package io.trino.server.security.oauth2;

import com.google.inject.Inject;
import io.airlift.log.Logger;
import io.trino.server.ExternalUriInfo;
import io.trino.server.security.ResourceSecurity;
import jakarta.ws.rs.BeanParam;
import jakarta.ws.rs.CookieParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Cookie;
import jakarta.ws.rs.core.NewCookie;
import jakarta.ws.rs.core.Response;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Objects;

@ResourceSecurity(ResourceSecurity.AccessType.PUBLIC)
@Path(OAuth2CallbackResource.CALLBACK_ENDPOINT)
/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2CallbackResource.class */
public class OAuth2CallbackResource {
    private static final Logger LOG = Logger.get(OAuth2CallbackResource.class);
    public static final String CALLBACK_ENDPOINT = "/oauth2/callback";
    private final OAuth2Service service;

    @Inject
    public OAuth2CallbackResource(OAuth2Service oAuth2Service) {
        this.service = (OAuth2Service) Objects.requireNonNull(oAuth2Service, "service is null");
    }

    @Produces({"text/html"})
    @GET
    public Response callback(@QueryParam("state") String str, @QueryParam("code") String str2, @QueryParam("error") String str3, @QueryParam("error_description") String str4, @QueryParam("error_uri") String str5, @CookieParam("__Secure-Trino-Nonce") Cookie cookie, @BeanParam ExternalUriInfo externalUriInfo) {
        if (str3 != null) {
            return this.service.handleOAuth2Error(str, URLEncoder.encode(str3, StandardCharsets.UTF_8), str4, str5);
        }
        try {
            Objects.requireNonNull(str, "state is null");
            Objects.requireNonNull(str2, "code is null");
            return this.service.finishOAuth2Challenge(str, str2, externalUriInfo, NonceCookie.read(cookie));
        } catch (RuntimeException e) {
            LOG.debug(e, "Authentication response could not be verified: state=%s", new Object[]{str});
            return Response.status(Response.Status.BAD_REQUEST).cookie(new NewCookie[]{NonceCookie.delete()}).entity(this.service.getInternalFailureHtml("Authentication response could not be verified")).build();
        }
    }
}
