package com.databricks.sdk.core.oauth;

import com.databricks.sdk.core.CredentialsProvider;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.HeaderFactory;
import com.databricks.sdk.core.oauth.OAuthClient;
import com.databricks.sdk.core.oauth.SessionCredentials;
import java.io.IOException;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/databricks/sdk/core/oauth/ExternalBrowserCredentialsProvider.class */
public class ExternalBrowserCredentialsProvider implements CredentialsProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ExternalBrowserCredentialsProvider.class);
    private TokenCache tokenCache;

    public ExternalBrowserCredentialsProvider(TokenCache tokenCache) {
        this.tokenCache = tokenCache;
    }

    public ExternalBrowserCredentialsProvider() {
        this(null);
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public String authType() {
        return "external-browser";
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public HeaderFactory configure(DatabricksConfig databricksConfig) {
        if (databricksConfig.getHost() == null || !Objects.equals(databricksConfig.getAuthType(), "external-browser")) {
            return null;
        }
        String resolveClientId = OAuthClientUtils.resolveClientId(databricksConfig);
        String resolveClientSecret = OAuthClientUtils.resolveClientSecret(databricksConfig);
        try {
            if (this.tokenCache == null) {
                this.tokenCache = new FileTokenCache(TokenCacheUtils.getCacheFilePath(databricksConfig.getHost(), resolveClientId, databricksConfig.getScopes()));
            }
            Token load = this.tokenCache.load();
            if (load != null && load.getRefreshToken() != null) {
                LOGGER.debug("Found cached token for {}:{}", databricksConfig.getHost(), resolveClientId);
                try {
                    SessionCredentials build = new SessionCredentials.Builder().withToken(load).withHttpClient(databricksConfig.getHttpClient()).withClientId(resolveClientId).withClientSecret(resolveClientSecret).withTokenUrl(databricksConfig.getOidcEndpoints().getTokenEndpoint()).withRedirectUrl(databricksConfig.getEffectiveOAuthRedirectUrl()).withTokenCache(this.tokenCache).build();
                    LOGGER.debug("Using cached token, will immediately refresh");
                    build.token = build.refresh();
                    return build.configure(databricksConfig);
                } catch (Exception e) {
                    LOGGER.info("Token refresh failed: {}, falling back to browser auth", e.getMessage());
                }
            }
            SessionCredentials performBrowserAuth = performBrowserAuth(databricksConfig, resolveClientId, resolveClientSecret, this.tokenCache);
            this.tokenCache.save(performBrowserAuth.getToken());
            return performBrowserAuth.configure(databricksConfig);
        } catch (DatabricksException | IOException e2) {
            LOGGER.error("Failed to authenticate: {}", e2.getMessage());
            return null;
        }
    }

    SessionCredentials performBrowserAuth(DatabricksConfig databricksConfig, String str, String str2, TokenCache tokenCache) throws IOException {
        LOGGER.debug("Performing browser authentication");
        return new SessionCredentials.Builder().withToken(new OAuthClient.Builder().withHttpClient(databricksConfig.getHttpClient()).withClientId(str).withClientSecret(str2).withHost(databricksConfig.getHost()).withRedirectUrl(databricksConfig.getEffectiveOAuthRedirectUrl()).withScopes(databricksConfig.getScopes()).build().initiateConsent().launchExternalBrowser().getToken()).withHttpClient(databricksConfig.getHttpClient()).withClientId(databricksConfig.getClientId()).withClientSecret(databricksConfig.getClientSecret()).withTokenUrl(databricksConfig.getOidcEndpoints().getTokenEndpoint()).withRedirectUrl(databricksConfig.getEffectiveOAuthRedirectUrl()).withTokenCache(tokenCache).build();
    }
}
