package com.microsoft.aad.msal4j;

import com.microsoft.aad.msal4j.AuthorizationRequestUrlParameters;
import java.net.InetAddress;
import java.net.URI;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.atomic.AtomicReference;
import lombok.Generated;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:inst/com/microsoft/aad/msal4j/InteractiveRequest.classdata */
public class InteractiveRequest extends MsalRequest {
    private AtomicReference<CompletableFuture<IAuthenticationResult>> futureReference;
    private InteractiveRequestParameters interactiveRequestParameters;
    private String verifier;
    private String state;
    private PublicClientApplication publicClientApplication;
    private URL authorizationUrl;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InteractiveRequest(InteractiveRequestParameters interactiveRequestParameters, AtomicReference<CompletableFuture<IAuthenticationResult>> atomicReference, PublicClientApplication publicClientApplication, RequestContext requestContext) {
        super(publicClientApplication, (AbstractMsalAuthorizationGrant) null, requestContext);
        this.interactiveRequestParameters = interactiveRequestParameters;
        this.futureReference = atomicReference;
        this.publicClientApplication = publicClientApplication;
        validateRedirectUrl(interactiveRequestParameters.redirectUri());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URL authorizationUrl() {
        if (this.authorizationUrl == null) {
            this.authorizationUrl = createAuthorizationUrl();
        }
        return this.authorizationUrl;
    }

    private void validateRedirectUrl(URI uri) {
        String host = uri.getHost();
        String scheme = uri.getScheme();
        if (scheme == null || !scheme.equals("http")) {
            throw new MsalClientException(String.format("Only http://localhost or http://localhost:port is supported for the redirect URI of an interactive request using a browser, but \"%s\" was found. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", scheme), AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
        }
        try {
            InetAddress byName = InetAddress.getByName(host);
            if (byName == null || !byName.isLoopbackAddress()) {
                throw new MsalClientException("Only loopback redirect URI is supported for interactive requests. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
            }
        } catch (UnknownHostException e) {
            throw new MsalClientException(String.format("Unknown host exception for host \"%s\". For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", host), AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
        }
    }

    private URL createAuthorizationUrl() {
        AuthorizationRequestUrlParameters.Builder extraQueryParameters = AuthorizationRequestUrlParameters.builder(this.interactiveRequestParameters.redirectUri().toString(), this.interactiveRequestParameters.scopes()).prompt(this.interactiveRequestParameters.prompt()).claimsChallenge(this.interactiveRequestParameters.claimsChallenge()).loginHint(this.interactiveRequestParameters.loginHint()).domainHint(this.interactiveRequestParameters.domainHint()).correlationId(this.publicClientApplication.correlationId()).instanceAware(this.interactiveRequestParameters.instanceAware()).extraQueryParameters(this.interactiveRequestParameters.extraQueryParameters());
        addPkceAndState(extraQueryParameters);
        return this.publicClientApplication.getAuthorizationRequestUrl(extraQueryParameters.build());
    }

    private void addPkceAndState(AuthorizationRequestUrlParameters.Builder builder) {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        this.verifier = Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
        this.state = UUID.randomUUID().toString() + UUID.randomUUID().toString();
        builder.codeChallenge(StringHelper.createBase64EncodedSha256Hash(this.verifier)).codeChallengeMethod("S256").state(this.state);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Generated
    public AtomicReference<CompletableFuture<IAuthenticationResult>> futureReference() {
        return this.futureReference;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Generated
    public InteractiveRequestParameters interactiveRequestParameters() {
        return this.interactiveRequestParameters;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Generated
    public String verifier() {
        return this.verifier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Generated
    public String state() {
        return this.state;
    }
}
