package redis.clients.authentication.entraid;

import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.IClientCredential;
import com.microsoft.aad.msal4j.ManagedIdentityApplication;
import com.microsoft.aad.msal4j.ManagedIdentityParameters;
import java.net.MalformedURLException;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.function.Supplier;
import redis.clients.authentication.core.IdentityProvider;
import redis.clients.authentication.core.Token;

/* loaded from: input_file:redis/clients/authentication/entraid/EntraIDIdentityProvider.class */
public final class EntraIDIdentityProvider implements IdentityProvider {
    private ClientAppFactory clientAppFactory;
    private ClientApp clientApp;

    /* loaded from: input_file:redis/clients/authentication/entraid/EntraIDIdentityProvider$ClientApp.class */
    private interface ClientApp {
        IAuthenticationResult request();
    }

    /* loaded from: input_file:redis/clients/authentication/entraid/EntraIDIdentityProvider$ClientAppFactory.class */
    private interface ClientAppFactory {
        ClientApp create();
    }

    public EntraIDIdentityProvider(ServicePrincipalInfo servicePrincipalInfo, Set<String> set, int i) {
        this.clientAppFactory = () -> {
            return createConfidentialClientApp(servicePrincipalInfo, set, i);
        };
    }

    private ClientApp createConfidentialClientApp(ServicePrincipalInfo servicePrincipalInfo, Set<String> set, int i) {
        IClientCredential clientCredential = getClientCredential(servicePrincipalInfo);
        try {
            String authority = servicePrincipalInfo.getAuthority();
            ConfidentialClientApplication build = ConfidentialClientApplication.builder(servicePrincipalInfo.getClientId(), clientCredential).authority(authority == null ? "https://login.microsoftonline.com/common/" : authority).readTimeoutForDefaultHttpClient(Integer.valueOf(i)).build();
            ClientCredentialParameters build2 = ClientCredentialParameters.builder(set).skipCache(true).build();
            return () -> {
                return requestWithConfidentialClient(build, build2);
            };
        } catch (MalformedURLException e) {
            throw new RedisEntraIDException("Failed to init EntraID client!", e);
        }
    }

    public EntraIDIdentityProvider(ManagedIdentityInfo managedIdentityInfo, Set<String> set, int i) {
        this.clientAppFactory = () -> {
            return createManagedIdentityApp(managedIdentityInfo, set, i);
        };
    }

    private ClientApp createManagedIdentityApp(ManagedIdentityInfo managedIdentityInfo, Set<String> set, int i) {
        ManagedIdentityApplication build = ManagedIdentityApplication.builder(managedIdentityInfo.getId()).readTimeoutForDefaultHttpClient(Integer.valueOf(i)).build();
        ManagedIdentityParameters build2 = ManagedIdentityParameters.builder(set.iterator().next()).forceRefresh(true).build();
        return () -> {
            return requestWithManagedIdentity(build, build2);
        };
    }

    public EntraIDIdentityProvider(Supplier<IAuthenticationResult> supplier) {
        this.clientAppFactory = () -> {
            return () -> {
                return (IAuthenticationResult) supplier.get();
            };
        };
    }

    private IClientCredential getClientCredential(ServicePrincipalInfo servicePrincipalInfo) {
        switch (servicePrincipalInfo.getAccessWith()) {
            case WithSecret:
                return ClientCredentialFactory.createFromSecret(servicePrincipalInfo.getSecret());
            case WithCert:
                return ClientCredentialFactory.createFromCertificate(servicePrincipalInfo.getKey(), servicePrincipalInfo.getCert());
            default:
                throw new RedisEntraIDException("Invalid ServicePrincipalAccess type!");
        }
    }

    public Token requestToken() {
        this.clientApp = this.clientApp == null ? this.clientAppFactory.create() : this.clientApp;
        return new JWToken(this.clientApp.request().accessToken());
    }

    public IAuthenticationResult requestWithConfidentialClient(ConfidentialClientApplication confidentialClientApplication, ClientCredentialParameters clientCredentialParameters) {
        try {
            return (IAuthenticationResult) confidentialClientApplication.acquireToken(clientCredentialParameters).get();
        } catch (InterruptedException | ExecutionException e) {
            throw new RedisEntraIDException("Failed to acquire token!", e);
        }
    }

    public IAuthenticationResult requestWithManagedIdentity(ManagedIdentityApplication managedIdentityApplication, ManagedIdentityParameters managedIdentityParameters) {
        try {
            return (IAuthenticationResult) managedIdentityApplication.acquireTokenForManagedIdentity(managedIdentityParameters).get();
        } catch (Exception e) {
            throw new RedisEntraIDException("Failed to acquire token!", e);
        }
    }
}
