package io.trino.server.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.Identity;
import java.util.List;
import java.util.Objects;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/AbstractBearerAuthenticator.class */
public abstract class AbstractBearerAuthenticator implements Authenticator {
    private final String principalField;
    private final UserMapping userMapping;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractBearerAuthenticator(String str, UserMapping userMapping) {
        this.principalField = (String) Objects.requireNonNull(str, "principalField is null");
        this.userMapping = (UserMapping) Objects.requireNonNull(userMapping, "userMapping is null");
    }

    @Override // io.trino.server.security.Authenticator
    public Identity authenticate(ContainerRequestContext containerRequestContext) throws AuthenticationException {
        return authenticate(containerRequestContext, extractToken(containerRequestContext));
    }

    public Identity authenticate(ContainerRequestContext containerRequestContext, String str) throws AuthenticationException {
        try {
            String str2 = (String) ((Claims) parseClaimsJws(str).getBody()).get(this.principalField, String.class);
            if (str2 == null) {
                throw needAuthentication(containerRequestContext, "Invalid credentials");
            }
            return Identity.forUser(this.userMapping.mapUser(str2)).withPrincipal(new BasicPrincipal(str2)).build();
        } catch (RuntimeException e) {
            throw new RuntimeException("Authentication error", e);
        } catch (JwtException | UserMappingException e2) {
            throw needAuthentication(containerRequestContext, e2.getMessage());
        }
    }

    public String extractToken(ContainerRequestContext containerRequestContext) throws AuthenticationException {
        List list = (List) containerRequestContext.getHeaders().get("Authorization");
        if (list == null || list.size() == 0) {
            throw needAuthentication(containerRequestContext, null);
        }
        if (list.size() > 1) {
            throw new IllegalArgumentException(String.format("Multiple %s headers detected: %s, where only single %s header is supported", "Authorization", list, "Authorization"));
        }
        String str = (String) list.get(0);
        int indexOf = str.indexOf(32);
        if (indexOf < 0 || !str.substring(0, indexOf).equalsIgnoreCase("bearer")) {
            throw needAuthentication(containerRequestContext, null);
        }
        String trim = str.substring(indexOf + 1).trim();
        if (trim.isEmpty()) {
            throw needAuthentication(containerRequestContext, null);
        }
        return trim;
    }

    protected abstract Jws<Claims> parseClaimsJws(String str);

    protected abstract AuthenticationException needAuthentication(ContainerRequestContext containerRequestContext, String str);
}
