package io.trino.server.security.oauth2;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.hash.Hashing;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import io.airlift.concurrent.Threads;
import io.airlift.units.Duration;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.annotation.PreDestroy;
import javax.inject.Inject;

/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2TokenExchange.class */
public class OAuth2TokenExchange implements OAuth2TokenHandler {
    public static final Duration MAX_POLL_TIME = new Duration(10.0d, TimeUnit.SECONDS);
    private static final TokenPoll TOKEN_POLL_TIMED_OUT = TokenPoll.error("Authentication has timed out");
    private final LoadingCache<String, SettableFuture<TokenPoll>> cache;
    private final ScheduledExecutorService executor = Executors.newSingleThreadScheduledExecutor(Threads.daemonThreadsNamed("oauth2-token-exchange"));

    /* loaded from: input_file:io/trino/server/security/oauth2/OAuth2TokenExchange$TokenPoll.class */
    public static class TokenPoll {
        private final Optional<String> token;
        private final Optional<String> error;

        private TokenPoll(String str, String str2) {
            this.token = Optional.ofNullable(str);
            this.error = Optional.ofNullable(str2);
        }

        static TokenPoll token(String str) {
            Objects.requireNonNull(str, "token is null");
            return new TokenPoll(str, null);
        }

        static TokenPoll error(String str) {
            Objects.requireNonNull(str, "error is null");
            return new TokenPoll(null, str);
        }

        public Optional<String> getToken() {
            return this.token;
        }

        public Optional<String> getError() {
            return this.error;
        }
    }

    @Inject
    public OAuth2TokenExchange(OAuth2Config oAuth2Config) {
        final long millis = oAuth2Config.getChallengeTimeout().toMillis();
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(millis + (MAX_POLL_TIME.toMillis() * 10), TimeUnit.MILLISECONDS).removalListener(removalNotification -> {
            ((SettableFuture) removalNotification.getValue()).set(TOKEN_POLL_TIMED_OUT);
        }).build(new CacheLoader<String, SettableFuture<TokenPoll>>() { // from class: io.trino.server.security.oauth2.OAuth2TokenExchange.1
            public SettableFuture<TokenPoll> load(String str) {
                SettableFuture<TokenPoll> create = SettableFuture.create();
                ScheduledFuture schedule = OAuth2TokenExchange.this.executor.schedule(() -> {
                    return Boolean.valueOf(create.set(OAuth2TokenExchange.TOKEN_POLL_TIMED_OUT));
                }, millis, TimeUnit.MILLISECONDS);
                create.addListener(() -> {
                    schedule.cancel(true);
                }, OAuth2TokenExchange.this.executor);
                return create;
            }
        });
    }

    @PreDestroy
    public void stop() {
        this.executor.shutdownNow();
    }

    @Override // io.trino.server.security.oauth2.OAuth2TokenHandler
    public void setAccessToken(String str, String str2) {
        ((SettableFuture) this.cache.getUnchecked(str)).set(TokenPoll.token(str2));
    }

    @Override // io.trino.server.security.oauth2.OAuth2TokenHandler
    public void setTokenExchangeError(String str, String str2) {
        ((SettableFuture) this.cache.getUnchecked(str)).set(TokenPoll.error(str2));
    }

    public ListenableFuture<TokenPoll> getTokenPoll(UUID uuid) {
        return Futures.nonCancellationPropagating((ListenableFuture) this.cache.getUnchecked(hashAuthId(uuid)));
    }

    public void dropToken(UUID uuid) {
        this.cache.invalidate(hashAuthId(uuid));
    }

    public static String hashAuthId(UUID uuid) {
        return Hashing.sha256().hashString(uuid.toString(), StandardCharsets.UTF_8).toString();
    }
}
