package com.microsoft.alm.auth.oauth;

import com.microsoft.alm.auth.BaseAuthenticator;
import com.microsoft.alm.auth.PromptBehavior;
import com.microsoft.alm.auth.oauth.helper.AzureAuthorityProvider;
import com.microsoft.alm.auth.oauth.helper.SwtJarLoader;
import com.microsoft.alm.helpers.Action;
import com.microsoft.alm.helpers.Debug;
import com.microsoft.alm.helpers.HttpClient;
import com.microsoft.alm.helpers.LoggingHelper;
import com.microsoft.alm.oauth2.useragent.AuthorizationException;
import com.microsoft.alm.secret.Token;
import com.microsoft.alm.secret.TokenPair;
import com.microsoft.alm.storage.InsecureInMemoryStore;
import com.microsoft.alm.storage.SecretStore;
import java.io.IOException;
import java.net.URI;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/microsoft/alm/auth/oauth/OAuth2Authenticator.class */
public class OAuth2Authenticator extends BaseAuthenticator {
    public static final String POPUP_QUERY_PARAM = "display=popup";
    public static final String MANAGEMENT_CORE_RESOURCE = "https://management.core.windows.net/";
    public static final String VSTS_RESOURCE = "499b84ac-1321-427f-aa17-267ca6975798";
    public static final String SWT_PROIVDER_NAME = "StandardWidgetToolkit";
    public static final String JAVAFX_PROVIDER_NAME = "JavaFx";
    private static final String TYPE = "OAuth2";
    private static final String USER_AGENT_PROVIDER_PROPERTY_NAME = "userAgentProvider";
    private final String resource;
    private final String clientId;
    private final URI redirectUri;
    private final SecretStore<TokenPair> store;
    private final OAuth2UseragentValidator oAuth2UseragentValidator;
    private final Action<DeviceFlowResponse> deviceFlowCallback;
    private AzureAuthorityProvider azureAuthorityProvider = new AzureAuthorityProvider();
    private static final Logger logger = LoggerFactory.getLogger(OAuth2Authenticator.class);
    public static final URI APP_VSSPS_VISUALSTUDIO = URI.create("https://app.vssps.visualstudio.com");
    public static final String VALIDATION_ENDPOINT = APP_VSSPS_VISUALSTUDIO + "/_apis/connectionData";

    /* loaded from: input_file:com/microsoft/alm/auth/oauth/OAuth2Authenticator$OAuth2AuthenticatorBuilder.class */
    public static class OAuth2AuthenticatorBuilder {
        private String resource;
        private String clientId;
        private URI redirectUri;
        private SecretStore store;
        private String tenantId = AzureAuthority.CommonTenant;
        private Action<DeviceFlowResponse> deviceFlowCallback;

        public OAuth2AuthenticatorBuilder manage(String str) {
            Debug.Assert(str != null, "resource cannot be null");
            this.resource = str;
            return this;
        }

        public OAuth2AuthenticatorBuilder withClientId(UUID uuid) {
            return withClientId(uuid.toString());
        }

        public OAuth2AuthenticatorBuilder withClientId(String str) {
            Debug.Assert(str != null, "clientId cannot be null");
            this.clientId = str;
            return this;
        }

        public OAuth2AuthenticatorBuilder redirectTo(URI uri) {
            Debug.Assert(uri != null, "redirectUri cannot be null");
            this.redirectUri = uri;
            return this;
        }

        public OAuth2AuthenticatorBuilder redirectTo(String str) {
            return redirectTo(URI.create(str));
        }

        public OAuth2AuthenticatorBuilder backedBy(SecretStore secretStore) {
            Debug.Assert(secretStore != null, "store cannot be null");
            this.store = secretStore;
            return this;
        }

        public OAuth2AuthenticatorBuilder withDeviceFlowCallback(Action<DeviceFlowResponse> action) {
            this.deviceFlowCallback = action;
            return this;
        }

        public OAuth2Authenticator build() {
            if (this.clientId == null) {
                throw new IllegalStateException("ClientId not set");
            }
            if (this.resource == null) {
                throw new IllegalStateException("resource not set");
            }
            if (this.redirectUri == null) {
                throw new IllegalStateException("redirectUri not set");
            }
            return new OAuth2Authenticator(this.resource, this.clientId, this.redirectUri, this.store, new OAuth2UseragentValidator(), this.deviceFlowCallback);
        }
    }

    public static OAuth2Authenticator getAuthenticator(String str, String str2, SecretStore<TokenPair> secretStore) {
        logger.debug("Authenticator manages resource: {}", MANAGEMENT_CORE_RESOURCE);
        return new OAuth2AuthenticatorBuilder().manage(MANAGEMENT_CORE_RESOURCE).withClientId(str).redirectTo(str2).backedBy(secretStore).build();
    }

    public static OAuth2Authenticator getAuthenticator(String str, String str2, SecretStore<TokenPair> secretStore, Action<DeviceFlowResponse> action) {
        logger.debug("Authenticator manages resource: {}", MANAGEMENT_CORE_RESOURCE);
        return new OAuth2AuthenticatorBuilder().manage(MANAGEMENT_CORE_RESOURCE).withClientId(str).redirectTo(str2).backedBy(secretStore).withDeviceFlowCallback(action).build();
    }

    OAuth2Authenticator(String str, String str2, URI uri, SecretStore<TokenPair> secretStore, OAuth2UseragentValidator oAuth2UseragentValidator, Action<DeviceFlowResponse> action) {
        Debug.Assert(str != null, "resource cannot be null");
        Debug.Assert(str2 != null, "clientId cannot be null");
        Debug.Assert(uri != null, "redirectUri cannot be null");
        this.resource = str;
        this.clientId = str2;
        this.redirectUri = uri;
        this.oAuth2UseragentValidator = oAuth2UseragentValidator;
        this.deviceFlowCallback = action;
        logger.debug("Using default SecretStore? {}", Boolean.valueOf(secretStore == null));
        this.store = secretStore == null ? new InsecureInMemoryStore<>() : secretStore;
    }

    @Override // com.microsoft.alm.auth.Authenticator
    public String getAuthType() {
        return TYPE;
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator
    protected SecretStore<TokenPair> getStore() {
        return this.store;
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator, com.microsoft.alm.auth.Authenticator
    public boolean isOAuth2TokenSupported() {
        return true;
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator, com.microsoft.alm.auth.Authenticator
    public TokenPair getOAuth2TokenPair() {
        return getOAuth2TokenPair(APP_VSSPS_VISUALSTUDIO, PromptBehavior.AUTO);
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator, com.microsoft.alm.auth.Authenticator
    public TokenPair getOAuth2TokenPair(PromptBehavior promptBehavior) {
        return getOAuth2TokenPair(APP_VSSPS_VISUALSTUDIO, promptBehavior);
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator, com.microsoft.alm.auth.Authenticator
    public TokenPair getOAuth2TokenPair(final URI uri, PromptBehavior promptBehavior) {
        Debug.Assert(promptBehavior != null, "getOAuth2TokenPair promptBehavior cannot be null");
        Debug.Assert(uri != null, "getOAuth2TokenPair uri cannot be null");
        logger.debug("Retrieving OAuth2 TokenPair with prompt behavior: {}", promptBehavior.name());
        return new BaseAuthenticator.SecretRetriever<TokenPair>() { // from class: com.microsoft.alm.auth.oauth.OAuth2Authenticator.1
            private boolean validateAccessToken(Token token, URI uri2) {
                HttpClient createHttpClient = Global.getHttpClientFactory().createHttpClient();
                token.contributeHeader(createHttpClient.getHeaders());
                try {
                    createHttpClient.getGetResponseText(uri2);
                    return true;
                } catch (IOException e) {
                    OAuth2Authenticator.logger.debug("Validation failed with IOException.", e);
                    return false;
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.microsoft.alm.auth.BaseAuthenticator.SecretRetriever
            public boolean tryGetValidated(TokenPair tokenPair, AtomicReference<TokenPair> atomicReference) {
                Debug.Assert(tokenPair != null, "TokenPair is null");
                Debug.Assert(atomicReference != null, "Holder is null");
                URI create = URI.create(OAuth2Authenticator.VALIDATION_ENDPOINT);
                boolean z = false;
                if (tokenPair.AccessToken != null) {
                    OAuth2Authenticator.logger.debug("Validating stored OAuth2 Access Token...");
                    z = validateAccessToken(tokenPair.AccessToken, create);
                }
                if (!z && tokenPair.RefreshToken != null) {
                    OAuth2Authenticator.logger.debug("OAuth2 Access Token is not valid, and we have a refresh token, try refreshing...");
                    TokenPair acquireTokenByRefreshToken = OAuth2Authenticator.this.getAzureAuthority(uri).acquireTokenByRefreshToken(OAuth2Authenticator.this.clientId, OAuth2Authenticator.this.resource, tokenPair.RefreshToken);
                    if (acquireTokenByRefreshToken != null && acquireTokenByRefreshToken.AccessToken.Value != null && acquireTokenByRefreshToken.RefreshToken.Value != null) {
                        OAuth2Authenticator.logger.debug("OAuth2 Access Token refreshed successfully.");
                        z = true;
                        atomicReference.set(acquireTokenByRefreshToken);
                    }
                }
                OAuth2Authenticator.logger.debug("OAuth2 Access Token is {}.", z ? "valid" : "invalid.");
                return z;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // com.microsoft.alm.auth.BaseAuthenticator.SecretRetriever
            public TokenPair doRetrieve() {
                OAuth2Authenticator.logger.info("Ready to launch browser flow to retrieve oauth2 token.");
                AtomicReference atomicReference = new AtomicReference();
                String property = System.getProperty(OAuth2Authenticator.USER_AGENT_PROVIDER_PROPERTY_NAME, OAuth2Authenticator.JAVAFX_PROVIDER_NAME);
                OAuth2Authenticator.logger.info("Attempt to use oauth2-useragent provider: {}", property);
                boolean equals = property.equals(OAuth2Authenticator.SWT_PROIVDER_NAME);
                boolean equalsIgnoreCase = property.equalsIgnoreCase("none");
                if (equals) {
                    try {
                        OAuth2Authenticator.logger.debug("Prefer SWT Browser, download SWT Runtime if it is not available.");
                        if (OAuth2Authenticator.this.oAuth2UseragentValidator.isOnlyMissingRuntimeFromSwtProvider()) {
                            SwtJarLoader.tryGetSwtJar(atomicReference);
                        }
                    } catch (IllegalArgumentException e) {
                        if (!e.getMessage().startsWith("Unrecognized version string")) {
                            throw e;
                        }
                        LoggingHelper.logError(OAuth2Authenticator.logger, "Could not parse JVM version, continue with device flow.", e);
                    }
                }
                if (!equalsIgnoreCase && (OAuth2Authenticator.this.oAuth2UseragentValidator.isOAuth2ProviderAvailable() || (OAuth2Authenticator.this.oAuth2UseragentValidator.isOnlyMissingRuntimeFromSwtProvider() && SwtJarLoader.tryGetSwtJar(atomicReference)))) {
                    try {
                        OAuth2Authenticator.logger.info("Using oauth2-useragent providers to retrieve AAD token.");
                        return OAuth2Authenticator.this.getAzureAuthority(uri).acquireToken(OAuth2Authenticator.this.clientId, OAuth2Authenticator.this.resource, OAuth2Authenticator.this.redirectUri, OAuth2Authenticator.POPUP_QUERY_PARAM);
                    } catch (AuthorizationException e2) {
                        LoggingHelper.logError(OAuth2Authenticator.logger, "Failed to launch oauth2-useragent.", e2);
                        if (!"unknown_error".equalsIgnoreCase(e2.getCode())) {
                            return null;
                        }
                    }
                }
                if (OAuth2Authenticator.this.deviceFlowCallback == null) {
                    return null;
                }
                OAuth2Authenticator.logger.info("Fallback to Device Flow.");
                try {
                    return OAuth2Authenticator.this.getAzureAuthority(uri).acquireToken(OAuth2Authenticator.this.clientId, OAuth2Authenticator.this.resource, OAuth2Authenticator.this.redirectUri, OAuth2Authenticator.this.deviceFlowCallback);
                } catch (AuthorizationException e3) {
                    LoggingHelper.logError(OAuth2Authenticator.logger, "Failed to use the Device Flow authenticator.", e3);
                    return null;
                }
            }
        }.retrieve(getKey(APP_VSSPS_VISUALSTUDIO), getStore(), promptBehavior);
    }

    @Override // com.microsoft.alm.auth.BaseAuthenticator, com.microsoft.alm.auth.Authenticator
    public boolean signOut() {
        return super.signOut(APP_VSSPS_VISUALSTUDIO);
    }

    void setAzureAuthorityProvider(AzureAuthorityProvider azureAuthorityProvider) {
        this.azureAuthorityProvider = azureAuthorityProvider;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AzureAuthority getAzureAuthority(URI uri) {
        try {
            return this.azureAuthorityProvider.getAzureAuthority(uri);
        } catch (IOException e) {
            throw new Error(e);
        }
    }
}
