package com.databricks.sdk.core;

import com.databricks.sdk.core.oauth.AzureGithubOidcCredentialsProvider;
import com.databricks.sdk.core.oauth.AzureServicePrincipalCredentialsProvider;
import com.databricks.sdk.core.oauth.DatabricksOAuthTokenSource;
import com.databricks.sdk.core.oauth.EnvVarIDTokenSource;
import com.databricks.sdk.core.oauth.ExternalBrowserCredentialsProvider;
import com.databricks.sdk.core.oauth.FileIDTokenSource;
import com.databricks.sdk.core.oauth.GithubIDTokenSource;
import com.databricks.sdk.core.oauth.IDTokenSource;
import com.databricks.sdk.core.oauth.OAuthM2MServicePrincipalCredentialsProvider;
import com.databricks.sdk.core.oauth.OpenIDConnectEndpoints;
import com.databricks.sdk.core.oauth.TokenSourceCredentialsProvider;
import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/databricks/sdk/core/DefaultCredentialsProvider.class */
public class DefaultCredentialsProvider implements CredentialsProvider {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultCredentialsProvider.class);
    private List<CredentialsProvider> providers = new ArrayList();
    private String authType = "default";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/databricks/sdk/core/DefaultCredentialsProvider$NamedIDTokenSource.class */
    public static class NamedIDTokenSource {
        private final String name;
        private final IDTokenSource idTokenSource;

        public NamedIDTokenSource(String str, IDTokenSource iDTokenSource) {
            this.name = str;
            this.idTokenSource = iDTokenSource;
        }

        public String getName() {
            return this.name;
        }

        public IDTokenSource getIdTokenSource() {
            return this.idTokenSource;
        }
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public String authType() {
        return this.authType;
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public synchronized HeaderFactory configure(DatabricksConfig databricksConfig) {
        addDefaultCredentialsProviders(databricksConfig);
        for (CredentialsProvider credentialsProvider : this.providers) {
            if (databricksConfig.getAuthType() == null || databricksConfig.getAuthType().isEmpty() || credentialsProvider.authType().equals(databricksConfig.getAuthType())) {
                try {
                    LOG.info("Trying {} auth", credentialsProvider.authType());
                    HeaderFactory configure = credentialsProvider.configure(databricksConfig);
                    if (configure != null) {
                        this.authType = credentialsProvider.authType();
                        return configure;
                    }
                } catch (DatabricksException e) {
                    throw new DatabricksException(String.format("%s: %s", credentialsProvider.authType(), e.getMessage()), e);
                }
            } else {
                LOG.info("Ignoring {} auth, because {} is preferred", credentialsProvider.authType(), databricksConfig.getAuthType());
            }
        }
        throw new DatabricksException("cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method");
    }

    private void addOIDCCredentialsProviders(DatabricksConfig databricksConfig) {
        OpenIDConnectEndpoints openIDConnectEndpoints = null;
        try {
            openIDConnectEndpoints = databricksConfig.getOidcEndpoints();
        } catch (Exception e) {
            LOG.warn("Failed to get OpenID Connect endpoints", (Throwable) e);
        }
        ArrayList<NamedIDTokenSource> arrayList = new ArrayList();
        arrayList.add(new NamedIDTokenSource("env-oidc", new EnvVarIDTokenSource(Strings.isNullOrEmpty(databricksConfig.getOidcTokenEnv()) ? "DATABRICKS_OIDC_TOKEN" : databricksConfig.getOidcTokenEnv(), databricksConfig.getEnv())));
        arrayList.add(new NamedIDTokenSource("file-oidc", new FileIDTokenSource(databricksConfig.getOidcTokenFilepath())));
        arrayList.add(new NamedIDTokenSource("github-oidc", new GithubIDTokenSource(databricksConfig.getActionsIdTokenRequestUrl(), databricksConfig.getActionsIdTokenRequestToken(), databricksConfig.getHttpClient())));
        for (NamedIDTokenSource namedIDTokenSource : arrayList) {
            this.providers.add(new TokenSourceCredentialsProvider(new DatabricksOAuthTokenSource.Builder(databricksConfig.getClientId(), databricksConfig.getHost(), openIDConnectEndpoints, namedIDTokenSource.getIdTokenSource(), databricksConfig.getHttpClient()).audience(databricksConfig.getTokenAudience()).accountId(databricksConfig.isAccountClient() ? databricksConfig.getAccountId() : null).build(), namedIDTokenSource.getName()));
        }
    }

    private synchronized void addDefaultCredentialsProviders(DatabricksConfig databricksConfig) {
        if (this.providers.isEmpty()) {
            this.providers.add(new PatCredentialsProvider());
            this.providers.add(new BasicCredentialsProvider());
            this.providers.add(new OAuthM2MServicePrincipalCredentialsProvider());
            addOIDCCredentialsProviders(databricksConfig);
            this.providers.add(new AzureGithubOidcCredentialsProvider());
            this.providers.add(new AzureServicePrincipalCredentialsProvider());
            this.providers.add(new AzureCliCredentialsProvider());
            this.providers.add(new ExternalBrowserCredentialsProvider());
            this.providers.add(new DatabricksCliCredentialsProvider());
            this.providers.add(new NotebookNativeCredentialsProvider());
            this.providers.add(new GoogleCredentialsCredentialsProvider());
            this.providers.add(new GoogleIdCredentialsProvider());
        }
    }
}
