package io.squashql;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.cloud.bigquery.BigQuery;
import com.google.cloud.bigquery.BigQueryOptions;
import io.squashql.store.Store;
import jakarta.servlet.http.HttpServletRequest;
import java.sql.Date;
import java.time.Duration;
import java.util.Map;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;

/* loaded from: input_file:io/squashql/BigQueryEndUserDatastore.class */
public class BigQueryEndUserDatastore implements BigQueryDatastore {
    private final OAuth2AuthorizedClientRepository authorizedClientRepository;
    private final Cache<String, Map<String, Store>> stores = Caffeine.newBuilder().maximumSize(16).expireAfterWrite(Duration.ofMinutes(5)).build();
    private final String projectId;
    private final String datasetName;

    public BigQueryEndUserDatastore(OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository, String str, String str2) {
        this.authorizedClientRepository = oAuth2AuthorizedClientRepository;
        this.projectId = str;
        this.datasetName = str2;
    }

    @Override // io.squashql.BigQueryDatastore
    public String getProjectId() {
        return this.projectId;
    }

    @Override // io.squashql.BigQueryDatastore
    public String getDatasetName() {
        return this.datasetName;
    }

    @Override // io.squashql.BigQueryDatastore
    public BigQuery getBigquery() {
        OAuth2AuthenticationToken oAuth2AuthenticationToken = getOAuth2AuthenticationToken();
        OAuth2AccessToken accessToken = this.authorizedClientRepository.loadAuthorizedClient(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oAuth2AuthenticationToken, (HttpServletRequest) null).getAccessToken();
        return BigQueryOptions.newBuilder().setCredentials(OAuth2Credentials.create(new AccessToken(accessToken.getTokenValue(), Date.from(accessToken.getExpiresAt())))).setProjectId(this.projectId).build().getService();
    }

    public Map<String, Store> storesByName() {
        return (Map) this.stores.get(getOAuth2AuthenticationToken().getPrincipal().getName(), str -> {
            return BigQueryServiceAccountDatastore.fetchStoresByName(this);
        });
    }

    private OAuth2AuthenticationToken getOAuth2AuthenticationToken() {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null) {
            throw new AuthenticationServiceException("not authenticated");
        }
        OAuth2AuthenticationToken authentication = context.getAuthentication();
        if (authentication instanceof OAuth2AuthenticationToken) {
            return authentication;
        }
        throw new IllegalStateException("authentication type not expected: " + authentication.getClass());
    }
}
