package com.palantir.foundry.sql.driver.auth;

import com.palantir.foundry.sql.driver.auth.AuthMethod;
import com.palantir.foundry.sql.driver.clients.ServiceClients;
import com.palantir.foundry.sql.driver.exception.ExceptionUtils;
import com.palantir.foundry.sql.multipass.oauth.client.ClientCredentialsProvider;
import com.palantir.foundry.sql.multipass.oauth.client.TokenResponse;
import com.palantir.foundry.sql.multipass.oauth.flow.FoundryOAuthFlow;
import com.palantir.foundry.sql.multipass.oauth.store.CredentialStoreFactory;
import java.sql.SQLException;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;

/* loaded from: input_file:com/palantir/foundry/sql/driver/auth/TokenSupplierVisitor.class */
public final class TokenSupplierVisitor implements AuthMethod.Visitor<TokenSupplier> {
    private static final Map<AuthMethod.OAuth, TokenSupplier> oauthSuppliers = new ConcurrentHashMap();
    private static final Map<AuthMethod.ClientCredentials, TokenSupplier> clientCredentialsSuppliers = new ConcurrentHashMap();
    private final ServiceClients serviceClients;
    private final String credentialNamePrefix;

    public TokenSupplierVisitor(ServiceClients serviceClients, String str) {
        this.serviceClients = serviceClients;
        this.credentialNamePrefix = str;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.palantir.foundry.sql.driver.auth.AuthMethod.Visitor
    public TokenSupplier visitToken(AuthMethod.Token token) throws SQLException {
        ExceptionUtils.handleRemoteCall(() -> {
            return this.serviceClients.oauth2Service().checkToken(token.authHeader());
        }, "Invalid credentials");
        return new FixedTokenSupplier(token.authHeader());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.palantir.foundry.sql.driver.auth.AuthMethod.Visitor
    public TokenSupplier visitOAuth(AuthMethod.OAuth oAuth) {
        return oauthSuppliers.computeIfAbsent(oAuth, this::oauthFlow);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.palantir.foundry.sql.driver.auth.AuthMethod.Visitor
    public TokenSupplier visitClientCredentials(AuthMethod.ClientCredentials clientCredentials) {
        return clientCredentialsSuppliers.computeIfAbsent(clientCredentials, this::clientCredentials);
    }

    private TokenSupplier oauthFlow(AuthMethod.OAuth oAuth) {
        OAuthTokenFactory oAuthTokenFactory = new OAuthTokenFactory(new FoundryOAuthFlow(oAuth.clientId(), oAuth.clientSecret(), this.serviceClients.oauthAuthorizeEndpoint(), oAuth.redirectPort(), this.serviceClients.oauth2Service(), () -> {
            return UUID.randomUUID().toString();
        }), CredentialStoreFactory.INSTANCE.get(this.credentialNamePrefix, oAuth.clientId()), this.serviceClients.oauth2Service());
        Objects.requireNonNull(oAuthTokenFactory);
        Supplier supplier = oAuthTokenFactory::refresh;
        Objects.requireNonNull(oAuthTokenFactory);
        return new CachingTokenSupplier(supplier, oAuthTokenFactory::checkToken);
    }

    private TokenSupplier clientCredentials(AuthMethod.ClientCredentials clientCredentials) {
        return new CachingTokenSupplier(clientCredentialsSupplier(new ClientCredentialsProvider(clientCredentials.clientId(), clientCredentials.clientSecret(), this.serviceClients.oauth2Service())));
    }

    private static Supplier<CachedAccessToken> clientCredentialsSupplier(ClientCredentialsProvider clientCredentialsProvider) {
        return () -> {
            TokenResponse tokenResponse = clientCredentialsProvider.get();
            return new CachedAccessToken(tokenResponse.getAccessToken(), tokenResponse.getExpiresIn());
        };
    }
}
