package io.trino.server.security.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolver;
import io.trino.server.security.AbstractBearerAuthenticator;
import io.trino.server.security.AuthenticationException;
import io.trino.server.security.UserMapping;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/jwt/JwtAuthenticator.class */
public class JwtAuthenticator extends AbstractBearerAuthenticator {
    private final JwtParser jwtParser;

    @Inject
    public JwtAuthenticator(JwtAuthenticatorConfig jwtAuthenticatorConfig, SigningKeyResolver signingKeyResolver) {
        super(jwtAuthenticatorConfig.getPrincipalField(), UserMapping.createUserMapping(jwtAuthenticatorConfig.getUserMappingPattern(), jwtAuthenticatorConfig.getUserMappingFile()));
        JwtParser signingKeyResolver2 = Jwts.parser().setSigningKeyResolver(signingKeyResolver);
        if (jwtAuthenticatorConfig.getRequiredIssuer() != null) {
            signingKeyResolver2.requireIssuer(jwtAuthenticatorConfig.getRequiredIssuer());
        }
        if (jwtAuthenticatorConfig.getRequiredAudience() != null) {
            signingKeyResolver2.requireAudience(jwtAuthenticatorConfig.getRequiredAudience());
        }
        this.jwtParser = signingKeyResolver2;
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected Jws<Claims> parseClaimsJws(String str) {
        return this.jwtParser.parseClaimsJws(str);
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected AuthenticationException needAuthentication(ContainerRequestContext containerRequestContext, String str) {
        return new AuthenticationException(str, "Bearer realm=\"Trino\", token_type=\"JWT\"");
    }
}
