package com.microsoft.aad.msal4j;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.SerializeException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.util.URLUtils;
import com.nimbusds.openid.connect.sdk.assurance.claims.VerifiedClaimsSet;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:META-INF/bundled-dependencies/msal4j-1.13.10.jar:com/microsoft/aad/msal4j/TokenRequestExecutor.class */
public class TokenRequestExecutor {
    Logger log = LoggerFactory.getLogger((Class<?>) TokenRequestExecutor.class);
    final Authority requestAuthority;
    private final MsalRequest msalRequest;
    private final ServiceBundle serviceBundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenRequestExecutor(Authority authority, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        this.requestAuthority = authority;
        this.serviceBundle = serviceBundle;
        this.msalRequest = msalRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult executeTokenRequest() throws ParseException, IOException {
        this.log.debug("Sending token request to: {}", this.requestAuthority.canonicalAuthorityUrl());
        return createAuthenticationResultFromOauthHttpResponse(createOauthHttpRequest().send());
    }

    OAuthHttpRequest createOauthHttpRequest() throws SerializeException, MalformedURLException, ParseException {
        if (this.requestAuthority.tokenEndpointUrl() == null) {
            throw new SerializeException("The endpoint URI is not specified");
        }
        OAuthHttpRequest oAuthHttpRequest = new OAuthHttpRequest(HTTPRequest.Method.POST, this.requestAuthority.tokenEndpointUrl(), this.msalRequest.headers().getReadonlyHeaderMap(), this.msalRequest.requestContext(), this.serviceBundle);
        oAuthHttpRequest.setContentType(HTTPContentType.ApplicationURLEncoded.contentType);
        HashMap hashMap = new HashMap(this.msalRequest.msalAuthorizationGrant().toParameters());
        if (this.msalRequest.application().clientCapabilities() != null) {
            hashMap.put(VerifiedClaimsSet.CLAIMS_ELEMENT, Collections.singletonList(this.msalRequest.application().clientCapabilities()));
        }
        if (this.msalRequest.msalAuthorizationGrant.getClaims() != null) {
            String formatAsJSONString = this.msalRequest.msalAuthorizationGrant.getClaims().formatAsJSONString();
            if (hashMap.get(VerifiedClaimsSet.CLAIMS_ELEMENT) != null) {
                formatAsJSONString = JsonHelper.mergeJSONString((String) ((List) hashMap.get(VerifiedClaimsSet.CLAIMS_ELEMENT)).get(0), formatAsJSONString);
            }
            hashMap.put(VerifiedClaimsSet.CLAIMS_ELEMENT, Collections.singletonList(formatAsJSONString));
        }
        if (this.msalRequest.requestContext().apiParameters().extraQueryParameters() != null) {
            for (String str : this.msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()) {
                if (hashMap.containsKey(str)) {
                    this.log.warn("A query parameter {} has been provided with values multiple times.", str);
                }
                hashMap.put(str, Collections.singletonList(this.msalRequest.requestContext().apiParameters().extraQueryParameters().get(str)));
            }
        }
        oAuthHttpRequest.setQuery(URLUtils.serializeParameters(hashMap));
        if (this.msalRequest.application().clientAuthentication() != null) {
            Map<String, List<String>> queryParameters = oAuthHttpRequest.getQueryParameters();
            queryParameters.put("client_id", Arrays.asList(this.msalRequest.application().clientId()));
            oAuthHttpRequest.setQuery(URLUtils.serializeParameters(queryParameters));
            if (!(this.msalRequest instanceof ClientCredentialRequest) || ((ClientCredentialRequest) this.msalRequest).parameters.clientCredential() == null) {
                this.msalRequest.application().clientAuthentication().applyTo(oAuthHttpRequest);
            } else {
                ((ConfidentialClientApplication) this.msalRequest.application()).createClientAuthFromClientAssertion((ClientAssertion) ((ClientCredentialRequest) this.msalRequest).parameters.clientCredential()).applyTo(oAuthHttpRequest);
            }
        }
        return oAuthHttpRequest;
    }

    private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(HTTPResponse hTTPResponse) throws ParseException {
        if (hTTPResponse.getStatusCode() != 200) {
            if (hTTPResponse.getStatusCode() == 429 || hTTPResponse.getStatusCode() >= 500) {
                this.serviceBundle.getServerSideTelemetry().previousRequests.putAll(this.serviceBundle.getServerSideTelemetry().previousRequestInProgress);
            }
            throw MsalServiceExceptionFactory.fromHttpResponse(hTTPResponse);
        }
        TokenResponse parseHttpResponse = TokenResponse.parseHttpResponse(hTTPResponse);
        OIDCTokens oIDCTokens = parseHttpResponse.getOIDCTokens();
        String str = null;
        if (oIDCTokens.getRefreshToken() != null) {
            str = oIDCTokens.getRefreshToken().getValue();
        }
        AccountCacheEntity accountCacheEntity = null;
        if (oIDCTokens.getIDToken() != null) {
            IdToken idToken = (IdToken) JsonHelper.convertJsonToObject(oIDCTokens.getIDToken().getParsedParts()[1].decodeToString(), IdToken.class);
            AuthorityType authorityType = this.msalRequest.application().authenticationAuthority.authorityType;
            if (!StringHelper.isBlank(parseHttpResponse.getClientInfo())) {
                accountCacheEntity = authorityType == AuthorityType.B2C ? AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.requestAuthority, idToken, ((B2CAuthority) this.msalRequest.application().authenticationAuthority).policy()) : AccountCacheEntity.create(parseHttpResponse.getClientInfo(), this.requestAuthority, idToken);
            } else if (authorityType == AuthorityType.ADFS) {
                accountCacheEntity = AccountCacheEntity.createADFSAccount(this.requestAuthority, idToken);
            }
        }
        long time = new Date().getTime() / 1000;
        return AuthenticationResult.builder().accessToken(oIDCTokens.getAccessToken().getValue()).refreshToken(str).familyId(parseHttpResponse.getFoci()).idToken(oIDCTokens.getIDTokenString()).environment(this.requestAuthority.host()).expiresOn(time + parseHttpResponse.getExpiresIn()).extExpiresOn(parseHttpResponse.getExtExpiresIn() > 0 ? time + parseHttpResponse.getExtExpiresIn() : 0L).refreshOn(Long.valueOf(parseHttpResponse.getRefreshIn() > 0 ? time + parseHttpResponse.getRefreshIn() : 0L)).accountCacheEntity(accountCacheEntity).scopes(parseHttpResponse.getScope()).build();
    }

    Logger getLog() {
        return this.log;
    }

    Authority getRequestAuthority() {
        return this.requestAuthority;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MsalRequest getMsalRequest() {
        return this.msalRequest;
    }

    ServiceBundle getServiceBundle() {
        return this.serviceBundle;
    }
}
