package com.azure.core.management.http.policy;

import com.azure.core.credential.TokenCredential;
import com.azure.core.credential.TokenRequestContext;
import com.azure.core.http.HttpPipelineCallContext;
import com.azure.core.http.HttpResponse;
import com.azure.core.http.policy.BearerTokenAuthenticationPolicy;
import com.azure.core.management.implementation.http.AuthenticationChallenge;
import com.azure.core.util.CoreUtils;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/core/management/http/policy/ArmChallengeAuthenticationPolicy.class */
public class ArmChallengeAuthenticationPolicy extends BearerTokenAuthenticationPolicy {
    private static final Pattern AUTHENTICATION_CHALLENGE_PATTERN = Pattern.compile("(\\w+) ((?:\\w+=\".*?\"(?:, )?)+)(?:, )?");
    private static final Pattern AUTHENTICATION_CHALLENGE_PARAMS_PATTERN = Pattern.compile("(?:(\\w+)=\"([^\"\"]*)\")+");
    private static final String CLAIMS_PARAMETER = "claims";
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String ARM_SCOPES_KEY = "ARMScopes";
    private final String[] scopes;

    public ArmChallengeAuthenticationPolicy(TokenCredential tokenCredential, String... strArr) {
        super(tokenCredential, strArr);
        this.scopes = strArr;
    }

    @Override // com.azure.core.http.policy.BearerTokenAuthenticationPolicy
    public Mono<Void> authorizeRequest(HttpPipelineCallContext httpPipelineCallContext) {
        return Mono.defer(() -> {
            String[] scopes = getScopes(httpPipelineCallContext, this.scopes);
            if (scopes == null) {
                return Mono.empty();
            }
            httpPipelineCallContext.setData(ARM_SCOPES_KEY, scopes);
            return setAuthorizationHeader(httpPipelineCallContext, new TokenRequestContext().addScopes(scopes));
        });
    }

    @Override // com.azure.core.http.policy.BearerTokenAuthenticationPolicy
    public Mono<Boolean> authorizeRequestOnChallenge(HttpPipelineCallContext httpPipelineCallContext, HttpResponse httpResponse) {
        return Mono.defer(() -> {
            String[] strArr;
            String headerValue = httpResponse.getHeaderValue("WWW-Authenticate");
            if (httpResponse.getStatusCode() == 401 && headerValue != null) {
                Iterator<AuthenticationChallenge> it2 = parseChallenges(headerValue).iterator();
                while (it2.hasNext()) {
                    Map<String, String> parseChallengeParams = parseChallengeParams(it2.next().getChallengeParameters());
                    if (parseChallengeParams.containsKey("claims")) {
                        String str = new String(Base64.getUrlDecoder().decode(parseChallengeParams.get("claims")), StandardCharsets.UTF_8);
                        try {
                            strArr = (String[]) httpPipelineCallContext.getData(ARM_SCOPES_KEY).get();
                        } catch (NoSuchElementException e) {
                            strArr = this.scopes;
                        }
                        return setAuthorizationHeader(httpPipelineCallContext, new TokenRequestContext().addScopes(getScopes(httpPipelineCallContext, strArr)).setClaims(str)).flatMap(r2 -> {
                            return Mono.just(true);
                        });
                    }
                }
            }
            return Mono.just(false);
        });
    }

    public String[] getScopes(HttpPipelineCallContext httpPipelineCallContext, String[] strArr) {
        return (String[]) CoreUtils.clone(strArr);
    }

    List<AuthenticationChallenge> parseChallenges(String str) {
        Matcher matcher = AUTHENTICATION_CHALLENGE_PATTERN.matcher(str);
        ArrayList arrayList = new ArrayList();
        while (matcher.find()) {
            arrayList.add(new AuthenticationChallenge(matcher.group(1), matcher.group(2)));
        }
        return arrayList;
    }

    Map<String, String> parseChallengeParams(String str) {
        Matcher matcher = AUTHENTICATION_CHALLENGE_PARAMS_PATTERN.matcher(str);
        HashMap hashMap = new HashMap();
        while (matcher.find()) {
            hashMap.put(matcher.group(1), matcher.group(2));
        }
        return hashMap;
    }
}
