package com.databricks.sdk.core.oauth;

import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.http.HttpClient;
import com.google.common.base.Strings;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/databricks/sdk/core/oauth/DatabricksOAuthTokenSource.class */
public class DatabricksOAuthTokenSource extends RefreshableTokenSource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DatabricksOAuthTokenSource.class);
    private final String clientId;
    private final String host;
    private final String accountId;
    private final OpenIDConnectEndpoints endpoints;
    private final String audience;
    private final IDTokenSource idTokenSource;
    private final HttpClient httpClient;
    private static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
    private static final String SUBJECT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:jwt";
    private static final String SCOPE = "all-apis";
    private static final String GRANT_TYPE_PARAM = "grant_type";
    private static final String SUBJECT_TOKEN_PARAM = "subject_token";
    private static final String SUBJECT_TOKEN_TYPE_PARAM = "subject_token_type";
    private static final String SCOPE_PARAM = "scope";
    private static final String CLIENT_ID_PARAM = "client_id";

    /* loaded from: input_file:com/databricks/sdk/core/oauth/DatabricksOAuthTokenSource$Builder.class */
    public static class Builder {
        private final String clientId;
        private final String host;
        private final OpenIDConnectEndpoints endpoints;
        private final IDTokenSource idTokenSource;
        private final HttpClient httpClient;
        private String accountId;
        private String audience;

        public Builder(String str, String str2, OpenIDConnectEndpoints openIDConnectEndpoints, IDTokenSource iDTokenSource, HttpClient httpClient) {
            this.clientId = str;
            this.host = str2;
            this.endpoints = openIDConnectEndpoints;
            this.idTokenSource = iDTokenSource;
            this.httpClient = httpClient;
        }

        public Builder accountId(String str) {
            this.accountId = str;
            return this;
        }

        public Builder audience(String str) {
            this.audience = str;
            return this;
        }

        public DatabricksOAuthTokenSource build() {
            return new DatabricksOAuthTokenSource(this);
        }
    }

    private DatabricksOAuthTokenSource(Builder builder) {
        this.clientId = builder.clientId;
        this.host = builder.host;
        this.accountId = builder.accountId;
        this.endpoints = builder.endpoints;
        this.audience = builder.audience;
        this.idTokenSource = builder.idTokenSource;
        this.httpClient = builder.httpClient;
    }

    @Override // com.databricks.sdk.core.oauth.RefreshableTokenSource
    public Token refresh() {
        Objects.requireNonNull(this.clientId, "ClientID cannot be null");
        Objects.requireNonNull(this.host, "Host cannot be null");
        Objects.requireNonNull(this.endpoints, "Endpoints cannot be null");
        Objects.requireNonNull(this.idTokenSource, "IDTokenSource cannot be null");
        Objects.requireNonNull(this.httpClient, "HttpClient cannot be null");
        if (this.clientId.isEmpty()) {
            throw new IllegalArgumentException("ClientID cannot be empty");
        }
        if (this.host.isEmpty()) {
            throw new IllegalArgumentException("Host cannot be empty");
        }
        IDToken iDToken = this.idTokenSource.getIDToken(determineAudience());
        HashMap hashMap = new HashMap();
        hashMap.put(GRANT_TYPE_PARAM, GRANT_TYPE);
        hashMap.put(SUBJECT_TOKEN_PARAM, iDToken.getValue());
        hashMap.put(SUBJECT_TOKEN_TYPE_PARAM, SUBJECT_TOKEN_TYPE);
        hashMap.put(SCOPE_PARAM, SCOPE);
        hashMap.put(CLIENT_ID_PARAM, this.clientId);
        try {
            OAuthResponse requestToken = TokenEndpointClient.requestToken(this.httpClient, this.endpoints.getTokenEndpoint(), hashMap);
            return new Token(requestToken.getAccessToken(), requestToken.getTokenType(), requestToken.getRefreshToken(), LocalDateTime.now().plusSeconds(requestToken.getExpiresIn()));
        } catch (DatabricksException e) {
            LOG.error("OAuth token exchange failed for client ID '{}' at {}: {}", this.clientId, this.endpoints.getTokenEndpoint(), e.getMessage(), e);
            throw e;
        }
    }

    private String determineAudience() {
        return !Strings.isNullOrEmpty(this.audience) ? this.audience : !Strings.isNullOrEmpty(this.accountId) ? this.accountId : this.endpoints.getTokenEndpoint();
    }
}
