package com.databricks.sdk.core.oauth;

import com.databricks.sdk.core.CredentialsProvider;
import com.databricks.sdk.core.DatabricksConfig;
import com.databricks.sdk.core.DatabricksException;
import com.databricks.sdk.core.http.Request;
import com.databricks.sdk.core.http.Response;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.util.Optional;

/* loaded from: input_file:com/databricks/sdk/core/oauth/AzureGithubOidcCredentialsProvider.class */
public class AzureGithubOidcCredentialsProvider implements CredentialsProvider {
    private final ObjectMapper mapper = new ObjectMapper();

    @Override // com.databricks.sdk.core.CredentialsProvider
    public String authType() {
        return "github-oidc-azure";
    }

    @Override // com.databricks.sdk.core.CredentialsProvider
    public OAuthHeaderFactory configure(DatabricksConfig databricksConfig) {
        if (!databricksConfig.isAzure() || databricksConfig.getAzureClientId() == null || databricksConfig.getAzureTenantId() == null || databricksConfig.getHost() == null) {
            return null;
        }
        Optional<String> requestIdToken = requestIdToken(databricksConfig);
        if (requestIdToken.isPresent()) {
            return OAuthHeaderFactory.fromTokenSource(new OidcTokenSource(databricksConfig.getHttpClient(), databricksConfig.getDatabricksEnvironment().getAzureEnvironment().getActiveDirectoryEndpoint() + databricksConfig.getAzureTenantId() + "/oauth2/token", databricksConfig.getAzureClientId(), databricksConfig.getEffectiveAzureLoginAppId(), requestIdToken.get(), "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        }
        return null;
    }

    private Optional<String> requestIdToken(DatabricksConfig databricksConfig) {
        if (databricksConfig.getActionsIdTokenRequestUrl() == null || databricksConfig.getActionsIdTokenRequestToken() == null) {
            return Optional.empty();
        }
        String str = databricksConfig.getActionsIdTokenRequestUrl() + "&audience=api://AzureADTokenExchange";
        try {
            Response execute = databricksConfig.getHttpClient().execute(new Request(Request.GET, str).withHeader("Authorization", "Bearer " + databricksConfig.getActionsIdTokenRequestToken()));
            if (execute.getStatusCode() != 200) {
                throw new DatabricksException("Failed to request ID token: status code " + execute.getStatusCode() + ", response body: " + execute.getBody().toString());
            }
            try {
                return Optional.ofNullable(((ObjectNode) this.mapper.readValue(execute.getBody(), ObjectNode.class)).get("value").textValue());
            } catch (IOException e) {
                throw new DatabricksException("Failed to request ID token: corrupted token: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new DatabricksException("Failed to request ID token from " + str + ":" + e2.getMessage(), e2);
        }
    }
}
