package com.azure.identity.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.http.HttpClient;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.HttpPipelineBuilder;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.ProxyOptions;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.http.policy.HttpLoggingPolicy;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.http.policy.HttpPolicyProviders;
import com.azure.core.http.policy.RetryPolicy;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.core.util.serializer.JacksonAdapter;
import com.azure.core.util.serializer.SerializerAdapter;
import com.azure.identity.CredentialUnavailableException;
import com.azure.identity.DeviceCodeInfo;
import com.azure.identity.TokenCachePersistenceOptions;
import com.azure.identity.implementation.util.CertificateUtil;
import com.azure.identity.implementation.util.IdentityUtil;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.DeviceCodeFlowParameters;
import com.microsoft.aad.msal4j.IClientCredential;
import com.microsoft.aad.msal4j.InteractiveRequestParameters;
import com.microsoft.aad.msal4j.OnBehalfOfParameters;
import com.microsoft.aad.msal4j.Prompt;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.TokenProviderResult;
import com.microsoft.aad.msal4j.UserNamePasswordParameters;
import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Random;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import reactor.core.publisher.Mono;

/* loaded from: input_file:applicationinsights-agent-3.4.5.jar:inst/com/azure/identity/implementation/IdentityClientBase.classdata */
public abstract class IdentityClientBase {
    static final String WINDOWS_STARTER = "cmd.exe";
    static final String LINUX_MAC_STARTER = "/bin/sh";
    static final String WINDOWS_SWITCHER = "/c";
    static final String LINUX_MAC_SWITCHER = "-c";
    static final String WINDOWS_PROCESS_ERROR_MESSAGE = "'az' is not recognized";
    static final String DEFAULT_WINDOWS_PS_EXECUTABLE = "pwsh.exe";
    static final String LEGACY_WINDOWS_PS_EXECUTABLE = "powershell.exe";
    static final String DEFAULT_LINUX_PS_EXECUTABLE = "pwsh";
    static final String DEFAULT_MAC_LINUX_PATH = "/bin/";
    static final String IDENTITY_ENDPOINT_VERSION = "2019-08-01";
    static final String MSI_ENDPOINT_VERSION = "2017-09-01";
    static final String ADFS_TENANT = "adfs";
    static final String HTTP_LOCALHOST = "http://localhost";
    static final String SERVICE_FABRIC_MANAGED_IDENTITY_API_VERSION = "2019-07-01-preview";
    final IdentityClientOptions options;
    final String tenantId;
    final String clientId;
    final String resourceId;
    final String clientSecret;
    final String clientAssertionFilePath;
    final InputStream certificate;
    final String certificatePath;
    final Supplier<String> clientAssertionSupplier;
    final String certificatePassword;
    HttpPipelineAdapter httpPipelineAdapter;
    static final SerializerAdapter SERIALIZER_ADAPTER = JacksonAdapter.createDefaultSerializerAdapter();
    static final Random RANDOM = new Random();
    static final Pattern LINUX_MAC_PROCESS_ERROR_MESSAGE = Pattern.compile("(.*)az:(.*)not found");
    static final String DEFAULT_WINDOWS_SYSTEM_ROOT = System.getenv("SystemRoot");
    static final Duration REFRESH_OFFSET = Duration.ofMinutes(5);
    static final ClientLogger LOGGER = new ClientLogger((Class<?>) IdentityClient.class);
    static final Pattern ACCESS_TOKEN_PATTERN = Pattern.compile("\"accessToken\": \"(.*?)(\"|$)");
    static final Pattern TRAILING_FORWARD_SLASHES = Pattern.compile("/+$");

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityClientBase(String str, String str2, String str3, String str4, String str5, String str6, Supplier<String> supplier, InputStream inputStream, String str7, boolean z, Duration duration, IdentityClientOptions identityClientOptions) {
        if (str == null) {
            str = IdentityUtil.DEFAULT_TENANT;
            identityClientOptions.setAdditionallyAllowedTenants(Arrays.asList("*"));
        }
        identityClientOptions = identityClientOptions == null ? new IdentityClientOptions() : identityClientOptions;
        this.tenantId = str;
        this.clientId = str2;
        this.resourceId = str6;
        this.clientSecret = str3;
        this.clientAssertionFilePath = str5;
        this.certificatePath = str4;
        this.certificate = inputStream;
        this.certificatePassword = str7;
        this.clientAssertionSupplier = supplier;
        this.options = identityClientOptions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfidentialClientApplication getConfidentialClient() {
        IClientCredential createFromCertificate;
        if (this.clientId == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        String str = TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId;
        if (this.clientSecret != null) {
            createFromCertificate = ClientCredentialFactory.createFromSecret(this.clientSecret);
        } else if (this.certificate != null || this.certificatePath != null) {
            try {
                if (this.certificatePassword == null) {
                    byte[] certificateBytes = getCertificateBytes();
                    List<X509Certificate> publicKeyFromPem = CertificateUtil.publicKeyFromPem(certificateBytes);
                    PrivateKey privateKeyFromPem = CertificateUtil.privateKeyFromPem(certificateBytes);
                    createFromCertificate = publicKeyFromPem.size() == 1 ? ClientCredentialFactory.createFromCertificate(privateKeyFromPem, publicKeyFromPem.get(0)) : ClientCredentialFactory.createFromCertificateChain(privateKeyFromPem, publicKeyFromPem);
                } else {
                    InputStream certificateInputStream = getCertificateInputStream();
                    try {
                        createFromCertificate = ClientCredentialFactory.createFromCertificate(certificateInputStream, this.certificatePassword);
                        if (certificateInputStream != null) {
                            certificateInputStream.close();
                        }
                    } finally {
                    }
                }
            } catch (IOException | GeneralSecurityException e) {
                throw LOGGER.logExceptionAsError(new RuntimeException("Failed to parse the certificate for the credential: " + e.getMessage(), e));
            }
        } else {
            if (this.clientAssertionSupplier == null) {
                throw LOGGER.logExceptionAsError(new IllegalArgumentException("Must provide client secret or client certificate path. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/serviceprincipalauthentication/troubleshoot"));
            }
            createFromCertificate = ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplier.get());
        }
        try {
            ConfidentialClientApplication.Builder authority = ConfidentialClientApplication.builder(this.clientId, createFromCertificate).authority(str);
            authority.sendX5c(this.options.isIncludeX5c());
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            }
            TokenCachePersistenceOptions tokenCacheOptions = this.options.getTokenCacheOptions();
            PersistentTokenCacheImpl persistentTokenCacheImpl = null;
            if (tokenCacheOptions != null) {
                try {
                    persistentTokenCacheImpl = new PersistentTokenCacheImpl().setAllowUnencryptedStorage(tokenCacheOptions.isUnencryptedStorageAllowed()).setName(tokenCacheOptions.getName());
                    authority.setTokenCacheAccessAspect(persistentTokenCacheImpl);
                } catch (Throwable th) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            if (this.options.getRegionalAuthority() != null) {
                if (this.options.getRegionalAuthority() == RegionalAuthority.AUTO_DISCOVER_REGION) {
                    authority.autoDetectRegion(true);
                } else {
                    authority.azureRegion(this.options.getRegionalAuthority().toString());
                }
            }
            ConfidentialClientApplication build = authority.build();
            if (persistentTokenCacheImpl != null) {
                persistentTokenCacheImpl.registerCache();
            }
            return build;
        } catch (MalformedURLException e2) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e2));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicClientApplication getPublicClient(boolean z) {
        if (this.clientId == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        try {
            PublicClientApplication.Builder authority = PublicClientApplication.builder(this.clientId).authority(TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId);
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            }
            if (!this.options.isCp1Disabled()) {
                HashSet hashSet = new HashSet(1);
                hashSet.add("CP1");
                authority.clientCapabilities(hashSet);
            }
            TokenCachePersistenceOptions tokenCacheOptions = this.options.getTokenCacheOptions();
            PersistentTokenCacheImpl persistentTokenCacheImpl = null;
            if (tokenCacheOptions != null) {
                try {
                    persistentTokenCacheImpl = new PersistentTokenCacheImpl().setAllowUnencryptedStorage(tokenCacheOptions.isUnencryptedStorageAllowed()).setName(tokenCacheOptions.getName());
                    authority.setTokenCacheAccessAspect(persistentTokenCacheImpl);
                } catch (Throwable th) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            PublicClientApplication build = authority.build();
            if (persistentTokenCacheImpl != null) {
                persistentTokenCacheImpl.registerCache();
            }
            return build;
        } catch (MalformedURLException e) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfidentialClientApplication getManagedIdentityConfidentialClient() {
        String str = TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId;
        ConfidentialClientApplication.Builder builder = ConfidentialClientApplication.builder(this.clientId == null ? "SYSTEM-ASSIGNED-MANAGED-IDENTITY" : this.clientId, ClientCredentialFactory.createFromSecret(this.clientSecret != null ? this.clientSecret : "dummy-secret"));
        builder.validateAuthority(false);
        try {
            ConfidentialClientApplication.Builder authority = builder.authority(str);
            if (this.options.getManagedIdentityType() == null) {
                throw LOGGER.logExceptionAsError(new CredentialUnavailableException("Managed Identity type not configured, authentication not available."));
            }
            authority.appTokenProvider(appTokenProviderParameters -> {
                TokenRequestContext tenantId = new TokenRequestContext().setScopes(new ArrayList(appTokenProviderParameters.scopes)).setClaims(appTokenProviderParameters.claims).setTenantId(appTokenProviderParameters.tenantId);
                return getTokenFromTargetManagedIdentity(tenantId).map(accessToken -> {
                    TokenProviderResult tokenProviderResult = new TokenProviderResult();
                    tokenProviderResult.setAccessToken(accessToken.getToken());
                    tokenProviderResult.setTenantId(tenantId.getTenantId());
                    tokenProviderResult.setExpiresInSeconds(accessToken.getExpiresAt().toEpochSecond());
                    return tokenProviderResult;
                }).toFuture();
            });
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            }
            return authority.build();
        } catch (MalformedURLException e) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DeviceCodeFlowParameters.DeviceCodeFlowParametersBuilder buildDeviceCodeFlowParameters(TokenRequestContext tokenRequestContext, Consumer<DeviceCodeInfo> consumer) {
        DeviceCodeFlowParameters.DeviceCodeFlowParametersBuilder tenant = DeviceCodeFlowParameters.builder(new HashSet(tokenRequestContext.getScopes()), deviceCode -> {
            consumer.accept(new DeviceCodeInfo(deviceCode.userCode(), deviceCode.deviceCode(), deviceCode.verificationUri(), OffsetDateTime.now().plusSeconds(deviceCode.expiresIn()), deviceCode.message()));
        }).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.getClaims() != null) {
            tenant.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        return tenant;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OnBehalfOfParameters buildOBOFlowParameters(TokenRequestContext tokenRequestContext) {
        return OnBehalfOfParameters.builder(new HashSet(tokenRequestContext.getScopes()), this.options.getUserAssertion()).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options)).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InteractiveRequestParameters.InteractiveRequestParametersBuilder buildInteractiveRequestParameters(TokenRequestContext tokenRequestContext, String str, URI uri) {
        InteractiveRequestParameters.InteractiveRequestParametersBuilder tenant = InteractiveRequestParameters.builder(uri).scopes(new HashSet(tokenRequestContext.getScopes())).prompt(Prompt.SELECT_ACCOUNT).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.getClaims() != null) {
            tenant.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        if (str != null) {
            tenant.loginHint(str);
        }
        return tenant;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserNamePasswordParameters.UserNamePasswordParametersBuilder buildUsernamePasswordFlowParameters(TokenRequestContext tokenRequestContext, String str, String str2) {
        UserNamePasswordParameters.UserNamePasswordParametersBuilder builder = UserNamePasswordParameters.builder(new HashSet(tokenRequestContext.getScopes()), str, str2.toCharArray());
        if (tokenRequestContext.getClaims() != null) {
            builder.claims(CustomClaimRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        builder.tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        return builder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x00d0, code lost:
    
        throw com.azure.identity.implementation.util.LoggingUtil.logCredentialUnavailableException(com.azure.identity.implementation.IdentityClientBase.LOGGER, r7.options, new com.azure.identity.CredentialUnavailableException("AzureCliCredential authentication unavailable. Azure CLI not installed.To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/azclicredential/troubleshoot"));
     */
    /* JADX WARN: Type inference failed for: r0v49, types: [java.time.ZonedDateTime] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.azure.core.credential.AccessToken getTokenFromAzureCLIAuthentication(java.lang.StringBuilder r8) {
        /*
            Method dump skipped, instructions count: 521
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.azure.identity.implementation.IdentityClientBase.getTokenFromAzureCLIAuthentication(java.lang.StringBuilder):com.azure.core.credential.AccessToken");
    }

    String getSafeWorkingDirectory() {
        if (!isWindowsPlatform()) {
            return DEFAULT_MAC_LINUX_PATH;
        }
        if (CoreUtils.isNullOrEmpty(DEFAULT_WINDOWS_SYSTEM_ROOT)) {
            return null;
        }
        return DEFAULT_WINDOWS_SYSTEM_ROOT + "\\system32";
    }

    boolean isWindowsPlatform() {
        return System.getProperty("os.name").contains("Windows");
    }

    String redactInfo(String str) {
        return ACCESS_TOKEN_PATTERN.matcher(str).replaceAll("****");
    }

    abstract Mono<AccessToken> getTokenFromTargetManagedIdentity(TokenRequestContext tokenRequestContext);

    HttpPipeline setupPipeline(HttpClient httpClient) {
        ArrayList arrayList = new ArrayList();
        HttpLogOptions httpLogOptions = new HttpLogOptions();
        HttpPolicyProviders.addBeforeRetryPolicies(arrayList);
        arrayList.add(new RetryPolicy());
        HttpPolicyProviders.addAfterRetryPolicies(arrayList);
        arrayList.add(new HttpLoggingPolicy(httpLogOptions));
        return new HttpPipelineBuilder().httpClient(httpClient).policies((HttpPipelinePolicy[]) arrayList.toArray(new HttpPipelinePolicy[0])).build();
    }

    void initializeHttpPipelineAdapter() {
        HttpPipeline httpPipeline = this.options.getHttpPipeline();
        if (httpPipeline != null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(httpPipeline, this.options);
            return;
        }
        HttpClient httpClient = this.options.getHttpClient();
        if (httpClient != null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(setupPipeline(httpClient), this.options);
        } else if (this.options.getProxyOptions() == null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(setupPipeline(HttpClient.createDefault()), this.options);
        }
    }

    private byte[] getCertificateBytes() throws IOException {
        if (this.certificatePath != null) {
            return Files.readAllBytes(Paths.get(this.certificatePath, new String[0]));
        }
        if (this.certificate == null) {
            return new byte[0];
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        int read = this.certificate.read(bArr, 0, bArr.length);
        while (true) {
            int i = read;
            if (i == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, i);
            read = this.certificate.read(bArr, 0, bArr.length);
        }
    }

    private InputStream getCertificateInputStream() throws IOException {
        return this.certificatePath != null ? new BufferedInputStream(new FileInputStream(this.certificatePath)) : this.certificate;
    }

    private static Proxy proxyOptionsToJavaNetProxy(ProxyOptions proxyOptions) {
        switch (proxyOptions.getType()) {
            case SOCKS4:
            case SOCKS5:
                return new Proxy(Proxy.Type.SOCKS, proxyOptions.getAddress());
            case HTTP:
            default:
                return new Proxy(Proxy.Type.HTTP, proxyOptions.getAddress());
        }
    }
}
