package com.microsoft.azure.toolkit.lib.auth;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.identity.implementation.MsalToken;
import com.azure.identity.implementation.util.ScopeUtil;
import com.microsoft.aad.adal4j.AuthenticationCallback;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.azure.toolkit.lib.auth.exception.AzureToolkitAuthenticationException;
import com.microsoft.azure.toolkit.lib.auth.util.AzureEnvironmentUtils;
import java.net.MalformedURLException;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.jetbrains.annotations.NotNull;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/RefreshTokenTokenCredentialManager.class */
public class RefreshTokenTokenCredentialManager extends TokenCredentialManagerWithCache {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/RefreshTokenTokenCredentialManager$RefreshTokenCredential.class */
    public static class RefreshTokenCredential implements TokenCredential {
        private final String authority;
        private final String clientId;
        private final String tenantId;
        private final String refreshToken;

        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
            return Mono.just(authenticate(ScopeUtil.scopesToResource(tokenRequestContext.getScopes())));
        }

        private AccessToken authenticate(String str) {
            String str2 = this.authority + "/" + this.tenantId;
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(1);
            try {
                try {
                    AuthenticationResult authenticationResult = (AuthenticationResult) new AuthenticationContext(str2, true, newFixedThreadPool).acquireTokenByRefreshToken(this.refreshToken, this.clientId, str, (AuthenticationCallback) null).get();
                    newFixedThreadPool.shutdown();
                    if (authenticationResult == null) {
                        throw new AzureToolkitAuthenticationException("Authentication result from acquireTokenByRefreshToken is null.");
                    }
                    return fromAuthenticationResult(authenticationResult);
                } catch (InterruptedException | MalformedURLException | ExecutionException e) {
                    throw new AzureToolkitAuthenticationException(String.format("Cannot acquire token from refresh token due to error: %s", e.getMessage()), e);
                }
            } catch (Throwable th) {
                newFixedThreadPool.shutdown();
                throw th;
            }
        }

        private AccessToken fromAuthenticationResult(AuthenticationResult authenticationResult) {
            if (authenticationResult == null) {
                return null;
            }
            if (authenticationResult.getExpiresOnDate() == null) {
                throw new AzureToolkitAuthenticationException("Cannot find expiration information from AuthenticationResult.");
            }
            return new AccessToken(authenticationResult.getAccessToken(), OffsetDateTime.ofInstant(authenticationResult.getExpiresOnDate().toInstant(), ZoneOffset.UTC));
        }

        public RefreshTokenCredential(String str, String str2, String str3, String str4) {
            this.authority = str;
            this.clientId = str2;
            this.tenantId = str3;
            this.refreshToken = str4;
        }
    }

    public static Mono<TokenCredentialManager> createTokenCredentialManager(@Nonnull AzureEnvironment azureEnvironment, String str, @Nonnull TokenCredential tokenCredential) {
        return fromCredential(azureEnvironment, str, getRootAccessToken(azureEnvironment, tokenCredential));
    }

    public static Mono<TokenCredentialManager> createTokenCredentialManager(@Nonnull AzureEnvironment azureEnvironment, @Nonnull String str, String str2) {
        TokenCredentialManager tokenCredentialManager = new TokenCredentialManager();
        tokenCredentialManager.setEnvironment(azureEnvironment);
        tokenCredentialManager.credentialSupplier = str3 -> {
            return new RefreshTokenCredential(AzureEnvironmentUtils.getAuthority(azureEnvironment), str, str3, str2);
        };
        tokenCredentialManager.rootCredentialSupplier = () -> {
            return new RefreshTokenCredential(AzureEnvironmentUtils.getAuthority(azureEnvironment), str, "common", str2);
        };
        return Mono.just(tokenCredentialManager);
    }

    private static String getRefreshTokenFromMsalToken(MsalToken msalToken) {
        IAuthenticationResult authenticationResult = msalToken.getAuthenticationResult();
        if (authenticationResult == null) {
            return null;
        }
        try {
            return (String) FieldUtils.readField(authenticationResult, "refreshToken", true);
        } catch (IllegalAccessException e) {
            throw new AzureToolkitAuthenticationException("Cannot read refreshToken from IAuthenticationResult.");
        }
    }

    public static TokenCredentialManager createFromRefreshToken(@Nonnull AzureEnvironment azureEnvironment, MsalToken msalToken, String str, String str2) {
        String refreshTokenFromMsalToken = getRefreshTokenFromMsalToken(msalToken);
        if (StringUtils.isBlank(refreshTokenFromMsalToken)) {
            throw new IllegalArgumentException("Cannot get refresh token from msal token.");
        }
        TokenCredentialManagerWithCache tokenCredentialManagerWithCache = new TokenCredentialManagerWithCache();
        tokenCredentialManagerWithCache.setEnvironment(azureEnvironment);
        tokenCredentialManagerWithCache.setEmail(getEmailFromMsalToken(msalToken));
        tokenCredentialManagerWithCache.setCredentialSupplier(str3 -> {
            return new RefreshTokenCredential(str, str2, str3, refreshTokenFromMsalToken);
        });
        tokenCredentialManagerWithCache.setRootCredentialSupplier(() -> {
            return tokenRequestContext -> {
                return Mono.just(msalToken);
            };
        });
        return tokenCredentialManagerWithCache;
    }

    private static String getEmailFromMsalToken(MsalToken msalToken) {
        IAuthenticationResult authenticationResult = msalToken.getAuthenticationResult();
        if (authenticationResult == null || authenticationResult.account() == null) {
            return null;
        }
        return authenticationResult.account().username();
    }

    @NotNull
    private static Mono<TokenCredentialManager> fromCredential(@Nonnull AzureEnvironment azureEnvironment, @Nonnull String str, Mono<AccessToken> mono) {
        return mono.map(accessToken -> {
            if (accessToken instanceof MsalToken) {
                return createFromRefreshToken(azureEnvironment, (MsalToken) accessToken, AzureEnvironmentUtils.getAuthority(azureEnvironment), str);
            }
            throw new AzureToolkitAuthenticationException(String.format("The credential(%s) is not a msal token.", accessToken.getClass().getSimpleName()));
        });
    }

    public static Mono<AccessToken> getRootAccessToken(@Nonnull AzureEnvironment azureEnvironment, @Nonnull TokenCredential tokenCredential) {
        return tokenCredential.getToken(new TokenRequestContext().addScopes(ScopeUtil.resourceToScopes(azureEnvironment.getManagementEndpoint())));
    }
}
