package io.trino.server.security.oauth2;

import com.github.scribejava.apis.openid.OpenIdJsonTokenExtractor;
import com.github.scribejava.apis.openid.OpenIdOAuth2AccessToken;
import com.github.scribejava.core.builder.api.DefaultApi20;
import com.github.scribejava.core.extractors.TokenExtractor;
import com.github.scribejava.core.httpclient.HttpClientConfig;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.oauth.AccessTokenRequestParams;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.google.common.collect.ImmutableMap;
import io.airlift.http.client.HttpClient;
import io.trino.server.security.oauth2.OAuth2Client;
import java.io.OutputStream;
import java.net.URI;
import java.time.Instant;
import java.util.Objects;
import java.util.Optional;
import javax.inject.Inject;

/* loaded from: input_file:io/trino/server/security/oauth2/ScribeJavaOAuth2Client.class */
public class ScribeJavaOAuth2Client implements OAuth2Client {
    private final DynamicCallbackOAuth2Service service;

    /* loaded from: input_file:io/trino/server/security/oauth2/ScribeJavaOAuth2Client$DynamicCallbackOAuth2Service.class */
    static class DynamicCallbackOAuth2Service extends OAuth20Service {

        /* loaded from: input_file:io/trino/server/security/oauth2/ScribeJavaOAuth2Client$DynamicCallbackOAuth2Service$OAuth2Api.class */
        private static class OAuth2Api extends DefaultApi20 {
            private final String accessTokenEndpoint;
            private final String authorizationBaseUrl;

            public OAuth2Api(String str, String str2) {
                this.accessTokenEndpoint = (String) Objects.requireNonNull(str, "accessTokenEndpoint is null");
                this.authorizationBaseUrl = (String) Objects.requireNonNull(str2, "authorizationBaseUrl is null");
            }

            public String getAccessTokenEndpoint() {
                return this.accessTokenEndpoint;
            }

            protected String getAuthorizationBaseUrl() {
                return this.authorizationBaseUrl;
            }

            public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
                return OpenIdJsonTokenExtractor.instance();
            }
        }

        public DynamicCallbackOAuth2Service(OAuth2Config oAuth2Config, HttpClient httpClient) {
            super(new OAuth2Api(oAuth2Config.getTokenUrl(), oAuth2Config.getAuthUrl()), oAuth2Config.getClientId(), oAuth2Config.getClientSecret(), (String) null, String.join(" ", oAuth2Config.getScopes()), "code", (OutputStream) null, (String) null, (HttpClientConfig) null, new ScribeHttpClient(httpClient));
        }

        public OAuth2AccessToken getAccessToken(String str, String str2) throws ChallengeFailedException {
            try {
                OAuthRequest createAccessTokenRequest = createAccessTokenRequest(AccessTokenRequestParams.create(str));
                createAccessTokenRequest.addParameter(OAuth2Service.REDIRECT_URI, str2);
                return sendAccessTokenRequestSync(createAccessTokenRequest);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new ChallengeFailedException("Interrupted while fetching access token", e);
            } catch (Exception e2) {
                throw new ChallengeFailedException("Error while fetching access token", e2);
            }
        }
    }

    @Inject
    public ScribeJavaOAuth2Client(OAuth2Config oAuth2Config, @ForOAuth2 HttpClient httpClient) {
        Objects.requireNonNull(oAuth2Config, "config is null");
        Objects.requireNonNull(httpClient, "httpClient is null");
        this.service = new DynamicCallbackOAuth2Service(oAuth2Config, httpClient);
    }

    @Override // io.trino.server.security.oauth2.OAuth2Client
    public URI getAuthorizationUri(String str, URI uri, Optional<String> optional) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put(OAuth2Service.REDIRECT_URI, uri.toString());
        builder.put(OAuth2Service.STATE, str);
        optional.ifPresent(str2 -> {
            builder.put(OAuth2Service.NONCE, str2);
        });
        return URI.create(this.service.getAuthorizationUrl(builder.buildOrThrow()));
    }

    @Override // io.trino.server.security.oauth2.OAuth2Client
    public OAuth2Client.OAuth2Response getOAuth2Response(String str, URI uri) throws ChallengeFailedException {
        OpenIdOAuth2AccessToken accessToken = this.service.getAccessToken(str, uri.toString());
        return new OAuth2Client.OAuth2Response(accessToken.getAccessToken(), Optional.ofNullable(accessToken.getExpiresIn()).map(num -> {
            return Instant.now().plusSeconds(num.intValue());
        }), Optional.ofNullable(accessToken.getOpenIdToken()));
    }
}
