package com.microsoft.aad.adal4j;

import com.microsoft.azure.storage.Constants;
import com.microsoft.azure.storage.blob.BlobConstants;
import java.net.Proxy;
import java.net.URL;
import java.util.Arrays;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/microsoft/aad/adal4j/AuthenticationAuthority.class */
class AuthenticationAuthority {
    private static final String[] TRUSTED_HOST_LIST = {"login.windows.net", "login.chinacloudapi.cn", "login.cloudgovapi.us", "login.microsoftonline.com"};
    private static final String TENANTLESS_TENANT_NAME = "common";
    private static final String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/authorize";
    private static final String DISCOVERY_ENDPOINT = "common/discovery/instance";
    private static final String TOKEN_ENDPOINT = "/oauth2/token";
    private static final String USER_REALM_ENDPOINT = "common/userrealm";
    private String host;
    private String issuer;
    private String instanceDiscoveryEndpoint;
    private String tokenEndpoint;
    private boolean isTenantless;
    private String tokenUri;
    private String selfSignedJwtAudience;
    private boolean instanceDiscoveryCompleted;
    private final URL authorityUrl;
    private final boolean validateAuthority;
    private final Logger log = LoggerFactory.getLogger((Class<?>) AuthenticationAuthority.class);
    private final String instanceDiscoveryEndpointFormat = "https://%s/common/discovery/instance";
    private final String userRealmEndpointFormat = "https://%s/common/userrealm/%s?api-version=1.0";
    private final String tokenEndpointFormat = "https://%s/{tenant}/oauth2/token";
    private String authority = "https://%s/%s/";
    private final AuthorityType authorityType = detectAuthorityType();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationAuthority(URL url, boolean z) {
        this.authorityUrl = url;
        this.validateAuthority = z;
        validateAuthorityUrl();
        setupAuthorityProperties();
    }

    String getHost() {
        return this.host;
    }

    String getIssuer() {
        return this.issuer;
    }

    String getAuthority() {
        return this.authority;
    }

    String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getUserRealmEndpoint(String str) {
        return String.format("https://%s/common/userrealm/%s?api-version=1.0", this.host, str);
    }

    AuthorityType getAuthorityType() {
        return this.authorityType;
    }

    boolean isTenantless() {
        return this.isTenantless;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTokenUri() {
        return this.tokenUri;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSelfSignedJwtAudience() {
        return this.selfSignedJwtAudience;
    }

    void setSelfSignedJwtAudience(String str) {
        this.selfSignedJwtAudience = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doInstanceDiscovery(Map<String, String> map, Proxy proxy, SSLSocketFactory sSLSocketFactory) throws Exception {
        if (this.instanceDiscoveryCompleted) {
            return;
        }
        if (!doStaticInstanceDiscovery() && this.validateAuthority && !doDynamicInstanceDiscovery(map, proxy, sSLSocketFactory)) {
            throw new AuthenticationException("'authority' is not in the list of valid addresses");
        }
        this.log.info(LogHelper.createMessage("Instance discovery was successful", map.get(ClientDataHttpHeaders.CORRELATION_ID_HEADER_NAME)));
        this.instanceDiscoveryCompleted = true;
    }

    boolean doDynamicInstanceDiscovery(Map<String, String> map, Proxy proxy, SSLSocketFactory sSLSocketFactory) throws Exception {
        return !StringHelper.isBlank(((InstanceDiscoveryResponse) JsonHelper.convertJsonToObject(HttpHelper.executeHttpGet(this.log, this.instanceDiscoveryEndpoint, map, proxy, sSLSocketFactory), InstanceDiscoveryResponse.class)).getTenantDiscoveryEndpoint());
    }

    boolean doStaticInstanceDiscovery() {
        if (this.validateAuthority) {
            return Arrays.asList(TRUSTED_HOST_LIST).contains(this.host);
        }
        return true;
    }

    void setupAuthorityProperties() {
        String lowerCase = this.authorityUrl.getAuthority().toLowerCase();
        String lowerCase2 = this.authorityUrl.getPath().substring(1).toLowerCase();
        String lowerCase3 = lowerCase2.substring(0, lowerCase2.indexOf(BlobConstants.DEFAULT_DELIMITER)).toLowerCase();
        this.host = lowerCase;
        this.authority = String.format(this.authority, lowerCase, lowerCase3);
        getClass();
        this.instanceDiscoveryEndpoint = String.format("https://%s/common/discovery/instance", lowerCase);
        getClass();
        this.tokenEndpoint = String.format("https://%s/{tenant}/oauth2/token", lowerCase);
        this.tokenEndpoint = this.tokenEndpoint.replace("{tenant}", lowerCase3);
        this.tokenUri = this.tokenEndpoint;
        this.issuer = this.tokenUri;
        this.isTenantless = TENANTLESS_TENANT_NAME.equalsIgnoreCase(lowerCase3);
        setSelfSignedJwtAudience(getIssuer());
        createInstanceDiscoveryEndpoint(lowerCase3);
    }

    AuthorityType detectAuthorityType() {
        if (this.authorityUrl == null) {
            throw new NullPointerException("authority");
        }
        String substring = this.authorityUrl.getPath().substring(1);
        if (StringHelper.isBlank(substring)) {
            throw new IllegalArgumentException("'authority' Uri should have at least one segment in the path (i.e. https://<host>/<path>/...)");
        }
        return IsAdfsAuthority(substring.substring(0, substring.indexOf(BlobConstants.DEFAULT_DELIMITER))) ? AuthorityType.ADFS : AuthorityType.AAD;
    }

    void validateAuthorityUrl() {
        if (this.authorityType != AuthorityType.AAD && this.validateAuthority) {
            throw new IllegalArgumentException("Authority validation is not supported for this type of authority");
        }
        if (!this.authorityUrl.getProtocol().equalsIgnoreCase(Constants.HTTPS)) {
            throw new IllegalArgumentException("'authority' should use the 'https' scheme");
        }
        if (this.authorityUrl.toString().contains("#")) {
            throw new IllegalArgumentException("authority is invalid format (contains fragment)");
        }
        if (!StringHelper.isBlank(this.authorityUrl.getQuery())) {
            throw new IllegalArgumentException("authority cannot contain query parameters");
        }
    }

    void createInstanceDiscoveryEndpoint(String str) {
        this.instanceDiscoveryEndpoint += "?api-version=1.0&authorization_endpoint=https://{host}/{tenant}/oauth2/authorize";
        this.instanceDiscoveryEndpoint = this.instanceDiscoveryEndpoint.replace("{host}", this.host);
        this.instanceDiscoveryEndpoint = this.instanceDiscoveryEndpoint.replace("{tenant}", str);
    }

    static boolean IsAdfsAuthority(String str) {
        return str.compareToIgnoreCase("adfs") == 0;
    }
}
