(uri.toString());
        DeviceFlowResponse requestAuthorization = this.azureDeviceFlow.requestAuthorization(URI.create(this.authorityHostUrl + "/oauth2/devicecode"), str, null);
        action.call(requestAuthorization);
        TokenPair requestToken = this.azureDeviceFlow.requestToken(createTokenEndpointUri(this.authorityHostUrl), str, requestAuthorization);
        logger.debug("   token acquisition succeeded.");
        return requestToken;
    }

    private String acquireAuthorizationCode(String str, String str2, URI uri, String str3) throws AuthorizationException {
        String uuid = UUID.randomUUID().toString();
        AuthorizationResponse requestAuthorizationCode = this.userAgent.requestAuthorizationCode(createAuthorizationEndpointUri(this.authorityHostUrl, str, str2, uri, UserIdentifier.ANY_USER, uuid, PromptBehavior.ALWAYS, str3), uri);
        String code = requestAuthorizationCode.getCode();
        if (!uuid.equals(requestAuthorizationCode.getState())) {
            code = null;
        }
        return code;
    }
}
