package com.microsoft.azure.toolkit.lib.auth;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.http.policy.FixedDelay;
import com.azure.core.http.policy.RetryPolicy;
import com.azure.core.management.AzureEnvironment;
import com.azure.core.management.profile.AzureProfile;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.DeviceCodeCredential;
import com.azure.identity.InteractiveBrowserCredential;
import com.azure.identity.TokenCachePersistenceOptions;
import com.azure.identity.implementation.MsalToken;
import com.azure.identity.implementation.util.ScopeUtil;
import com.azure.resourcemanager.resources.ResourceManager;
import com.microsoft.azure.toolkit.lib.Azure;
import com.microsoft.azure.toolkit.lib.account.IAccount;
import com.microsoft.azure.toolkit.lib.common.bundle.AzureString;
import com.microsoft.azure.toolkit.lib.common.cache.CacheEvict;
import com.microsoft.azure.toolkit.lib.common.cache.CacheManager;
import com.microsoft.azure.toolkit.lib.common.cache.Preloader;
import com.microsoft.azure.toolkit.lib.common.event.AzureEventBus;
import com.microsoft.azure.toolkit.lib.common.exception.AzureToolkitRuntimeException;
import com.microsoft.azure.toolkit.lib.common.messager.AzureMessager;
import com.microsoft.azure.toolkit.lib.common.model.AbstractAzServiceSubscription;
import com.microsoft.azure.toolkit.lib.common.model.Subscription;
import com.microsoft.azure.toolkit.lib.common.operation.AzureOperation;
import com.microsoft.azure.toolkit.lib.common.operation.AzureOperationAspect;
import com.microsoft.azure.toolkit.lib.common.task.AzureTaskManager;
import com.microsoft.azure.toolkit.lib.common.utils.TextUtils;
import com.microsoft.azure.toolkit.lib.common.utils.Utils;
import java.lang.reflect.Field;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/Account.class */
public abstract class Account implements IAccount {
    protected static final TokenCachePersistenceOptions PERSISTENCE_OPTIONS;
    private static final ClientLogger LOGGER;

    @Nonnull
    private final AuthConfiguration config;
    protected String username;
    private TokenCredential defaultTokenCredential;
    private List<Subscription> subscriptions;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_1;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_2;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_3;
    private final Map<String, TokenCredential> tenantCredentialCache = new ConcurrentHashMap();
    protected boolean persistenceEnabled = true;

    /* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/Account$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            Account.logout_aroundBody0((Account) objArr2[0], (JoinPoint) objArr2[1]);
            return null;
        }
    }

    /* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/Account$TenantTokenCredential.class */
    private static class TenantTokenCredential implements TokenCredential {
        private final String tenantId;
        private final TokenCredential defaultCredential;

        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
            tokenRequestContext.setTenantId((String) StringUtils.firstNonBlank(new String[]{tokenRequestContext.getTenantId(), this.tenantId}));
            return this.defaultCredential.getToken(tokenRequestContext).doOnTerminate(() -> {
                if ((this.defaultCredential instanceof InteractiveBrowserCredential) || (this.defaultCredential instanceof DeviceCodeCredential)) {
                    disableAutomaticAuthentication();
                }
            });
        }

        private void disableAutomaticAuthentication() {
            Field field = FieldUtils.getField(this.defaultCredential.getClass(), "automaticAuthentication", true);
            if (Objects.nonNull(field) && ((Boolean) FieldUtils.readField(field, this.defaultCredential)).booleanValue()) {
                FieldUtils.writeField(field, this.defaultCredential, false);
            }
        }

        public TenantTokenCredential(String str, TokenCredential tokenCredential) {
            this.tenantId = str;
            this.defaultCredential = tokenCredential;
        }
    }

    @Nonnull
    protected abstract TokenCredential buildDefaultTokenCredential();

    public TokenCredential getTokenCredential(String str) {
        return getTenantTokenCredential(getSubscription(str).getTenantId());
    }

    @Nonnull
    public TokenCredential getTenantTokenCredential(@Nonnull String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("tenant id is required to retrieve credential.");
        }
        return this.tenantCredentialCache.computeIfAbsent(str, str2 -> {
            return new TenantTokenCredential(str2, this.defaultTokenCredential);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void login() {
        this.defaultTokenCredential = buildDefaultTokenCredential();
        reloadSubscriptions();
        setupAfterLogin(this.defaultTokenCredential);
        this.config.setType(getType());
        this.config.setClient(getClientId());
        List<String> tenantIds = getTenantIds();
        if (StringUtils.isEmpty(this.config.getTenant())) {
            this.config.setTenant(CollectionUtils.isEmpty(tenantIds) ? null : tenantIds.get(0));
        }
        this.config.setEnvironment(AzureEnvironmentUtils.azureEnvironmentToString(getEnvironment()));
        this.config.setUsername(getUsername());
    }

    public abstract boolean checkAvailable();

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Optional<AccessToken> getManagementToken() {
        try {
            return buildDefaultTokenCredential().getToken(new TokenRequestContext().addScopes(ScopeUtil.resourceToScopes(getEnvironment().getManagementEndpoint()))).onErrorResume(Exception.class, exc -> {
                return Mono.empty();
            }).blockOptional();
        } catch (Throwable th) {
            return Optional.empty();
        }
    }

    protected void setupAfterLogin(TokenCredential tokenCredential) {
        MsalToken msalToken = (AccessToken) tokenCredential.getToken(new TokenRequestContext().addScopes(ScopeUtil.resourceToScopes(getEnvironment().getManagementEndpoint()))).blockOptional().orElseThrow(() -> {
            return new AzureToolkitAuthenticationException("Failed to retrieve token.");
        });
        if (msalToken instanceof MsalToken) {
            this.username = (String) Optional.of(msalToken).map((v0) -> {
                return v0.getAccount();
            }).map((v0) -> {
                return v0.username();
            }).orElse(getClientId());
        }
        Optional.ofNullable(getConfig().getDoAfterLogin()).ifPresent((v0) -> {
            v0.run();
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CacheEvict("<ALL>")
    public void logout() {
        CacheManager.aspectOf().aroundCacheEvict(new AjcClosure1(new Object[]{this, Factory.makeJP(ajc$tjp_0, this, this)}).linkClosureAndJoinPoint(69648));
    }

    @AzureOperation(name = "azure/account.reload_subscriptions")
    public List<Subscription> reloadSubscriptions() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this);
        try {
            AzureOperationAspect.aspectOf().beforeEnter(makeJP);
            List list = (List) ((List) Optional.ofNullable(this.subscriptions).orElse(Collections.emptyList())).stream().filter((v0) -> {
                return v0.isSelected();
            }).map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList());
            this.subscriptions = (List) ((List) Optional.ofNullable(loadSubscriptions()).orElse(Collections.emptyList())).stream().sorted(Comparator.comparing(subscription -> {
                return subscription.getName().toLowerCase();
            })).collect(Collectors.toList());
            this.subscriptions.stream().filter(subscription2 -> {
                return list.contains(subscription2.getId().toLowerCase());
            }).forEach(subscription3 -> {
                subscription3.setSelected(true);
            });
            List<Subscription> subscriptions = getSubscriptions();
            AzureOperationAspect.aspectOf().afterReturning(makeJP);
            return subscriptions;
        } catch (Throwable th) {
            AzureOperationAspect.aspectOf().afterThrowing(makeJP, th);
            throw th;
        }
    }

    @AzureOperation(name = "azure/account.load_subscriptions")
    protected List<Subscription> loadSubscriptions() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this);
        try {
            AzureOperationAspect.aspectOf().beforeEnter(makeJP);
            List<Subscription> list = (List) configureAzure().authenticate(this.defaultTokenCredential, new AzureProfile(getEnvironment())).tenants().listAsync().flatMap(tenant -> {
                return loadSubscriptions(tenant.tenantId());
            }).filter(Utils.distinctByKey((v0) -> {
                return v0.getId();
            })).collectList().block();
            AzureOperationAspect.aspectOf().afterReturning(makeJP);
            return list;
        } catch (Throwable th) {
            AzureOperationAspect.aspectOf().afterThrowing(makeJP, th);
            throw th;
        }
    }

    @Nonnull
    @AzureOperation(name = "azure/account.load_subscriptions.tenant", params = {"tenantId"})
    private Flux<Subscription> loadSubscriptions(String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, str);
        try {
            AzureOperationAspect.aspectOf().beforeEnter(makeJP);
            Flux<Subscription> map = configureAzure().authenticate(getTenantTokenCredential(str), new AzureProfile(str, (String) null, getEnvironment())).subscriptions().listAsync().onErrorResume(th -> {
                AzureMessager.getMessager().warning(AzureString.format("Failed to get subscriptions for tenant %s, please confirm you have sufficient permissions. Use %s to explicitly login to a tenant if it requires Multi-Factor Authentication (MFA). Message: %s", new Object[]{str, "-Dauth.tenant=TENANT_ID", th.getMessage()}));
                return Flux.fromIterable(new ArrayList());
            }).map(Subscription::new);
            AzureOperationAspect.aspectOf().afterReturning(makeJP);
            return map;
        } catch (Throwable th2) {
            AzureOperationAspect.aspectOf().afterThrowing(makeJP, th2);
            throw th2;
        }
    }

    @Nonnull
    public List<Subscription> getSubscriptions() {
        if (isLoggedIn()) {
            return new ArrayList((Collection) Optional.ofNullable(this.subscriptions).orElse(Collections.emptyList()));
        }
        throw new AzureToolkitRuntimeException("You are not signed-in or there are no subscriptions in your current Account.", new Object[]{IAccountActions.AUTHENTICATE, IAccountActions.TRY_AZURE});
    }

    public void setSelectedSubscriptions(List<String> list) {
        if (CollectionUtils.isEmpty(list)) {
            throw new AzureToolkitRuntimeException("No subscriptions are selected. You must select at least one subscription.", new Object[]{IAccountActions.SELECT_SUBS});
        }
        Set set = (Set) list.stream().map((v0) -> {
            return v0.toLowerCase();
        }).collect(Collectors.toSet());
        getSubscriptions().forEach(subscription -> {
            subscription.setSelected(false);
        });
        getSubscriptions().stream().filter(subscription2 -> {
            return set.contains(subscription2.getId().toLowerCase());
        }).forEach(subscription3 -> {
            subscription3.setSelected(true);
        });
        this.config.setSelectedSubscriptions(list);
        AzureEventBus.emit("account.subscription_changed.account", this);
        AzureTaskManager azureTaskManager = AzureTaskManager.getInstance();
        Boolean enablePreloading = Azure.az().config().getEnablePreloading();
        if (Objects.nonNull(azureTaskManager) && BooleanUtils.isTrue(enablePreloading)) {
            azureTaskManager.runOnPooledThread(Preloader::load);
        }
    }

    public Subscription getSubscription(String str) {
        return getSubscriptions().stream().filter(subscription -> {
            return StringUtils.equalsIgnoreCase(str, subscription.getId());
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException(String.format("Cannot find subscription with id '%s'", str));
        });
    }

    public Subscription getSelectedSubscription(String str) {
        return getSelectedSubscriptions().stream().filter(subscription -> {
            return StringUtils.equalsIgnoreCase(str, subscription.getId());
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException(String.format("Cannot find a selected subscription with id '%s'", str));
        });
    }

    public List<Subscription> getSelectedSubscriptions() {
        return (List) getSubscriptions().stream().filter((v0) -> {
            return v0.isSelected();
        }).collect(Collectors.toList());
    }

    @Nonnull
    public List<String> getTenantIds() {
        return (List) getSubscriptions().stream().map((v0) -> {
            return v0.getTenantId();
        }).distinct().collect(Collectors.toList());
    }

    public String getPortalUrl() {
        return AzureEnvironmentUtils.getPortalUrl(getEnvironment());
    }

    public AzureEnvironment getEnvironment() {
        return ((AzureCloud) Azure.az(AzureCloud.class)).getOrDefault();
    }

    public boolean isLoggedInCompletely() {
        return isLoggedIn() && CollectionUtils.isNotEmpty(getSelectedSubscriptions());
    }

    public boolean isLoggedIn() {
        return Objects.nonNull(this.defaultTokenCredential) && CollectionUtils.isNotEmpty(this.subscriptions);
    }

    public boolean isSubscriptionsSelected() {
        return isLoggedInCompletely();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public TokenCachePersistenceOptions getPersistenceOptions() {
        if (isPersistenceEnabled()) {
            return PERSISTENCE_OPTIONS;
        }
        return null;
    }

    private static ResourceManager.Configurable configureAzure() {
        return ResourceManager.configure().withHttpClient(AbstractAzServiceSubscription.getDefaultHttpClient()).withPolicy(AbstractAzServiceSubscription.getUserAgentPolicy()).withRetryPolicy(new RetryPolicy(new FixedDelay(0, Duration.ofSeconds(0L))));
    }

    public String toString() {
        ArrayList arrayList = new ArrayList();
        String username = getUsername();
        if (getType() != null) {
            arrayList.add(String.format("Auth type: %s", TextUtils.cyan(getType().toString())));
        }
        if (StringUtils.isNotEmpty(username)) {
            arrayList.add(String.format("Username: %s", TextUtils.cyan(username.trim())));
        }
        return StringUtils.join(arrayList.toArray(), "\n");
    }

    public abstract AuthType getType();

    public String getClientId() {
        return (String) Optional.ofNullable(this.config.getClient()).orElse("04b07795-8ddb-461a-bbee-02f9e1bf7b46");
    }

    public Map<String, TokenCredential> getTenantCredentialCache() {
        return this.tenantCredentialCache;
    }

    @Nonnull
    public AuthConfiguration getConfig() {
        return this.config;
    }

    public String getUsername() {
        return this.username;
    }

    public boolean isPersistenceEnabled() {
        return this.persistenceEnabled;
    }

    public Account(@Nonnull AuthConfiguration authConfiguration) {
        if (authConfiguration == null) {
            throw new NullPointerException("config is marked non-null but is null");
        }
        this.config = authConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPersistenceEnabled(boolean z) {
        this.persistenceEnabled = z;
    }

    TokenCredential getDefaultTokenCredential() {
        return this.defaultTokenCredential;
    }

    static {
        ajc$preClinit();
        PERSISTENCE_OPTIONS = new TokenCachePersistenceOptions().setName("azure-toolkit.cache");
        LOGGER = new ClientLogger(Account.class);
    }

    static final /* synthetic */ void logout_aroundBody0(Account account, JoinPoint joinPoint) {
        account.subscriptions = null;
        account.defaultTokenCredential = null;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("Account.java", Account.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("0", "logout", "com.microsoft.azure.toolkit.lib.auth.Account", "", "", "", "void"), 141);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "reloadSubscriptions", "com.microsoft.azure.toolkit.lib.auth.Account", "", "", "", "java.util.List"), 147);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "loadSubscriptions", "com.microsoft.azure.toolkit.lib.auth.Account", "", "", "", "java.util.List"), 162);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "loadSubscriptions", "com.microsoft.azure.toolkit.lib.auth.Account", "java.lang.String", "tenantId", "", "reactor.core.publisher.Flux"), 173);
    }
}
