package io.trino.server.security.oauth2;

import com.google.common.base.Strings;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.units.Duration;
import jakarta.validation.constraints.NotEmpty;
import java.util.Base64;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/trino/server/security/oauth2/RefreshTokensConfig.class */
public class RefreshTokensConfig {
    private Duration tokenExpiration = Duration.succinctDuration(1.0d, TimeUnit.HOURS);
    private String issuer = "Trino_coordinator";
    private String audience = "Trino_coordinator";
    private SecretKey secretKey;

    public Duration getTokenExpiration() {
        return this.tokenExpiration;
    }

    @ConfigDescription("Expiration time for issued token. It needs to be equal or lower than duration of refresh token issued by IdP")
    @Config("http-server.authentication.oauth2.refresh-tokens.issued-token.timeout")
    public RefreshTokensConfig setTokenExpiration(Duration duration) {
        this.tokenExpiration = duration;
        return this;
    }

    @NotEmpty
    public String getIssuer() {
        return this.issuer;
    }

    @ConfigDescription("Issuer representing this coordinator instance, that will be used in issued token. In addition current Version will be added to it")
    @Config("http-server.authentication.oauth2.refresh-tokens.issued-token.issuer")
    public RefreshTokensConfig setIssuer(String str) {
        this.issuer = str;
        return this;
    }

    @NotEmpty
    public String getAudience() {
        return this.audience;
    }

    @ConfigDescription("Audience representing this coordinator instance, that will be used in issued token")
    @Config("http-server.authentication.oauth2.refresh-tokens.issued-token.audience")
    public RefreshTokensConfig setAudience(String str) {
        this.audience = str;
        return this;
    }

    @ConfigSecuritySensitive
    @ConfigDescription("Base64 encoded secret key used to encrypt generated token")
    @Config("http-server.authentication.oauth2.refresh-tokens.secret-key")
    public RefreshTokensConfig setSecretKey(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return this;
        }
        this.secretKey = new SecretKeySpec(Base64.getDecoder().decode(str), "AES");
        return this;
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }
}
