package com.azure.identity.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.ProofOfPossessionOptions;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.http.HttpHeader;
import com.azure.core.http.HttpHeaders;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.HttpPipelineBuilder;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.ProxyOptions;
import com.azure.core.http.policy.AddHeadersPolicy;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.http.policy.HttpLoggingPolicy;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.http.policy.HttpPolicyProviders;
import com.azure.core.http.policy.RetryPolicy;
import com.azure.core.http.policy.UserAgentPolicy;
import com.azure.core.util.ClientOptions;
import com.azure.core.util.Configuration;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.SharedExecutorService;
import com.azure.core.util.UserAgentUtil;
import com.azure.core.util.builder.ClientBuilderUtil;
import com.azure.core.util.logging.ClientLogger;
import com.azure.core.util.logging.LogLevel;
import com.azure.identity.BrowserCustomizationOptions;
import com.azure.identity.CredentialUnavailableException;
import com.azure.identity.DeviceCodeInfo;
import com.azure.identity.TokenCachePersistenceOptions;
import com.azure.identity.implementation.util.CertificateUtil;
import com.azure.identity.implementation.util.IdentityUtil;
import com.azure.identity.implementation.util.LoggingUtil;
import com.azure.json.JsonProviders;
import com.microsoft.aad.msal4j.AppTokenProviderParameters;
import com.microsoft.aad.msal4j.ClaimsRequest;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.DeviceCodeFlowParameters;
import com.microsoft.aad.msal4j.HttpMethod;
import com.microsoft.aad.msal4j.IBroker;
import com.microsoft.aad.msal4j.IClientSecret;
import com.microsoft.aad.msal4j.InteractiveRequestParameters;
import com.microsoft.aad.msal4j.ManagedIdentityApplication;
import com.microsoft.aad.msal4j.ManagedIdentityId;
import com.microsoft.aad.msal4j.ManagedIdentitySourceType;
import com.microsoft.aad.msal4j.OnBehalfOfParameters;
import com.microsoft.aad.msal4j.Prompt;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.SystemBrowserOptions;
import com.microsoft.aad.msal4j.TokenProviderResult;
import com.microsoft.aad.msal4j.UserNamePasswordParameters;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/identity/implementation/IdentityClientBase.class */
public abstract class IdentityClientBase {
    static final String WINDOWS_STARTER = "cmd.exe";
    static final String LINUX_MAC_STARTER = "/bin/sh";
    static final String WINDOWS_SWITCHER = "/c";
    static final String LINUX_MAC_SWITCHER = "-c";
    static final String DEFAULT_MAC_LINUX_PATH = "/bin/";
    static final String IDENTITY_ENDPOINT_VERSION = "2019-08-01";
    static final String MSI_ENDPOINT_VERSION = "2017-09-01";
    static final String ARC_MANAGED_IDENTITY_ENDPOINT_API_VERSION = "2019-11-01";
    static final String ADFS_TENANT = "adfs";
    static final String HTTP_LOCALHOST = "http://localhost";
    static final String SERVICE_FABRIC_MANAGED_IDENTITY_API_VERSION = "2019-07-01-preview";
    private static final String AZURE_IDENTITY_PROPERTIES = "azure-identity.properties";
    private static final String SDK_NAME = "name";
    private static final String SDK_VERSION = "version";
    final IdentityClientOptions options;
    final String tenantId;
    final String clientId;
    final String resourceId;
    final String objectId;
    final String clientSecret;
    final String clientAssertionFilePath;
    final byte[] certificate;
    final String certificatePath;
    final Supplier<String> clientAssertionSupplier;
    final Function<HttpPipeline, String> clientAssertionSupplierWithHttpPipeline;
    final String certificatePassword;
    HttpPipelineAdapter httpPipelineAdapter;
    private Class<?> interactiveBrowserBroker;
    private Method getMsalRuntimeBroker;
    HttpPipeline httpPipeline;
    static final Pattern WINDOWS_PROCESS_ERROR_MESSAGE = Pattern.compile("'azd?' is not recognized");
    static final Pattern SH_PROCESS_ERROR_MESSAGE = Pattern.compile("azd?:.*not found");
    static final Duration REFRESH_OFFSET = Duration.ofMinutes(5);
    static final ClientLogger LOGGER = new ClientLogger(IdentityClient.class);
    static final Pattern ACCESS_TOKEN_PATTERN = Pattern.compile("\"accessToken\": \"(.*?)(\"|$)");
    static final Pattern TRAILING_FORWARD_SLASHES = Pattern.compile("/+$");
    private static final ClientOptions DEFAULT_CLIENT_OPTIONS = new ClientOptions();
    private static final Map<String, HttpMethod> HTTP_METHOD_HASH_MAP = new HashMap(8);
    private final Map<String, String> properties = CoreUtils.getProperties(AZURE_IDENTITY_PROPERTIES);
    String userAgent = "azsdk-java";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.azure.identity.implementation.IdentityClientBase$1, reason: invalid class name */
    /* loaded from: input_file:com/azure/identity/implementation/IdentityClientBase$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$azure$core$http$ProxyOptions$Type = new int[ProxyOptions.Type.values().length];

        static {
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.SOCKS4.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.SOCKS5.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.HTTP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityClientBase(String str, String str2, String str3, String str4, String str5, String str6, String str7, Supplier<String> supplier, Function<HttpPipeline, String> function, byte[] bArr, String str8, boolean z, Duration duration, IdentityClientOptions identityClientOptions) {
        if (str == null) {
            str = IdentityUtil.DEFAULT_TENANT;
            identityClientOptions.setAdditionallyAllowedTenants(Collections.singletonList(IdentityUtil.ALL_TENANTS));
        }
        identityClientOptions = identityClientOptions == null ? new IdentityClientOptions() : identityClientOptions;
        this.tenantId = str;
        this.clientId = str2;
        this.objectId = str7;
        this.resourceId = str6;
        this.clientSecret = str3;
        this.clientAssertionFilePath = str5;
        this.certificatePath = str4;
        this.certificate = bArr;
        this.certificatePassword = str8;
        this.clientAssertionSupplier = supplier;
        this.clientAssertionSupplierWithHttpPipeline = function;
        this.options = identityClientOptions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfidentialClientApplication getConfidentialClient(boolean z) {
        IClientSecret createFromCertificate;
        if (this.clientId == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        String str = TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId;
        if (this.clientSecret != null) {
            createFromCertificate = ClientCredentialFactory.createFromSecret(this.clientSecret);
        } else if (this.certificate != null || this.certificatePath != null) {
            try {
                byte[] certificateBytes = getCertificateBytes();
                if (CertificateUtil.isPem(certificateBytes)) {
                    List<X509Certificate> publicKeyFromPem = CertificateUtil.publicKeyFromPem(certificateBytes);
                    PrivateKey privateKeyFromPem = CertificateUtil.privateKeyFromPem(certificateBytes);
                    createFromCertificate = publicKeyFromPem.size() == 1 ? ClientCredentialFactory.createFromCertificate(privateKeyFromPem, publicKeyFromPem.get(0)) : ClientCredentialFactory.createFromCertificateChain(privateKeyFromPem, publicKeyFromPem);
                } else {
                    InputStream certificateInputStream = getCertificateInputStream();
                    try {
                        createFromCertificate = ClientCredentialFactory.createFromCertificate(certificateInputStream, this.certificatePassword);
                        if (certificateInputStream != null) {
                            certificateInputStream.close();
                        }
                    } finally {
                    }
                }
            } catch (IOException | GeneralSecurityException e) {
                throw LOGGER.logExceptionAsError(new RuntimeException("Failed to parse the certificate for the credential: " + e.getMessage(), e));
            }
        } else if (this.clientAssertionSupplier != null) {
            createFromCertificate = ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplier.get());
        } else {
            if (this.clientAssertionSupplierWithHttpPipeline == null) {
                throw LOGGER.logExceptionAsError(new IllegalArgumentException("Must provide client secret or client certificate path. To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/serviceprincipalauthentication/troubleshoot"));
            }
            createFromCertificate = ClientCredentialFactory.createFromClientAssertion(this.clientAssertionSupplierWithHttpPipeline.apply(getPipeline()));
        }
        try {
            ConfidentialClientApplication.Builder instanceDiscovery = ConfidentialClientApplication.builder(this.clientId, createFromCertificate).logPii(this.options.isUnsafeSupportLoggingEnabled()).authority(str).instanceDiscovery(this.options.isInstanceDiscoveryEnabled());
            if (!this.options.isInstanceDiscoveryEnabled()) {
                LOGGER.log(LogLevel.VERBOSE, () -> {
                    return "Instance discovery and authority validation is disabled. In this state, the library will not fetch metadata to validate the specified authority host. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.";
                });
            }
            if (z) {
                HashSet hashSet = new HashSet(1);
                hashSet.add("CP1");
                instanceDiscovery.clientCapabilities(hashSet);
            }
            instanceDiscovery.sendX5c(this.options.isIncludeX5c());
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                instanceDiscovery.httpClient(this.httpPipelineAdapter);
            } else {
                instanceDiscovery.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                instanceDiscovery.executorService(this.options.getExecutorService());
            } else {
                instanceDiscovery.executorService(SharedExecutorService.getInstance());
            }
            TokenCachePersistenceOptions tokenCacheOptions = this.options.getTokenCacheOptions();
            PersistentTokenCacheImpl persistentTokenCacheImpl = null;
            if (tokenCacheOptions != null) {
                try {
                    persistentTokenCacheImpl = new PersistentTokenCacheImpl(z).setAllowUnencryptedStorage(tokenCacheOptions.isUnencryptedStorageAllowed()).setName(tokenCacheOptions.getName());
                    instanceDiscovery.setTokenCacheAccessAspect(persistentTokenCacheImpl);
                } catch (Throwable th) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            if (this.options.getRegionalAuthority() != null) {
                if (this.options.getRegionalAuthority() == RegionalAuthority.AUTO_DISCOVER_REGION) {
                    instanceDiscovery.autoDetectRegion(true);
                } else {
                    instanceDiscovery.azureRegion(this.options.getRegionalAuthority().toString());
                }
            }
            ConfidentialClientApplication build = instanceDiscovery.build();
            if (persistentTokenCacheImpl != null) {
                persistentTokenCacheImpl.registerCache();
            }
            return build;
        } catch (MalformedURLException e2) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e2));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicClientApplication getPublicClient(boolean z, boolean z2) {
        if (this.clientId == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        try {
            PublicClientApplication.Builder instanceDiscovery = PublicClientApplication.builder(this.clientId).logPii(this.options.isUnsafeSupportLoggingEnabled()).authority(TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId).instanceDiscovery(this.options.isInstanceDiscoveryEnabled());
            if (!this.options.isInstanceDiscoveryEnabled()) {
                LOGGER.log(LogLevel.VERBOSE, () -> {
                    return "Instance discovery and authority validation is disabled. In this state, the library will not fetch metadata to validate the specified authority host. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.";
                });
            }
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                instanceDiscovery.httpClient(this.httpPipelineAdapter);
            } else {
                instanceDiscovery.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                instanceDiscovery.executorService(this.options.getExecutorService());
            } else {
                instanceDiscovery.executorService(SharedExecutorService.getInstance());
            }
            if (z2) {
                HashSet hashSet = new HashSet(1);
                hashSet.add("CP1");
                instanceDiscovery.clientCapabilities(hashSet);
            }
            if (this.options.isBrokerEnabled()) {
                if (this.interactiveBrowserBroker == null) {
                    try {
                        this.interactiveBrowserBroker = Class.forName("com.azure.identity.broker.implementation.InteractiveBrowserBroker");
                        this.getMsalRuntimeBroker = null;
                        try {
                            this.getMsalRuntimeBroker = this.interactiveBrowserBroker.getMethod("getMsalRuntimeBroker", new Class[0]);
                        } catch (NoSuchMethodException e) {
                            throw LOGGER.logExceptionAsError(new IllegalStateException("Could not obtain the InteractiveBrowserBroker. Ensure that the azure-identity-broker library is on the classpath.", e));
                        }
                    } catch (ClassNotFoundException e2) {
                        throw LOGGER.logExceptionAsError(new IllegalStateException("Could not load the brokered authentication library. Ensure that the azure-identity-broker library is on the classpath.", e2));
                    }
                }
                try {
                    if (this.getMsalRuntimeBroker == null) {
                        throw LOGGER.logExceptionAsError(new IllegalStateException("Could not obtain the MSAL Broker. Ensure that the azure-identity-broker library is on the classpath.", null));
                    }
                    instanceDiscovery.broker((IBroker) this.getMsalRuntimeBroker.invoke(null, new Object[0]));
                } catch (IllegalAccessException | InvocationTargetException e3) {
                    throw LOGGER.logExceptionAsError(new IllegalStateException("Could not invoke the MSAL Broker. Ensure that the azure-identity-broker library is on the classpath.", e3));
                }
            }
            TokenCachePersistenceOptions tokenCacheOptions = this.options.getTokenCacheOptions();
            PersistentTokenCacheImpl persistentTokenCacheImpl = null;
            if (tokenCacheOptions != null) {
                try {
                    persistentTokenCacheImpl = new PersistentTokenCacheImpl(z2).setAllowUnencryptedStorage(tokenCacheOptions.isUnencryptedStorageAllowed()).setName(tokenCacheOptions.getName());
                    instanceDiscovery.setTokenCacheAccessAspect(persistentTokenCacheImpl);
                } catch (Throwable th) {
                    throw LOGGER.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            PublicClientApplication build = instanceDiscovery.build();
            if (persistentTokenCacheImpl != null) {
                persistentTokenCacheImpl.registerCache();
            }
            return build;
        } catch (MalformedURLException e4) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e4));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfidentialClientApplication getManagedIdentityConfidentialClient() {
        String str = TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId;
        ConfidentialClientApplication.Builder builder = ConfidentialClientApplication.builder(this.clientId == null ? "SYSTEM-ASSIGNED-MANAGED-IDENTITY" : this.clientId, ClientCredentialFactory.createFromSecret(this.clientSecret != null ? this.clientSecret : "dummy-secret"));
        builder.instanceDiscovery(false).validateAuthority(false).logPii(this.options.isUnsafeSupportLoggingEnabled());
        try {
            ConfidentialClientApplication.Builder authority = builder.authority(str);
            if (this.options.getManagedIdentityType() == null) {
                throw LOGGER.logExceptionAsError(new CredentialUnavailableException("Managed Identity type not configured, authentication not available."));
            }
            authority.appTokenProvider(appTokenProviderParameters -> {
                TokenRequestContext tenantId = new TokenRequestContext().setScopes(new ArrayList(appTokenProviderParameters.scopes)).setClaims(appTokenProviderParameters.claims).setTenantId(appTokenProviderParameters.tenantId);
                return getTokenFromTargetManagedIdentity(tenantId).map(accessToken -> {
                    TokenProviderResult tokenProviderResult = new TokenProviderResult();
                    tokenProviderResult.setAccessToken(accessToken.getToken());
                    tokenProviderResult.setTenantId(tenantId.getTenantId());
                    tokenProviderResult.setExpiresInSeconds(accessToken.getExpiresAt().toEpochSecond());
                    if (accessToken.getRefreshAt() != null) {
                        tokenProviderResult.setRefreshInSeconds(accessToken.getRefreshAt().toEpochSecond());
                    }
                    return tokenProviderResult;
                }).toFuture();
            });
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            } else {
                authority.executorService(SharedExecutorService.getInstance());
            }
            return authority.build();
        } catch (MalformedURLException e) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedIdentityApplication getManagedIdentityMsalApplication() {
        ManagedIdentityApplication.Builder logPii = ManagedIdentityApplication.builder(!CoreUtils.isNullOrEmpty(this.clientId) ? ManagedIdentityId.userAssignedClientId(this.clientId) : !CoreUtils.isNullOrEmpty(this.resourceId) ? ManagedIdentityId.userAssignedResourceId(this.resourceId) : !CoreUtils.isNullOrEmpty(this.objectId) ? ManagedIdentityId.userAssignedObjectId(this.objectId) : ManagedIdentityId.systemAssigned()).logPii(this.options.isUnsafeSupportLoggingEnabled());
        if (ManagedIdentitySourceType.DEFAULT_TO_IMDS.equals(ManagedIdentityApplication.getManagedIdentitySource())) {
            this.options.setUseImdsRetryStrategy();
        }
        initializeHttpPipelineAdapter();
        if (this.httpPipelineAdapter != null) {
            logPii.httpClient(this.httpPipelineAdapter);
        } else {
            logPii.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
        }
        if (this.options.getExecutorService() != null) {
            logPii.executorService(this.options.getExecutorService());
        } else {
            logPii.executorService(SharedExecutorService.getInstance());
        }
        return logPii.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConfidentialClientApplication getWorkloadIdentityConfidentialClient() {
        try {
            ConfidentialClientApplication.Builder instanceDiscovery = ConfidentialClientApplication.builder(this.clientId == null ? "SYSTEM-ASSIGNED-MANAGED-IDENTITY" : this.clientId, ClientCredentialFactory.createFromSecret(this.clientSecret != null ? this.clientSecret : "dummy-secret")).authority(TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId).logPii(this.options.isUnsafeSupportLoggingEnabled()).instanceDiscovery(this.options.isInstanceDiscoveryEnabled());
            if (!this.options.isInstanceDiscoveryEnabled()) {
                LOGGER.log(LogLevel.VERBOSE, () -> {
                    return "Instance discovery and authority validation is disabled. In this state, the library will not fetch metadata to validate the specified authority host. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy.";
                });
            }
            instanceDiscovery.appTokenProvider(getWorkloadIdentityTokenProvider());
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                instanceDiscovery.httpClient(this.httpPipelineAdapter);
            } else {
                instanceDiscovery.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                instanceDiscovery.executorService(this.options.getExecutorService());
            } else {
                instanceDiscovery.executorService(SharedExecutorService.getInstance());
            }
            return instanceDiscovery.build();
        } catch (MalformedURLException e) {
            throw LOGGER.logExceptionAsWarning(new IllegalStateException(e));
        }
    }

    abstract Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> getWorkloadIdentityTokenProvider();

    /* JADX INFO: Access modifiers changed from: package-private */
    public DeviceCodeFlowParameters.DeviceCodeFlowParametersBuilder buildDeviceCodeFlowParameters(TokenRequestContext tokenRequestContext, Consumer<DeviceCodeInfo> consumer) {
        DeviceCodeFlowParameters.DeviceCodeFlowParametersBuilder tenant = DeviceCodeFlowParameters.builder(new HashSet(tokenRequestContext.getScopes()), deviceCode -> {
            consumer.accept(new DeviceCodeInfo(deviceCode.userCode(), deviceCode.deviceCode(), deviceCode.verificationUri(), OffsetDateTime.now().plusSeconds(deviceCode.expiresIn()), deviceCode.message()));
        }).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.getClaims() != null) {
            tenant.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        return tenant;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OnBehalfOfParameters buildOBOFlowParameters(TokenRequestContext tokenRequestContext) {
        OnBehalfOfParameters.OnBehalfOfParametersBuilder tenant = OnBehalfOfParameters.builder(new HashSet(tokenRequestContext.getScopes()), this.options.getUserAssertion()).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            tenant.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        return tenant.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InteractiveRequestParameters.InteractiveRequestParametersBuilder buildInteractiveRequestParameters(TokenRequestContext tokenRequestContext, String str, URI uri) {
        InteractiveRequestParameters.InteractiveRequestParametersBuilder tenant = InteractiveRequestParameters.builder(uri).scopes(new HashSet(tokenRequestContext.getScopes())).prompt(Prompt.SELECT_ACCOUNT).tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            tenant.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        BrowserCustomizationOptions browserCustomizationOptions = this.options.getBrowserCustomizationOptions();
        if (IdentityUtil.browserCustomizationOptionsPresent(browserCustomizationOptions)) {
            SystemBrowserOptions.SystemBrowserOptionsBuilder builder = SystemBrowserOptions.builder();
            if (!CoreUtils.isNullOrEmpty(browserCustomizationOptions.getSuccessMessage())) {
                builder.htmlMessageSuccess(browserCustomizationOptions.getSuccessMessage());
            }
            if (!CoreUtils.isNullOrEmpty(browserCustomizationOptions.getErrorMessage())) {
                builder.htmlMessageError(browserCustomizationOptions.getErrorMessage());
            }
            tenant.systemBrowserOptions(builder.build());
        }
        if (this.options.isBrokerEnabled()) {
            tenant.windowHandle(this.options.getBrokerWindowHandle());
            if (this.options.isMsaPassthroughEnabled()) {
                HashMap hashMap = new HashMap();
                hashMap.put("msal_request_type", "consumer_passthrough");
                tenant.extraQueryParameters(hashMap);
            }
            if (tokenRequestContext.getProofOfPossessionOptions() != null) {
                ProofOfPossessionOptions proofOfPossessionOptions = tokenRequestContext.getProofOfPossessionOptions();
                try {
                    tenant.proofOfPossession(mapToMsalHttpMethod(proofOfPossessionOptions.getRequestMethod().toString()), proofOfPossessionOptions.getRequestUrl().toURI(), proofOfPossessionOptions.getProofOfPossessionNonce());
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException(e);
                }
            }
        }
        if (str != null) {
            tenant.loginHint(str);
        }
        return tenant;
    }

    static HttpMethod mapToMsalHttpMethod(String str) {
        if (HTTP_METHOD_HASH_MAP.containsKey(str)) {
            return HTTP_METHOD_HASH_MAP.get(str);
        }
        if (HTTP_METHOD_HASH_MAP.size() > 10) {
            HTTP_METHOD_HASH_MAP.clear();
        }
        for (HttpMethod httpMethod : HttpMethod.values()) {
            if (httpMethod.methodName.equalsIgnoreCase(str)) {
                HTTP_METHOD_HASH_MAP.put(str, httpMethod);
                return httpMethod;
            }
        }
        throw new IllegalArgumentException("No enum constant with method name: " + str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserNamePasswordParameters.UserNamePasswordParametersBuilder buildUsernamePasswordFlowParameters(TokenRequestContext tokenRequestContext, String str, String str2) {
        UserNamePasswordParameters.UserNamePasswordParametersBuilder builder = UserNamePasswordParameters.builder(new HashSet(tokenRequestContext.getScopes()), str, str2.toCharArray());
        if (tokenRequestContext.isCaeEnabled() && tokenRequestContext.getClaims() != null) {
            builder.claims(ClaimsRequest.formatAsClaimsRequest(tokenRequestContext.getClaims()));
        }
        builder.tenant(IdentityUtil.resolveTenantId(this.tenantId, tokenRequestContext, this.options));
        return builder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x00ee, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x010a, code lost:
    
        r0 = r0.toString();
        r0.waitFor(r7.options.getCredentialProcessTimeout().getSeconds(), java.util.concurrent.TimeUnit.SECONDS);
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0129, code lost:
    
        if (r0.exitValue() == 0) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x0131, code lost:
    
        if (r0.length() <= 0) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0134, code lost:
    
        r0 = redactInfo(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0144, code lost:
    
        if (r0.contains("az login") != false) goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x014f, code lost:
    
        if (r0.contains("az account set") == false) goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0177, code lost:
    
        throw com.azure.identity.implementation.IdentityClientBase.LOGGER.logExceptionAsError(new com.azure.core.exception.ClientAuthenticationException(r0, (com.azure.core.http.HttpResponse) null));
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x0166, code lost:
    
        throw com.azure.identity.implementation.util.LoggingUtil.logCredentialUnavailableException(com.azure.identity.implementation.IdentityClientBase.LOGGER, r7.options, new com.azure.identity.CredentialUnavailableException("AzureCliCredential authentication unavailable. Please run 'az login' to set up account. To further mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/azclicredential/troubleshoot"));
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0189, code lost:
    
        throw com.azure.identity.implementation.IdentityClientBase.LOGGER.logExceptionAsError(new com.azure.core.exception.ClientAuthenticationException("Failed to invoke Azure CLI ", (com.azure.core.http.HttpResponse) null));
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x018a, code lost:
    
        com.azure.identity.implementation.IdentityClientBase.LOGGER.verbose("Azure CLI Authentication => A token response was received from Azure CLI, deserializing the response into an Access Token.");
        r0 = com.azure.json.JsonProviders.createReader(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x019a, code lost:
    
        r0 = com.azure.identity.implementation.models.AzureCliToken.fromJson(r0);
        r0 = new com.azure.core.credential.AccessToken(r0.getAccessToken(), r0.getTokenExpiration());
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x01bd, code lost:
    
        if (r0 == null) goto L56;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x01c0, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x020b, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x01c8, code lost:
    
        r18 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x01e2, code lost:
    
        throw r18;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.azure.core.credential.AccessToken getTokenFromAzureCLIAuthentication(java.lang.StringBuilder r8) {
        /*
            Method dump skipped, instructions count: 524
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.azure.identity.implementation.IdentityClientBase.getTokenFromAzureCLIAuthentication(java.lang.StringBuilder):com.azure.core.credential.AccessToken");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x00f1, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x010d, code lost:
    
        r0 = r0.toString();
        r0.waitFor(r7.options.getCredentialProcessTimeout().getSeconds(), java.util.concurrent.TimeUnit.SECONDS);
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x012c, code lost:
    
        if (r0.exitValue() == 0) goto L44;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x0134, code lost:
    
        if (r0.length() <= 0) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0137, code lost:
    
        r0 = redactInfo(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0147, code lost:
    
        if (r0.contains("azd auth login") != false) goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x0152, code lost:
    
        if (r0.contains("not logged in") == false) goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x017a, code lost:
    
        throw com.azure.identity.implementation.IdentityClientBase.LOGGER.logExceptionAsError(new com.azure.core.exception.ClientAuthenticationException(r0, (com.azure.core.http.HttpResponse) null));
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x0169, code lost:
    
        throw com.azure.identity.implementation.util.LoggingUtil.logCredentialUnavailableException(com.azure.identity.implementation.IdentityClientBase.LOGGER, r7.options, new com.azure.identity.CredentialUnavailableException("AzureDeveloperCliCredential authentication unavailable. Please run 'azd auth login' to set up account."));
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x018c, code lost:
    
        throw com.azure.identity.implementation.IdentityClientBase.LOGGER.logExceptionAsError(new com.azure.core.exception.ClientAuthenticationException("Failed to invoke Azure Developer CLI ", (com.azure.core.http.HttpResponse) null));
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x018d, code lost:
    
        com.azure.identity.implementation.IdentityClientBase.LOGGER.verbose("Azure Developer CLI Authentication => A token response was received from Azure Developer CLI, deserializing the response into an Access Token.");
        r0 = com.azure.json.JsonProviders.createReader(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:43:0x019d, code lost:
    
        r0.nextToken();
        r0 = r0.readMap((v0) -> { // com.azure.json.ReadValueCallback.read(java.lang.Object):java.lang.Object
            return v0.getString();
        });
        r0 = (java.lang.String) r0.get("token");
        r0 = (java.lang.String) r0.get("expiresOn");
        r0 = new com.azure.core.credential.AccessToken(r0, java.time.LocalDateTime.parse(r0.substring(0, r0.indexOf("Z")), java.time.format.DateTimeFormatter.ISO_LOCAL_DATE_TIME).atZone(java.time.ZoneId.of("Z")).toOffsetDateTime().withOffsetSameInstant(java.time.ZoneOffset.UTC));
     */
    /* JADX WARN: Code restructure failed: missing block: B:44:0x0207, code lost:
    
        if (r0 == null) goto L56;
     */
    /* JADX WARN: Code restructure failed: missing block: B:45:0x020a, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x0255, code lost:
    
        return r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x0212, code lost:
    
        r18 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x022c, code lost:
    
        throw r18;
     */
    /* JADX WARN: Type inference failed for: r0v57, types: [java.time.ZonedDateTime] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.azure.core.credential.AccessToken getTokenFromAzureDeveloperCLIAuthentication(java.lang.StringBuilder r8) {
        /*
            Method dump skipped, instructions count: 598
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.azure.identity.implementation.IdentityClientBase.getTokenFromAzureDeveloperCLIAuthentication(java.lang.StringBuilder):com.azure.core.credential.AccessToken");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessToken authenticateWithExchangeTokenHelper(TokenRequestContext tokenRequestContext, String str) throws IOException {
        String str2 = TRAILING_FORWARD_SLASHES.matcher(this.options.getAuthorityHost()).replaceAll("") + "/" + this.tenantId + "/oauth2/v2.0/token";
        byte[] bytes = ("client_assertion=" + str + "&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_id=" + this.clientId + "&grant_type=client_credentials&scope=" + urlEncode((String) tokenRequestContext.getScopes().get(0))).getBytes(StandardCharsets.UTF_8);
        int length = bytes.length;
        HttpURLConnection httpURLConnection = null;
        URL url = getUrl(str2);
        try {
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) url.openConnection();
                httpURLConnection2.setRequestMethod("POST");
                httpURLConnection2.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                httpURLConnection2.setRequestProperty("Content-Length", Integer.toString(length));
                httpURLConnection2.setRequestProperty("User-Agent", this.userAgent);
                httpURLConnection2.setDoOutput(true);
                DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection2.getOutputStream());
                try {
                    dataOutputStream.write(bytes);
                    dataOutputStream.close();
                    httpURLConnection2.connect();
                    MSIToken fromJson = MSIToken.fromJson(JsonProviders.createReader(httpURLConnection2.getInputStream()));
                    if (httpURLConnection2 != null) {
                        httpURLConnection2.disconnect();
                    }
                    return fromJson;
                } catch (Throwable th) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
                throw th3;
            }
        } catch (IOException e) {
            if (0 == 0) {
                throw LOGGER.logExceptionAsError(new RuntimeException("Could not connect to the authority host: " + url + ".", e));
            }
            try {
                if (httpURLConnection.getResponseCode() == 400) {
                    throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("WorkloadIdentityCredential authentication unavailable. The request to the authority host was invalid. Additional details: " + e.getMessage() + ".", e));
                }
                throw LOGGER.logExceptionAsError(new RuntimeException("Couldn't acquire access token from Workload Identity.", e));
            } catch (Exception e2) {
                throw LoggingUtil.logCredentialUnavailableException(LOGGER, this.options, new CredentialUnavailableException("WorkloadIdentityCredential authentication unavailable. Connection to the authority host cannot be established, " + e2.getMessage() + ".", e2));
            }
        }
    }

    String getSafeWorkingDirectory() {
        if (!IdentityUtil.isWindowsPlatform()) {
            return DEFAULT_MAC_LINUX_PATH;
        }
        String str = System.getenv("SystemRoot");
        if (CoreUtils.isNullOrEmpty(str)) {
            return null;
        }
        return str + "\\system32";
    }

    String redactInfo(String str) {
        return ACCESS_TOKEN_PATTERN.matcher(str).replaceAll("****");
    }

    abstract Mono<AccessToken> getTokenFromTargetManagedIdentity(TokenRequestContext tokenRequestContext);

    HttpPipeline setupPipeline() {
        ArrayList arrayList = new ArrayList();
        String orDefault = this.properties.getOrDefault(SDK_NAME, "UnknownName");
        String orDefault2 = this.properties.getOrDefault(SDK_VERSION, "UnknownVersion");
        Configuration clone = Configuration.getGlobalConfiguration().clone();
        HttpLogOptions httpLogOptions = this.options.getHttpLogOptions() == null ? new HttpLogOptions() : this.options.getHttpLogOptions();
        ClientOptions clientOptions = this.options.getClientOptions() != null ? this.options.getClientOptions() : DEFAULT_CLIENT_OPTIONS;
        this.userAgent = UserAgentUtil.toUserAgentString(CoreUtils.getApplicationId(clientOptions, httpLogOptions), orDefault, orDefault2, clone);
        arrayList.add(new UserAgentPolicy(this.userAgent));
        ArrayList arrayList2 = new ArrayList();
        clientOptions.getHeaders().forEach(header -> {
            arrayList2.add(new HttpHeader(header.getName(), header.getValue()));
        });
        arrayList.add(new AddHeadersPolicy(new HttpHeaders(arrayList2)));
        arrayList.addAll(this.options.getPerCallPolicies());
        HttpPolicyProviders.addBeforeRetryPolicies(arrayList);
        RetryPolicy retryPolicy = this.options.getRetryPolicy();
        if (retryPolicy == null && this.options.getUseImdsRetryStrategy()) {
            retryPolicy = new RetryPolicy(new ImdsRetryStrategy());
        }
        arrayList.add(ClientBuilderUtil.validateAndGetRetryPolicy(retryPolicy, this.options.getRetryOptions()));
        arrayList.addAll(this.options.getPerRetryPolicies());
        HttpPolicyProviders.addAfterRetryPolicies(arrayList);
        arrayList.add(new HttpLoggingPolicy(httpLogOptions));
        return new HttpPipelineBuilder().httpClient(this.options.getHttpClient()).clientOptions(clientOptions).policies((HttpPipelinePolicy[]) arrayList.toArray(new HttpPipelinePolicy[0])).build();
    }

    void initializeHttpPipelineAdapter() {
        if (this.options.getProxyOptions() == null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(getPipeline(), this.options);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpPipeline getPipeline() {
        if (this.httpPipeline != null) {
            return this.httpPipeline;
        }
        HttpPipeline httpPipeline = this.options.getHttpPipeline();
        if (httpPipeline != null) {
            this.httpPipeline = httpPipeline;
            return this.httpPipeline;
        }
        this.httpPipeline = setupPipeline();
        return this.httpPipeline;
    }

    private byte[] getCertificateBytes() throws IOException {
        return this.certificatePath != null ? Files.readAllBytes(Paths.get(this.certificatePath, new String[0])) : this.certificate != null ? this.certificate : new byte[0];
    }

    private InputStream getCertificateInputStream() throws IOException {
        return this.certificatePath != null ? new BufferedInputStream(new FileInputStream(this.certificatePath)) : new ByteArrayInputStream(this.certificate);
    }

    private static Proxy proxyOptionsToJavaNetProxy(ProxyOptions proxyOptions) {
        switch (AnonymousClass1.$SwitchMap$com$azure$core$http$ProxyOptions$Type[proxyOptions.getType().ordinal()]) {
            case WindowsCredentialApi.CRED_TYPE_GENERIC /* 1 */:
            case 2:
                return new Proxy(Proxy.Type.SOCKS, proxyOptions.getAddress());
            case 3:
            default:
                return new Proxy(Proxy.Type.HTTP, proxyOptions.getAddress());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String urlEncode(String str) throws IOException {
        return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URL getUrl(String str) throws MalformedURLException {
        return new URL(str);
    }

    public String getTenantId() {
        return this.tenantId;
    }

    public String getClientId() {
        return this.clientId;
    }
}
