package com.microsoft.azure.tools.auth.core.azurecli;

import com.azure.identity.AzureCliCredential;
import com.azure.identity.AzureCliCredentialBuilder;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.tools.auth.AuthHelper;
import com.microsoft.azure.tools.auth.core.AbstractCredentialRetriever;
import com.microsoft.azure.tools.auth.exception.LoginFailureException;
import com.microsoft.azure.tools.auth.model.AuthMethod;
import com.microsoft.azure.tools.auth.model.AzureCredentialWrapper;
import com.microsoft.azure.tools.common.exception.CommandExecuteException;
import com.microsoft.azure.tools.common.util.CommandUtil;
import com.microsoft.azure.tools.common.util.JsonUtils;
import java.io.File;
import java.io.IOException;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/microsoft/azure/tools/auth/core/azurecli/AzureCliCredentialRetriever.class */
public class AzureCliCredentialRetriever extends AbstractCredentialRetriever {
    private static final String CLOUD_SHELL_ENV_KEY = "ACC_CLOUD";

    public AzureCliCredentialRetriever(AzureEnvironment azureEnvironment) {
        super(azureEnvironment);
    }

    @Override // com.microsoft.azure.tools.auth.core.AbstractCredentialRetriever
    public AzureCredentialWrapper retrieveInternal() throws LoginFailureException {
        AzureCliAccountProfile profile = getProfile();
        checkAzureEnvironmentConflict(this.env, AuthHelper.stringToAzureEnvironment(profile.getEnvironment()));
        AzureCliCredential build = new AzureCliCredentialBuilder().build();
        validateTokenCredential(build);
        return new AzureCredentialWrapper(isInCloudShell() ? AuthMethod.CLOUD_SHELL : AuthMethod.AZURE_CLI, build, getAzureEnvironment()).withDefaultSubscriptionId(profile.getSubscriptionId()).withTenantId(profile.getTenantId());
    }

    private static void checkAzureEnvironmentConflict(AzureEnvironment azureEnvironment, AzureEnvironment azureEnvironment2) throws LoginFailureException {
        if (azureEnvironment != null && azureEnvironment2 != null && !Objects.equals(azureEnvironment, azureEnvironment2)) {
            throw new LoginFailureException(String.format("The azure cloud from azure cli '%s' doesn't match with your auth configuration, you can change it by executing 'az cloud set --name=%s' command to change the cloud in azure cli.", AuthHelper.azureEnvironmentToString(azureEnvironment2), AuthHelper.getCloudNameForAzureCli(azureEnvironment)));
        }
    }

    private static AzureCliAccountProfile getProfile() throws LoginFailureException {
        try {
            JsonObject jsonObject = (JsonObject) JsonUtils.getGson().fromJson(CommandUtil.executeCommandAndGetOutput("az account show", (File) null), JsonObject.class);
            return new AzureCliAccountProfile(jsonObject.get("tenantId").getAsString(), jsonObject.get("environmentName").getAsString(), jsonObject.get("user").getAsJsonObject().get("name").getAsString(), jsonObject.get("user").getAsJsonObject().get("type").getAsString(), jsonObject.get("id").getAsString());
        } catch (IOException | InterruptedException | CommandExecuteException | JsonParseException | NullPointerException e) {
            throw new LoginFailureException(String.format("Cannot get account info from azure cli through `az account show`, please run `az login` to login your Azure Cli, detailed error: %s", e.getMessage()));
        }
    }

    private static boolean isInCloudShell() {
        return StringUtils.isNotBlank(System.getenv(CLOUD_SHELL_ENV_KEY));
    }
}
