package io.trino.server.security;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import io.airlift.configuration.ConfigurationLoader;
import io.airlift.log.Logger;
import io.trino.spi.security.CertificateAuthenticatorFactory;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:io/trino/server/security/CertificateAuthenticatorManager.class */
public class CertificateAuthenticatorManager {
    private static final Logger log = Logger.get(CertificateAuthenticatorManager.class);
    private static final File CONFIG_FILE = new File("etc/certificate-authenticator.properties");
    private static final String NAME_PROPERTY = "certificate-authenticator.name";
    private final AtomicBoolean required = new AtomicBoolean();
    private final Map<String, CertificateAuthenticatorFactory> factories = new ConcurrentHashMap();
    private final AtomicReference<io.trino.spi.security.CertificateAuthenticator> authenticator = new AtomicReference<>();

    public void setRequired() {
        this.required.set(true);
    }

    public void addCertificateAuthenticatorFactory(CertificateAuthenticatorFactory certificateAuthenticatorFactory) {
        Preconditions.checkArgument(this.factories.putIfAbsent(certificateAuthenticatorFactory.getName(), certificateAuthenticatorFactory) == null, "Certificate authenticator '%s' is already registered", certificateAuthenticatorFactory.getName());
    }

    public void loadCertificateAuthenticator() throws Exception {
        if (this.required.get()) {
            File absoluteFile = CONFIG_FILE.getAbsoluteFile();
            if (!absoluteFile.exists()) {
                useDefaultAuthenticator();
                return;
            }
            HashMap hashMap = new HashMap(ConfigurationLoader.loadPropertiesFrom(absoluteFile.getPath()));
            String str = (String) hashMap.remove(NAME_PROPERTY);
            Preconditions.checkState(!Strings.isNullOrEmpty(str), "Certificate authenticator configuration %s does not contain '%s'", absoluteFile, NAME_PROPERTY);
            log.info("-- Loading certificate authenticator --");
            CertificateAuthenticatorFactory certificateAuthenticatorFactory = this.factories.get(str);
            Preconditions.checkState(certificateAuthenticatorFactory != null, "Certificate authenticator '%s' is not registered", str);
            this.authenticator.set((io.trino.spi.security.CertificateAuthenticator) Objects.requireNonNull(certificateAuthenticatorFactory.create(ImmutableMap.copyOf(hashMap)), "authenticator is null"));
            log.info("-- Loaded certificate authenticator %s --", new Object[]{str});
        }
    }

    public io.trino.spi.security.CertificateAuthenticator getAuthenticator() {
        Preconditions.checkState(this.authenticator.get() != null, "authenticator was not loaded");
        return this.authenticator.get();
    }

    public void useDefaultAuthenticator() {
        this.authenticator.set(list -> {
            return ((X509Certificate) list.get(0)).getSubjectX500Principal();
        });
    }
}
