package org.projectnessie.client.auth.oauth2;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.time.Duration;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ScheduledExecutorService;
import java.util.function.Function;
import org.immutables.value.Value;
import org.projectnessie.client.NessieConfigConstants;
import org.projectnessie.client.auth.BasicAuthenticationProvider;
import org.projectnessie.client.auth.oauth2.ImmutableOAuth2ClientParams;
import org.projectnessie.client.http.HttpClient;

/* JADX INFO: Access modifiers changed from: package-private */
@Value.Immutable
/* loaded from: input_file:org/projectnessie/client/auth/oauth2/OAuth2ClientParams.class */
public interface OAuth2ClientParams {
    public static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    public static final Duration MIN_REFRESH_DELAY = Duration.ofSeconds(1);

    URI getTokenEndpoint();

    String getClientId();

    String getClientSecret();

    Optional<String> getUsername();

    Optional<String> getPassword();

    Optional<String> getScope();

    @Value.Default
    default String getGrantType() {
        return "client_credentials";
    }

    @Value.Default
    default ObjectMapper getObjectMapper() {
        return OBJECT_MAPPER;
    }

    @Value.Default
    default Duration getDefaultAccessTokenLifespan() {
        return Duration.parse(NessieConfigConstants.DEFAULT_DEFAULT_ACCESS_TOKEN_LIFESPAN);
    }

    @Value.Default
    default Duration getDefaultRefreshTokenLifespan() {
        return Duration.parse(NessieConfigConstants.DEFAULT_DEFAULT_REFRESH_TOKEN_LIFESPAN);
    }

    @Value.Default
    default Duration getRefreshSafetyWindow() {
        return Duration.parse(NessieConfigConstants.DEFAULT_REFRESH_SAFETY_WINDOW);
    }

    @Value.Default
    default boolean getTokenExchangeEnabled() {
        return true;
    }

    Optional<ScheduledExecutorService> getExecutor();

    @Value.Default
    default HttpClient.Builder getHttpClient() {
        return HttpClient.builder().setBaseUri(getTokenEndpoint()).setObjectMapper(getObjectMapper()).setAuthentication(BasicAuthenticationProvider.create(getClientId(), getClientSecret())).setDisableCompression(true);
    }

    @Value.Check
    default void check() {
        if (getClientId().isEmpty()) {
            throw new IllegalArgumentException("client ID must not be empty");
        }
        if (getClientSecret().isEmpty()) {
            throw new IllegalArgumentException("client secret must not be empty");
        }
        if (!getGrantType().equals("client_credentials") && !getGrantType().equals("password")) {
            throw new IllegalArgumentException(String.format("grant type must be either '%s' or '%s'", "client_credentials", "password"));
        }
        if (getGrantType().equals("password")) {
            if (!getUsername().isPresent() || getUsername().get().isEmpty()) {
                throw new IllegalArgumentException(String.format("username must be set if grant type is '%s'", "password"));
            }
            if (!getPassword().isPresent() || getPassword().get().isEmpty()) {
                throw new IllegalArgumentException(String.format("password must be set if grant type is '%s'", "password"));
            }
        }
        if (getDefaultAccessTokenLifespan().compareTo(MIN_REFRESH_DELAY) < 0) {
            throw new IllegalArgumentException(String.format("default token lifespan must be greater than or equal to %s", MIN_REFRESH_DELAY));
        }
        if (getRefreshSafetyWindow().compareTo(MIN_REFRESH_DELAY) < 0) {
            throw new IllegalArgumentException(String.format("refresh safety window must be greater than or equal to %s", MIN_REFRESH_DELAY));
        }
        if (getRefreshSafetyWindow().compareTo(getDefaultAccessTokenLifespan()) >= 0) {
            throw new IllegalArgumentException("refresh safety window must be less than the default token lifespan");
        }
    }

    static ImmutableOAuth2ClientParams.Builder builder() {
        return ImmutableOAuth2ClientParams.builder();
    }

    static OAuth2ClientParams fromConfig(Function<String, String> function) {
        Objects.requireNonNull(function, "config must not be null");
        return ImmutableOAuth2ClientParams.builder().tokenEndpoint(URI.create((String) Objects.requireNonNull(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_ENDPOINT), "token endpoint must not be null"))).clientId((String) Objects.requireNonNull(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_ID), "client ID must not be null")).clientSecret((String) Objects.requireNonNull(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SECRET), "client secret must not be null")).username(Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_USERNAME))).password(Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_PASSWORD))).grantType((String) Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_GRANT_TYPE)).orElse("client_credentials")).scope(Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_CLIENT_SCOPES))).defaultAccessTokenLifespan(Duration.parse((CharSequence) Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_ACCESS_TOKEN_LIFESPAN)).orElse(NessieConfigConstants.DEFAULT_DEFAULT_ACCESS_TOKEN_LIFESPAN))).defaultRefreshTokenLifespan(Duration.parse((CharSequence) Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_DEFAULT_REFRESH_TOKEN_LIFESPAN)).orElse(NessieConfigConstants.DEFAULT_DEFAULT_REFRESH_TOKEN_LIFESPAN))).refreshSafetyWindow(Duration.parse((CharSequence) Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_REFRESH_SAFETY_WINDOW)).orElse(NessieConfigConstants.DEFAULT_REFRESH_SAFETY_WINDOW))).tokenExchangeEnabled(((Boolean) Optional.ofNullable(function.apply(NessieConfigConstants.CONF_NESSIE_OAUTH2_TOKEN_EXCHANGE_ENABLED)).map(Boolean::parseBoolean).orElse(true)).booleanValue()).build();
    }
}
