package com.azure.identity.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.ProxyOptions;
import com.azure.core.util.CoreUtils;
import com.azure.identity.CredentialUnavailableException;
import com.azure.identity.DeviceCodeInfo;
import com.azure.identity.implementation.util.IdentityConstants;
import com.azure.identity.implementation.util.IdentitySslUtil;
import com.azure.identity.implementation.util.IdentityUtil;
import com.azure.identity.implementation.util.LoggingUtil;
import com.azure.identity.implementation.util.ScopeUtil;
import com.azure.identity.implementation.util.ValidationUtil;
import com.azure.json.JsonProviders;
import com.azure.json.JsonReader;
import com.microsoft.aad.msal4j.AppTokenProviderParameters;
import com.microsoft.aad.msal4j.AuthorizationCodeParameters;
import com.microsoft.aad.msal4j.ClaimsRequest;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.InteractiveRequestParameters;
import com.microsoft.aad.msal4j.ManagedIdentityApplication;
import com.microsoft.aad.msal4j.ManagedIdentitySourceType;
import com.microsoft.aad.msal4j.MsalInteractionRequiredException;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.RefreshTokenParameters;
import com.microsoft.aad.msal4j.SilentParameters;
import com.microsoft.aad.msal4j.TokenProviderResult;
import com.sun.jna.Platform;
import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.SystemProperties;
import org.apache.commons.text.StringSubstitutor;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inst/com/azure/identity/implementation/IdentityClient.classdata */
public class IdentityClient extends IdentityClientBase {
    private final SynchronizedAccessor<PublicClientApplication> publicClientApplicationAccessor;
    private final SynchronizedAccessor<PublicClientApplication> publicClientApplicationAccessorWithCae;
    private final SynchronizedAccessor<ConfidentialClientApplication> confidentialClientApplicationAccessor;
    private final SynchronizedAccessor<ConfidentialClientApplication> confidentialClientApplicationAccessorWithCae;
    private final SynchronizedAccessor<ConfidentialClientApplication> managedIdentityConfidentialClientApplicationAccessor;
    private final SynchronizedAccessor<ManagedIdentityApplication> managedIdentityMsalApplicationAccessor;
    private final SynchronizedAccessor<ConfidentialClientApplication> workloadIdentityConfidentialClientApplicationAccessor;
    private final SynchronizedAccessor<String> clientAssertionAccessor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityClient(String str, String str2, String str3, String str4, String str5, String str6, String str7, Supplier<String> supplier, Function<HttpPipeline, String> function, byte[] bArr, String str8, boolean z, Duration duration, IdentityClientOptions identityClientOptions) {
        super(str, str2, str3, str4, str5, str6, str7, supplier, function, bArr, str8, z, duration, identityClientOptions);
        this.publicClientApplicationAccessor = new SynchronizedAccessor<>(() -> {
            return getPublicClientApplication(z, false);
        });
        this.publicClientApplicationAccessorWithCae = new SynchronizedAccessor<>(() -> {
            return getPublicClientApplication(z, true);
        });
        this.confidentialClientApplicationAccessor = new SynchronizedAccessor<>(() -> {
            return getConfidentialClientApplication(false);
        });
        this.confidentialClientApplicationAccessorWithCae = new SynchronizedAccessor<>(() -> {
            return getConfidentialClientApplication(true);
        });
        this.managedIdentityConfidentialClientApplicationAccessor = new SynchronizedAccessor<>(this::getManagedIdentityConfidentialClientApplication);
        this.managedIdentityMsalApplicationAccessor = new SynchronizedAccessor<>(this::getManagedIdentityMsalClient);
        this.workloadIdentityConfidentialClientApplicationAccessor = new SynchronizedAccessor<>(this::getWorkloadIdentityConfidentialClientApplication);
        this.clientAssertionAccessor = new SynchronizedAccessor<>(this::parseClientAssertion, duration == null ? Duration.ofMinutes(5L) : duration);
    }

    public Mono<ManagedIdentityApplication> getManagedIdentityMsalClient() {
        return Mono.defer(() -> {
            try {
                return Mono.just(getManagedIdentityMsalApplication());
            } catch (RuntimeException e) {
                return Mono.error(e);
            }
        });
    }

    private Mono<ConfidentialClientApplication> getConfidentialClientApplication(boolean z) {
        return Mono.defer(() -> {
            try {
                return Mono.just(getConfidentialClient(z));
            } catch (RuntimeException e) {
                return Mono.error(e);
            }
        });
    }

    private Mono<ConfidentialClientApplication> getManagedIdentityConfidentialClientApplication() {
        return Mono.defer(() -> {
            try {
                return Mono.just(super.getManagedIdentityConfidentialClient());
            } catch (RuntimeException e) {
                return Mono.error(e);
            }
        });
    }

    private Mono<ConfidentialClientApplication> getWorkloadIdentityConfidentialClientApplication() {
        return Mono.defer(() -> {
            try {
                return Mono.just(super.getWorkloadIdentityConfidentialClient());
            } catch (RuntimeException e) {
                return Mono.error(e);
            }
        });
    }

    @Override // com.azure.identity.implementation.IdentityClientBase
    Mono<AccessToken> getTokenFromTargetManagedIdentity(TokenRequestContext tokenRequestContext) {
        ManagedIdentityParameters managedIdentityParameters = this.options.getManagedIdentityParameters();
        switch (this.options.getManagedIdentityType()) {
            case APP_SERVICE:
                return authenticateToManagedIdentityEndpoint(managedIdentityParameters.getIdentityEndpoint(), managedIdentityParameters.getIdentityHeader(), managedIdentityParameters.getMsiEndpoint(), managedIdentityParameters.getMsiSecret(), tokenRequestContext);
            case SERVICE_FABRIC:
                return authenticateToServiceFabricManagedIdentityEndpoint(managedIdentityParameters.getIdentityEndpoint(), managedIdentityParameters.getIdentityHeader(), managedIdentityParameters.getIdentityServerThumbprint(), tokenRequestContext);
            case ARC:
                return authenticateToArcManagedIdentityEndpoint(managedIdentityParameters.getIdentityEndpoint(), tokenRequestContext);
            case AKS:
                return authenticateWithExchangeToken(tokenRequestContext);
            case VM:
                return authenticateToIMDSEndpoint(tokenRequestContext);
            default:
                return Mono.error(LOGGER.logExceptionAsError(new CredentialUnavailableException("Unknown Managed Identity type, authentication not available.")));
        }
    }

    private Mono<String> parseClientAssertion() {
        return Mono.fromCallable(() -> {
            if (this.clientAssertionFilePath != null) {
                return new String(Files.readAllBytes(Paths.get(this.clientAssertionFilePath, new String[0])), StandardCharsets.UTF_8);
            }
            throw LOGGER.logExceptionAsError(new IllegalStateException("Client Assertion File Path is not provided. It should be provided to authenticate with client assertion."));
        });
    }

    private Mono<PublicClientApplication> getPublicClientApplication(boolean z, boolean z2) {
        return Mono.defer(() -> {
            try {
                return Mono.just(getPublicClient(z, z2));
            } catch (RuntimeException e) {
                return Mono.error(e);
            }
        });
    }

    public Mono<MsalToken> authenticateWithIntelliJ(TokenRequestContext tokenRequestContext) {
        try {
            String intelliJCredentialsFromIdentityMsalCache = new IntelliJCacheAccessor().getIntelliJCredentialsFromIdentityMsalCache();
            if (CoreUtils.isNullOrEmpty(intelliJCredentialsFromIdentityMsalCache)) {
                return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("IntelliJ authentication not available. Please login with the Azure Toolkit for IntelliJ. You may also need to upgrade to a newer version of the Azure Toolkit for IntelliJ. This authentication is supported on version 3.53 and higher. Please see https://aka.ms/azsdk/java/identity/intellijcredential/troubleshoot for more information.")));
            }
            RefreshTokenParameters.RefreshTokenParametersBuilder builder = RefreshTokenParameters.builder(new HashSet(tokenRequestContext.getScopes()), intelliJCredentialsFromIdentityMsalCache);
            if (tokenRequestContext.getClaims() != null) {
                builder.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            }
            return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
                return Mono.fromFuture(publicClientApplication.acquireToken(builder.build())).map(MsalToken::new);
            });
        } catch (RuntimeException e) {
            return Mono.error(e);
        }
    }

    public Mono<AccessToken> authenticateWithAzureCli(TokenRequestContext tokenRequestContext) {
        StringBuilder sb = new StringBuilder("az account get-access-token --output json --resource ");
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        try {
            ScopeUtil.validateScope(scopesToResource);
            sb.append(scopesToResource);
            try {
                String resolveTenantId = IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options);
                ValidationUtil.validateTenantIdCharacterRange(resolveTenantId, LOGGER);
                if (!CoreUtils.isNullOrEmpty(resolveTenantId) && !resolveTenantId.equals(IdentityUtil.DEFAULT_TENANT)) {
                    sb.append(" --tenant ").append(resolveTenantId);
                }
                try {
                    return Mono.just(getTokenFromAzureCLIAuthentication(sb));
                } catch (RuntimeException e) {
                    return Mono.error(e instanceof CredentialUnavailableException ? LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, (CredentialUnavailableException) e) : LOGGER.logExceptionAsError(e));
                }
            } catch (ClientAuthenticationException | IllegalArgumentException e2) {
                return Mono.error(e2);
            }
        } catch (IllegalArgumentException e3) {
            return Mono.error(LOGGER.logExceptionAsError(e3));
        }
    }

    public Mono<AccessToken> authenticateWithAzureDeveloperCli(TokenRequestContext tokenRequestContext) {
        StringBuilder sb = new StringBuilder("azd auth token --output json --scope ");
        List<String> scopes = tokenRequestContext.getScopes();
        if (scopes.size() == 0) {
            return Mono.error(LOGGER.logExceptionAsError(new IllegalArgumentException("Missing scope in request")));
        }
        Iterator<String> it = scopes.iterator();
        while (it.hasNext()) {
            try {
                ScopeUtil.validateScope(it.next());
            } catch (IllegalArgumentException e) {
                return Mono.error(LOGGER.logExceptionAsError(e));
            }
        }
        sb.append(String.join(" --scope ", scopes));
        try {
            String resolveTenantId = IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options);
            ValidationUtil.validateTenantIdCharacterRange(resolveTenantId, LOGGER);
            if (!CoreUtils.isNullOrEmpty(resolveTenantId) && !resolveTenantId.equals(IdentityUtil.DEFAULT_TENANT)) {
                sb.append(" --tenant-id ").append(resolveTenantId);
            }
            try {
                return Mono.just(getTokenFromAzureDeveloperCLIAuthentication(sb));
            } catch (RuntimeException e2) {
                return Mono.error(e2 instanceof CredentialUnavailableException ? LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, (CredentialUnavailableException) e2) : LOGGER.logExceptionAsError(e2));
            }
        } catch (ClientAuthenticationException | IllegalArgumentException e3) {
            return Mono.error(e3);
        }
    }

    public Mono<AccessToken> authenticateWithAzurePowerShell(TokenRequestContext tokenRequestContext) {
        ValidationUtil.validateTenantIdCharacterRange(this.tenantId, LOGGER);
        ArrayList arrayList = new ArrayList(2);
        PowershellManager powershellManager = new PowershellManager(false);
        PowershellManager powershellManager2 = Platform.isWindows() ? new PowershellManager(true) : null;
        ArrayList arrayList2 = new ArrayList(2);
        arrayList2.add(powershellManager);
        if (powershellManager2 != null) {
            arrayList2.add(powershellManager2);
        }
        return Flux.fromIterable(arrayList2).flatMap(powershellManager3 -> {
            return getAccessTokenFromPowerShell(tokenRequestContext, powershellManager3).onErrorResume(th -> {
                if (!th.getClass().getSimpleName().equals("CredentialUnavailableException")) {
                    return Mono.error(new ClientAuthenticationException("Azure Powershell authentication failed. Error Details: " + th.getMessage() + ". To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/powershellcredential/troubleshoot", (HttpResponse) null, th));
                }
                arrayList.add((CredentialUnavailableException) th);
                return Mono.empty();
            });
        }, 1).next().switchIfEmpty(Mono.defer(() -> {
            CredentialUnavailableException credentialUnavailableException = (CredentialUnavailableException) arrayList.get(arrayList.size() - 1);
            for (int size = arrayList.size() - 2; size >= 0; size--) {
                credentialUnavailableException = new CredentialUnavailableException("Azure PowerShell authentication failed using defaultpowershell(pwsh) with following error: " + ((CredentialUnavailableException) arrayList.get(size)).getMessage() + "\r\nAzure PowerShell authentication failed using powershell-core(powershell) with following error: " + credentialUnavailableException.getMessage(), credentialUnavailableException.getCause());
            }
            return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, credentialUnavailableException));
        }));
    }

    public Mono<AccessToken> authenticateWithOBO(TokenRequestContext tokenRequestContext) {
        return getConfidentialClientInstance(tokenRequestContext).getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(buildOBOFlowParameters(tokenRequestContext));
            }).map(MsalToken::new);
        });
    }

    private Mono<AccessToken> getAccessTokenFromPowerShell(TokenRequestContext tokenRequestContext, PowershellManager powershellManager) {
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        try {
            ScopeUtil.validateScope(scopesToResource);
            return Mono.defer(() -> {
                String lineSeparator = System.lineSeparator();
                return powershellManager.runCommand("$ErrorActionPreference = 'Stop'" + lineSeparator + "[version]$minimumVersion = '2.2.0'" + lineSeparator + "" + lineSeparator + "$m = Import-Module Az.Accounts -MinimumVersion $minimumVersion -PassThru -ErrorAction SilentlyContinue" + lineSeparator + "" + lineSeparator + "if (! $m) {" + lineSeparator + "    Write-Output 'VersionTooOld'" + lineSeparator + "    exit" + lineSeparator + StringSubstitutor.DEFAULT_VAR_END + lineSeparator + "" + lineSeparator + "$useSecureString = $m.Version -ge [version]'2.17.0'" + lineSeparator + "" + lineSeparator + "$params = @{" + lineSeparator + "    'WarningAction'='Ignore'" + lineSeparator + "    'ResourceUrl'='" + scopesToResource + "'" + lineSeparator + StringSubstitutor.DEFAULT_VAR_END + lineSeparator + "" + lineSeparator + "if ($useSecureString) {" + lineSeparator + "    $params['AsSecureString'] = $true" + lineSeparator + StringSubstitutor.DEFAULT_VAR_END + lineSeparator + "" + lineSeparator + "$token = Get-AzAccessToken @params" + lineSeparator + "$customToken = New-Object -TypeName psobject" + lineSeparator + "" + lineSeparator + "$customToken | Add-Member -MemberType NoteProperty -Name Token -Value ($useSecureString -eq $true ? (ConvertFrom-SecureString -AsPlainText $token.Token) : $token.Token)" + lineSeparator + "$customToken | Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn" + lineSeparator + "" + lineSeparator + "return $customToken | ConvertTo-Json").flatMap(str -> {
                    if (str.contains("VersionTooOld")) {
                        return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("Az.Account module with version >= 2.2.0 is not installed. It needs to be installed to use Azure PowerShell Credential.")));
                    }
                    if (str.contains("Run Connect-AzAccount to login")) {
                        return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("Run Connect-AzAccount to login to Azure account in PowerShell.")));
                    }
                    try {
                        JsonReader createReader = JsonProviders.createReader(str);
                        try {
                            createReader.nextToken();
                            Map readMap = createReader.readMap((v0) -> {
                                return v0.getString();
                            });
                            Mono just = Mono.just(new AccessToken((String) readMap.get("Token"), OffsetDateTime.parse((String) readMap.get("ExpiresOn")).withOffsetSameInstant(ZoneOffset.UTC)));
                            if (createReader != null) {
                                createReader.close();
                            }
                            return just;
                        } finally {
                        }
                    } catch (IOException e) {
                        return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("Encountered error when deserializing response from Azure Power Shell.", e)));
                    }
                });
            });
        } catch (IllegalArgumentException e) {
            throw LOGGER.logExceptionAsError(e);
        }
    }

    public Mono<AccessToken> authenticateWithConfidentialClient(TokenRequestContext tokenRequestContext) {
        return getConfidentialClientInstance(tokenRequestContext).getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(buildConfidentialClientParameters(tokenRequestContext).build());
            });
        }).map(MsalToken::new);
    }

    private SynchronizedAccessor<ConfidentialClientApplication> getConfidentialClientInstance(TokenRequestContext tokenRequestContext) {
        return tokenRequestContext.isCaeEnabled() ? this.confidentialClientApplicationAccessorWithCae : this.confidentialClientApplicationAccessor;
    }

    private ClientCredentialParameters.ClientCredentialParametersBuilder buildConfidentialClientParameters(TokenRequestContext tokenRequestContext) {
        ClientCredentialParameters.ClientCredentialParametersBuilder tenant = ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (this.clientAssertionSupplier != null) {
            tenant.clientCredential(ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplier.get()));
        } else if (this.clientAssertionSupplierWithHttpPipeline != null) {
            tenant.clientCredential(ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplierWithHttpPipeline.apply(getPipeline())));
        }
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            tenant.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        return tenant;
    }

    public Mono<AccessToken> authenticateWithManagedIdentityConfidentialClient(TokenRequestContext tokenRequestContext) {
        return this.managedIdentityConfidentialClientApplicationAccessor.getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options)).build());
            });
        }).onErrorMap(th -> {
            return new CredentialUnavailableException("Managed Identity authentication is not available.", th);
        }).map(MsalToken::new);
    }

    public Mono<AccessToken> authenticateWithManagedIdentityMsalClient(TokenRequestContext tokenRequestContext) {
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        return Mono.fromSupplier(() -> {
            return Boolean.valueOf(this.options.isChained() && ManagedIdentitySourceType.DEFAULT_TO_IMDS.equals(ManagedIdentityApplication.getManagedIdentitySource()));
        }).flatMap(bool -> {
            return bool.booleanValue() ? checkIMDSAvailable(getImdsEndpoint()) : Mono.just(true);
        }).flatMap(bool2 -> {
            return getTokenFromMsalMIClient(scopesToResource);
        });
    }

    private Mono<AccessToken> getTokenFromMsalMIClient(String str) {
        return this.managedIdentityMsalApplicationAccessor.getValue().flatMap(managedIdentityApplication -> {
            return Mono.fromFuture(() -> {
                try {
                    return managedIdentityApplication.acquireTokenForManagedIdentity(com.microsoft.aad.msal4j.ManagedIdentityParameters.builder(str).build());
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            });
        }).onErrorMap(th -> {
            return new CredentialUnavailableException("Managed Identity authentication is not available.", th);
        }).map(MsalToken::new);
    }

    public Mono<AccessToken> authenticateWithWorkloadIdentityConfidentialClient(TokenRequestContext tokenRequestContext) {
        return this.workloadIdentityConfidentialClientApplicationAccessor.getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options)).build());
            });
        }).onErrorMap(th -> {
            return new CredentialUnavailableException("Workload Identity authentication is not available.", th);
        }).map(MsalToken::new);
    }

    public Mono<MsalToken> authenticateWithUsernamePassword(TokenRequestContext tokenRequestContext, String str, String str2) {
        return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(buildUsernamePasswordFlowParameters(tokenRequestContext, str, str2).build());
            });
        }).onErrorMap(th -> {
            return new ClientAuthenticationException("Failed to acquire token with username and password. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/usernamepasswordcredential/troubleshoot", (HttpResponse) null, th);
        }).map(MsalToken::new);
    }

    public Mono<MsalToken> authenticateWithPublicClientCache(TokenRequestContext tokenRequestContext, IAccount iAccount) {
        return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return acquireTokenFromPublicClientSilently(tokenRequestContext, publicClientApplication, iAccount, false);
            }).map(MsalToken::new).filter(msalToken -> {
                return OffsetDateTime.now().isBefore(msalToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET));
            }).switchIfEmpty(Mono.fromFuture(() -> {
                return acquireTokenFromPublicClientSilently(tokenRequestContext, publicClientApplication, iAccount, true);
            }).map(MsalToken::new));
        });
    }

    private CompletableFuture<IAuthenticationResult> acquireTokenFromPublicClientSilently(TokenRequestContext tokenRequestContext, PublicClientApplication publicClientApplication, IAccount iAccount, boolean z) {
        SilentParameters.SilentParametersBuilder builder = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes()));
        if (z) {
            builder.forceRefresh(true);
        }
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            builder.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            builder.forceRefresh(true);
        }
        if (iAccount != null) {
            builder = builder.account(iAccount);
        }
        builder.tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        try {
            return publicClientApplication.acquireTokenSilently(builder.build());
        } catch (MalformedURLException e) {
            return getFailedCompletableFuture(LOGGER.logExceptionAsError(new RuntimeException(e)));
        }
    }

    private SynchronizedAccessor<PublicClientApplication> getPublicClientInstance(TokenRequestContext tokenRequestContext) {
        return tokenRequestContext.isCaeEnabled() ? this.publicClientApplicationAccessorWithCae : this.publicClientApplicationAccessor;
    }

    public Mono<AccessToken> authenticateWithConfidentialClientCache(TokenRequestContext tokenRequestContext) {
        return authenticateWithConfidentialClientCache(tokenRequestContext, null);
    }

    public Mono<AccessToken> authenticateWithConfidentialClientCache(TokenRequestContext tokenRequestContext, IAccount iAccount) {
        return getConfidentialClientInstance(tokenRequestContext).getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                SilentParameters.SilentParametersBuilder tenant = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
                if (iAccount != null) {
                    tenant.account(iAccount);
                }
                try {
                    return confidentialClientApplication.acquireTokenSilently(tenant.build());
                } catch (MalformedURLException e) {
                    return getFailedCompletableFuture(LOGGER.logExceptionAsError(new RuntimeException(e)));
                }
            }).map(iAuthenticationResult -> {
                return new MsalToken(iAuthenticationResult);
            }).filter(msalToken -> {
                return OffsetDateTime.now().isBefore(msalToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET));
            });
        });
    }

    public Mono<MsalToken> authenticateWithDeviceCode(TokenRequestContext tokenRequestContext, Consumer<DeviceCodeInfo> consumer) {
        return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(buildDeviceCodeFlowParameters(tokenRequestContext, consumer).build());
            }).onErrorMap(th -> {
                return new ClientAuthenticationException("Failed to acquire token with device code.", (HttpResponse) null, th);
            }).map(MsalToken::new);
        });
    }

    public Mono<MsalToken> authenticateWithVsCodeCredential(TokenRequestContext tokenRequestContext, String str) {
        if (isADFSTenant()) {
            return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("VsCodeCredential  authentication unavailable. ADFS tenant/authorities are not supported. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/vscodecredential/troubleshoot")));
        }
        try {
            RefreshTokenParameters.RefreshTokenParametersBuilder builder = RefreshTokenParameters.builder(new HashSet(tokenRequestContext.getScopes()), new VisualStudioCacheAccessor().getCredentials("VS Code Azure", str));
            if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
                builder.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
            }
            return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
                return Mono.fromFuture(publicClientApplication.acquireToken(builder.build())).onErrorResume(th -> {
                    return th instanceof MsalInteractionRequiredException ? Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("Failed to acquire token with VS code credential. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/vscodecredential/troubleshoot", th))) : Mono.error(new ClientAuthenticationException("Failed to acquire token with VS code credential", (HttpResponse) null, th));
                }).map(MsalToken::new);
            });
        } catch (CredentialUnavailableException e) {
            return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, e));
        }
    }

    public Mono<MsalToken> authenticateWithAuthorizationCode(TokenRequestContext tokenRequestContext, String str, URI uri) {
        AuthorizationCodeParameters.AuthorizationCodeParametersBuilder tenant = AuthorizationCodeParameters.builder(str, uri).scopes(new HashSet(tokenRequestContext.getScopes())).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.getClaims() != null) {
            tenant.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        return (this.clientSecret != null ? getConfidentialClientInstance(tokenRequestContext).getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(tenant.build());
            });
        }) : getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(tenant.build());
            });
        })).onErrorMap(th -> {
            return new ClientAuthenticationException("Failed to acquire token with authorization code", (HttpResponse) null, th);
        }).map(MsalToken::new);
    }

    public Mono<MsalToken> authenticateWithBrowserInteraction(TokenRequestContext tokenRequestContext, Integer num, String str, String str2) {
        try {
            URI uri = new URI(num != null ? "http://localhost:" + num : str != null ? str : "http://localhost");
            return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
                return (this.options.isBrokerEnabled() && this.options.useDefaultBrokerAccount()) ? Mono.fromFuture(() -> {
                    return acquireTokenFromPublicClientSilently(tokenRequestContext, publicClientApplication, null, false);
                }).onErrorResume(th -> {
                    return Mono.empty();
                }) : Mono.empty();
            }).switchIfEmpty(Mono.defer(() -> {
                InteractiveRequestParameters.InteractiveRequestParametersBuilder buildInteractiveRequestParameters = buildInteractiveRequestParameters(tokenRequestContext, str2, uri);
                return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication2 -> {
                    return Mono.fromFuture(() -> {
                        return publicClientApplication2.acquireToken(buildInteractiveRequestParameters.build());
                    });
                });
            })).onErrorMap(th -> {
                return !(th instanceof ClientAuthenticationException);
            }, th2 -> {
                throw new ClientAuthenticationException("Failed to acquire token with Interactive Browser Authentication.", (HttpResponse) null, th2);
            }).map(iAuthenticationResult -> {
                return (!this.options.isBrokerEnabled() || tokenRequestContext.getProofOfPossessionOptions() == null) ? new MsalToken(iAuthenticationResult) : new MsalToken(iAuthenticationResult, "PoP");
            });
        } catch (URISyntaxException e) {
            return Mono.error(LOGGER.logExceptionAsError(new RuntimeException(e)));
        }
    }

    public Mono<MsalToken> authenticateWithSharedTokenCache(TokenRequestContext tokenRequestContext, String str) {
        return getPublicClientInstance(tokenRequestContext).getValue().flatMap(publicClientApplication -> {
            Objects.requireNonNull(publicClientApplication);
            return Mono.fromFuture(publicClientApplication::getAccounts);
        }).onErrorMap(th -> {
            return new CredentialUnavailableException("Cannot get accounts from token cache. Error: " + th.getMessage(), th);
        }).flatMap(set -> {
            HashMap hashMap = new HashMap();
            if (set.isEmpty()) {
                return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.")));
            }
            Iterator it = set.iterator();
            while (it.hasNext()) {
                IAccount iAccount = (IAccount) it.next();
                if (str == null || str.equals(iAccount.username())) {
                    hashMap.putIfAbsent(iAccount.homeAccountId(), iAccount);
                }
            }
            return hashMap.isEmpty() ? Mono.error(new RuntimeException(String.format("SharedTokenCacheCredential authentication unavailable. No account matching the specified username: %s was found in the cache.", str))) : hashMap.size() > 1 ? str == null ? Mono.error(new RuntimeException("SharedTokenCacheCredential authentication unavailable. Multiple accounts were found in the cache. Use username and tenant id to disambiguate.")) : Mono.error(new RuntimeException(String.format("SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified username: %s were found in the cache.", str))) : authenticateWithPublicClientCache(tokenRequestContext, (IAccount) hashMap.values().iterator().next());
        });
    }

    private Mono<AccessToken> authenticateToArcManagedIdentityEndpoint(String str, TokenRequestContext tokenRequestContext) {
        return Mono.fromCallable(() -> {
            String str2;
            String headerField;
            HttpURLConnection httpURLConnection = null;
            URL url = getUrl(str + "?resource=" + urlEncode(ScopeUtil.scopesToResource(tokenRequestContext.getScopes())) + "&api-version=2019-11-01");
            try {
                try {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setRequestMethod("GET");
                    httpURLConnection.setRequestProperty("Metadata", BooleanUtils.TRUE);
                    httpURLConnection.setRequestProperty("User-Agent", this.userAgent);
                    httpURLConnection.connect();
                    headerField = httpURLConnection.getHeaderField("WWW-Authenticate");
                } catch (IOException e) {
                    if (httpURLConnection == null) {
                        throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Failed to initialize Http URL connection to the endpoint.", (HttpResponse) null, (Throwable) e));
                    }
                    int responseCode = httpURLConnection.getResponseCode();
                    if (responseCode != 401) {
                        throw LOGGER.logExceptionAsError(new ClientAuthenticationException(String.format("Expected a 401 Unauthorized response from Azure Arc Managed Identity Endpoint, received: %d", Integer.valueOf(responseCode)), (HttpResponse) null, (Throwable) e));
                    }
                    String headerField2 = httpURLConnection.getHeaderField("WWW-Authenticate");
                    if (headerField2 == null) {
                        throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                    }
                    int indexOf = headerField2.indexOf("=");
                    if (indexOf == -1) {
                        throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a correct value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                    }
                    str2 = new String(Files.readAllBytes(ValidationUtil.validateSecretFile(new File(headerField2.substring(indexOf + 1)), LOGGER)), StandardCharsets.UTF_8);
                    if (str2 == null) {
                        throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a secret value in the response from Azure Arc Managed Identity Endpoint", null));
                    }
                }
                if (headerField == null) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                }
                int indexOf2 = headerField.indexOf("=");
                if (indexOf2 == -1) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a correct value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                }
                str2 = new String(Files.readAllBytes(ValidationUtil.validateSecretFile(new File(headerField.substring(indexOf2 + 1)), LOGGER)), StandardCharsets.UTF_8);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                if (str2 == null) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a secret value in the response from Azure Arc Managed Identity Endpoint", null));
                }
                try {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setRequestMethod("GET");
                    httpURLConnection.setRequestProperty("Authorization", "Basic " + str2);
                    httpURLConnection.setRequestProperty("Metadata", BooleanUtils.TRUE);
                    httpURLConnection.connect();
                    MSIToken fromJson = MSIToken.fromJson(JsonProviders.createReader(httpURLConnection.getInputStream()));
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return fromJson;
                } finally {
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                }
            } catch (Throwable th) {
                String headerField3 = httpURLConnection.getHeaderField("WWW-Authenticate");
                if (headerField3 == null) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                }
                int indexOf3 = headerField3.indexOf("=");
                if (indexOf3 == -1) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a correct value for WWW-Authenticate header in the response from Azure Arc Managed Identity Endpoint", null));
                }
                String str3 = new String(Files.readAllBytes(ValidationUtil.validateSecretFile(new File(headerField3.substring(indexOf3 + 1)), LOGGER)), StandardCharsets.UTF_8);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                if (str3 == null) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Did not receive a secret value in the response from Azure Arc Managed Identity Endpoint", null));
                }
                throw th;
            }
        });
    }

    public Mono<AccessToken> authenticateWithExchangeToken(TokenRequestContext tokenRequestContext) {
        return this.clientAssertionAccessor.getValue().flatMap(str -> {
            return Mono.fromCallable(() -> {
                return authenticateWithExchangeTokenHelper(tokenRequestContext, str);
            });
        });
    }

    private Mono<AccessToken> authenticateToServiceFabricManagedIdentityEndpoint(String str, String str2, String str3, TokenRequestContext tokenRequestContext) {
        return Mono.fromCallable(() -> {
            HttpsURLConnection httpsURLConnection = null;
            String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
            StringBuilder append = new StringBuilder(1024).append(str);
            append.append("?resource=");
            append.append(urlEncode(scopesToResource));
            append.append("&api-version=");
            append.append("2019-07-01-preview");
            if (this.clientId != null) {
                LOGGER.warning("User assigned managed identities are not supported in the Service Fabric environment.");
                append.append("&client_id=");
                append.append(urlEncode(this.clientId));
            }
            if (this.resourceId != null) {
                LOGGER.warning("User assigned managed identities are not supported in the Service Fabric environment.");
                append.append("&mi_res_id=");
                append.append(urlEncode(this.resourceId));
            }
            if (this.objectId != null) {
                LOGGER.warning("User-assigned managed identities are not supported in the Service Fabric environment.");
                append.append("&object_id=");
                append.append(urlEncode(this.objectId));
            }
            try {
                httpsURLConnection = (HttpsURLConnection) getUrl(append.toString()).openConnection();
                IdentitySslUtil.addTrustedCertificateThumbprint(httpsURLConnection, str3, LOGGER);
                httpsURLConnection.setRequestMethod("GET");
                if (str2 != null) {
                    httpsURLConnection.setRequestProperty("Secret", str2);
                }
                httpsURLConnection.setRequestProperty("Metadata", BooleanUtils.TRUE);
                httpsURLConnection.setRequestProperty("User-Agent", this.userAgent);
                httpsURLConnection.connect();
                MSIToken fromJson = MSIToken.fromJson(JsonProviders.createReader(httpsURLConnection.getInputStream()));
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                return fromJson;
            } catch (Throwable th) {
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                throw th;
            }
        });
    }

    public Mono<AccessToken> authenticateToManagedIdentityEndpoint(String str, String str2, String str3, String str4, TokenRequestContext tokenRequestContext) {
        return Mono.fromCallable(() -> {
            String str5;
            String str6;
            String str7;
            if (str != null) {
                str5 = str;
                str6 = str2;
                str7 = "2019-08-01";
            } else {
                str5 = str3;
                str6 = str4;
                str7 = "2017-09-01";
            }
            String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
            HttpURLConnection httpURLConnection = null;
            StringBuilder append = new StringBuilder(1024).append(str5);
            append.append("?resource=");
            append.append(urlEncode(scopesToResource));
            append.append("&api-version=");
            append.append(URLEncoder.encode(str7, StandardCharsets.UTF_8.name()));
            if (this.clientId != null) {
                if (str7.equals("2019-08-01")) {
                    append.append("&client_id=");
                } else {
                    if (str6 == null) {
                        LOGGER.warning("User assigned managed identities are not supported in the Cloud Shell environment.");
                    }
                    append.append("&clientid=");
                }
                append.append(urlEncode(this.clientId));
            }
            if (this.resourceId != null) {
                if (str7.equals("2017-09-01") && str6 == null) {
                    LOGGER.warning("User assigned managed identities are not supported in the Cloud Shell environment.");
                }
                append.append("&mi_res_id=");
                append.append(urlEncode(this.resourceId));
            }
            if (this.objectId != null) {
                if (str7.equals("2017-09-01") && str6 == null) {
                    LOGGER.warning("User-assigned managed identities are not supported in the Cloud Shell environment.");
                }
                append.append("&object_id=");
                append.append(urlEncode(this.objectId));
            }
            try {
                httpURLConnection = (HttpURLConnection) getUrl(append.toString()).openConnection();
                httpURLConnection.setRequestMethod("GET");
                if (str6 != null) {
                    if ("2019-08-01".equals(str7)) {
                        httpURLConnection.setRequestProperty("X-IDENTITY-HEADER", str6);
                    } else {
                        httpURLConnection.setRequestProperty("Secret", str6);
                    }
                }
                httpURLConnection.setRequestProperty("Metadata", BooleanUtils.TRUE);
                httpURLConnection.setRequestProperty("User-Agent", this.userAgent);
                httpURLConnection.connect();
                MSIToken fromJson = MSIToken.fromJson(JsonProviders.createReader(httpURLConnection.getInputStream()));
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return fromJson;
            } catch (Throwable th) {
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        });
    }

    public Mono<AccessToken> authenticateToIMDSEndpoint(TokenRequestContext tokenRequestContext) {
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        StringBuilder sb = new StringBuilder();
        try {
            sb.append("api-version=2018-02-01");
            sb.append("&resource=");
            sb.append(urlEncode(scopesToResource));
            if (this.clientId != null) {
                sb.append("&client_id=");
                sb.append(urlEncode(this.clientId));
            }
            if (this.resourceId != null) {
                sb.append("&mi_res_id=");
                sb.append(urlEncode(this.resourceId));
            }
            if (this.objectId != null) {
                sb.append("&object_Id=");
                sb.append(urlEncode(this.objectId));
            }
            String imdsEndpoint = getImdsEndpoint();
            return checkIMDSAvailable(imdsEndpoint).flatMap(bool -> {
                return Mono.fromCallable(() -> {
                    int i = 1;
                    while (true) {
                        if (i > this.options.getMaxRetry()) {
                            break;
                        }
                        URL url = null;
                        HttpURLConnection httpURLConnection = null;
                        try {
                            try {
                                url = getUrl(imdsEndpoint + "?" + ((Object) sb));
                                httpURLConnection = (HttpURLConnection) url.openConnection();
                                httpURLConnection.setRequestMethod("GET");
                                httpURLConnection.setRequestProperty("Metadata", BooleanUtils.TRUE);
                                httpURLConnection.setRequestProperty("User-Agent", this.userAgent);
                                httpURLConnection.connect();
                                MSIToken fromJson = MSIToken.fromJson(JsonProviders.createReader(httpURLConnection.getInputStream()));
                                if (httpURLConnection != null) {
                                    httpURLConnection.disconnect();
                                }
                                return fromJson;
                            } catch (IOException e) {
                                if (httpURLConnection == null) {
                                    throw LOGGER.logExceptionAsError(new RuntimeException("Could not connect to the url: " + url + ".", e));
                                }
                                try {
                                    int responseCode = httpURLConnection.getResponseCode();
                                    if (responseCode == 400) {
                                        throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established.", e));
                                    }
                                    if (responseCode == 403 && httpURLConnection.getResponseMessage().contains("A socket operation was attempted to an unreachable network")) {
                                        throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("Managed Identity response was not in the expected format. See the inner exception for details.", new Exception(httpURLConnection.getResponseMessage())));
                                    }
                                    if (responseCode != 410 && responseCode != 429 && responseCode != 404 && (responseCode < 500 || responseCode > 599)) {
                                        throw LOGGER.logExceptionAsError(new RuntimeException("Couldn't acquire access token from IMDS, verify your objectId, clientId or msiResourceId", e));
                                    }
                                    int retryTimeoutInMs = getRetryTimeoutInMs(i);
                                    int i2 = (responseCode != 410 || retryTimeoutInMs >= 70000) ? retryTimeoutInMs : 70000;
                                    i++;
                                    if (i > this.options.getMaxRetry()) {
                                        if (httpURLConnection != null) {
                                            httpURLConnection.disconnect();
                                        }
                                        throw LOGGER.logExceptionAsError(new RuntimeException(String.format("MSI: Failed to acquire tokens after retrying %s times", Integer.valueOf(this.options.getMaxRetry()))));
                                    }
                                    sleep(i2);
                                    if (httpURLConnection != null) {
                                        httpURLConnection.disconnect();
                                    }
                                } catch (Exception e2) {
                                    throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, " + e2.getMessage() + ".", e2));
                                }
                            }
                        } catch (Throwable th) {
                            if (httpURLConnection != null) {
                                httpURLConnection.disconnect();
                            }
                            throw th;
                        }
                    }
                });
            });
        } catch (IOException e) {
            return Mono.error(e);
        }
    }

    private String getImdsEndpoint() {
        return TRAILING_FORWARD_SLASHES.matcher(this.options.getImdsAuthorityHost()).replaceAll("") + IdentityConstants.DEFAULT_IMDS_TOKENPATH;
    }

    int getRetryTimeoutInMs(int i) {
        return (int) this.options.getRetryTimeout().apply(Duration.ofSeconds(i)).toMillis();
    }

    private Mono<Boolean> checkIMDSAvailable(String str) {
        return Mono.fromCallable(() -> {
            HttpURLConnection httpURLConnection = null;
            try {
                try {
                    httpURLConnection = (HttpURLConnection) getUrl(str + "?api-version=2018-02-01").openConnection();
                    httpURLConnection.setRequestMethod("GET");
                    httpURLConnection.setConnectTimeout(1000);
                    httpURLConnection.connect();
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return true;
                } catch (Exception e) {
                    throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, " + e.getMessage() + ".", e));
                }
            } catch (Throwable th) {
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        });
    }

    private static void sleep(int i) {
        try {
            Thread.sleep(i);
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    private static Proxy proxyOptionsToJavaNetProxy(ProxyOptions proxyOptions) {
        switch (proxyOptions.getType()) {
            case SOCKS4:
            case SOCKS5:
                return new Proxy(Proxy.Type.SOCKS, proxyOptions.getAddress());
            case HTTP:
            default:
                return new Proxy(Proxy.Type.HTTP, proxyOptions.getAddress());
        }
    }

    void openUrl(String str) throws IOException {
        Runtime runtime = Runtime.getRuntime();
        String lowerCase = System.getProperty(SystemProperties.OS_NAME).toLowerCase(Locale.ROOT);
        if (lowerCase.contains("win")) {
            runtime.exec("rundll32 url.dll,FileProtocolHandler " + str);
            return;
        }
        if (lowerCase.contains("mac")) {
            runtime.exec("open " + str);
        } else if (lowerCase.contains("nix") || lowerCase.contains("nux")) {
            runtime.exec("xdg-open " + str);
        } else {
            LOGGER.error("Browser could not be opened - please open {} in a browser on this device.", str);
        }
    }

    private CompletableFuture<IAuthenticationResult> getFailedCompletableFuture(Exception exc) {
        CompletableFuture<IAuthenticationResult> completableFuture = new CompletableFuture<>();
        completableFuture.completeExceptionally(exc);
        return completableFuture;
    }

    public IdentityClientOptions getIdentityClientOptions() {
        return this.options;
    }

    private boolean isADFSTenant() {
        return "adfs".equals(this.tenantId);
    }

    @Override // com.azure.identity.implementation.IdentityClientBase
    Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> getWorkloadIdentityTokenProvider() {
        return appTokenProviderParameters -> {
            TokenRequestContext tenantId = new TokenRequestContext().setScopes(new ArrayList(appTokenProviderParameters.scopes)).setClaims(appTokenProviderParameters.claims).setTenantId(appTokenProviderParameters.tenantId);
            return authenticateWithExchangeToken(tenantId).map(accessToken -> {
                TokenProviderResult tokenProviderResult = new TokenProviderResult();
                tokenProviderResult.setAccessToken(accessToken.getToken());
                tokenProviderResult.setTenantId(tenantId.getTenantId());
                tokenProviderResult.setExpiresInSeconds(accessToken.getExpiresAt().toEpochSecond());
                return tokenProviderResult;
            }).toFuture();
        };
    }
}
