package net.snowflake.client.core.auth.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.oauth2.sdk.RefreshTokenGrant;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import java.net.URI;
import net.snowflake.client.core.HttpUtil;
import net.snowflake.client.core.SFException;
import net.snowflake.client.core.SFLoginInput;
import net.snowflake.client.core.SnowflakeJdbcInternalApi;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;

@SnowflakeJdbcInternalApi
/* loaded from: input_file:net/snowflake/client/core/auth/oauth/OAuthAccessTokenForRefreshTokenProvider.class */
public class OAuthAccessTokenForRefreshTokenProvider implements AccessTokenProvider {
    private static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) OAuthClientCredentialsAccessTokenProvider.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    @Override // net.snowflake.client.core.auth.oauth.AccessTokenProvider
    public TokenResponseDTO getAccessToken(SFLoginInput sFLoginInput) throws SFException {
        try {
            logger.debug("Obtaining new OAuth access token using refresh token...", new Object[0]);
            return requestForAccessToken(sFLoginInput, buildTokenRequest(sFLoginInput));
        } catch (Exception e) {
            logger.error("Error during OAuth refresh token flow.", e);
            throw new SFException(e, ErrorCode.OAUTH_REFRESH_TOKEN_FLOW_ERROR, e.getMessage());
        }
    }

    private TokenResponseDTO requestForAccessToken(SFLoginInput sFLoginInput, TokenRequest tokenRequest) throws Exception {
        URI endpointURI = tokenRequest.getEndpointURI();
        logger.debug("Requesting new OAuth access token from: {}{}", endpointURI.getAuthority(), endpointURI.getPath());
        TokenResponseDTO tokenResponseDTO = (TokenResponseDTO) objectMapper.readValue(HttpUtil.executeGeneralRequest(OAuthUtil.convertToBaseAuthorizationRequest(tokenRequest.toHTTPRequest()), sFLoginInput.getLoginTimeout(), sFLoginInput.getAuthTimeout(), sFLoginInput.getSocketTimeoutInMillis(), 0, sFLoginInput.getHttpClientSettingsKey()), TokenResponseDTO.class);
        logger.debug("Received new OAuth access token from: {}{}", endpointURI.getAuthority(), endpointURI.getPath());
        return tokenResponseDTO;
    }

    private static TokenRequest buildTokenRequest(SFLoginInput sFLoginInput) {
        return new TokenRequest(OAuthUtil.getTokenRequestUrl(sFLoginInput.getOauthLoginInput(), sFLoginInput.getServerUrl()), new ClientSecretBasic(new ClientID(sFLoginInput.getOauthLoginInput().getClientId()), new Secret(sFLoginInput.getOauthLoginInput().getClientSecret())), new RefreshTokenGrant(new RefreshToken(sFLoginInput.getOauthRefreshToken())), new Scope(new String[]{OAuthUtil.getScope(sFLoginInput.getOauthLoginInput(), sFLoginInput.getRole())}));
    }
}
