package com.microsoft.kiota.http.middleware;

import com.microsoft.kiota.authentication.AccessTokenProvider;
import com.microsoft.kiota.authentication.BaseBearerTokenAuthenticationProvider;
import com.microsoft.kiota.http.ContinuousAccessEvaluationClaims;
import com.microsoft.kiota.http.ObservabilityOptions;
import com.microsoft.kiota.http.TelemetrySemanticConventions;
import io.opentelemetry.api.GlobalOpenTelemetry;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.context.Scope;
import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

/* loaded from: input_file:com/microsoft/kiota/http/middleware/AuthorizationHandler.class */
public class AuthorizationHandler implements Interceptor {

    @Nonnull
    private final BaseBearerTokenAuthenticationProvider authenticationProvider;
    private static final String AUTHORIZATION_HEADER = "Authorization";

    public AuthorizationHandler(@Nonnull BaseBearerTokenAuthenticationProvider baseBearerTokenAuthenticationProvider) {
        this.authenticationProvider = (BaseBearerTokenAuthenticationProvider) Objects.requireNonNull(baseBearerTokenAuthenticationProvider, "AuthenticationProvider cannot be null");
    }

    @Nonnull
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Objects.requireNonNull(chain, "parameter chain cannot be null");
        Request request = chain.request();
        Span startSpan = GlobalOpenTelemetry.getTracer(new ObservabilityOptions().getTracerInstrumentationName()).spanBuilder("AuthorizationHandler_Intercept").startSpan();
        Scope scope = null;
        if (startSpan != null) {
            scope = startSpan.makeCurrent();
            startSpan.setAttribute("com.microsoft.kiota.handler.authorization.enable", true);
        }
        try {
            if (request.headers().names().contains(AUTHORIZATION_HEADER)) {
                if (startSpan != null) {
                    startSpan.setAttribute("com.microsoft.kiota.handler.authorization.token_present", true);
                }
                Response proceed = chain.proceed(request);
                if (scope != null) {
                    scope.close();
                }
                if (startSpan != null) {
                    startSpan.end();
                }
                return proceed;
            }
            HashMap hashMap = new HashMap();
            hashMap.put("parent-span", startSpan);
            Response proceed2 = chain.proceed(authenticateRequest(request, hashMap, startSpan));
            if (proceed2 != null && proceed2.code() != 401) {
                return proceed2;
            }
            String claimsFromResponse = ContinuousAccessEvaluationClaims.getClaimsFromResponse(proceed2);
            if (claimsFromResponse == null || claimsFromResponse.isEmpty()) {
                if (scope != null) {
                    scope.close();
                }
                if (startSpan != null) {
                    startSpan.end();
                }
                return proceed2;
            }
            if (startSpan != null) {
                startSpan.addEvent("com.microsoft.kiota.handler.authorization.challenge_received");
            }
            RequestBody body = request.body();
            if (body != null && body.isOneShot()) {
                if (scope != null) {
                    scope.close();
                }
                if (startSpan != null) {
                    startSpan.end();
                }
                return proceed2;
            }
            proceed2.close();
            hashMap.put("claims", claimsFromResponse);
            if (startSpan != null) {
                startSpan.setAttribute(TelemetrySemanticConventions.HTTP_REQUEST_RESEND_COUNT, 1);
            }
            Response proceed3 = chain.proceed(authenticateRequest(request, hashMap, startSpan));
            if (scope != null) {
                scope.close();
            }
            if (startSpan != null) {
                startSpan.end();
            }
            return proceed3;
        } finally {
            if (scope != null) {
                scope.close();
            }
            if (startSpan != null) {
                startSpan.end();
            }
        }
    }

    @Nonnull
    private Request authenticateRequest(@Nonnull Request request, @Nullable Map<String, Object> map, Span span) {
        AccessTokenProvider accessTokenProvider = this.authenticationProvider.getAccessTokenProvider();
        if (!accessTokenProvider.getAllowedHostsValidator().isUrlHostValid(request.url().uri())) {
            return request;
        }
        String authorizationToken = accessTokenProvider.getAuthorizationToken(request.url().uri(), map);
        if (authorizationToken == null || authorizationToken.isEmpty()) {
            return request;
        }
        span.setAttribute("com.microsoft.kiota.handler.authorization.token_obtained", true);
        Request.Builder newBuilder = request.newBuilder();
        newBuilder.addHeader(AUTHORIZATION_HEADER, "Bearer " + authorizationToken);
        return newBuilder.build();
    }
}
