package com.microsoft.kiota.authentication;

import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:com/microsoft/kiota/authentication/AzureIdentityAccessTokenProvider.class */
public class AzureIdentityAccessTokenProvider implements AccessTokenProvider {
    private final TokenCredential creds;
    private final List<String> _scopes;
    private final AllowedHostsValidator _hostValidator;
    private static final String ClaimsKey = "claims";

    public AzureIdentityAccessTokenProvider(@Nonnull TokenCredential tokenCredential, @Nonnull String[] strArr, @Nonnull String... strArr2) {
        this.creds = (TokenCredential) Objects.requireNonNull(tokenCredential, "parameter tokenCredential cannot be null");
        if (strArr2 == null) {
            this._scopes = new ArrayList();
        } else if (strArr2.length == 0) {
            this._scopes = Arrays.asList("https://graph.microsoft.com/.default");
        } else {
            this._scopes = Arrays.asList(strArr2);
        }
        if (strArr == null || strArr.length == 0) {
            this._hostValidator = new AllowedHostsValidator(new String[]{"graph.microsoft.com", "graph.microsoft.us", "dod-graph.microsoft.us", "graph.microsoft.de", "microsoftgraph.chinacloudapi.cn", "canary.graph.microsoft.com"});
        } else {
            this._hostValidator = new AllowedHostsValidator(strArr);
        }
    }

    @Nonnull
    public CompletableFuture<String> getAuthorizationToken(@Nonnull URI uri, @Nullable Map<String, Object> map) {
        if (!this._hostValidator.isUrlHostValid(uri)) {
            return CompletableFuture.completedFuture("");
        }
        if (!uri.getScheme().equalsIgnoreCase("https")) {
            return CompletableFuture.failedFuture(new IllegalArgumentException("Only https is supported"));
        }
        String str = null;
        if (map != null && map.containsKey(ClaimsKey) && (map.get(ClaimsKey) instanceof String)) {
            str = new String(Base64.getDecoder().decode((String) map.get(ClaimsKey)));
        }
        TokenRequestContext tokenRequestContext = new TokenRequestContext() { // from class: com.microsoft.kiota.authentication.AzureIdentityAccessTokenProvider.1
            {
                setScopes(AzureIdentityAccessTokenProvider.this._scopes);
            }
        };
        if (str != null && !str.isEmpty()) {
            tokenRequestContext.setClaims(str);
        }
        return this.creds.getToken(tokenRequestContext).toFuture().thenApply(accessToken -> {
            return accessToken.getToken();
        });
    }

    @Nonnull
    public AllowedHostsValidator getAllowedHostsValidator() {
        return this._hostValidator;
    }
}
