package com.microsoft.azure.toolkit.lib.auth.cli;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.SimpleTokenCache;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.identity.implementation.util.ScopeUtil;
import com.fasterxml.jackson.core.type.TypeReference;
import com.microsoft.azure.toolkit.lib.Azure;
import com.microsoft.azure.toolkit.lib.auth.Account;
import com.microsoft.azure.toolkit.lib.auth.AuthConfiguration;
import com.microsoft.azure.toolkit.lib.auth.AuthType;
import com.microsoft.azure.toolkit.lib.auth.AzureCloud;
import com.microsoft.azure.toolkit.lib.auth.AzureEnvironmentUtils;
import com.microsoft.azure.toolkit.lib.auth.AzureToolkitAuthenticationException;
import com.microsoft.azure.toolkit.lib.common.model.Subscription;
import com.microsoft.azure.toolkit.lib.common.utils.JsonUtils;
import com.microsoft.azure.toolkit.lib.common.utils.TextUtils;
import java.time.LocalDateTime;
import java.time.OffsetDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/cli/AzureCliAccount.class */
public class AzureCliAccount extends Account {
    private static final Logger log = LoggerFactory.getLogger(AzureCliAccount.class);
    private static final String CLOUD_SHELL_ENV_KEY = "ACC_CLOUD";
    private final AuthType type;
    private String username;

    /* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/cli/AzureCliAccount$AzureCliTokenCredential.class */
    static class AzureCliTokenCredential implements TokenCredential {
        private static final String CLI_GET_ACCESS_TOKEN_CMD = "az account get-access-token --resource %s %s --output json";
        private final Map<String, SimpleTokenCache> tenantResourceTokenCache = new ConcurrentHashMap();
        private final String tenantId;

        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
            String str = (String) StringUtils.firstNonBlank(new String[]{tokenRequestContext.getTenantId(), this.tenantId});
            String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
            return this.tenantResourceTokenCache.computeIfAbsent(String.format("%s:%s", str, scopesToResource), str2 -> {
                return new SimpleTokenCache(() -> {
                    Object[] objArr = new Object[2];
                    objArr[0] = scopesToResource;
                    objArr[1] = (StringUtils.isBlank(str) || AzureCliAccount.isInCloudShell()) ? "" : " -t " + str;
                    Map map = (Map) JsonUtils.fromJson(AzureCliUtils.executeAzureCli(String.format(CLI_GET_ACCESS_TOKEN_CMD, objArr)), new TypeReference<HashMap<String, Object>>() { // from class: com.microsoft.azure.toolkit.lib.auth.cli.AzureCliAccount.AzureCliTokenCredential.1
                    });
                    return Mono.just(new AccessToken((String) map.get("accessToken"), (OffsetDateTime) Optional.ofNullable((String) map.get("expiresOn")).filter((v0) -> {
                        return StringUtils.isNotBlank(v0);
                    }).map(str2 -> {
                        return str2.substring(0, str2.indexOf("."));
                    }).map(str3 -> {
                        return String.join("T", str3.split(" "));
                    }).map(str4 -> {
                        return LocalDateTime.parse(str4, DateTimeFormatter.ISO_LOCAL_DATE_TIME).atZone(ZoneId.systemDefault()).toOffsetDateTime().withOffsetSameInstant(ZoneOffset.UTC);
                    }).orElse(OffsetDateTime.MAX)));
                });
            }).getToken();
        }

        public AzureCliTokenCredential(String str) {
            this.tenantId = str;
        }
    }

    public AzureCliAccount(AuthConfiguration authConfiguration) {
        super(authConfiguration);
        this.type = AuthType.AZURE_CLI;
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    @Nonnull
    protected List<Subscription> loadSubscriptions() {
        List<AzureCliSubscription> listSubscriptions = AzureCliUtils.listSubscriptions();
        if (listSubscriptions.isEmpty()) {
            throw new AzureToolkitAuthenticationException("Cannot find any subscriptions in current account.");
        }
        return new ArrayList(listSubscriptions);
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    protected void setupAfterLogin(TokenCredential tokenCredential) {
        List<Subscription> subscriptions = getSubscriptions();
        AzureCliSubscription azureCliSubscription = (AzureCliSubscription) subscriptions.stream().filter((v0) -> {
            return v0.isSelected();
        }).findFirst().orElse(subscriptions.get(0));
        AzureEnvironment azureEnvironment = ((AzureCloud) Azure.az(AzureCloud.class)).get();
        if (azureEnvironment != null && azureCliSubscription.getEnvironment() != azureEnvironment) {
            throw new AzureToolkitAuthenticationException(String.format("The azure cloud from azure cli '%s' doesn't match with your auth configuration, you can change it by executing 'az cloud set --name=%s' command to change the cloud in azure cli.", AzureEnvironmentUtils.getCloudName(azureCliSubscription.getEnvironment()), AzureEnvironmentUtils.getCloudName(azureEnvironment)));
        }
        this.username = azureCliSubscription.getEmail();
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    @Nonnull
    protected TokenCredential buildDefaultTokenCredential() {
        return new AzureCliTokenCredential((String) Optional.of(getConfig()).map((v0) -> {
            return v0.getTenant();
        }).orElse(null));
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    public boolean checkAvailable() {
        try {
            boolean isPresent = getManagementToken().isPresent();
            log.trace("Auth type ({}) is {}available.", TextUtils.cyan(getType().name()), isPresent ? "" : TextUtils.yellow("NOT "));
            return isPresent;
        } catch (Throwable th) {
            return false;
        }
    }

    static boolean isInCloudShell() {
        return StringUtils.isNotBlank(System.getenv(CLOUD_SHELL_ENV_KEY));
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    public AuthType getType() {
        return this.type;
    }

    @Override // com.microsoft.azure.toolkit.lib.auth.Account
    public String getUsername() {
        return this.username;
    }
}
