package io.trino.server.security.oauth2;

import com.google.common.base.VerifyException;
import com.google.common.collect.ImmutableMap;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListeningExecutorService;
import io.airlift.jaxrs.AsyncResponseHandler;
import io.airlift.json.JsonCodec;
import io.airlift.json.JsonCodecFactory;
import io.trino.dispatcher.DispatchExecutor;
import io.trino.server.security.ResourceSecurity;
import io.trino.server.security.oauth2.OAuth2TokenExchange;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.AsyncResponse;
import javax.ws.rs.container.Suspended;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

@Path(OAuth2TokenExchangeResource.TOKEN_ENDPOINT)
/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2TokenExchangeResource.class */
public class OAuth2TokenExchangeResource {
    static final String TOKEN_ENDPOINT = "/oauth2/token/";
    private static final JsonCodec<Map<String, Object>> MAP_CODEC = new JsonCodecFactory().mapJsonCodec(String.class, Object.class);
    private final OAuth2TokenExchange tokenExchange;
    private final OAuth2Service service;
    private final ListeningExecutorService responseExecutor;

    @Inject
    public OAuth2TokenExchangeResource(OAuth2TokenExchange oAuth2TokenExchange, OAuth2Service oAuth2Service, DispatchExecutor dispatchExecutor) {
        this.tokenExchange = (OAuth2TokenExchange) Objects.requireNonNull(oAuth2TokenExchange, "tokenExchange is null");
        this.service = (OAuth2Service) Objects.requireNonNull(oAuth2Service, "service is null");
        this.responseExecutor = ((DispatchExecutor) Objects.requireNonNull(dispatchExecutor, "executor is null")).getExecutor();
    }

    @GET
    @Path("initiate/{authIdHash}")
    @ResourceSecurity(ResourceSecurity.AccessType.PUBLIC)
    @Produces({"application/json"})
    public Response initiateTokenExchange(@PathParam("authIdHash") String str, @Context UriInfo uriInfo) {
        return this.service.startOAuth2Challenge(uriInfo, str);
    }

    @GET
    @Path("{authId}")
    @ResourceSecurity(ResourceSecurity.AccessType.PUBLIC)
    @Produces({"application/json"})
    public void getAuthenticationToken(@PathParam("authId") UUID uuid, @Suspended AsyncResponse asyncResponse, @Context HttpServletRequest httpServletRequest) {
        if (uuid == null) {
            throw new BadRequestException();
        }
        AsyncResponseHandler.bindAsyncResponse(asyncResponse, Futures.transform(this.tokenExchange.getTokenPoll(uuid), OAuth2TokenExchangeResource::toResponse, this.responseExecutor), this.responseExecutor).withTimeout(OAuth2TokenExchange.MAX_POLL_TIME, pendingResponse(httpServletRequest));
    }

    private static Response toResponse(OAuth2TokenExchange.TokenPoll tokenPoll) {
        if (tokenPoll.getError().isPresent()) {
            return Response.ok(jsonMap("error", tokenPoll.getError().get()), MediaType.APPLICATION_JSON_TYPE).build();
        }
        if (tokenPoll.getToken().isPresent()) {
            return Response.ok(jsonMap("token", tokenPoll.getToken().get()), MediaType.APPLICATION_JSON_TYPE).build();
        }
        throw new VerifyException("invalid TokenPoll state");
    }

    private static Response pendingResponse(HttpServletRequest httpServletRequest) {
        return Response.ok(jsonMap("nextUri", httpServletRequest.getRequestURL()), MediaType.APPLICATION_JSON_TYPE).build();
    }

    @ResourceSecurity(ResourceSecurity.AccessType.PUBLIC)
    @Path("{authId}")
    @DELETE
    public void deleteAuthenticationToken(@PathParam("authId") UUID uuid) {
        if (uuid == null) {
            throw new BadRequestException();
        }
        this.tokenExchange.dropToken(uuid);
    }

    public static String getTokenUri(UUID uuid) {
        return "/oauth2/token/" + uuid;
    }

    public static String getInitiateUri(UUID uuid) {
        return "/oauth2/token/initiate/" + OAuth2TokenExchange.hashAuthId(uuid);
    }

    private static String jsonMap(String str, Object obj) {
        return MAP_CODEC.toJson(ImmutableMap.of(str, obj));
    }
}
