package com.databricks.internal.sdk.core.oauth;

import com.databricks.internal.fasterxml.jackson.databind.ObjectMapper;
import com.databricks.internal.sdk.core.CredentialsProvider;
import com.databricks.internal.sdk.core.DatabricksConfig;
import com.databricks.internal.sdk.core.HeaderFactory;
import com.databricks.internal.sdk.core.oauth.ClientCredentials;
import com.databricks.internal.sdk.core.utils.AzureUtils;
import java.util.HashMap;

/* loaded from: input_file:com/databricks/internal/sdk/core/oauth/AzureServicePrincipalCredentialsProvider.class */
public class AzureServicePrincipalCredentialsProvider implements CredentialsProvider {
    private final ObjectMapper mapper = new ObjectMapper();

    @Override // com.databricks.internal.sdk.core.CredentialsProvider
    public String authType() {
        return "azure-client-secret";
    }

    @Override // com.databricks.internal.sdk.core.CredentialsProvider
    public HeaderFactory configure(DatabricksConfig databricksConfig) {
        if (!databricksConfig.isAzure() || databricksConfig.getAzureClientId() == null || databricksConfig.getAzureClientSecret() == null || databricksConfig.getAzureTenantId() == null) {
            return null;
        }
        AzureUtils.ensureHostPresent(databricksConfig, this.mapper, AzureServicePrincipalCredentialsProvider::tokenSourceFor);
        RefreshableTokenSource refreshableTokenSource = tokenSourceFor(databricksConfig, databricksConfig.getEffectiveAzureLoginAppId());
        RefreshableTokenSource refreshableTokenSource2 = tokenSourceFor(databricksConfig, databricksConfig.getAzureEnvironment().getServiceManagementEndpoint());
        return () -> {
            HashMap hashMap = new HashMap();
            hashMap.put("Authorization", "Bearer " + refreshableTokenSource.getToken().getAccessToken());
            AzureUtils.addWorkspaceResourceId(databricksConfig, hashMap);
            AzureUtils.addSpManagementToken(refreshableTokenSource2, hashMap);
            return hashMap;
        };
    }

    private static RefreshableTokenSource tokenSourceFor(DatabricksConfig databricksConfig, String str) {
        String str2 = databricksConfig.getAzureEnvironment().getActiveDirectoryEndpoint() + databricksConfig.getAzureTenantId() + "/oauth2/token";
        HashMap hashMap = new HashMap();
        hashMap.put("resource", str);
        return new ClientCredentials.Builder().withHttpClient(databricksConfig.getHttpClient()).withClientId(databricksConfig.getAzureClientId()).withClientSecret(databricksConfig.getAzureClientSecret()).withTokenUrl(str2).withEndpointParameters(hashMap).withAuthParameterPosition(AuthParameterPosition.BODY).build();
    }
}
