package net.snowflake.client.core.auth.wif;

import com.nimbusds.jwt.JWTParser;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import net.snowflake.client.core.HttpUtil;
import net.snowflake.client.core.SFLoginInput;
import net.snowflake.client.jdbc.SnowflakeSQLException;
import net.snowflake.client.log.SFLogger;
import net.snowflake.client.log.SFLoggerFactory;
import org.apache.http.client.methods.HttpRequestBase;

/* loaded from: input_file:net/snowflake/client/core/auth/wif/WorkloadIdentityUtil.class */
class WorkloadIdentityUtil {
    private static final SFLogger logger = SFLoggerFactory.getLogger((Class<?>) WorkloadIdentityUtil.class);
    static final String SNOWFLAKE_AUDIENCE_HEADER_NAME = "X-Snowflake-Audience";
    static final String SNOWFLAKE_AUDIENCE = "snowflakecomputing.com";
    static final String DEFAULT_METADATA_SERVICE_BASE_URL = "http://169.254.169.254";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/snowflake/client/core/auth/wif/WorkloadIdentityUtil$SubjectAndIssuer.class */
    public static class SubjectAndIssuer {
        private final String subject;
        private final String issuer;

        SubjectAndIssuer(String str, String str2) {
            this.issuer = str2;
            this.subject = str;
        }

        public String getIssuer() {
            return this.issuer;
        }

        public String getSubject() {
            return this.subject;
        }

        public Map<String, String> toMap() {
            HashMap hashMap = new HashMap();
            hashMap.put("iss", this.issuer);
            hashMap.put("sub", this.subject);
            return hashMap;
        }
    }

    WorkloadIdentityUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String performIdentityRequest(HttpRequestBase httpRequestBase, SFLoginInput sFLoginInput) throws SnowflakeSQLException, IOException {
        return HttpUtil.executeGeneralRequestOmitRequestGuid(httpRequestBase, sFLoginInput.getLoginTimeout(), 3, sFLoginInput.getSocketTimeoutInMillis(), 0, sFLoginInput.getHttpClientSettingsKey());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SubjectAndIssuer extractClaimsWithoutVerifyingSignature(String str) {
        Map<String, Object> extractClaimsMap = extractClaimsMap(str);
        if (extractClaimsMap == null) {
            logger.error("Failed to parse JWT and extract claims", new Object[0]);
            return null;
        }
        String str2 = (String) extractClaimsMap.get("iss");
        if (str2 == null) {
            logger.error("Missing issuer claim in JWT token", new Object[0]);
            return null;
        }
        String str3 = (String) extractClaimsMap.get("sub");
        if (str3 != null) {
            return new SubjectAndIssuer(str3, str2);
        }
        logger.error("Missing sub claim in JWT token", new Object[0]);
        return null;
    }

    private static Map<String, Object> extractClaimsMap(String str) {
        try {
            return JWTParser.parse(str).getJWTClaimsSet().getClaims();
        } catch (Exception e) {
            logger.error("Unable to extract JWT claims from token: {}", e);
            return null;
        }
    }
}
