package com.microsoft.aad.msal4j;

import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/microsoft/aad/msal4j/TokenRequestExecutor.class */
public class TokenRequestExecutor {
    Logger log = LoggerFactory.getLogger(TokenRequestExecutor.class);
    final Authority requestAuthority;
    final String tenant;
    private final MsalRequest msalRequest;
    private final ServiceBundle serviceBundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenRequestExecutor(Authority authority, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        this.requestAuthority = authority;
        this.serviceBundle = serviceBundle;
        this.msalRequest = msalRequest;
        this.tenant = msalRequest.requestContext().apiParameters().tenant() == null ? msalRequest.application().tenant() : msalRequest.requestContext().apiParameters().tenant();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult executeTokenRequest() throws IOException {
        this.log.debug("Sending token request to: {}", this.requestAuthority.canonicalAuthorityUrl());
        return createAuthenticationResultFromOauthHttpResponse(createOauthHttpRequest().send());
    }

    OAuthHttpRequest createOauthHttpRequest() throws MalformedURLException {
        if (this.requestAuthority.tokenEndpointUrl() == null) {
            throw new MsalClientException("The endpoint URI is not specified", AuthenticationErrorCode.INVALID_ENDPOINT_URI);
        }
        OAuthHttpRequest oAuthHttpRequest = new OAuthHttpRequest(HttpMethod.POST, this.requestAuthority.tokenEndpointUrl(), this.msalRequest.headers().getReadonlyHeaderMap(), this.msalRequest.requestContext(), this.serviceBundle);
        HashMap hashMap = new HashMap(this.msalRequest.msalAuthorizationGrant().toParameters());
        if ((this.msalRequest.application() instanceof AbstractClientApplicationBase) && ((AbstractClientApplicationBase) this.msalRequest.application()).clientCapabilities() != null) {
            hashMap.put("claims", ((AbstractClientApplicationBase) this.msalRequest.application()).clientCapabilities());
        }
        if (this.msalRequest.msalAuthorizationGrant.getClaims() != null) {
            String formatAsJSONString = this.msalRequest.msalAuthorizationGrant.getClaims().formatAsJSONString();
            if (hashMap.get("claims") != null) {
                formatAsJSONString = JsonHelper.mergeJSONString((String) hashMap.get("claims"), formatAsJSONString);
            }
            hashMap.put("claims", formatAsJSONString);
        }
        if (this.msalRequest.requestContext().apiParameters().extraQueryParameters() != null) {
            for (String str : this.msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()) {
                if (hashMap.containsKey(str)) {
                    this.log.warn("A query parameter {} has been provided with values multiple times.", str);
                }
                hashMap.put(str, this.msalRequest.requestContext().apiParameters().extraQueryParameters().get(str));
            }
        }
        oAuthHttpRequest.setQuery(StringHelper.serializeQueryParameters(hashMap));
        if (this.msalRequest.application() instanceof AbstractClientApplicationBase) {
            addQueryParameters(oAuthHttpRequest);
        }
        return oAuthHttpRequest;
    }

    private void addQueryParameters(OAuthHttpRequest oAuthHttpRequest) {
        Map<String, String> parseQueryParameters = StringHelper.parseQueryParameters(oAuthHttpRequest.query);
        parseQueryParameters.put(Constants.MANAGED_IDENTITY_CLIENT_ID, this.msalRequest.application().clientId());
        if (this.msalRequest.application() instanceof ConfidentialClientApplication) {
            if ((this.msalRequest instanceof ClientCredentialRequest) && ((ClientCredentialRequest) this.msalRequest).parameters.clientCredential() != null) {
                addJWTBearerAssertionParams(parseQueryParameters, ((ConfidentialClientApplication) this.msalRequest.application()).getAssertionString(((ClientCredentialRequest) this.msalRequest).parameters.clientCredential()));
            } else if (((ConfidentialClientApplication) this.msalRequest.application()).assertion != null) {
                addJWTBearerAssertionParams(parseQueryParameters, ((ConfidentialClientApplication) this.msalRequest.application()).assertion);
            } else if (((ConfidentialClientApplication) this.msalRequest.application()).secret != null) {
                parseQueryParameters.put("client_secret", ((ConfidentialClientApplication) this.msalRequest.application()).secret);
            }
        }
        oAuthHttpRequest.setQuery(StringHelper.serializeQueryParameters(parseQueryParameters));
    }

    private void addJWTBearerAssertionParams(Map<String, String> map, String str) {
        map.put("client_assertion", str);
        map.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
    }

    private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(HttpResponse httpResponse) {
        if (httpResponse.statusCode() != 200) {
            if (httpResponse.statusCode() == 429 || httpResponse.statusCode() >= 500) {
                this.serviceBundle.getServerSideTelemetry().previousRequests.putAll(this.serviceBundle.getServerSideTelemetry().previousRequestInProgress);
            }
            throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
        }
        TokenResponse parseHttpResponse = TokenResponse.parseHttpResponse(httpResponse);
        AccountCacheEntity accountCacheEntity = null;
        if (!StringHelper.isNullOrBlank(parseHttpResponse.idToken())) {
            IdToken createIdTokenFromEncodedTokenString = JsonHelper.createIdTokenFromEncodedTokenString(parseHttpResponse.idToken());
            AuthorityType authorityType = this.msalRequest.application().authenticationAuthority.authorityType;
            if (!StringHelper.isBlank(parseHttpResponse.getClientInfo())) {
                accountCacheEntity = authorityType == AuthorityType.B2C ? AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.requestAuthority, createIdTokenFromEncodedTokenString, ((B2CAuthority) this.msalRequest.application().authenticationAuthority).policy()) : AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.requestAuthority, createIdTokenFromEncodedTokenString);
            } else if (authorityType == AuthorityType.ADFS) {
                accountCacheEntity = AccountCacheEntity.createADFSAccount(this.requestAuthority, createIdTokenFromEncodedTokenString);
            }
        }
        long time = new Date().getTime() / 1000;
        return AuthenticationResult.builder().accessToken(parseHttpResponse.accessToken()).refreshToken(parseHttpResponse.refreshToken()).familyId(parseHttpResponse.getFoci()).idToken(parseHttpResponse.idToken()).environment(this.requestAuthority.host()).expiresOn(time + parseHttpResponse.getExpiresIn()).extExpiresOn(parseHttpResponse.getExtExpiresIn() > 0 ? time + parseHttpResponse.getExtExpiresIn() : 0L).refreshOn(Long.valueOf(parseHttpResponse.getRefreshIn() > 0 ? time + parseHttpResponse.getRefreshIn() : 0L)).accountCacheEntity(accountCacheEntity).scopes(parseHttpResponse.getScope()).metadata(AuthenticationResultMetadata.builder().tokenSource(TokenSource.IDENTITY_PROVIDER).refreshOn(Long.valueOf(parseHttpResponse.getRefreshIn() > 0 ? time + parseHttpResponse.getRefreshIn() : 0L)).build()).build();
    }

    Logger getLog() {
        return this.log;
    }

    Authority getRequestAuthority() {
        return this.requestAuthority;
    }

    String getTenant() {
        return this.tenant;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MsalRequest getMsalRequest() {
        return this.msalRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceBundle getServiceBundle() {
        return this.serviceBundle;
    }
}
