package com.dbeaver.ui.auth.ad;

import com.dbeaver.model.auth.SMApplicationIdentityProvider;
import com.google.gson.Gson;
import com.google.gson.annotations.SerializedName;
import com.google.gson.reflect.TypeToken;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.ITokenCacheAccessAspect;
import com.microsoft.aad.msal4j.ITokenCacheAccessContext;
import com.microsoft.aad.msal4j.InteractiveRequestParameters;
import com.microsoft.aad.msal4j.PublicClientApplication;
import com.microsoft.aad.msal4j.SilentParameters;
import java.lang.reflect.Type;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import javax.security.auth.callback.CallbackHandler;
import org.jkiss.code.NotNull;
import org.jkiss.code.Nullable;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.app.DBPWorkspace;
import org.jkiss.dbeaver.model.auth.SMSession;
import org.jkiss.dbeaver.model.impl.app.LocalWorkspaceSession;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider.class */
public class AzureIdentityProvider implements SMApplicationIdentityProvider {
    private static final String PROP_SERVICE_URL = "dbeaver.auth.azure.service_url";
    private final Gson gson = new Gson();
    private final HttpClient client = HttpClient.newHttpClient();
    private static final Log log = Log.getLog(AzureIdentityProvider.class);
    private static final Path TOKEN_CACHE_FILE = Path.of(".ad", "azure_token_cache.json");

    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$ConfigResponse.class */
    private static class ConfigResponse {

        @SerializedName("client_id")
        private String clientId;
        private Set<String> scopes;

        private ConfigResponse() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$ErrorResponse.class */
    public static class ErrorResponse {
        private String message;

        private ErrorResponse() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$ServiceResponse.class */
    public static class ServiceResponse<T> {
        private T ok;
        private ErrorResponse error;

        private ServiceResponse() {
        }
    }

    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$SessionResponse.class */
    private static class SessionResponse {
        private String session;

        private SessionResponse() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$TokenCache.class */
    public static class TokenCache implements ITokenCacheAccessAspect {
        private final Path path;

        public TokenCache(@NotNull Path path) {
            this.path = path;
        }

        public void beforeCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) {
            if (Files.notExists(this.path, new LinkOption[0])) {
                return;
            }
            try {
                iTokenCacheAccessContext.tokenCache().deserialize(Files.readString(this.path));
            } catch (Exception e) {
                AzureIdentityProvider.log.error("Error reading token cache", e);
            }
        }

        public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) {
            try {
                if (Files.notExists(this.path.getParent(), new LinkOption[0])) {
                    Files.createDirectories(this.path.getParent(), new FileAttribute[0]);
                }
                Files.writeString(this.path, iTokenCacheAccessContext.tokenCache().serialize(), new OpenOption[0]);
            } catch (Exception e) {
                AzureIdentityProvider.log.error("Error writing token cache", e);
            }
        }
    }

    /* loaded from: input_file:com/dbeaver/ui/auth/ad/AzureIdentityProvider$WorkspaceSession.class */
    private static class WorkspaceSession extends LocalWorkspaceSession {
        private final String sessionId;

        public WorkspaceSession(@NotNull DBPWorkspace dBPWorkspace, @NotNull String str) {
            super(dBPWorkspace);
            this.sessionId = str;
        }

        @NotNull
        public String getSessionId() {
            return this.sessionId;
        }
    }

    @NotNull
    public SMSession acquireApplicationSession(@NotNull DBRProgressMonitor dBRProgressMonitor, @NotNull String str, @Nullable SMSession sMSession, @NotNull DBPWorkspace dBPWorkspace, @NotNull CallbackHandler callbackHandler) throws DBException {
        String property = System.getProperty(PROP_SERVICE_URL);
        if (CommonUtils.isEmptyTrimmed(property)) {
            throw new DBException("Property 'dbeaver.auth.azure.service_url' is not set");
        }
        try {
            ConfigResponse configResponse = (ConfigResponse) queryService(property + "/auth/config", ConfigResponse.class);
            return new WorkspaceSession(dBPWorkspace, ((SessionResponse) queryService(property + "/auth/" + authenticate(dBPWorkspace, configResponse.clientId, configResponse.scopes).idToken(), SessionResponse.class)).session);
        } catch (DBException e) {
            throw e;
        } catch (Exception e2) {
            throw new DBException("Error acquiring session", e2);
        }
    }

    @NotNull
    private IAuthenticationResult authenticate(@NotNull DBPWorkspace dBPWorkspace, @NotNull String str, @NotNull Set<String> set) throws InterruptedException, ExecutionException, URISyntaxException, MalformedURLException {
        PublicClientApplication build = PublicClientApplication.builder(str).setTokenCacheAccessAspect(new TokenCache(dBPWorkspace.getMetadataFolder().resolve(TOKEN_CACHE_FILE))).build();
        Set set2 = (Set) build.getAccounts().get();
        return set2.isEmpty() ? (IAuthenticationResult) build.acquireToken(InteractiveRequestParameters.builder(new URI("http://localhost")).scopes(set).build()).get() : (IAuthenticationResult) build.acquireTokenSilently(SilentParameters.builder(set, (IAccount) set2.iterator().next()).build()).get();
    }

    @NotNull
    private <T> T queryService(@NotNull String str, @NotNull Class<T> cls) throws DBException {
        try {
            ServiceResponse serviceResponse = (ServiceResponse) this.gson.fromJson((String) this.client.send(HttpRequest.newBuilder().uri(URI.create(str)).build(), HttpResponse.BodyHandlers.ofString()).body(), TypeToken.getParameterized(ServiceResponse.class, new Type[]{cls}).getType());
            if (serviceResponse.ok != null) {
                return serviceResponse.ok;
            }
            if (serviceResponse.error != null) {
                throw new DBException(serviceResponse.error.message);
            }
            throw new DBException("Unexpected service response");
        } catch (Exception e) {
            throw new DBException("Unexpected error while communicating with the service", e);
        }
    }
}
