package com.databricks.client.jdbc.oauth;

import com.databricks.client.hivecommon.BrandingPreferences;
import com.databricks.client.hivecommon.HiveJDBCSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc42.internal.apache.http.client.config.RequestConfig;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpGet;
import com.databricks.client.jdbc42.internal.apache.http.client.utils.URIBuilder;
import com.databricks.client.jdbc42.internal.apache.thrift.TException;
import com.databricks.client.jdbc42.internal.fasterxml.jackson.databind.JsonNode;
import com.databricks.client.jdbc42.internal.fasterxml.jackson.databind.ObjectMapper;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.net.URI;
import java.net.URISyntaxException;

/* loaded from: input_file:com/databricks/client/jdbc/oauth/AzureManagedIdentityOAuthProvider.class */
public class AzureManagedIdentityOAuthProvider extends OauthProvider {
    private final String DEFAULT_OAUTH2_SCOPE_AZURE_MI = "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d";
    private final String AZURE_METADATA_SERVICE_TOKEN_URL = "http://169.254.169.254/metadata/identity/oauth2/token";
    private final String AZURE_MANAGEMENT_ENDPOINT = "https://management.core.windows.net/";
    private final String ADD_Token_API_VERSION = "2018-02-01";
    private String m_mgmt_access_token;
    private int m_mgmt_expiry;

    public AzureManagedIdentityOAuthProvider(HiveJDBCSettings hiveJDBCSettings, ILogger iLogger) throws ErrorException {
        super(hiveJDBCSettings, iLogger);
        this.DEFAULT_OAUTH2_SCOPE_AZURE_MI = "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d";
        this.AZURE_METADATA_SERVICE_TOKEN_URL = "http://169.254.169.254/metadata/identity/oauth2/token";
        this.AZURE_MANAGEMENT_ENDPOINT = "https://management.core.windows.net/";
        this.ADD_Token_API_VERSION = "2018-02-01";
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        this.m_mgmt_access_token = null;
    }

    @Override // com.databricks.client.jdbc.oauth.OauthProvider
    public void obtainAccessToken() throws TException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        try {
            if (this.m_oAuthSettings.m_azureResourceId != null && !this.m_oAuthSettings.m_azureResourceId.isEmpty()) {
                if (!hasValidManagmentToken()) {
                    parseAzureManagmentTokenResponse(generateAADToken("https://management.core.windows.net/"));
                }
                addCustomOAuthHeader(OAuthAPIConstants.AZURE_MI_RESOURCE_ID, this.m_oAuthSettings.m_azureResourceId);
                addCustomOAuthHeader(OAuthAPIConstants.AZURE_MI_MANAGMENT_TOKEN, this.m_mgmt_access_token);
            }
            if (!hasValidAccessTokenJwtExpiry()) {
                parseTokenResponse(generateAADToken("2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"));
                decodeAndExchangeAccessToken(this.m_oAuthSettings.m_enableMandatoryTokenExchange);
            }
            addCustomOAuthHeader("Authorization", "Bearer " + this.m_oAuthSettings.m_accessToken);
        } catch (ErrorException e) {
            throw new TException(getDetailedErrorExceptionMessage(e), e.getCause());
        }
    }

    private String generateAADToken(String str) throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        try {
            URIBuilder parameter = new URIBuilder("http://169.254.169.254/metadata/identity/oauth2/token").setParameter("api-version", "2018-02-01").setParameter("resource", str);
            if (this.m_oAuthSettings.m_authClientID != null && this.m_oAuthSettings.m_authClientID.trim() != BrandingPreferences.defaultOAuth2ClientID) {
                parameter.setParameter(OAuthAPIConstants.CLIENT_ID_KEY, this.m_oAuthSettings.m_authClientID);
            }
            URI build = parameter.build();
            HttpGet httpGet = new HttpGet(build);
            httpGet.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
            httpGet.setHeader("Metadata", "true");
            return executeRequestWithRetry(build, httpGet);
        } catch (URISyntaxException e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage()});
        }
    }

    private boolean parseAzureManagmentTokenResponse(String str) throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        try {
            JsonNode readTree = new ObjectMapper().readTree(str);
            this.m_mgmt_access_token = readTree.get(OAuthAPIConstants.ACCESS_TOKEN_KEY).asText();
            this.m_mgmt_expiry = readTree.get(OAuthAPIConstants.EXPIRES_ON).asInt();
            return true;
        } catch (Exception e) {
            ErrorException createGeneralException = DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.ERROR_PARSING_JSON_RESPONSE.name(), e.getMessage());
            createGeneralException.initCause(e);
            throw createGeneralException;
        }
    }

    private boolean hasValidManagmentToken() {
        return this.m_mgmt_access_token != null && (System.currentTimeMillis() / 1000) + ((long) this.m_oAuthSettings.m_tokenExpiryBuffer) < ((long) this.m_mgmt_expiry);
    }
}
