package net.snowflake.client.core.auth.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.net.URI;
import net.snowflake.client.core.HttpUtil;
import net.snowflake.client.core.SFException;
import net.snowflake.client.core.SFLoginInput;
import net.snowflake.client.core.SnowflakeJdbcInternalApi;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

@SnowflakeJdbcInternalApi
/* loaded from: input_file:net/snowflake/client/core/auth/oauth/OAuthClientCredentialsAccessTokenProvider.class */
public class OAuthClientCredentialsAccessTokenProvider implements AccessTokenProvider {
    private static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) OAuthClientCredentialsAccessTokenProvider.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    @Override // net.snowflake.client.core.auth.oauth.AccessTokenProvider
    public TokenResponseDTO getAccessToken(SFLoginInput sFLoginInput) throws SFException {
        try {
            logger.debug("Starting OAuth authorization code authentication flow...", new Object[0]);
            return requestForAccessToken(sFLoginInput, buildTokenRequest(sFLoginInput));
        } catch (Exception e) {
            logger.error("Error during OAuth client credentials code flow. Verify configuration passed to driver and IdP (URLs, grant types, scope, etc.)", e);
            throw new SFException(e, ErrorCode.OAUTH_CLIENT_CREDENTIALS_FLOW_ERROR, e.getMessage());
        }
    }

    private TokenResponseDTO requestForAccessToken(SFLoginInput sFLoginInput, TokenRequest tokenRequest) throws Exception {
        URI endpointURI = tokenRequest.getEndpointURI();
        logger.debug("Requesting OAuth access token from: {}{}", endpointURI.getAuthority(), endpointURI.getPath());
        TokenResponseDTO tokenResponseDTO = (TokenResponseDTO) objectMapper.readValue(HttpUtil.executeGeneralRequest(OAuthUtil.convertToBaseAuthorizationRequest(tokenRequest.toHTTPRequest()), sFLoginInput.getLoginTimeout(), sFLoginInput.getAuthTimeout(), sFLoginInput.getSocketTimeoutInMillis(), 0, sFLoginInput.getHttpClientSettingsKey()), TokenResponseDTO.class);
        logger.debug("Received OAuth access token from: {}", endpointURI.getAuthority() + endpointURI.getPath());
        return tokenResponseDTO;
    }

    private static TokenRequest buildTokenRequest(SFLoginInput sFLoginInput) {
        return new TokenRequest(OAuthUtil.getTokenRequestUrl(sFLoginInput.getOauthLoginInput(), sFLoginInput.getServerUrl()), new ClientSecretBasic(new ClientID(sFLoginInput.getOauthLoginInput().getClientId()), new Secret(sFLoginInput.getOauthLoginInput().getClientSecret())), new ClientCredentialsGrant(), new Scope(new String[]{OAuthUtil.getScope(sFLoginInput.getOauthLoginInput(), sFLoginInput.getRole())}));
    }
}
