package redis.clients.authentication.entraid;

import com.microsoft.aad.msal4j.ClientCredentialFactory;
import com.microsoft.aad.msal4j.ClientCredentialParameters;
import com.microsoft.aad.msal4j.ConfidentialClientApplication;
import com.microsoft.aad.msal4j.IAuthenticationResult;
import com.microsoft.aad.msal4j.IClientCredential;
import com.microsoft.aad.msal4j.ManagedIdentityApplication;
import com.microsoft.aad.msal4j.ManagedIdentityParameters;
import java.net.MalformedURLException;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.function.Supplier;
import redis.clients.authentication.core.IdentityProvider;
import redis.clients.authentication.core.Token;

/* loaded from: input_file:redis/clients/authentication/entraid/EntraIDIdentityProvider.class */
public final class EntraIDIdentityProvider implements IdentityProvider {
    private Supplier<IAuthenticationResult> resultSupplier;

    public EntraIDIdentityProvider(ServicePrincipalInfo servicePrincipalInfo, Set<String> set) {
        IClientCredential clientCredential = getClientCredential(servicePrincipalInfo);
        try {
            String authority = servicePrincipalInfo.getAuthority();
            ConfidentialClientApplication build = ConfidentialClientApplication.builder(servicePrincipalInfo.getClientId(), clientCredential).authority(authority == null ? "https://login.microsoftonline.com/common/" : authority).build();
            ClientCredentialParameters build2 = ClientCredentialParameters.builder(set).build();
            this.resultSupplier = () -> {
                return supplierForConfidentialApp(build, build2);
            };
        } catch (MalformedURLException e) {
            throw new RedisEntraIDException("Failed to init EntraID client!", e);
        }
    }

    public EntraIDIdentityProvider(ManagedIdentityInfo managedIdentityInfo, Set<String> set) {
        ManagedIdentityApplication build = ManagedIdentityApplication.builder(managedIdentityInfo.getId()).build();
        ManagedIdentityParameters build2 = ManagedIdentityParameters.builder(set.iterator().next()).build();
        this.resultSupplier = () -> {
            return supplierForManagedIdentityApp(build, build2);
        };
    }

    private IClientCredential getClientCredential(ServicePrincipalInfo servicePrincipalInfo) {
        switch (servicePrincipalInfo.getAccessWith()) {
            case WithSecret:
                return ClientCredentialFactory.createFromSecret(servicePrincipalInfo.getSecret());
            case WithCert:
                return ClientCredentialFactory.createFromCertificate(servicePrincipalInfo.getKey(), servicePrincipalInfo.getCert());
            default:
                throw new RedisEntraIDException("Invalid ServicePrincipalAccess type!");
        }
    }

    public Token requestToken() {
        return new JWToken(this.resultSupplier.get().accessToken());
    }

    public IAuthenticationResult supplierForConfidentialApp(ConfidentialClientApplication confidentialClientApplication, ClientCredentialParameters clientCredentialParameters) {
        try {
            return (IAuthenticationResult) confidentialClientApplication.acquireToken(clientCredentialParameters).get();
        } catch (InterruptedException | ExecutionException e) {
            throw new RedisEntraIDException("Failed to acquire token!", e);
        }
    }

    public IAuthenticationResult supplierForManagedIdentityApp(ManagedIdentityApplication managedIdentityApplication, ManagedIdentityParameters managedIdentityParameters) {
        try {
            return (IAuthenticationResult) managedIdentityApplication.acquireTokenForManagedIdentity(managedIdentityParameters).get();
        } catch (Exception e) {
            throw new RedisEntraIDException("Failed to acquire token!", e);
        }
    }
}
