package com.microsoft.sqlserver.jdbc;

import com.azure.core.credential.TokenRequestContext;
import com.azure.core.http.HttpPipelineCallContext;
import com.azure.core.http.HttpPipelineNextPolicy;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.util.CoreUtils;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import org.apache.pdfbox.contentstream.operator.OperatorName;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/mssql-jdbc-12.8.1.jre11.jar:com/microsoft/sqlserver/jdbc/KeyVaultCustomCredentialPolicy.class */
class KeyVaultCustomCredentialPolicy implements HttpPipelinePolicy {
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String BEARER_TOKEN_PREFIX = "Bearer ";
    private static final String AUTHORIZATION = "Authorization";
    private final ScopeTokenCache cache;
    private final KeyVaultTokenCredential keyVaultTokenCredential;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyVaultCustomCredentialPolicy(KeyVaultTokenCredential keyVaultTokenCredential) throws SQLServerException {
        if (null == keyVaultTokenCredential) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_NullValue")).format(new Object[]{"Credential"}), null);
        }
        Objects.requireNonNull(keyVaultTokenCredential);
        this.cache = new ScopeTokenCache(keyVaultTokenCredential::getToken);
        this.keyVaultTokenCredential = keyVaultTokenCredential;
    }

    public Mono<HttpResponse> process(HttpPipelineCallContext httpPipelineCallContext, HttpPipelineNextPolicy httpPipelineNextPolicy) {
        return !"https".equals(httpPipelineCallContext.getHttpRequest().getUrl().getProtocol()) ? Mono.error(new RuntimeException(SQLServerException.getErrString("R_TokenRequireUrl"))) : httpPipelineNextPolicy.clone().process().doOnNext((v0) -> {
            v0.close();
        }).map(httpResponse -> {
            return httpResponse.getHeaderValue("WWW-Authenticate");
        }).map(str -> {
            return extractChallenge(str, BEARER_TOKEN_PREFIX);
        }).flatMap(map -> {
            this.keyVaultTokenCredential.setAuthorization((String) map.get("authorization"));
            this.keyVaultTokenCredential.setResource((String) map.get("resource"));
            this.keyVaultTokenCredential.setScope((String) map.get("scope"));
            this.cache.setRequest(new TokenRequestContext().addScopes(new String[]{((String) map.get("resource")) + "/.default"}));
            return this.cache.getToken();
        }).flatMap(accessToken -> {
            httpPipelineCallContext.getHttpRequest().setHeader("Authorization", "Bearer " + accessToken.getToken());
            return httpPipelineNextPolicy.process();
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, String> extractChallenge(String str, String str2) {
        if (!isValidChallenge(str, str2)) {
            return null;
        }
        String[] split = str.toLowerCase(Locale.ROOT).replace(str2.toLowerCase(Locale.ROOT), "").split(", ");
        HashMap hashMap = new HashMap();
        for (String str3 : split) {
            String[] split2 = str3.split("=");
            hashMap.put(split2[0].replaceAll(OperatorName.SHOW_TEXT_LINE_AND_SPACE, ""), split2[1].replaceAll(OperatorName.SHOW_TEXT_LINE_AND_SPACE, ""));
        }
        return hashMap;
    }

    private static boolean isValidChallenge(String str, String str2) {
        return !CoreUtils.isNullOrEmpty(str) && str.toLowerCase(Locale.ROOT).startsWith(str2.toLowerCase(Locale.ROOT));
    }
}
