package com.microsoft.aad.msal4j;

import com.microsoft.aad.msal4j.AbstractClientApplicationBase;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.JWTAuthentication;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/msal4j-1.14.0.jar:com/microsoft/aad/msal4j/ConfidentialClientApplication.class */
public class ConfidentialClientApplication extends AbstractClientApplicationBase implements IConfidentialClientApplication {
    private ClientAuthentication clientAuthentication;
    private boolean clientCertAuthentication;
    private ClientCertificate clientCertificate;
    public Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> appTokenProvider;
    private boolean sendX5c;

    /* loaded from: input_file:META-INF/lib/msal4j-1.14.0.jar:com/microsoft/aad/msal4j/ConfidentialClientApplication$Builder.class */
    public static class Builder extends AbstractClientApplicationBase.Builder<Builder> {
        private IClientCredential clientCredential;
        private boolean sendX5c;
        private Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> appTokenProvider;

        private Builder(String str, IClientCredential iClientCredential) {
            super(str);
            this.sendX5c = true;
            this.clientCredential = iClientCredential;
        }

        public Builder sendX5c(boolean z) {
            this.sendX5c = z;
            return self();
        }

        public Builder appTokenProvider(Function<AppTokenProviderParameters, CompletableFuture<TokenProviderResult>> function) {
            if (function == null) {
                throw new NullPointerException("appTokenProvider is null");
            }
            this.appTokenProvider = function;
            return self();
        }

        @Override // com.microsoft.aad.msal4j.AbstractClientApplicationBase.Builder
        public ConfidentialClientApplication build() {
            return new ConfidentialClientApplication(this);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.microsoft.aad.msal4j.AbstractClientApplicationBase.Builder
        public Builder self() {
            return this;
        }
    }

    @Override // com.microsoft.aad.msal4j.IConfidentialClientApplication
    public CompletableFuture<IAuthenticationResult> acquireToken(ClientCredentialParameters clientCredentialParameters) {
        ParameterValidationUtils.validateNotNull("parameters", clientCredentialParameters);
        return executeRequest(new ClientCredentialRequest(clientCredentialParameters, this, new RequestContext(this, PublicApi.ACQUIRE_TOKEN_FOR_CLIENT, clientCredentialParameters), this.appTokenProvider));
    }

    @Override // com.microsoft.aad.msal4j.IConfidentialClientApplication
    public CompletableFuture<IAuthenticationResult> acquireToken(OnBehalfOfParameters onBehalfOfParameters) {
        ParameterValidationUtils.validateNotNull("parameters", onBehalfOfParameters);
        return executeRequest(new OnBehalfOfRequest(onBehalfOfParameters, this, new RequestContext(this, PublicApi.ACQUIRE_TOKEN_ON_BEHALF_OF, onBehalfOfParameters)));
    }

    private ConfidentialClientApplication(Builder builder) {
        super(builder);
        this.clientCertAuthentication = false;
        this.sendX5c = builder.sendX5c;
        this.appTokenProvider = builder.appTokenProvider;
        this.log = LoggerFactory.getLogger((Class<?>) ConfidentialClientApplication.class);
        initClientAuthentication(builder.clientCredential);
    }

    private void initClientAuthentication(IClientCredential iClientCredential) {
        ParameterValidationUtils.validateNotNull("clientCredential", iClientCredential);
        if (iClientCredential instanceof ClientSecret) {
            this.clientAuthentication = new ClientSecretPost(new ClientID(clientId()), new Secret(((ClientSecret) iClientCredential).clientSecret()));
            return;
        }
        if (iClientCredential instanceof ClientCertificate) {
            this.clientCertAuthentication = true;
            this.clientCertificate = (ClientCertificate) iClientCredential;
            this.clientAuthentication = buildValidClientCertificateAuthority();
        } else {
            if (!(iClientCredential instanceof ClientAssertion)) {
                throw new IllegalArgumentException("Unsupported client credential");
            }
            this.clientAuthentication = createClientAuthFromClientAssertion((ClientAssertion) iClientCredential);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.aad.msal4j.AbstractClientApplicationBase
    public ClientAuthentication clientAuthentication() {
        if (this.clientCertAuthentication) {
            if (((PrivateKeyJWT) this.clientAuthentication).getJWTAuthenticationClaimsSet().getExpirationTime().before(new Date(System.currentTimeMillis()))) {
                this.clientAuthentication = buildValidClientCertificateAuthority();
            }
        }
        return this.clientAuthentication;
    }

    private ClientAuthentication buildValidClientCertificateAuthority() {
        return createClientAuthFromClientAssertion(JwtHelper.buildJwt(clientId(), this.clientCertificate, this.authenticationAuthority.selfSignedJwtAudience(), this.sendX5c));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientAuthentication createClientAuthFromClientAssertion(ClientAssertion clientAssertion) {
        HashMap hashMap = new HashMap();
        try {
            hashMap.put("client_assertion_type", Collections.singletonList(JWTAuthentication.CLIENT_ASSERTION_TYPE));
            hashMap.put("client_assertion", Collections.singletonList(clientAssertion.assertion()));
            return PrivateKeyJWT.parse(hashMap);
        } catch (ParseException e) {
            if (e.getMessage().contains("Issuer and subject in client JWT assertion must designate the same client identifier")) {
                return new CustomJWTAuthentication(ClientAuthenticationMethod.PRIVATE_KEY_JWT, clientAssertion, new ClientID(clientId()));
            }
            throw new MsalClientException(e);
        }
    }

    public static Builder builder(String str, IClientCredential iClientCredential) {
        return new Builder(str, iClientCredential);
    }

    @Override // com.microsoft.aad.msal4j.IConfidentialClientApplication
    public boolean sendX5c() {
        return this.sendX5c;
    }
}
