package com.databricks.client.jdbc.oauth;

import com.databricks.client.hivecommon.HiveJDBCSettings;
import com.databricks.client.jdbc.common.OAuthSettings;
import com.databricks.client.jdbc.common.SSLSettings;
import com.databricks.client.jdbc.core.DSDriver;
import com.databricks.client.jdbc.exceptions.CommonJDBCMessageKey;
import com.databricks.client.jdbc42.internal.apache.commons.codec.binary.Base64;
import com.databricks.client.jdbc42.internal.apache.http.client.config.RequestConfig;
import com.databricks.client.jdbc42.internal.apache.http.client.entity.UrlEncodedFormEntity;
import com.databricks.client.jdbc42.internal.apache.http.client.methods.HttpPost;
import com.databricks.client.jdbc42.internal.apache.http.message.BasicNameValuePair;
import com.databricks.client.jdbc42.internal.apache.thrift.TException;
import com.databricks.client.support.ILogger;
import com.databricks.client.support.LogUtilities;
import com.databricks.client.support.exceptions.ErrorException;
import java.net.URI;
import java.util.ArrayList;

/* loaded from: input_file:com/databricks/client/jdbc/oauth/ClientCredentialOAuthProvider.class */
public class ClientCredentialOAuthProvider extends OauthProvider {
    private final String CLIENT_ASSERTION_TYPE_KEY = "client_assertion_type";
    private final String CLIENT_ASSERTION_KEY = "client_assertion";
    private final String CLIENT_CRED_GRANT = "client_credentials";

    public ClientCredentialOAuthProvider(HiveJDBCSettings hiveJDBCSettings, ILogger iLogger) throws ErrorException {
        super(hiveJDBCSettings, iLogger);
        this.CLIENT_ASSERTION_TYPE_KEY = "client_assertion_type";
        this.CLIENT_ASSERTION_KEY = "client_assertion";
        this.CLIENT_CRED_GRANT = "client_credentials";
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
    }

    @Override // com.databricks.client.jdbc.oauth.OauthProvider
    public void obtainAccessToken() throws TException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        try {
            if (hasValidDatabricksToken()) {
                return;
            }
            if (!this.m_settings.m_enableTestOverrideAuthorizationUrl.booleanValue()) {
                this.m_settings.m_oAuthSettings.m_authorizationUrl = this.m_settings.m_oAuthSettings.m_Oauth2TokenEndpoint;
            }
            this.m_settings.m_oAuthSettings.m_accessToken = clientCredentialOAuth();
            decodeAndExchangeAccessToken(this.m_oAuthSettings.m_enableMandatoryTokenExchange);
            addCustomOAuthHeader("Authorization", "Bearer " + this.m_oAuthSettings.m_accessToken);
        } catch (ErrorException e) {
            throw new TException(getDetailedErrorExceptionMessage(e), e.getCause());
        }
    }

    private HttpPost setRequestParams(HttpPost httpPost) throws ErrorException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(new BasicNameValuePair(OAuthAPIConstants.GRANT_TYPE_KEY, "client_credentials"));
        if (this.m_oAuthSettings.m_OAuthUseJWTAssertion.booleanValue()) {
            arrayList.add(new BasicNameValuePair(OAuthAPIConstants.CLIENT_ID_KEY, this.m_oAuthSettings.m_authClientID));
            arrayList.add(new BasicNameValuePair("client_assertion_type", OAuthAPIConstants.CLIENT_ASSERTION_TYPE_DEFAULT));
            arrayList.add(new BasicNameValuePair("client_assertion", this.m_oAuthSettings.m_OAuthClientAssertion));
        } else if (this.m_oAuthSettings.m_authSource == OAuthSettings.OAuthSource.AZURE) {
            arrayList.add(new BasicNameValuePair(OAuthAPIConstants.CLIENT_ID_KEY, this.m_oAuthSettings.m_authClientID));
            arrayList.add(new BasicNameValuePair(OAuthAPIConstants.CLIENT_SECRET_KEY, this.m_oAuthSettings.m_authClientSecret));
        } else if (this.m_oAuthSettings.m_authSource == OAuthSettings.OAuthSource.AWS) {
            httpPost.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64((this.m_oAuthSettings.m_authClientID + ":" + this.m_oAuthSettings.m_authClientSecret).getBytes())));
        }
        if (null != this.m_oAuthSettings.m_authScope) {
            arrayList.add(new BasicNameValuePair("scope", this.m_oAuthSettings.m_authScope));
        }
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (Exception e) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name(), new String[]{e.getMessage(), e.getCause().toString()});
        }
    }

    private String clientCredentialOAuth() throws ErrorException {
        LogUtilities.logFunctionEntrance(this.m_logger, new Object[0]);
        SSLSettings sSLSettings = this.m_settings.m_oAuthSettings.m_tokenEndpointSSLSettings;
        URI serverURI = OAuthUtil.getServerURI(this.m_oAuthSettings.m_authorizationUrl, this.m_oAuthSettings.m_OAuth2EnableAuthURLIPRange);
        HttpPost requestParams = setRequestParams(new HttpPost(serverURI));
        requestParams.setConfig(RequestConfig.custom().setRedirectsEnabled(false).build());
        String executeRequestWithRetry = executeRequestWithRetry(serverURI, requestParams);
        String parseJsonResponse = OAuthUtil.parseJsonResponse(executeRequestWithRetry.toString(), OAuthAPIConstants.ACCESS_TOKEN_KEY);
        OAuthUtil.setExpiryTime(executeRequestWithRetry, this.m_oAuthSettings, this.m_logger);
        if (null == parseJsonResponse) {
            throw DSDriver.s_CommonMessages.createGeneralException(CommonJDBCMessageKey.FAILURE_OAUTH_REQUEST.name());
        }
        return parseJsonResponse;
    }
}
