package com.microsoft.aad.msal4j;

import java.util.HashSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/microsoft/aad/msal4j/AcquireTokenByManagedIdentitySupplier.class */
public class AcquireTokenByManagedIdentitySupplier extends AuthenticationResultSupplier {
    private static final Logger LOG = LoggerFactory.getLogger(AcquireTokenByManagedIdentitySupplier.class);
    private ManagedIdentityParameters managedIdentityParameters;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcquireTokenByManagedIdentitySupplier(ManagedIdentityApplication managedIdentityApplication, MsalRequest msalRequest) {
        super(managedIdentityApplication, msalRequest);
        this.managedIdentityParameters = (ManagedIdentityParameters) msalRequest.requestContext().apiParameters();
    }

    @Override // com.microsoft.aad.msal4j.AuthenticationResultSupplier
    AuthenticationResult execute() throws Exception {
        if (StringHelper.isNullOrBlank(this.managedIdentityParameters.resource)) {
            throw new MsalClientException(MsalError.RESOURCE_REQUIRED_MANAGED_IDENTITY, MsalErrorMessage.SCOPES_REQUIRED);
        }
        TokenRequestExecutor tokenRequestExecutor = new TokenRequestExecutor(this.clientApplication.authenticationAuthority, this.msalRequest, this.clientApplication.serviceBundle());
        if (this.managedIdentityParameters.forceRefresh) {
            LOG.info("Skipped looking for an Access Token in the cache because forceRefresh or Claims were set. ");
            return fetchNewAccessTokenAndSaveToCache(tokenRequestExecutor);
        }
        LOG.debug("ForceRefresh set to false. Attempting cache lookup");
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(this.managedIdentityParameters.resource);
            SilentParameters build = SilentParameters.builder(hashSet).tenant(this.managedIdentityParameters.tenant()).build();
            return new AcquireTokenSilentSupplier(this.clientApplication, new SilentRequest(build, this.clientApplication, new RequestContext(this.clientApplication, PublicApi.ACQUIRE_TOKEN_SILENTLY, build), null)).execute();
        } catch (MsalClientException e) {
            if (e.errorCode().equals(AuthenticationErrorCode.CACHE_MISS)) {
                LOG.debug(String.format("Cache lookup failed: %s", e.getMessage()));
                return fetchNewAccessTokenAndSaveToCache(tokenRequestExecutor);
            }
            LOG.error(String.format("Error occurred while cache lookup: %s", e.getMessage()));
            throw e;
        }
    }

    private AuthenticationResult fetchNewAccessTokenAndSaveToCache(TokenRequestExecutor tokenRequestExecutor) {
        ManagedIdentityClient managedIdentityClient = new ManagedIdentityClient(this.msalRequest, tokenRequestExecutor.getServiceBundle());
        LOG.debug(String.format("[Managed Identity] Managed Identity source and ID type identified and set successfully, request will use Managed Identity for %s", managedIdentityClient.managedIdentitySource.managedIdentitySourceType.name()));
        AuthenticationResult createFromManagedIdentityResponse = createFromManagedIdentityResponse(managedIdentityClient.getManagedIdentityResponse(this.managedIdentityParameters));
        this.clientApplication.tokenCache.saveTokens(tokenRequestExecutor, createFromManagedIdentityResponse, this.clientApplication.authenticationAuthority.host);
        return createFromManagedIdentityResponse;
    }

    private AuthenticationResult createFromManagedIdentityResponse(ManagedIdentityResponse managedIdentityResponse) {
        long longValue = Long.valueOf(managedIdentityResponse.expiresOn).longValue();
        return AuthenticationResult.builder().accessToken(managedIdentityResponse.getAccessToken()).scopes(this.managedIdentityParameters.resource()).expiresOn(longValue).extExpiresOn(0L).refreshOn(Long.valueOf(longValue > 7200 ? longValue / 2 : 0L)).build();
    }
}
