package org.apache.hadoop.hdfs.web.oauth2;

import com.squareup.okhttp.MediaType;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.RequestBody;
import com.squareup.okhttp.Response;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.util.Timer;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.ObjectReader;

@InterfaceAudience.Public
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/hdfs/web/oauth2/AzureADClientCredentialBasedAccesTokenProvider.class */
public class AzureADClientCredentialBasedAccesTokenProvider extends AccessTokenProvider {
    public static final String OAUTH_CREDENTIAL_KEY = "dfs.webhdfs.oauth2.credential";
    public static final String AAD_RESOURCE_KEY = "fs.adls.oauth2.resource";
    public static final String RESOURCE_PARAM_NAME = "resource";
    private static final String OAUTH_CLIENT_ID_KEY = "dfs.webhdfs.oauth2.client.id";
    private static final String OAUTH_REFRESH_URL_KEY = "dfs.webhdfs.oauth2.refresh.url";
    public static final String ACCESS_TOKEN = "access_token";
    public static final String CLIENT_CREDENTIALS = "client_credentials";
    public static final String CLIENT_ID = "client_id";
    public static final String CLIENT_SECRET = "client_secret";
    public static final String EXPIRES_IN = "expires_in";
    public static final String GRANT_TYPE = "grant_type";
    private AccessTokenTimer timer;
    private String clientId;
    private String refreshURL;
    private String accessToken;
    private String resource;
    private String credential;
    private boolean initialCredentialObtained;
    private static final ObjectReader READER = new ObjectMapper().reader(Map.class);
    public static final MediaType URLENCODED = MediaType.parse("application/x-www-form-urlencoded; charset=utf-8");

    AzureADClientCredentialBasedAccesTokenProvider() {
        this.initialCredentialObtained = false;
        this.timer = new AccessTokenTimer();
    }

    AzureADClientCredentialBasedAccesTokenProvider(Timer timer) {
        this.initialCredentialObtained = false;
        this.timer = new AccessTokenTimer(timer);
    }

    public void setConf(Configuration configuration) {
        super.setConf(configuration);
        this.clientId = Utils.notNull(configuration, OAUTH_CLIENT_ID_KEY);
        this.refreshURL = Utils.notNull(configuration, OAUTH_REFRESH_URL_KEY);
        this.resource = Utils.notNull(configuration, AAD_RESOURCE_KEY);
        this.credential = Utils.notNull(configuration, OAUTH_CREDENTIAL_KEY);
    }

    public String getAccessToken() throws IOException {
        if (this.timer.shouldRefresh() || !this.initialCredentialObtained) {
            refresh();
            this.initialCredentialObtained = true;
        }
        return this.accessToken;
    }

    void refresh() throws IOException {
        try {
            OkHttpClient okHttpClient = new OkHttpClient();
            okHttpClient.setConnectTimeout(60000L, TimeUnit.MILLISECONDS);
            okHttpClient.setReadTimeout(60000L, TimeUnit.MILLISECONDS);
            Response execute = okHttpClient.newCall(new Request.Builder().url(this.refreshURL).post(RequestBody.create(URLENCODED, Utils.postBody(new String[]{CLIENT_SECRET, this.credential, GRANT_TYPE, CLIENT_CREDENTIALS, RESOURCE_PARAM_NAME, this.resource, CLIENT_ID, this.clientId}))).build()).execute();
            if (execute.code() != 200) {
                throw new IllegalArgumentException("Received invalid http response: " + execute.code() + ", text = " + execute.toString());
            }
            Map map = (Map) READER.readValue(execute.body().string());
            this.timer.setExpiresIn(map.get(EXPIRES_IN).toString());
            this.accessToken = map.get(ACCESS_TOKEN).toString();
        } catch (Exception e) {
            throw new IOException("Unable to obtain access token from credential", e);
        }
    }
}
