package io.trino.server.security.oauth2;

import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableSet;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.units.Duration;
import io.airlift.units.MinDuration;
import java.io.File;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.validation.constraints.NotNull;

/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2Config.class */
public class OAuth2Config {
    private String authUrl;
    private String tokenUrl;
    private String jwksUrl;
    private String clientId;
    private String clientSecret;
    private Optional<String> stateKey = Optional.empty();
    private Optional<String> audience = Optional.empty();
    private Set<String> scopes = ImmutableSet.of(OAuth2Service.OPENID_SCOPE);
    private String principalField = "sub";
    private Duration challengeTimeout = new Duration(15.0d, TimeUnit.MINUTES);
    private Optional<String> userMappingPattern = Optional.empty();
    private Optional<File> userMappingFile = Optional.empty();

    public Optional<String> getStateKey() {
        return this.stateKey;
    }

    @ConfigDescription("A secret key used by HMAC algorithm to sign the state parameter")
    @Config("http-server.authentication.oauth2.state-key")
    public OAuth2Config setStateKey(String str) {
        this.stateKey = Optional.ofNullable(str);
        return this;
    }

    @NotNull
    public String getAuthUrl() {
        return this.authUrl;
    }

    @ConfigDescription("URL of the authorization server's authorization endpoint")
    @Config("http-server.authentication.oauth2.auth-url")
    public OAuth2Config setAuthUrl(String str) {
        this.authUrl = str;
        return this;
    }

    @NotNull
    public String getTokenUrl() {
        return this.tokenUrl;
    }

    @ConfigDescription("URL of the authorization server's token endpoint")
    @Config("http-server.authentication.oauth2.token-url")
    public OAuth2Config setTokenUrl(String str) {
        this.tokenUrl = str;
        return this;
    }

    @NotNull
    public String getJwksUrl() {
        return this.jwksUrl;
    }

    @ConfigDescription("URL of the authorization server's JWKS (JSON Web Key Set) endpoint")
    @Config("http-server.authentication.oauth2.jwks-url")
    public OAuth2Config setJwksUrl(String str) {
        this.jwksUrl = str;
        return this;
    }

    @NotNull
    public String getClientId() {
        return this.clientId;
    }

    @ConfigDescription("Client ID")
    @Config("http-server.authentication.oauth2.client-id")
    public OAuth2Config setClientId(String str) {
        this.clientId = str;
        return this;
    }

    @NotNull
    public String getClientSecret() {
        return this.clientSecret;
    }

    @ConfigSecuritySensitive
    @ConfigDescription("Client secret")
    @Config("http-server.authentication.oauth2.client-secret")
    public OAuth2Config setClientSecret(String str) {
        this.clientSecret = str;
        return this;
    }

    public Optional<String> getAudience() {
        return this.audience;
    }

    @ConfigDescription("The required audience of a token")
    @Config("http-server.authentication.oauth2.audience")
    public OAuth2Config setAudience(String str) {
        this.audience = Optional.ofNullable(str);
        return this;
    }

    @NotNull
    public Set<String> getScopes() {
        return this.scopes;
    }

    @ConfigDescription("Scopes requested by the server during OAuth2 authorization challenge")
    @Config("http-server.authentication.oauth2.scopes")
    public OAuth2Config setScopes(String str) {
        this.scopes = (Set) Splitter.on(',').trimResults().omitEmptyStrings().splitToStream(str).collect(ImmutableSet.toImmutableSet());
        return this;
    }

    @NotNull
    public String getPrincipalField() {
        return this.principalField;
    }

    @Config("http-server.authentication.oauth2.principal-field")
    public OAuth2Config setPrincipalField(String str) {
        this.principalField = str;
        return this;
    }

    @NotNull
    @MinDuration("1ms")
    public Duration getChallengeTimeout() {
        return this.challengeTimeout;
    }

    @ConfigDescription("Maximum duration of OAuth2 authorization challenge")
    @Config("http-server.authentication.oauth2.challenge-timeout")
    public OAuth2Config setChallengeTimeout(Duration duration) {
        this.challengeTimeout = duration;
        return this;
    }

    public Optional<String> getUserMappingPattern() {
        return this.userMappingPattern;
    }

    @ConfigDescription("Regex to match against user name")
    @Config("http-server.authentication.oauth2.user-mapping.pattern")
    public OAuth2Config setUserMappingPattern(String str) {
        this.userMappingPattern = Optional.ofNullable(str);
        return this;
    }

    public Optional<File> getUserMappingFile() {
        return this.userMappingFile;
    }

    @ConfigDescription("File containing rules for mapping user")
    @Config("http-server.authentication.oauth2.user-mapping.file")
    public OAuth2Config setUserMappingFile(File file) {
        this.userMappingFile = Optional.ofNullable(file);
        return this;
    }
}
