package com.azure.spring.cloud.autoconfigure.implementation.context;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientCertificateCredentialBuilder;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.DefaultAzureCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.identity.UsernamePasswordCredentialBuilder;
import com.azure.spring.cloud.autoconfigure.implementation.AzureServiceConfigurationBase;
import com.azure.spring.cloud.autoconfigure.implementation.context.properties.AzureGlobalProperties;
import com.azure.spring.cloud.autoconfigure.implementation.properties.core.AbstractAzureHttpConfigurationProperties;
import com.azure.spring.cloud.core.customizer.AzureServiceClientBuilderCustomizer;
import com.azure.spring.cloud.core.implementation.credential.resolver.AzureTokenCredentialResolver;
import com.azure.spring.cloud.core.implementation.factory.credential.ClientCertificateCredentialBuilderFactory;
import com.azure.spring.cloud.core.implementation.factory.credential.ClientSecretCredentialBuilderFactory;
import com.azure.spring.cloud.core.implementation.factory.credential.DefaultAzureCredentialBuilderFactory;
import com.azure.spring.cloud.core.implementation.factory.credential.ManagedIdentityCredentialBuilderFactory;
import com.azure.spring.cloud.core.implementation.factory.credential.UsernamePasswordCredentialBuilderFactory;
import com.azure.spring.cloud.core.provider.authentication.TokenCredentialOptionsProvider;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.task.TaskExecutionAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.annotation.Order;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.util.StringUtils;

@Configuration(proxyBeanMethods = false)
@AutoConfigureAfter({TaskExecutionAutoConfiguration.class})
@Import({AzureServiceClientBuilderFactoryConfiguration.class})
/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/context/AzureTokenCredentialAutoConfiguration.class */
public class AzureTokenCredentialAutoConfiguration extends AzureServiceConfigurationBase {
    private static final Logger LOGGER = LoggerFactory.getLogger(AzureTokenCredentialAutoConfiguration.class);
    private final GenericApplicationContext applicationContext;
    private final IdentityClientProperties identityClientProperties;

    /* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/context/AzureTokenCredentialAutoConfiguration$IdentityClientProperties.class */
    static class IdentityClientProperties extends AbstractAzureHttpConfigurationProperties {
        IdentityClientProperties() {
        }
    }

    AzureTokenCredentialAutoConfiguration(GenericApplicationContext genericApplicationContext, AzureGlobalProperties azureGlobalProperties) {
        super(azureGlobalProperties);
        this.applicationContext = genericApplicationContext;
        this.identityClientProperties = (IdentityClientProperties) loadProperties(azureGlobalProperties, new IdentityClientProperties());
    }

    @ConditionalOnMissingBean(name = {AzureContextUtils.DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME})
    @Bean(name = {AzureContextUtils.DEFAULT_TOKEN_CREDENTIAL_BEAN_NAME})
    @Order
    TokenCredential tokenCredential(DefaultAzureCredentialBuilderFactory defaultAzureCredentialBuilderFactory, AzureTokenCredentialResolver azureTokenCredentialResolver) {
        TokenCredential resolve = azureTokenCredentialResolver.resolve(this.identityClientProperties);
        if (resolve != null) {
            return resolve;
        }
        LOGGER.debug("No global token credential found, constructing default credential.");
        return ((DefaultAzureCredentialBuilder) defaultAzureCredentialBuilderFactory.build()).build();
    }

    @ConditionalOnMissingBean
    @Bean
    DefaultAzureCredentialBuilderFactory azureCredentialBuilderFactory(ObjectProvider<AzureServiceClientBuilderCustomizer<DefaultAzureCredentialBuilder>> objectProvider, @Qualifier("springCloudAzureCredentialTaskExecutor") ThreadPoolTaskExecutor threadPoolTaskExecutor) {
        DefaultAzureCredentialBuilderFactory defaultAzureCredentialBuilderFactory = new DefaultAzureCredentialBuilderFactory(this.identityClientProperties);
        defaultAzureCredentialBuilderFactory.setExecutorService(threadPoolTaskExecutor.getThreadPoolExecutor());
        Stream orderedStream = objectProvider.orderedStream();
        Objects.requireNonNull(defaultAzureCredentialBuilderFactory);
        orderedStream.forEach(defaultAzureCredentialBuilderFactory::addBuilderCustomizer);
        return defaultAzureCredentialBuilderFactory;
    }

    @ConditionalOnMissingBean
    @Bean
    AzureTokenCredentialResolver azureTokenCredentialResolver(ClientSecretCredentialBuilderFactory clientSecretCredentialBuilderFactory, ClientCertificateCredentialBuilderFactory clientCertificateCredentialBuilderFactory, UsernamePasswordCredentialBuilderFactory usernamePasswordCredentialBuilderFactory, ManagedIdentityCredentialBuilderFactory managedIdentityCredentialBuilderFactory) {
        return new AzureTokenCredentialResolver(azureProperties -> {
            if (azureProperties.getCredential() == null) {
                return null;
            }
            String tokenCredentialBeanName = azureProperties.getCredential().getTokenCredentialBeanName();
            if (StringUtils.hasText(tokenCredentialBeanName)) {
                return (TokenCredential) this.applicationContext.getBean(tokenCredentialBeanName, TokenCredential.class);
            }
            TokenCredentialOptionsProvider.TokenCredentialOptions credential = azureProperties.getCredential();
            String tenantId = azureProperties.getProfile().getTenantId();
            String clientId = credential.getClientId();
            boolean hasText = StringUtils.hasText(clientId);
            String activeDirectoryEndpoint = azureProperties.getProfile().getEnvironment().getActiveDirectoryEndpoint();
            if (StringUtils.hasText(tenantId)) {
                if (hasText && StringUtils.hasText(credential.getClientSecret())) {
                    return ((ClientSecretCredentialBuilder) clientSecretCredentialBuilderFactory.build()).authorityHost(activeDirectoryEndpoint).clientId(clientId).clientSecret(credential.getClientSecret()).tenantId(tenantId).build();
                }
                String clientCertificatePath = credential.getClientCertificatePath();
                if (StringUtils.hasText(clientCertificatePath)) {
                    ClientCertificateCredentialBuilder clientId2 = ((ClientCertificateCredentialBuilder) clientCertificateCredentialBuilderFactory.build()).authorityHost(activeDirectoryEndpoint).tenantId(tenantId).clientId(clientId);
                    if (StringUtils.hasText(credential.getClientCertificatePassword())) {
                        clientId2.pfxCertificate(clientCertificatePath).clientCertificatePassword(credential.getClientCertificatePassword());
                    } else {
                        clientId2.pemCertificate(clientCertificatePath);
                    }
                    return clientId2.build();
                }
            }
            if (hasText && StringUtils.hasText(credential.getUsername()) && StringUtils.hasText(credential.getPassword())) {
                return ((UsernamePasswordCredentialBuilder) usernamePasswordCredentialBuilderFactory.build()).authorityHost(activeDirectoryEndpoint).username(credential.getUsername()).password(credential.getPassword()).clientId(clientId).tenantId(tenantId).build();
            }
            if (!credential.isManagedIdentityEnabled()) {
                return null;
            }
            ManagedIdentityCredentialBuilder managedIdentityCredentialBuilder = (ManagedIdentityCredentialBuilder) managedIdentityCredentialBuilderFactory.build();
            if (hasText) {
                managedIdentityCredentialBuilder.clientId(clientId);
            }
            return managedIdentityCredentialBuilder.build();
        });
    }

    @ConditionalOnMissingBean
    @Bean
    ClientSecretCredentialBuilderFactory clientSecretCredentialBuilderFactory(@Qualifier("springCloudAzureCredentialTaskExecutor") ThreadPoolTaskExecutor threadPoolTaskExecutor, ObjectProvider<AzureServiceClientBuilderCustomizer<ClientSecretCredentialBuilder>> objectProvider) {
        ClientSecretCredentialBuilderFactory clientSecretCredentialBuilderFactory = new ClientSecretCredentialBuilderFactory(this.identityClientProperties);
        clientSecretCredentialBuilderFactory.setExecutorService(threadPoolTaskExecutor.getThreadPoolExecutor());
        Stream orderedStream = objectProvider.orderedStream();
        Objects.requireNonNull(clientSecretCredentialBuilderFactory);
        orderedStream.forEach(clientSecretCredentialBuilderFactory::addBuilderCustomizer);
        return clientSecretCredentialBuilderFactory;
    }

    @ConditionalOnMissingBean
    @Bean
    ClientCertificateCredentialBuilderFactory clientCertificateCredentialBuilderFactory(@Qualifier("springCloudAzureCredentialTaskExecutor") ThreadPoolTaskExecutor threadPoolTaskExecutor, ObjectProvider<AzureServiceClientBuilderCustomizer<ClientCertificateCredentialBuilder>> objectProvider) {
        ClientCertificateCredentialBuilderFactory clientCertificateCredentialBuilderFactory = new ClientCertificateCredentialBuilderFactory(this.identityClientProperties);
        clientCertificateCredentialBuilderFactory.setExecutorService(threadPoolTaskExecutor.getThreadPoolExecutor());
        Stream orderedStream = objectProvider.orderedStream();
        Objects.requireNonNull(clientCertificateCredentialBuilderFactory);
        orderedStream.forEach(clientCertificateCredentialBuilderFactory::addBuilderCustomizer);
        return clientCertificateCredentialBuilderFactory;
    }

    @ConditionalOnMissingBean
    @Bean
    ManagedIdentityCredentialBuilderFactory managedIdentityCredentialBuilderFactory(ObjectProvider<AzureServiceClientBuilderCustomizer<ManagedIdentityCredentialBuilder>> objectProvider) {
        ManagedIdentityCredentialBuilderFactory managedIdentityCredentialBuilderFactory = new ManagedIdentityCredentialBuilderFactory(this.identityClientProperties);
        Stream orderedStream = objectProvider.orderedStream();
        Objects.requireNonNull(managedIdentityCredentialBuilderFactory);
        orderedStream.forEach(managedIdentityCredentialBuilderFactory::addBuilderCustomizer);
        return managedIdentityCredentialBuilderFactory;
    }

    @ConditionalOnMissingBean
    @Bean
    UsernamePasswordCredentialBuilderFactory usernamePasswordCredentialBuilderFactory(ObjectProvider<AzureServiceClientBuilderCustomizer<UsernamePasswordCredentialBuilder>> objectProvider) {
        UsernamePasswordCredentialBuilderFactory usernamePasswordCredentialBuilderFactory = new UsernamePasswordCredentialBuilderFactory(this.identityClientProperties);
        Stream orderedStream = objectProvider.orderedStream();
        Objects.requireNonNull(usernamePasswordCredentialBuilderFactory);
        orderedStream.forEach(usernamePasswordCredentialBuilderFactory::addBuilderCustomizer);
        return usernamePasswordCredentialBuilderFactory;
    }

    @ConditionalOnMissingBean(name = {AzureContextUtils.DEFAULT_CREDENTIAL_TASK_EXECUTOR_BEAN_NAME})
    @Bean(name = {AzureContextUtils.DEFAULT_CREDENTIAL_TASK_EXECUTOR_BEAN_NAME})
    ThreadPoolTaskExecutor credentialTaskExecutor() {
        ThreadPoolTaskExecutor threadPoolTaskExecutor = new ThreadPoolTaskExecutor();
        threadPoolTaskExecutor.setCorePoolSize(8);
        threadPoolTaskExecutor.setAllowCoreThreadTimeOut(true);
        threadPoolTaskExecutor.setThreadNamePrefix(AzureContextUtils.DEFAULT_CREDENTIAL_THREAD_NAME_PREFIX);
        return threadPoolTaskExecutor;
    }

    IdentityClientProperties getIdentityClientProperties() {
        return this.identityClientProperties;
    }
}
