package com.azure.identity;

import com.azure.core.credential.AccessToken;
import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.util.Configuration;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.identity.implementation.IdentityClientBuilder;
import com.azure.identity.implementation.IdentityClientOptions;
import com.azure.identity.implementation.ManagedIdentityParameters;
import com.azure.identity.implementation.ManagedIdentityType;
import com.azure.identity.implementation.util.LoggingUtil;
import com.microsoft.aad.msal4j.ManagedIdentityApplication;
import com.microsoft.aad.msal4j.ManagedIdentitySourceType;
import java.time.Duration;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/identity/ManagedIdentityCredential.class */
public final class ManagedIdentityCredential implements TokenCredential {
    private static final ClientLogger LOGGER = new ClientLogger((Class<?>) ManagedIdentityCredential.class);
    final ManagedIdentityServiceCredential managedIdentityServiceCredential;
    private final IdentityClientOptions identityClientOptions;
    private final String managedIdentityId;
    static final String PROPERTY_IMDS_ENDPOINT = "IMDS_ENDPOINT";
    static final String PROPERTY_IDENTITY_SERVER_THUMBPRINT = "IDENTITY_SERVER_THUMBPRINT";
    static final String AZURE_FEDERATED_TOKEN_FILE = "AZURE_FEDERATED_TOKEN_FILE";
    static final String USE_AZURE_IDENTITY_CLIENT_LIBRARY_LEGACY_MI = "USE_AZURE_IDENTITY_CLIENT_LIBRARY_LEGACY_MI";

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedIdentityCredential(String str, String str2, String str3, IdentityClientOptions identityClientOptions) {
        IdentityClientBuilder identityClientOptions2 = new IdentityClientBuilder().clientId(str).resourceId(str2).objectId(str3).identityClientOptions(identityClientOptions);
        this.identityClientOptions = identityClientOptions;
        Configuration mo143clone = identityClientOptions.getConfiguration() == null ? Configuration.getGlobalConfiguration().mo143clone() : identityClientOptions.getConfiguration();
        this.managedIdentityId = fetchManagedIdentityId(str, str2, str3);
        if (!mo143clone.contains(Configuration.PROPERTY_AZURE_TENANT_ID) || mo143clone.get(AZURE_FEDERATED_TOKEN_FILE) == null) {
            identityClientOptions.setManagedIdentityType(getManagedIdentityEnv(mo143clone));
            this.managedIdentityServiceCredential = new ManagedIdentityMsalCredential(str, identityClientOptions2.build());
        } else {
            String str4 = str == null ? mo143clone.get(Configuration.PROPERTY_AZURE_CLIENT_ID) : str;
            identityClientOptions2.clientId(str4);
            identityClientOptions2.tenantId(mo143clone.get(Configuration.PROPERTY_AZURE_TENANT_ID));
            identityClientOptions2.clientAssertionPath(mo143clone.get(AZURE_FEDERATED_TOKEN_FILE));
            identityClientOptions2.clientAssertionTimeout(Duration.ofMinutes(5L));
            this.managedIdentityServiceCredential = new AksExchangeTokenCredential(str4, identityClientOptions2.identityClientOptions(updateIdentityClientOptions(ManagedIdentityType.AKS, identityClientOptions, mo143clone)).build());
        }
        LoggingUtil.logAvailableEnvironmentVariables(LOGGER, mo143clone);
    }

    private IdentityClientOptions updateIdentityClientOptions(ManagedIdentityType managedIdentityType, IdentityClientOptions identityClientOptions, Configuration configuration) {
        switch (managedIdentityType) {
            case APP_SERVICE:
                return identityClientOptions.setManagedIdentityType(ManagedIdentityType.APP_SERVICE).setManagedIdentityParameters(new ManagedIdentityParameters().setMsiEndpoint(configuration.get("MSI_ENDPOINT")).setMsiSecret(configuration.get(Configuration.PROPERTY_MSI_SECRET)).setIdentityEndpoint(configuration.get("IDENTITY_ENDPOINT")).setIdentityHeader(configuration.get("IDENTITY_HEADER")));
            case SERVICE_FABRIC:
                return identityClientOptions.setManagedIdentityType(ManagedIdentityType.SERVICE_FABRIC).setManagedIdentityParameters(new ManagedIdentityParameters().setIdentityServerThumbprint(configuration.get("IDENTITY_SERVER_THUMBPRINT")).setIdentityEndpoint(configuration.get("IDENTITY_ENDPOINT")).setIdentityHeader(configuration.get("IDENTITY_HEADER")));
            case ARC:
                return identityClientOptions.setManagedIdentityType(ManagedIdentityType.ARC).setManagedIdentityParameters(new ManagedIdentityParameters().setIdentityEndpoint(configuration.get("IDENTITY_ENDPOINT")));
            case VM:
                return identityClientOptions.setManagedIdentityType(ManagedIdentityType.VM);
            case AKS:
                return identityClientOptions.setManagedIdentityType(ManagedIdentityType.AKS);
            default:
                return identityClientOptions;
        }
    }

    public String getClientId() {
        return this.managedIdentityServiceCredential.getClientId();
    }

    @Override // com.azure.core.credential.TokenCredential
    public Mono<AccessToken> getToken(TokenRequestContext tokenRequestContext) {
        if (this.managedIdentityServiceCredential == null) {
            return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.identityClientOptions, new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. The Target Azure platform could not be determined from environment variables.To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/java/identity/managedidentitycredential/troubleshoot")));
        }
        if (!CoreUtils.isNullOrEmpty(this.managedIdentityId)) {
            ManagedIdentitySourceType managedIdentitySource = ManagedIdentityApplication.getManagedIdentitySource();
            if (ManagedIdentitySourceType.CLOUD_SHELL.equals(managedIdentitySource) || ManagedIdentitySourceType.AZURE_ARC.equals(managedIdentitySource)) {
                return Mono.error(LoggingUtil.logCredentialUnavailableException(LOGGER, this.identityClientOptions, new CredentialUnavailableException("ManagedIdentityCredential authentication unavailable. User-assigned managed identity is not supported in " + managedIdentitySource + ". To use system-assigned managed identity, remove the configured client ID on the " + (this.identityClientOptions.isChained() ? "DefaultAzureCredentialBuilder." : "ManagedIdentityCredentialBuilder."))));
            }
        }
        return this.managedIdentityServiceCredential.authenticate(tokenRequestContext).doOnSuccess(accessToken -> {
            LOGGER.info("Azure Identity => Managed Identity environment: {}", this.managedIdentityServiceCredential.getEnvironment());
        }).doOnNext(accessToken2 -> {
            LoggingUtil.logTokenSuccess(LOGGER, tokenRequestContext);
        }).doOnError(th -> {
            LoggingUtil.logTokenError(LOGGER, this.identityClientOptions, tokenRequestContext, th);
        });
    }

    ManagedIdentityType getManagedIdentityEnv(Configuration configuration) {
        return configuration.contains("MSI_ENDPOINT") ? ManagedIdentityType.APP_SERVICE : configuration.contains("IDENTITY_ENDPOINT") ? configuration.contains("IDENTITY_HEADER") ? configuration.get("IDENTITY_SERVER_THUMBPRINT") != null ? ManagedIdentityType.SERVICE_FABRIC : ManagedIdentityType.APP_SERVICE : configuration.get("IMDS_ENDPOINT") != null ? ManagedIdentityType.ARC : ManagedIdentityType.VM : (!configuration.contains(Configuration.PROPERTY_AZURE_TENANT_ID) || configuration.get(AZURE_FEDERATED_TOKEN_FILE) == null) ? ManagedIdentityType.VM : ManagedIdentityType.AKS;
    }

    String fetchManagedIdentityId(String str, String str2, String str3) {
        if (str != null) {
            return str;
        }
        if (str2 != null) {
            return str2;
        }
        if (str3 != null) {
            return str3;
        }
        return null;
    }
}
