package org.projectnessie.client.auth.oauth2;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.net.URI;
import java.time.Duration;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.concurrent.ScheduledExecutorService;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import org.apache.hadoop.metrics2.sink.ganglia.AbstractGangliaSink;
import org.immutables.value.Value;
import org.projectnessie.client.NessieConfigConstants;
import org.projectnessie.client.auth.oauth2.OAuth2ClientConfig;

@Value.Immutable(lazyhash = true)
/* loaded from: input_file:org/projectnessie/client/auth/oauth2/OAuth2AuthenticatorConfig.class */
public interface OAuth2AuthenticatorConfig {

    /* loaded from: input_file:org/projectnessie/client/auth/oauth2/OAuth2AuthenticatorConfig$Builder.class */
    public interface Builder {
        @CanIgnoreReturnValue
        Builder from(OAuth2AuthenticatorConfig oAuth2AuthenticatorConfig);

        @CanIgnoreReturnValue
        Builder issuerUrl(URI uri);

        @CanIgnoreReturnValue
        Builder tokenEndpoint(URI uri);

        @CanIgnoreReturnValue
        Builder authEndpoint(URI uri);

        @CanIgnoreReturnValue
        Builder deviceAuthEndpoint(URI uri);

        @CanIgnoreReturnValue
        Builder grantType(GrantType grantType);

        @CanIgnoreReturnValue
        Builder clientId(String str);

        @CanIgnoreReturnValue
        Builder clientSecret(Secret secret);

        @CanIgnoreReturnValue
        default Builder clientSecret(String str) {
            return clientSecret(new Secret(str));
        }

        @CanIgnoreReturnValue
        Builder clientSecretSupplier(Supplier<String> supplier);

        @CanIgnoreReturnValue
        Builder username(String str);

        @CanIgnoreReturnValue
        Builder password(Secret secret);

        @CanIgnoreReturnValue
        default Builder password(String str) {
            return password(new Secret(str));
        }

        @CanIgnoreReturnValue
        Builder passwordSupplier(Supplier<String> supplier);

        @CanIgnoreReturnValue
        @Deprecated
        default Builder scope(String str) {
            Arrays.stream(str.split(" ")).forEach(this::addScope);
            return this;
        }

        @CanIgnoreReturnValue
        Builder addScope(String str);

        @CanIgnoreReturnValue
        Builder addScopes(String... strArr);

        @CanIgnoreReturnValue
        Builder scopes(Iterable<String> iterable);

        @CanIgnoreReturnValue
        Builder extraRequestParameters(Map<String, ? extends String> map);

        @CanIgnoreReturnValue
        @Deprecated
        Builder tokenExchangeEnabled(boolean z);

        @CanIgnoreReturnValue
        Builder tokenExchangeConfig(TokenExchangeConfig tokenExchangeConfig);

        @CanIgnoreReturnValue
        Builder impersonationConfig(ImpersonationConfig impersonationConfig);

        @CanIgnoreReturnValue
        Builder defaultAccessTokenLifespan(Duration duration);

        @CanIgnoreReturnValue
        Builder defaultRefreshTokenLifespan(Duration duration);

        @CanIgnoreReturnValue
        Builder refreshSafetyWindow(Duration duration);

        @CanIgnoreReturnValue
        Builder preemptiveTokenRefreshIdleTimeout(Duration duration);

        @CanIgnoreReturnValue
        Builder backgroundThreadIdleTimeout(Duration duration);

        @CanIgnoreReturnValue
        Builder authorizationCodeFlowTimeout(Duration duration);

        @CanIgnoreReturnValue
        Builder authorizationCodeFlowWebServerPort(int i);

        @CanIgnoreReturnValue
        Builder deviceCodeFlowTimeout(Duration duration);

        @CanIgnoreReturnValue
        Builder deviceCodeFlowPollInterval(Duration duration);

        @CanIgnoreReturnValue
        Builder sslContext(SSLContext sSLContext);

        @CanIgnoreReturnValue
        Builder objectMapper(ObjectMapper objectMapper);

        @CanIgnoreReturnValue
        Builder executor(ScheduledExecutorService scheduledExecutorService);

        OAuth2AuthenticatorConfig build();
    }

    static OAuth2AuthenticatorConfig fromConfigSupplier(Function<String, String> function) {
        Objects.requireNonNull(function, "config must not be null");
        String apply = function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_ID);
        String apply2 = function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SECRET);
        OAuth2ClientConfig.Builder clientSecret = OAuth2ClientConfig.builder().clientId(apply != null ? apply : "").clientSecret(apply2 != null ? apply2 : "");
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_ISSUER_URL, clientSecret::issuerUrl, URI::create);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_ENDPOINT, clientSecret::tokenEndpoint, URI::create);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTH_ENDPOINT, clientSecret::authEndpoint, URI::create);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_AUTH_ENDPOINT, clientSecret::deviceAuthEndpoint, URI::create);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_GRANT_TYPE, clientSecret::grantType, GrantType::fromConfigName);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_USERNAME, clientSecret::username);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_PASSWORD, clientSecret::password);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SCOPES, str -> {
            Stream stream = Arrays.stream(str.split(" "));
            Objects.requireNonNull(clientSecret);
            stream.forEach(clientSecret::addScope);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_ACCESS_TOKEN_LIFESPAN, clientSecret::defaultAccessTokenLifespan, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_REFRESH_TOKEN_LIFESPAN, clientSecret::defaultRefreshTokenLifespan, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_REFRESH_SAFETY_WINDOW, clientSecret::refreshSafetyWindow, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_PREEMPTIVE_TOKEN_REFRESH_IDLE_TIMEOUT, clientSecret::preemptiveTokenRefreshIdleTimeout, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_BACKGROUND_THREAD_IDLE_TIMEOUT, clientSecret::backgroundThreadIdleTimeout, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_TIMEOUT, clientSecret::authorizationCodeFlowTimeout, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_AUTHORIZATION_CODE_FLOW_WEB_PORT, (v1) -> {
            r2.authorizationCodeFlowWebServerPort(v1);
        }, Integer::parseInt);
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_TIMEOUT, clientSecret::deviceCodeFlowTimeout, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_DEVICE_CODE_FLOW_POLL_INTERVAL, clientSecret::deviceCodeFlowPollInterval, (v0) -> {
            return Duration.parse(v0);
        });
        Objects.requireNonNull(clientSecret);
        OAuth2ClientConfig.applyConfigOption(function, NessieConfigConstants.CONF_NESSIE_OAUTH2_EXTRA_PARAMS, clientSecret::extraRequestParameters, OAuth2AuthenticatorConfig::parseExtraParams);
        clientSecret.tokenExchangeConfig(TokenExchangeConfig.fromConfigSupplier(function));
        clientSecret.impersonationConfig(ImpersonationConfig.fromConfigSupplier(function));
        return clientSecret.build();
    }

    static Map<String, String> parseExtraParams(String str) {
        if (str == null || str.isBlank()) {
            return Map.of();
        }
        HashMap hashMap = new HashMap();
        for (String str2 : str.split(",")) {
            String[] split = str2.split(AbstractGangliaSink.EQUAL, 2);
            String trim = split[0].trim();
            if (hashMap.put(trim, split.length > 1 ? split[1].trim() : "") != null) {
                throw new IllegalArgumentException(String.format("OAuth2 authentication has configuration errors and could not be initialized: extra parameter '%s' is defined multiple times (%s)", trim, NessieConfigConstants.CONF_NESSIE_OAUTH2_EXTRA_PARAMS));
            }
        }
        return hashMap;
    }

    Optional<URI> getIssuerUrl();

    Optional<URI> getTokenEndpoint();

    Optional<URI> getAuthEndpoint();

    Optional<URI> getDeviceAuthEndpoint();

    @Value.Default
    default GrantType getGrantType() {
        return GrantType.CLIENT_CREDENTIALS;
    }

    String getClientId();

    @Value.Redacted
    Optional<Secret> getClientSecret();

    @Value.Redacted
    Optional<Supplier<String>> getClientSecretSupplier();

    Optional<String> getUsername();

    @Value.Redacted
    Optional<Secret> getPassword();

    @Value.Redacted
    Optional<Supplier<String>> getPasswordSupplier();

    @Value.Derived
    @Deprecated
    default Optional<String> getScope() {
        return getScopes().stream().reduce((str, str2) -> {
            return str + " " + str2;
        });
    }

    List<String> getScopes();

    Map<String, String> getExtraRequestParameters();

    @Value.Default
    @Deprecated
    default boolean getTokenExchangeEnabled() {
        return true;
    }

    @Value.Default
    default TokenExchangeConfig getTokenExchangeConfig() {
        return TokenExchangeConfig.builder().build();
    }

    @Value.Default
    default ImpersonationConfig getImpersonationConfig() {
        return ImpersonationConfig.builder().build();
    }

    @Value.Default
    default Duration getDefaultAccessTokenLifespan() {
        return Duration.parse(NessieConfigConstants.DEFAULT_DEFAULT_ACCESS_TOKEN_LIFESPAN);
    }

    @Value.Default
    default Duration getDefaultRefreshTokenLifespan() {
        return Duration.parse(NessieConfigConstants.DEFAULT_DEFAULT_REFRESH_TOKEN_LIFESPAN);
    }

    @Value.Default
    default Duration getRefreshSafetyWindow() {
        return Duration.parse(NessieConfigConstants.DEFAULT_REFRESH_SAFETY_WINDOW);
    }

    @Value.Default
    default Duration getPreemptiveTokenRefreshIdleTimeout() {
        return Duration.parse("PT30S");
    }

    @Value.Default
    default Duration getBackgroundThreadIdleTimeout() {
        return Duration.parse("PT30S");
    }

    @Value.Default
    default Duration getAuthorizationCodeFlowTimeout() {
        return Duration.parse("PT5M");
    }

    OptionalInt getAuthorizationCodeFlowWebServerPort();

    @Value.Default
    default Duration getDeviceCodeFlowTimeout() {
        return Duration.parse("PT5M");
    }

    @Value.Default
    default Duration getDeviceCodeFlowPollInterval() {
        return Duration.parse(NessieConfigConstants.DEFAULT_DEVICE_CODE_FLOW_POLL_INTERVAL);
    }

    Optional<SSLContext> getSslContext();

    @Value.Default
    default ObjectMapper getObjectMapper() {
        return OAuth2ClientConfig.OBJECT_MAPPER;
    }

    Optional<ScheduledExecutorService> getExecutor();

    static Builder builder() {
        return ImmutableOAuth2AuthenticatorConfig.builder();
    }
}
