package com.databricks.sdk.core.oauth;

import com.databricks.sdk.core.CredentialsProvider;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.HeaderFactory;
import com.databricks.sdk.core.oauth.ClientCredentials;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;

/* loaded from: input_file:com/databricks/sdk/core/oauth/GithubOidcCredentialsProvider.class */
public class GithubOidcCredentialsProvider implements CredentialsProvider {
    @Override // com.databricks.sdk.core.CredentialsProvider
    public String authType() {
        return "github-oidc";
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public HeaderFactory configure(DatabricksConfig databricksConfig) throws DatabricksException {
        GitHubOidcTokenSupplier gitHubOidcTokenSupplier = new GitHubOidcTokenSupplier(databricksConfig.getHttpClient(), databricksConfig.getActionsIdTokenRequestUrl(), databricksConfig.getActionsIdTokenRequestToken(), databricksConfig.getTokenAudience());
        if (!gitHubOidcTokenSupplier.enabled().booleanValue() || databricksConfig.getHost() == null || databricksConfig.getClientId() == null) {
            return null;
        }
        try {
            ClientCredentials build = new ClientCredentials.Builder().withHttpClient(databricksConfig.getHttpClient()).withClientId(databricksConfig.getClientId()).withTokenUrl(databricksConfig.getOidcEndpoints().getTokenEndpoint()).withScopes(Collections.singletonList("all-apis")).withAuthParameterPosition(AuthParameterPosition.HEADER).withEndpointParametersSupplier(() -> {
                return new ImmutableMap.Builder().put("subject_token_type", "urn:ietf:params:oauth:token-type:jwt").put("subject_token", gitHubOidcTokenSupplier.getOidcToken()).put("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").build();
            }).build();
            return () -> {
                HashMap hashMap = new HashMap();
                hashMap.put("Authorization", "Bearer " + build.getToken().getAccessToken());
                return hashMap;
            };
        } catch (IOException e) {
            throw new DatabricksException("Unable to fetch OIDC endpoint: " + e.getMessage(), e);
        }
    }
}
