package com.mongodb.internal.authentication;

import com.helger.json.CJson;
import com.mongodb.MongoClientException;
import com.mongodb.internal.ExpirableValue;
import com.mongodb.internal.Locks;
import com.mongodb.lang.Nullable;
import com.sun.xml.ws.addressing.W3CAddressingConstants;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.time.Duration;
import java.util.HashMap;
import java.util.Optional;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.bson.BsonDocument;
import org.bson.BsonString;
import org.bson.json.JsonParseException;

/* loaded from: input_file:WEB-INF/lib/mongodb-driver-core-5.4.0.jar:com/mongodb/internal/authentication/AzureCredentialHelper.class */
public final class AzureCredentialHelper {
    private static final String ACCESS_TOKEN_FIELD = "access_token";
    private static final String EXPIRES_IN_FIELD = "expires_in";
    private static final Lock CACHED_ACCESS_TOKEN_LOCK = new ReentrantLock();
    private static volatile ExpirableValue<String> cachedAccessToken = ExpirableValue.expired();

    public static BsonDocument obtainFromEnvironment() {
        String accessToken;
        Optional<String> value = cachedAccessToken.getValue();
        if (value.isPresent()) {
            accessToken = value.get();
        } else {
            Locks.lockInterruptibly(CACHED_ACCESS_TOKEN_LOCK);
            try {
                Optional<String> value2 = cachedAccessToken.getValue();
                if (value2.isPresent()) {
                    accessToken = value2.get();
                } else {
                    long nanoTime = System.nanoTime();
                    CredentialInfo fetchAzureCredentialInfo = fetchAzureCredentialInfo("https://vault.azure.net", null);
                    accessToken = fetchAzureCredentialInfo.getAccessToken();
                    cachedAccessToken = ExpirableValue.expirable(accessToken, fetchAzureCredentialInfo.getExpiresIn().minus(Duration.ofMinutes(1L)), nanoTime);
                }
                CACHED_ACCESS_TOKEN_LOCK.unlock();
            } catch (Throwable th) {
                CACHED_ACCESS_TOKEN_LOCK.unlock();
                throw th;
            }
        }
        return new BsonDocument("accessToken", new BsonString(accessToken));
    }

    public static CredentialInfo fetchAzureCredentialInfo(String str, @Nullable String str2) {
        String str3 = "http://169.254.169.254:80/metadata/identity/oauth2/token?api-version=2018-02-01&resource=" + getEncoded(str) + (str2 == null ? "" : "&client_id=" + getEncoded(str2));
        HashMap hashMap = new HashMap();
        hashMap.put(W3CAddressingConstants.WSA_METADATA_NAME, CJson.KEYWORD_TRUE);
        hashMap.put("Accept", "application/json");
        try {
            BsonDocument parse = BsonDocument.parse(HttpHelper.getHttpContents(HttpGet.METHOD_NAME, str3, hashMap));
            if (!parse.isString(ACCESS_TOKEN_FIELD)) {
                throw new MongoClientException(String.format("The %s field from Azure IMDS metadata response is missing or is not a string", ACCESS_TOKEN_FIELD));
            }
            if (parse.isString(EXPIRES_IN_FIELD)) {
                return new CredentialInfo(parse.getString(ACCESS_TOKEN_FIELD).getValue(), Duration.ofSeconds(Integer.parseInt(parse.getString(EXPIRES_IN_FIELD).getValue())));
            }
            throw new MongoClientException(String.format("The %s field from Azure IMDS metadata response is missing or is not a string", EXPIRES_IN_FIELD));
        } catch (JsonParseException e) {
            throw new MongoClientException("Exception parsing JSON from Azure IMDS metadata response.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getEncoded(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private AzureCredentialHelper() {
    }
}
