package com.microsoft.aad.msal4j;

import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.ResourceOwnerPasswordCredentialsGrant;
import com.nimbusds.oauth2.sdk.SAML2BearerGrant;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:applicationinsights-agent-3.3.1.jar:inst/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.classdata */
public class AcquireTokenByAuthorizationGrantSupplier extends AuthenticationResultSupplier {
    private Authority requestAuthority;
    private MsalRequest msalRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcquireTokenByAuthorizationGrantSupplier(AbstractClientApplicationBase abstractClientApplicationBase, MsalRequest msalRequest, Authority authority) {
        super(abstractClientApplicationBase, msalRequest);
        this.msalRequest = msalRequest;
        this.requestAuthority = authority;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.aad.msal4j.AuthenticationResultSupplier
    public AuthenticationResult execute() throws Exception {
        MsalInteractionRequiredException cachedInteractionRequiredException;
        AbstractMsalAuthorizationGrant msalAuthorizationGrant = this.msalRequest.msalAuthorizationGrant();
        if (IsUiRequiredCacheSupported() && (cachedInteractionRequiredException = InteractionRequiredCache.getCachedInteractionRequiredException(((RefreshTokenRequest) this.msalRequest).getFullThumbprint())) != null) {
            throw cachedInteractionRequiredException;
        }
        if (msalAuthorizationGrant instanceof OAuthAuthorizationGrant) {
            this.msalRequest.msalAuthorizationGrant = processPasswordGrant((OAuthAuthorizationGrant) msalAuthorizationGrant);
        }
        if (msalAuthorizationGrant instanceof IntegratedWindowsAuthorizationGrant) {
            IntegratedWindowsAuthorizationGrant integratedWindowsAuthorizationGrant = (IntegratedWindowsAuthorizationGrant) msalAuthorizationGrant;
            this.msalRequest.msalAuthorizationGrant = new OAuthAuthorizationGrant(getAuthorizationGrantIntegrated(integratedWindowsAuthorizationGrant.getUserName()), integratedWindowsAuthorizationGrant.getScopes(), integratedWindowsAuthorizationGrant.getClaims());
        }
        if (this.requestAuthority == null) {
            this.requestAuthority = this.clientApplication.authenticationAuthority;
        }
        if (this.requestAuthority.authorityType == AuthorityType.AAD) {
            this.requestAuthority = getAuthorityWithPrefNetworkHost(this.requestAuthority.authority());
        }
        try {
            return this.clientApplication.acquireTokenCommon(this.msalRequest, this.requestAuthority);
        } catch (MsalInteractionRequiredException e) {
            if (IsUiRequiredCacheSupported()) {
                InteractionRequiredCache.set(((RefreshTokenRequest) this.msalRequest).getFullThumbprint(), e);
            }
            throw e;
        }
    }

    private boolean IsUiRequiredCacheSupported() {
        return (this.msalRequest instanceof RefreshTokenRequest) && (this.clientApplication instanceof PublicClientApplication);
    }

    private OAuthAuthorizationGrant processPasswordGrant(OAuthAuthorizationGrant oAuthAuthorizationGrant) throws Exception {
        if ((oAuthAuthorizationGrant.getAuthorizationGrant() instanceof ResourceOwnerPasswordCredentialsGrant) && this.msalRequest.application().authenticationAuthority.authorityType == AuthorityType.AAD) {
            ResourceOwnerPasswordCredentialsGrant resourceOwnerPasswordCredentialsGrant = (ResourceOwnerPasswordCredentialsGrant) oAuthAuthorizationGrant.getAuthorizationGrant();
            UserDiscoveryResponse execute = UserDiscoveryRequest.execute(this.clientApplication.authenticationAuthority.getUserRealmEndpoint(resourceOwnerPasswordCredentialsGrant.getUsername()), this.msalRequest.headers().getReadonlyHeaderMap(), this.msalRequest.requestContext(), this.clientApplication.getServiceBundle());
            if (execute.isAccountFederated()) {
                oAuthAuthorizationGrant = new OAuthAuthorizationGrant(getSAMLAuthorizationGrant(WSTrustRequest.execute(execute.federationMetadataUrl(), resourceOwnerPasswordCredentialsGrant.getUsername(), resourceOwnerPasswordCredentialsGrant.getPassword().getValue(), execute.cloudAudienceUrn(), this.msalRequest.requestContext(), this.clientApplication.getServiceBundle(), this.clientApplication.logPii())), oAuthAuthorizationGrant.getParameters());
            }
            return oAuthAuthorizationGrant;
        }
        return oAuthAuthorizationGrant;
    }

    private AuthorizationGrant getSAMLAuthorizationGrant(WSTrustResponse wSTrustResponse) throws UnsupportedEncodingException {
        return wSTrustResponse.isTokenSaml2() ? new SAML2BearerGrant(new Base64URL(Base64.getEncoder().encodeToString(wSTrustResponse.getToken().getBytes(StandardCharsets.UTF_8)))) : new SAML11BearerGrant(new Base64URL(Base64.getEncoder().encodeToString(wSTrustResponse.getToken().getBytes(StandardCharsets.UTF_8))));
    }

    private AuthorizationGrant getAuthorizationGrantIntegrated(String str) throws Exception {
        UserDiscoveryResponse execute = UserDiscoveryRequest.execute(this.clientApplication.authenticationAuthority.getUserRealmEndpoint(URLEncoder.encode(str, StandardCharsets.UTF_8.name())), this.msalRequest.headers().getReadonlyHeaderMap(), this.msalRequest.requestContext(), this.clientApplication.getServiceBundle());
        if (execute.isAccountFederated() && "WSTrust".equalsIgnoreCase(execute.federationProtocol())) {
            return getSAMLAuthorizationGrant(WSTrustRequest.execute(execute.federationMetadataUrl(), execute.cloudAudienceUrn(), this.msalRequest.requestContext(), this.clientApplication.getServiceBundle(), this.clientApplication.logPii()));
        }
        if (execute.isAccountManaged()) {
            throw new MsalClientException("Password is required for managed user", AuthenticationErrorCode.PASSWORD_REQUIRED_FOR_MANAGED_USER);
        }
        throw new MsalClientException("User Realm request failed", AuthenticationErrorCode.USER_REALM_DISCOVERY_FAILED);
    }
}
