package io.trino.plugin.iceberg.catalog.rest;

import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import jakarta.validation.constraints.AssertTrue;
import java.net.URI;
import java.util.Optional;

/* loaded from: input_file:io/trino/plugin/iceberg/catalog/rest/OAuth2SecurityConfig.class */
public class OAuth2SecurityConfig {
    private String credential;
    private String scope;
    private String token;
    private URI serverUri;
    private boolean tokenRefreshEnabled = true;

    public Optional<String> getCredential() {
        return Optional.ofNullable(this.credential);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("The credential to exchange for a token in the OAuth2 client credentials flow with the server")
    @Config("iceberg.rest-catalog.oauth2.credential")
    public OAuth2SecurityConfig setCredential(String str) {
        this.credential = str;
        return this;
    }

    public Optional<String> getScope() {
        return Optional.ofNullable(this.scope);
    }

    @ConfigDescription("The scope which will be used for interactions with the server")
    @Config("iceberg.rest-catalog.oauth2.scope")
    public OAuth2SecurityConfig setScope(String str) {
        this.scope = str;
        return this;
    }

    public Optional<String> getToken() {
        return Optional.ofNullable(this.token);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("The Bearer token which will be used for interactions with the server")
    @Config("iceberg.rest-catalog.oauth2.token")
    public OAuth2SecurityConfig setToken(String str) {
        this.token = str;
        return this;
    }

    public Optional<URI> getServerUri() {
        return Optional.ofNullable(this.serverUri);
    }

    @ConfigDescription("The endpoint to retrieve access token from OAuth2 Server")
    @Config("iceberg.rest-catalog.oauth2.server-uri")
    public OAuth2SecurityConfig setServerUri(URI uri) {
        this.serverUri = uri;
        return this;
    }

    public boolean isTokenRefreshEnabled() {
        return this.tokenRefreshEnabled;
    }

    @ConfigDescription("Controls whether a token should be refreshed if information about its expiration time is available")
    @Config("iceberg.rest-catalog.oauth2.token-refresh-enabled")
    public OAuth2SecurityConfig setTokenRefreshEnabled(boolean z) {
        this.tokenRefreshEnabled = z;
        return this;
    }

    @AssertTrue(message = "OAuth2 requires a credential or token")
    public boolean credentialOrTokenPresent() {
        return (this.credential == null && this.token == null) ? false : true;
    }

    @AssertTrue(message = "Scope is applicable only when using credential")
    public boolean scopePresentOnlyWithCredential() {
        return this.token == null || this.scope == null;
    }
}
