package com.microsoft.azure.toolkit.lib.auth.core.legacy;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.implementation.MsalToken;
import com.azure.identity.implementation.util.ScopeUtil;
import com.azure.resourcemanager.AzureResourceManager;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.toolkit.lib.auth.exception.LoginFailureException;
import com.microsoft.azure.toolkit.lib.common.exception.AzureToolkitRuntimeException;
import java.net.MalformedURLException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.reflect.FieldUtils;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/core/legacy/LegacyRefreshTokenCredentialFactory.class */
public class LegacyRefreshTokenCredentialFactory {
    public static Mono<TokenCredential> createRefreshTokenCredential(AzureEnvironment azureEnvironment, TokenCredential tokenCredential) {
        return tokenCredential.getToken(new TokenRequestContext().addScopes(ScopeUtil.resourceToScopes(azureEnvironment.managementEndpoint()))).map(accessToken -> {
            try {
                String str = (String) FieldUtils.readField(((MsalToken) accessToken).getAuthenticationResult(), "refreshToken", true);
                if (StringUtils.isBlank(str)) {
                    throw new AzureToolkitRuntimeException("Fail to get refresh token.");
                }
                List<String> listTenantIds = listTenantIds(azureEnvironment, tokenCredential);
                if (CollectionUtils.isEmpty(listTenantIds)) {
                    throw new AzureToolkitRuntimeException("There are no tenants in your account.");
                }
                return fromRefreshToken(azureEnvironment, "04b07795-8ddb-461a-bbee-02f9e1bf7b46", listTenantIds.get(0), str);
            } catch (IllegalAccessException e) {
                throw new AzureToolkitRuntimeException("Cannot read refreshToken from IAuthenticationResult.");
            }
        });
    }

    public static TokenCredential fromRefreshToken(AzureEnvironment azureEnvironment, String str, String str2, String str3) {
        return buildRefreshTokenCredential(azureEnvironment, str, str2, str3);
    }

    private static TokenCredential buildRefreshTokenCredential(AzureEnvironment azureEnvironment, String str, String str2, String str3) {
        return tokenRequestContext -> {
            return Mono.fromCallable(() -> {
                return fromAuthenticationResult(authorize(azureEnvironment, str, (String) StringUtils.firstNonBlank(new String[]{str2, "common"}), str3, StringUtils.isBlank(str2) ? null : ScopeUtil.scopesToResource(tokenRequestContext.getScopes())));
            });
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AccessToken fromAuthenticationResult(AuthenticationResult authenticationResult) {
        if (authenticationResult == null) {
            return null;
        }
        return new AccessToken(authenticationResult.getAccessToken(), authenticationResult.getExpiresOnDate() == null ? OffsetDateTime.MAX : OffsetDateTime.ofInstant(authenticationResult.getExpiresOnDate().toInstant(), ZoneOffset.UTC));
    }

    private static AuthenticationResult authorize(AzureEnvironment azureEnvironment, String str, String str2, String str3, String str4) throws LoginFailureException, MalformedURLException {
        String str5 = azureEnvironment.activeDirectoryEndpoint().replaceAll("/+$", "") + "/" + str2;
        ExecutorService executorService = null;
        try {
            try {
                executorService = Executors.newFixedThreadPool(1);
                AuthenticationResult authenticationResult = (AuthenticationResult) new AuthenticationContext(str5, true, executorService).acquireTokenByRefreshToken(str3, str, str4, (AuthenticationCallback) null).get();
                executorService.shutdown();
                if (authenticationResult == null) {
                    throw new LoginFailureException("authentication result was null");
                }
                return authenticationResult;
            } catch (InterruptedException | ExecutionException e) {
                throw new LoginFailureException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            executorService.shutdown();
            throw th;
        }
    }

    private static List<String> listTenantIds(AzureEnvironment azureEnvironment, TokenCredential tokenCredential) {
        return (List) AzureResourceManager.authenticate(tokenCredential, new AzureProfile((com.azure.core.management.AzureEnvironment) com.azure.core.management.AzureEnvironment.knownEnvironments().stream().filter(azureEnvironment2 -> {
            return StringUtils.equals(azureEnvironment2.getActiveDirectoryEndpoint(), azureEnvironment.activeDirectoryEndpoint());
        }).findFirst().orElse(null))).tenants().list().stream().map((v0) -> {
            return v0.tenantId();
        }).collect(Collectors.toList());
    }
}
