package com.azure.identity.implementation;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.exception.ClientAuthenticationException;
import com.azure.core.http.HttpClient;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.HttpPipelineBuilder;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.ProxyOptions;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.http.policy.HttpLoggingPolicy;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.http.policy.HttpPolicyProviders;
import com.azure.core.http.policy.RetryPolicy;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.core.util.serializer.JacksonAdapter;
import com.azure.core.util.serializer.SerializerAdapter;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.identity.CredentialUnavailableException;
import com.azure.identity.DeviceCodeInfo;
import com.azure.identity.implementation.util.CertificateUtil;
import com.azure.identity.implementation.util.ScopeUtil;
import com.microsoft.aad.msal4j.AuthorizationCodeParameters;
import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.DeviceCodeFlowParameters;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.IClientSecret;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.RefreshTokenParameters;
import com.microsoft.aad.msal4j.SilentParameters;
import com.microsoft.aad.msal4j.UserNamePasswordParameters;
import com.microsoft.aad.msal4jextensions.PersistenceSettings;
import com.microsoft.aad.msal4jextensions.PersistenceTokenCacheAccessAspect;
import com.microsoft.aad.msal4jextensions.persistence.linux.KeyRingAccessException;
import com.sun.jna.Platform;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.Scanner;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.function.Consumer;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;

/* loaded from: input_file:com/azure/identity/implementation/IdentityClient.class */
public class IdentityClient {
    private static final String WINDOWS_STARTER = "cmd.exe";
    private static final String LINUX_MAC_STARTER = "/bin/sh";
    private static final String WINDOWS_SWITCHER = "/c";
    private static final String LINUX_MAC_SWITCHER = "-c";
    private static final String WINDOWS_PROCESS_ERROR_MESSAGE = "'az' is not recognized";
    private static final String LINUX_MAC_PROCESS_ERROR_MESSAGE = "(.*)az:(.*)not found";
    private static final String DEFAULT_MAC_LINUX_PATH = "/bin/";
    private static final String DEFAULT_PUBLIC_CACHE_FILE_NAME = "msal.cache";
    private static final String DEFAULT_CONFIDENTIAL_CACHE_FILE_NAME = "msal.confidential.cache";
    private static final Path DEFAULT_CACHE_FILE_PATH;
    private static final String DEFAULT_KEYCHAIN_SERVICE = "Microsoft.Developer.IdentityService";
    private static final String DEFAULT_PUBLIC_KEYCHAIN_ACCOUNT = "MSALCache";
    private static final String DEFAULT_CONFIDENTIAL_KEYCHAIN_ACCOUNT = "MSALConfidentialCache";
    private static final String DEFAULT_KEYRING_NAME = "default";
    private static final String DEFAULT_KEYRING_SCHEMA = "msal.cache";
    private static final String DEFAULT_PUBLIC_KEYRING_ITEM_NAME = "MSALCache";
    private static final String DEFAULT_CONFIDENTIAL_KEYRING_ITEM_NAME = "MSALConfidentialCache";
    private static final String DEFAULT_KEYRING_ATTR_NAME = "MsalClientID";
    private static final String DEFAULT_KEYRING_ATTR_VALUE = "Microsoft.Developer.IdentityService";
    private final ClientLogger logger = new ClientLogger(IdentityClient.class);
    private final IdentityClientOptions options;
    private final String tenantId;
    private final String clientId;
    private final String clientSecret;
    private final String certificatePath;
    private final String certificatePassword;
    private HttpPipelineAdapter httpPipelineAdapter;
    private final SynchronizedAccessor<PublicClientApplication> publicClientApplicationAccessor;
    private final SynchronizedAccessor<ConfidentialClientApplication> confidentialClientApplicationAccessor;
    private static final SerializerAdapter SERIALIZER_ADAPTER = JacksonAdapter.createDefaultSerializerAdapter();
    private static final Random RANDOM = new Random();
    private static final String DEFAULT_WINDOWS_SYSTEM_ROOT = System.getenv("SystemRoot");
    private static final Duration REFRESH_OFFSET = Duration.ofMinutes(5);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.azure.identity.implementation.IdentityClient$1, reason: invalid class name */
    /* loaded from: input_file:com/azure/identity/implementation/IdentityClient$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$azure$core$http$ProxyOptions$Type = new int[ProxyOptions.Type.values().length];

        static {
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.SOCKS4.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.SOCKS5.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$azure$core$http$ProxyOptions$Type[ProxyOptions.Type.HTTP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityClient(String str, String str2, String str3, String str4, String str5, boolean z, IdentityClientOptions identityClientOptions) {
        str = str == null ? "organizations" : str;
        identityClientOptions = identityClientOptions == null ? new IdentityClientOptions() : identityClientOptions;
        this.tenantId = str;
        this.clientId = str2;
        this.clientSecret = str3;
        this.certificatePath = str4;
        this.certificatePassword = str5;
        this.options = identityClientOptions;
        this.publicClientApplicationAccessor = new SynchronizedAccessor<>(() -> {
            return getPublicClientApplication(z);
        });
        this.confidentialClientApplicationAccessor = new SynchronizedAccessor<>(() -> {
            return getConfidentialClientApplication();
        });
    }

    private ConfidentialClientApplication getConfidentialClientApplication() {
        IClientSecret createFromCertificate;
        if (this.clientId == null) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        String str = this.options.getAuthorityHost().replaceAll("/+$", "") + "/" + this.tenantId;
        if (this.clientSecret != null) {
            createFromCertificate = ClientCredentialFactory.createFromSecret(this.clientSecret);
        } else {
            if (this.certificatePath == null) {
                throw this.logger.logExceptionAsError(new IllegalArgumentException("Must provide client secret or client certificate path"));
            }
            try {
                if (this.certificatePassword == null) {
                    byte[] readAllBytes = Files.readAllBytes(Paths.get(this.certificatePath, new String[0]));
                    createFromCertificate = ClientCredentialFactory.createFromCertificate(CertificateUtil.privateKeyFromPem(readAllBytes), CertificateUtil.publicKeyFromPem(readAllBytes));
                } else {
                    createFromCertificate = ClientCredentialFactory.createFromCertificate(new FileInputStream(this.certificatePath), this.certificatePassword);
                }
            } catch (IOException | GeneralSecurityException e) {
                throw this.logger.logExceptionAsError(new RuntimeException("Failed to parse the certificate for the credential: " + e.getMessage(), e));
            }
        }
        try {
            ConfidentialClientApplication.Builder authority = ConfidentialClientApplication.builder(this.clientId, createFromCertificate).authority(str);
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            }
            if (this.options.isSharedTokenCacheEnabled()) {
                try {
                    PersistenceSettings.Builder builder = PersistenceSettings.builder(DEFAULT_CONFIDENTIAL_CACHE_FILE_NAME, DEFAULT_CACHE_FILE_PATH);
                    if (Platform.isMac()) {
                        builder.setMacKeychain("Microsoft.Developer.IdentityService", "MSALConfidentialCache");
                    }
                    if (Platform.isLinux()) {
                        try {
                            builder.setLinuxKeyring(DEFAULT_KEYRING_NAME, "msal.cache", "MSALConfidentialCache", DEFAULT_KEYRING_ATTR_NAME, "Microsoft.Developer.IdentityService", (String) null, (String) null);
                            authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                        } catch (KeyRingAccessException e2) {
                            if (!this.options.getAllowUnencryptedCache()) {
                                throw this.logger.logExceptionAsError(e2);
                            }
                            builder.setLinuxUseUnprotectedFileAsCacheStorage(true);
                            authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                        }
                    }
                } catch (Throwable th) {
                    throw this.logger.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            return authority.build();
        } catch (MalformedURLException e3) {
            throw this.logger.logExceptionAsWarning(new IllegalStateException(e3));
        }
    }

    private PublicClientApplication getPublicClientApplication(boolean z) {
        if (this.clientId == null) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("A non-null value for client ID must be provided for user authentication."));
        }
        try {
            PublicClientApplication.Builder authority = PublicClientApplication.builder(this.clientId).authority(this.options.getAuthorityHost().replaceAll("/+$", "") + "/" + this.tenantId);
            initializeHttpPipelineAdapter();
            if (this.httpPipelineAdapter != null) {
                authority.httpClient(this.httpPipelineAdapter);
            } else {
                authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
            }
            if (this.options.getExecutorService() != null) {
                authority.executorService(this.options.getExecutorService());
            }
            if (this.options.isSharedTokenCacheEnabled()) {
                try {
                    PersistenceSettings.Builder builder = PersistenceSettings.builder("msal.cache", DEFAULT_CACHE_FILE_PATH);
                    if (Platform.isWindows()) {
                        authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                    } else if (Platform.isMac()) {
                        builder.setMacKeychain("Microsoft.Developer.IdentityService", "MSALCache");
                        authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                    } else if (Platform.isLinux()) {
                        try {
                            builder.setLinuxKeyring(DEFAULT_KEYRING_NAME, "msal.cache", "MSALCache", DEFAULT_KEYRING_ATTR_NAME, "Microsoft.Developer.IdentityService", (String) null, (String) null);
                            authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                        } catch (KeyRingAccessException e) {
                            if (!this.options.getAllowUnencryptedCache()) {
                                throw this.logger.logExceptionAsError(e);
                            }
                            builder.setLinuxUseUnprotectedFileAsCacheStorage(true);
                            authority.setTokenCacheAccessAspect(new PersistenceTokenCacheAccessAspect(builder.build()));
                        }
                    }
                } catch (Throwable th) {
                    if (z) {
                        throw this.logger.logExceptionAsError(new CredentialUnavailableException("Shared token cache is unavailable in this environment.", th));
                    }
                    throw this.logger.logExceptionAsError(new ClientAuthenticationException("Shared token cache is unavailable in this environment.", (HttpResponse) null, th));
                }
            }
            return authority.build();
        } catch (MalformedURLException e2) {
            throw this.logger.logExceptionAsWarning(new IllegalStateException(e2));
        }
    }

    public Mono<MsalToken> authenticateWithIntelliJ(TokenRequestContext tokenRequestContext) {
        try {
            IntelliJCacheAccessor intelliJCacheAccessor = new IntelliJCacheAccessor(this.options.getIntelliJKeePassDatabasePath());
            IntelliJAuthMethodDetails authDetailsIfAvailable = intelliJCacheAccessor.getAuthDetailsIfAvailable();
            String authMethod = authDetailsIfAvailable.getAuthMethod();
            if (!authMethod.equalsIgnoreCase("SP")) {
                if (!authMethod.equalsIgnoreCase("DC")) {
                    throw this.logger.logExceptionAsError(new CredentialUnavailableException("IntelliJ Authentication not available. Please login with Azure Tools for IntelliJ plugin in the IDE."));
                }
                RefreshTokenParameters build = RefreshTokenParameters.builder(new HashSet(tokenRequestContext.getScopes()), intelliJCacheAccessor.getDeviceCodeCredentials().get("refreshToken").textValue()).build();
                return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
                    return Mono.fromFuture(publicClientApplication.acquireToken(build)).map(MsalToken::new);
                });
            }
            Map<String, String> intellijServicePrincipalDetails = intelliJCacheAccessor.getIntellijServicePrincipalDetails(authDetailsIfAvailable.getCredFilePath());
            try {
                ConfidentialClientApplication.Builder authority = ConfidentialClientApplication.builder(intellijServicePrincipalDetails.get("client"), ClientCredentialFactory.createFromSecret(intellijServicePrincipalDetails.get("key"))).authority(intellijServicePrincipalDetails.get("authURL") + intellijServicePrincipalDetails.get("tenant"));
                if (this.httpPipelineAdapter != null) {
                    authority.httpClient(this.httpPipelineAdapter);
                } else if (this.options.getProxyOptions() != null) {
                    authority.proxy(proxyOptionsToJavaNetProxy(this.options.getProxyOptions()));
                }
                if (this.options.getExecutorService() != null) {
                    authority.executorService(this.options.getExecutorService());
                }
                return Mono.fromFuture(authority.build().acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).build())).map(MsalToken::new);
            } catch (MalformedURLException e) {
                return Mono.error(e);
            }
        } catch (IOException e2) {
            return Mono.error(e2);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x0105, code lost:
    
        throw r7.logger.logExceptionAsError(new com.azure.identity.CredentialUnavailableException("AzureCliCredential authentication unavailable. Azure CLI not installed"));
     */
    /* JADX WARN: Type inference failed for: r0v80, types: [java.time.ZonedDateTime] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public reactor.core.publisher.Mono<com.azure.core.credential.AccessToken> authenticateWithAzureCli(com.azure.core.credential.TokenRequestContext r8) {
        /*
            Method dump skipped, instructions count: 660
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.azure.identity.implementation.IdentityClient.authenticateWithAzureCli(com.azure.core.credential.TokenRequestContext):reactor.core.publisher.Mono");
    }

    public Mono<AccessToken> authenticateWithConfidentialClient(TokenRequestContext tokenRequestContext) {
        return this.confidentialClientApplicationAccessor.getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(ClientCredentialParameters.builder(new HashSet(tokenRequestContext.getScopes())).build());
            }).map(MsalToken::new);
        });
    }

    private HttpPipeline setupPipeline(HttpClient httpClient) {
        ArrayList arrayList = new ArrayList();
        HttpLogOptions httpLogOptions = new HttpLogOptions();
        HttpPolicyProviders.addBeforeRetryPolicies(arrayList);
        arrayList.add(new RetryPolicy());
        HttpPolicyProviders.addAfterRetryPolicies(arrayList);
        arrayList.add(new HttpLoggingPolicy(httpLogOptions));
        return new HttpPipelineBuilder().httpClient(httpClient).policies((HttpPipelinePolicy[]) arrayList.toArray(new HttpPipelinePolicy[0])).build();
    }

    public Mono<MsalToken> authenticateWithUsernamePassword(TokenRequestContext tokenRequestContext, String str, String str2) {
        return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(UserNamePasswordParameters.builder(new HashSet(tokenRequestContext.getScopes()), str, str2.toCharArray()).build());
            }).onErrorMap(th -> {
                return new ClientAuthenticationException("Failed to acquire token with username and password", (HttpResponse) null, th);
            }).map(MsalToken::new);
        });
    }

    public Mono<MsalToken> authenticateWithPublicClientCache(TokenRequestContext tokenRequestContext, IAccount iAccount) {
        return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                SilentParameters.SilentParametersBuilder builder = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes()));
                if (iAccount != null) {
                    builder = builder.account(iAccount);
                }
                try {
                    return publicClientApplication.acquireTokenSilently(builder.build());
                } catch (MalformedURLException e) {
                    return getFailedCompletableFuture(this.logger.logExceptionAsError(new RuntimeException(e)));
                }
            }).map(MsalToken::new).filter(msalToken -> {
                return OffsetDateTime.now().isBefore(msalToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET));
            }).switchIfEmpty(Mono.fromFuture(() -> {
                SilentParameters.SilentParametersBuilder forceRefresh = SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).forceRefresh(true);
                if (iAccount != null) {
                    forceRefresh = forceRefresh.account(iAccount);
                }
                try {
                    return publicClientApplication.acquireTokenSilently(forceRefresh.build());
                } catch (MalformedURLException e) {
                    return getFailedCompletableFuture(this.logger.logExceptionAsError(new RuntimeException(e)));
                }
            }).map(MsalToken::new));
        });
    }

    public Mono<AccessToken> authenticateWithConfidentialClientCache(TokenRequestContext tokenRequestContext) {
        return this.confidentialClientApplicationAccessor.getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                try {
                    return confidentialClientApplication.acquireTokenSilently(SilentParameters.builder(new HashSet(tokenRequestContext.getScopes())).build());
                } catch (MalformedURLException e) {
                    return getFailedCompletableFuture(this.logger.logExceptionAsError(new RuntimeException(e)));
                }
            }).map(iAuthenticationResult -> {
                return new MsalToken(iAuthenticationResult);
            }).filter(accessToken -> {
                return OffsetDateTime.now().isBefore(accessToken.getExpiresAt().minus((TemporalAmount) REFRESH_OFFSET));
            });
        });
    }

    public Mono<MsalToken> authenticateWithDeviceCode(TokenRequestContext tokenRequestContext, Consumer<DeviceCodeInfo> consumer) {
        return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(DeviceCodeFlowParameters.builder(new HashSet(tokenRequestContext.getScopes()), deviceCode -> {
                    consumer.accept(new DeviceCodeInfo(deviceCode.userCode(), deviceCode.deviceCode(), deviceCode.verificationUri(), OffsetDateTime.now().plusSeconds(deviceCode.expiresIn()), deviceCode.message()));
                }).build());
            }).onErrorMap(th -> {
                return new ClientAuthenticationException("Failed to acquire token with device code", (HttpResponse) null, th);
            }).map(MsalToken::new);
        });
    }

    public Mono<MsalToken> authenticateWithVsCodeCredential(TokenRequestContext tokenRequestContext, String str) {
        RefreshTokenParameters build = RefreshTokenParameters.builder(new HashSet(tokenRequestContext.getScopes()), new VisualStudioCacheAccessor().getCredentials("VS Code Azure", str)).build();
        return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(publicClientApplication.acquireToken(build)).map(MsalToken::new);
        });
    }

    public Mono<MsalToken> authenticateWithAuthorizationCode(TokenRequestContext tokenRequestContext, String str, URI uri) {
        AuthorizationCodeParameters build = AuthorizationCodeParameters.builder(str, uri).scopes(new HashSet(tokenRequestContext.getScopes())).build();
        return (this.clientSecret != null ? this.confidentialClientApplicationAccessor.getValue().flatMap(confidentialClientApplication -> {
            return Mono.fromFuture(() -> {
                return confidentialClientApplication.acquireToken(build);
            });
        }) : this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.acquireToken(build);
            });
        })).onErrorMap(th -> {
            return new ClientAuthenticationException("Failed to acquire token with authorization code", (HttpResponse) null, th);
        }).map(MsalToken::new);
    }

    public Mono<MsalToken> authenticateWithBrowserInteraction(TokenRequestContext tokenRequestContext, int i) {
        String str = this.options.getAuthorityHost().replaceAll("/+$", "") + "/" + this.tenantId;
        return AuthorizationCodeListener.create(i).flatMap(authorizationCodeListener -> {
            try {
                URI uri = new URI(String.format("http://localhost:%s", Integer.valueOf(i)));
                String format = String.format("%s/oauth2/v2.0/authorize?response_type=code&response_mode=query&prompt=select_account&client_id=%s&redirect_uri=%s&state=%s&scope=%s", str, this.clientId, uri.toString(), UUID.randomUUID(), String.join(" ", tokenRequestContext.getScopes()));
                return authorizationCodeListener.listen().mergeWith(Mono.fromRunnable(() -> {
                    try {
                        openUrl(format);
                    } catch (IOException e) {
                        throw this.logger.logExceptionAsError(new IllegalStateException(e));
                    }
                }).subscribeOn(Schedulers.newSingle("browser"))).next().flatMap(str2 -> {
                    return authenticateWithAuthorizationCode(tokenRequestContext, str2, uri);
                }).onErrorResume(th -> {
                    return authorizationCodeListener.dispose().then(Mono.error(th));
                }).flatMap(msalToken -> {
                    return authorizationCodeListener.dispose().then(Mono.just(msalToken));
                });
            } catch (URISyntaxException e) {
                return authorizationCodeListener.dispose().then(Mono.error(e));
            }
        });
    }

    public Mono<MsalToken> authenticateWithSharedTokenCache(TokenRequestContext tokenRequestContext, String str) {
        return this.publicClientApplicationAccessor.getValue().flatMap(publicClientApplication -> {
            return Mono.fromFuture(() -> {
                return publicClientApplication.getAccounts();
            }).onErrorMap(th -> {
                return new CredentialUnavailableException("Cannot get accounts from token cache. Error: " + th.getMessage(), th);
            }).flatMap(set -> {
                HashMap hashMap = new HashMap();
                if (set.isEmpty()) {
                    return Mono.error(new CredentialUnavailableException("SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache."));
                }
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    IAccount iAccount = (IAccount) it.next();
                    if (str == null || str.equals(iAccount.username())) {
                        if (!hashMap.containsKey(iAccount.homeAccountId())) {
                            hashMap.put(iAccount.homeAccountId(), iAccount);
                        }
                    }
                }
                return hashMap.isEmpty() ? Mono.error(new RuntimeException(String.format("SharedTokenCacheCredential authentication unavailable. No account matching the specified username: %s was found in the cache.", str))) : hashMap.size() > 1 ? str == null ? Mono.error(new RuntimeException("SharedTokenCacheCredential authentication unavailable. Multiple accounts were found in the cache. Use username and tenant id to disambiguate.")) : Mono.error(new RuntimeException(String.format("SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified username: %s were found in the cache.", str))) : authenticateWithPublicClientCache(tokenRequestContext, (IAccount) hashMap.values().iterator().next());
            });
        });
    }

    public Mono<AccessToken> authenticateToManagedIdentityEndpoint(String str, String str2, TokenRequestContext tokenRequestContext) {
        return Mono.fromCallable(() -> {
            String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
            HttpURLConnection httpURLConnection = null;
            StringBuilder sb = new StringBuilder();
            sb.append("resource=");
            sb.append(URLEncoder.encode(scopesToResource, "UTF-8"));
            sb.append("&api-version=");
            sb.append(URLEncoder.encode("2017-09-01", "UTF-8"));
            if (this.clientId != null) {
                sb.append("&clientid=");
                sb.append(URLEncoder.encode(this.clientId, "UTF-8"));
            }
            try {
                httpURLConnection = (HttpURLConnection) new URL(String.format("%s?%s", str, sb)).openConnection();
                httpURLConnection.setRequestMethod("GET");
                if (str2 != null) {
                    httpURLConnection.setRequestProperty("Secret", str2);
                }
                httpURLConnection.setRequestProperty("Metadata", "true");
                httpURLConnection.connect();
                Scanner useDelimiter = new Scanner(httpURLConnection.getInputStream(), StandardCharsets.UTF_8.name()).useDelimiter("\\A");
                AccessToken accessToken = (AccessToken) SERIALIZER_ADAPTER.deserialize(useDelimiter.hasNext() ? useDelimiter.next() : "", MSIToken.class, SerializerEncoding.JSON);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return accessToken;
            } catch (Throwable th) {
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        });
    }

    public Mono<AccessToken> authenticateToIMDSEndpoint(TokenRequestContext tokenRequestContext) {
        String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
        StringBuilder sb = new StringBuilder();
        try {
            sb.append("api-version=");
            sb.append(URLEncoder.encode("2018-02-01", "UTF-8"));
            sb.append("&resource=");
            sb.append(URLEncoder.encode(scopesToResource, "UTF-8"));
            if (this.clientId != null) {
                sb.append("&client_id=");
                sb.append(URLEncoder.encode(this.clientId, "UTF-8"));
            }
            return checkIMDSAvailable().flatMap(bool -> {
                return Mono.fromCallable(() -> {
                    int i = 1;
                    while (true) {
                        if (i > this.options.getMaxRetry()) {
                            break;
                        }
                        URL url = null;
                        HttpURLConnection httpURLConnection = null;
                        try {
                            url = new URL(String.format("http://169.254.169.254/metadata/identity/oauth2/token?%s", sb.toString()));
                            httpURLConnection = (HttpURLConnection) url.openConnection();
                            httpURLConnection.setRequestMethod("GET");
                            httpURLConnection.setRequestProperty("Metadata", "true");
                            httpURLConnection.connect();
                            Scanner useDelimiter = new Scanner(httpURLConnection.getInputStream(), StandardCharsets.UTF_8.name()).useDelimiter("\\A");
                            AccessToken accessToken = (AccessToken) SERIALIZER_ADAPTER.deserialize(useDelimiter.hasNext() ? useDelimiter.next() : "", MSIToken.class, SerializerEncoding.JSON);
                            if (httpURLConnection != null) {
                                httpURLConnection.disconnect();
                            }
                            return accessToken;
                        } catch (IOException e) {
                            if (httpURLConnection == null) {
                                throw this.logger.logExceptionAsError(new RuntimeException(String.format("Could not connect to the url: %s.", url), e));
                            }
                            try {
                                try {
                                    int responseCode = httpURLConnection.getResponseCode();
                                    if (responseCode != 410 && responseCode != 429 && responseCode != 404 && (responseCode < 500 || responseCode > 599)) {
                                        throw this.logger.logExceptionAsError(new RuntimeException("Couldn't acquire access token from IMDS, verify your objectId, clientId or msiResourceId", e));
                                    }
                                    int nano = this.options.getRetryTimeout().apply(Duration.ofSeconds(RANDOM.nextInt(i))).getNano() / 1000;
                                    int i2 = (responseCode != 410 || nano >= 70000) ? nano : 70000;
                                    i++;
                                    if (i > this.options.getMaxRetry()) {
                                        if (httpURLConnection != null) {
                                            httpURLConnection.disconnect();
                                        }
                                        throw this.logger.logExceptionAsError(new RuntimeException(String.format("MSI: Failed to acquire tokens after retrying %s times", Integer.valueOf(this.options.getMaxRetry()))));
                                    }
                                    sleep(i2);
                                    if (httpURLConnection != null) {
                                        httpURLConnection.disconnect();
                                    }
                                } catch (Exception e2) {
                                    throw this.logger.logExceptionAsError(new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, " + e2.getMessage() + ".", e2));
                                }
                            } catch (Throwable th) {
                                if (httpURLConnection != null) {
                                    httpURLConnection.disconnect();
                                }
                                throw th;
                            }
                        }
                    }
                });
            });
        } catch (IOException e) {
            return Mono.error(e);
        }
    }

    private Mono<Boolean> checkIMDSAvailable() {
        StringBuilder sb = new StringBuilder();
        try {
            sb.append("api-version=");
            sb.append(URLEncoder.encode("2018-02-01", "UTF-8"));
            return Mono.fromCallable(() -> {
                HttpURLConnection httpURLConnection = null;
                try {
                    try {
                        httpURLConnection = (HttpURLConnection) new URL(String.format("http://169.254.169.254/metadata/identity/oauth2/token?%s", sb.toString())).openConnection();
                        httpURLConnection.setRequestMethod("GET");
                        httpURLConnection.setConnectTimeout(500);
                        httpURLConnection.connect();
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return true;
                    } catch (Exception e) {
                        throw this.logger.logExceptionAsError(new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, " + e.getMessage() + ".", e));
                    }
                } catch (Throwable th) {
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    throw th;
                }
            });
        } catch (IOException e) {
            return Mono.error(e);
        }
    }

    private static void sleep(int i) {
        try {
            Thread.sleep(i);
        } catch (InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    private static Proxy proxyOptionsToJavaNetProxy(ProxyOptions proxyOptions) {
        switch (AnonymousClass1.$SwitchMap$com$azure$core$http$ProxyOptions$Type[proxyOptions.getType().ordinal()]) {
            case WindowsCredentialApi.CRED_TYPE_GENERIC /* 1 */:
            case 2:
                return new Proxy(Proxy.Type.SOCKS, proxyOptions.getAddress());
            case 3:
            default:
                return new Proxy(Proxy.Type.HTTP, proxyOptions.getAddress());
        }
    }

    private String getSafeWorkingDirectory() {
        if (!isWindowsPlatform()) {
            return DEFAULT_MAC_LINUX_PATH;
        }
        if (CoreUtils.isNullOrEmpty(DEFAULT_WINDOWS_SYSTEM_ROOT)) {
            return null;
        }
        return DEFAULT_WINDOWS_SYSTEM_ROOT + "\\system32";
    }

    private boolean isWindowsPlatform() {
        return System.getProperty("os.name").contains("Windows");
    }

    private String redactInfo(String str, String str2) {
        return str2.replaceAll(str, "****");
    }

    void openUrl(String str) throws IOException {
        Runtime runtime = Runtime.getRuntime();
        String lowerCase = System.getProperty("os.name").toLowerCase(Locale.ROOT);
        if (lowerCase.contains("win")) {
            runtime.exec("rundll32 url.dll,FileProtocolHandler " + str);
            return;
        }
        if (lowerCase.contains("mac")) {
            runtime.exec("open " + str);
        } else if (lowerCase.contains("nix") || lowerCase.contains("nux")) {
            runtime.exec("xdg-open " + str);
        } else {
            this.logger.error("Browser could not be opened - please open {} in a browser on this device.", new Object[]{str});
        }
    }

    private CompletableFuture<IAuthenticationResult> getFailedCompletableFuture(Exception exc) {
        CompletableFuture<IAuthenticationResult> completableFuture = new CompletableFuture<>();
        completableFuture.completeExceptionally(exc);
        return completableFuture;
    }

    private void initializeHttpPipelineAdapter() {
        HttpPipeline httpPipeline = this.options.getHttpPipeline();
        if (httpPipeline != null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(httpPipeline);
            return;
        }
        HttpClient httpClient = this.options.getHttpClient();
        if (httpClient != null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(setupPipeline(httpClient));
        } else if (this.options.getProxyOptions() == null) {
            this.httpPipelineAdapter = new HttpPipelineAdapter(setupPipeline(HttpClient.createDefault()));
        }
    }

    public String getTenantId() {
        return this.tenantId;
    }

    public String getClientId() {
        return this.clientId;
    }

    static {
        DEFAULT_CACHE_FILE_PATH = Platform.isWindows() ? Paths.get(System.getProperty("user.home"), "AppData", "Local", ".IdentityService") : Paths.get(System.getProperty("user.home"), ".IdentityService");
    }
}
