package com.microsoft.azure.toolkit.lib.auth.core.azurecli;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.management.AzureEnvironment;
import com.azure.identity.implementation.util.ScopeUtil;
import com.google.gson.JsonObject;
import com.microsoft.azure.toolkit.lib.auth.TokenCredentialManagerWithCache;
import com.microsoft.azure.toolkit.lib.auth.exception.AzureToolkitAuthenticationException;
import com.microsoft.azure.toolkit.lib.auth.util.AzureCliUtils;
import com.microsoft.azure.toolkit.lib.common.utils.JsonUtils;
import java.time.LocalDateTime;
import java.time.OffsetDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/core/azurecli/AzureCliTokenCredentialManager.class */
class AzureCliTokenCredentialManager extends TokenCredentialManagerWithCache {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/microsoft/azure/toolkit/lib/auth/core/azurecli/AzureCliTokenCredentialManager$AzureCliTokenCredential.class */
    public static class AzureCliTokenCredential implements TokenCredential {
        private static final String CLI_GET_ACCESS_TOKEN_CMD = "az account get-access-token --resource %s %s --output json";
        private static final String CLOUD_SHELL_ENV_KEY = "ACC_CLOUD";
        private final String tenantId;

        public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
            String scopesToResource = ScopeUtil.scopesToResource(tokenRequestContext.getScopes());
            try {
                ScopeUtil.validateScope(scopesToResource);
                Object[] objArr = new Object[2];
                objArr[0] = scopesToResource;
                objArr[1] = (StringUtils.isBlank(this.tenantId) || isInCloudShell()) ? "" : " -t " + this.tenantId;
                JsonObject jsonObject = (JsonObject) JsonUtils.getGson().fromJson(AzureCliUtils.executeAzureCli(String.format(CLI_GET_ACCESS_TOKEN_CMD, objArr)), JsonObject.class);
                return Mono.just(new AccessToken(jsonObject.get("accessToken").getAsString(), (OffsetDateTime) Optional.ofNullable(jsonObject.get("expiresOn")).filter(jsonElement -> {
                    return !jsonElement.isJsonNull();
                }).map((v0) -> {
                    return v0.getAsString();
                }).map(str -> {
                    return str.substring(0, str.indexOf("."));
                }).map(str2 -> {
                    return String.join("T", str2.split(" "));
                }).map(str3 -> {
                    return LocalDateTime.parse(str3, DateTimeFormatter.ISO_LOCAL_DATE_TIME).atZone(ZoneId.systemDefault()).toOffsetDateTime().withOffsetSameInstant(ZoneOffset.UTC);
                }).orElse(OffsetDateTime.MAX)));
            } catch (IllegalArgumentException e) {
                throw new AzureToolkitAuthenticationException(String.format("Invalid scope: %s", scopesToResource));
            }
        }

        boolean isInCloudShell() {
            return System.getenv(CLOUD_SHELL_ENV_KEY) != null;
        }

        public AzureCliTokenCredential(String str) {
            this.tenantId = str;
        }
    }

    public AzureCliTokenCredentialManager(AzureEnvironment azureEnvironment) {
        this.environment = azureEnvironment;
        this.rootCredentialSupplier = () -> {
            return new AzureCliTokenCredential(null);
        };
        this.credentialSupplier = AzureCliTokenCredential::new;
    }
}
