package com.databricks.jdbc.auth;

import com.databricks.jdbc.common.util.JsonUtil;
import com.databricks.jdbc.dbclient.IDatabricksHttpClient;
import com.databricks.jdbc.exception.DatabricksHttpException;
import com.databricks.jdbc.log.JdbcLogger;
import com.databricks.jdbc.log.JdbcLoggerFactory;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.oauth.OAuthResponse;
import com.databricks.sdk.core.oauth.RefreshableTokenSource;
import com.databricks.sdk.core.oauth.Token;
import java.io.IOException;
import java.net.URISyntaxException;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIBuilder;

/* loaded from: input_file:com/databricks/jdbc/auth/AzureMSICredentials.class */
public class AzureMSICredentials extends RefreshableTokenSource {
    private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger((Class<?>) AzureMSICredentials.class);
    private static final String AZURE_METADATA_SERVICE_TOKEN_URL = "http://169.254.169.254/metadata/identity/oauth2/token";
    private static final String API_VERSION = "2021-10-01";
    private static final String AZURE_DATABRICKS_SCOPE = "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d";
    private static final String AZURE_MANAGEMENT_ENDPOINT = "https://management.core.windows.net/";
    private final IDatabricksHttpClient hc;
    private final String clientId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AzureMSICredentials(IDatabricksHttpClient iDatabricksHttpClient, String str) {
        this.hc = iDatabricksHttpClient;
        this.clientId = str;
    }

    protected Token refresh() {
        return getTokenForResource(AZURE_DATABRICKS_SCOPE);
    }

    public Token getManagementEndpointToken() {
        return getTokenForResource(AZURE_MANAGEMENT_ENDPOINT);
    }

    private Token getTokenForResource(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("api-version", API_VERSION);
        hashMap.put("resource", str);
        if (this.clientId != null) {
            LOGGER.debug("Attempting to connect via Azure user-assigned managed identity with client ID: {}", this.clientId);
            hashMap.put("client_id", this.clientId);
        } else {
            LOGGER.debug("Attempting to connect via Azure system-assigned managed identity");
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put("Metadata", "true");
        return retrieveToken(this.hc, AZURE_METADATA_SERVICE_TOKEN_URL, hashMap, hashMap2);
    }

    private static Token retrieveToken(IDatabricksHttpClient iDatabricksHttpClient, String str, Map<String, String> map, Map<String, String> map2) {
        try {
            URIBuilder uRIBuilder = new URIBuilder(str);
            Objects.requireNonNull(uRIBuilder);
            map.forEach(uRIBuilder::addParameter);
            HttpGet httpGet = new HttpGet(uRIBuilder.build());
            Objects.requireNonNull(httpGet);
            map2.forEach(httpGet::setHeader);
            LOGGER.debug("Executing GET request to retrieve Azure MSI token");
            OAuthResponse oAuthResponse = (OAuthResponse) JsonUtil.getMapper().readValue(iDatabricksHttpClient.execute(httpGet).getEntity().getContent(), OAuthResponse.class);
            LocalDateTime plus = LocalDateTime.now().plus(oAuthResponse.getExpiresIn(), (TemporalUnit) ChronoUnit.SECONDS);
            LOGGER.debug("Azure MSI Token retrieved successfully");
            return new Token(oAuthResponse.getAccessToken(), oAuthResponse.getTokenType(), oAuthResponse.getRefreshToken(), plus);
        } catch (DatabricksHttpException | IOException | URISyntaxException e) {
            String str2 = "Failed to retrieve Azure MSI token: " + e.getMessage();
            LOGGER.error(str2);
            throw new DatabricksException(str2, e);
        }
    }
}
