package io.trino.server.security.oauth2;

import com.google.common.base.VerifyException;
import com.google.common.collect.ImmutableMap;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.MoreExecutors;
import com.google.inject.Inject;
import io.airlift.jaxrs.AsyncResponseHandler;
import io.airlift.json.JsonCodec;
import io.airlift.json.JsonCodecFactory;
import io.trino.dispatcher.DispatchExecutor;
import io.trino.server.AsyncResponseUtils;
import io.trino.server.ExternalUriInfo;
import io.trino.server.security.ResourceSecurity;
import io.trino.server.security.oauth2.OAuth2TokenExchange;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.BeanParam;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.AsyncResponse;
import jakarta.ws.rs.container.Suspended;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;

@ResourceSecurity(ResourceSecurity.AccessType.PUBLIC)
@Path(OAuth2TokenExchangeResource.TOKEN_ENDPOINT)
/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2TokenExchangeResource.class */
public class OAuth2TokenExchangeResource {
    static final String TOKEN_ENDPOINT = "/oauth2/token/";
    private static final JsonCodec<Map<String, Object>> MAP_CODEC = new JsonCodecFactory().mapJsonCodec(String.class, Object.class);
    private final OAuth2TokenExchange tokenExchange;
    private final OAuth2Service service;
    private final Executor responseExecutor;
    private final ScheduledExecutorService timeoutExecutor;

    @Inject
    public OAuth2TokenExchangeResource(OAuth2TokenExchange oAuth2TokenExchange, OAuth2Service oAuth2Service, DispatchExecutor dispatchExecutor) {
        this.tokenExchange = (OAuth2TokenExchange) Objects.requireNonNull(oAuth2TokenExchange, "tokenExchange is null");
        this.service = (OAuth2Service) Objects.requireNonNull(oAuth2Service, "service is null");
        this.responseExecutor = dispatchExecutor.getExecutor();
        this.timeoutExecutor = dispatchExecutor.getScheduledExecutor();
    }

    @Produces({"application/json"})
    @Path("initiate/{authIdHash}")
    @GET
    public Response initiateTokenExchange(@PathParam("authIdHash") String str, @BeanParam ExternalUriInfo externalUriInfo) {
        return this.service.startOAuth2Challenge(externalUriInfo.absolutePath(OAuth2CallbackResource.CALLBACK_ENDPOINT), Optional.ofNullable(str));
    }

    @Produces({"application/json"})
    @Path("{authId}")
    @GET
    public void getAuthenticationToken(@PathParam("authId") UUID uuid, @Suspended AsyncResponse asyncResponse, @Context HttpServletRequest httpServletRequest) {
        if (uuid == null) {
            throw new BadRequestException();
        }
        AsyncResponseHandler.bindAsyncResponse(asyncResponse, AsyncResponseUtils.withFallbackAfterTimeout(Futures.transform(this.tokenExchange.getTokenPoll(uuid), OAuth2TokenExchangeResource::toResponse, MoreExecutors.directExecutor()), OAuth2TokenExchange.MAX_POLL_TIME, () -> {
            return pendingResponse(httpServletRequest);
        }, this.timeoutExecutor), this.responseExecutor);
    }

    private static Response toResponse(OAuth2TokenExchange.TokenPoll tokenPoll) {
        if (tokenPoll.getError().isPresent()) {
            return Response.ok(jsonMap("error", tokenPoll.getError().get()), MediaType.APPLICATION_JSON_TYPE).build();
        }
        if (tokenPoll.getToken().isPresent()) {
            return Response.ok(jsonMap("token", tokenPoll.getToken().get()), MediaType.APPLICATION_JSON_TYPE).build();
        }
        throw new VerifyException("invalid TokenPoll state");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Response pendingResponse(HttpServletRequest httpServletRequest) {
        return Response.ok(jsonMap("nextUri", httpServletRequest.getRequestURL()), MediaType.APPLICATION_JSON_TYPE).build();
    }

    @DELETE
    @Path("{authId}")
    public Response deleteAuthenticationToken(@PathParam("authId") UUID uuid) {
        if (uuid == null) {
            throw new BadRequestException();
        }
        this.tokenExchange.dropToken(uuid);
        return Response.ok().build();
    }

    public static String getTokenUri(UUID uuid) {
        return "/oauth2/token/" + String.valueOf(uuid);
    }

    public static String getInitiateUri(UUID uuid) {
        return "/oauth2/token/initiate/" + OAuth2TokenExchange.hashAuthId(uuid);
    }

    private static String jsonMap(String str, Object obj) {
        return MAP_CODEC.toJson(ImmutableMap.of(str, obj));
    }
}
