package io.trino.server.security.oauth2;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.trino.server.security.AbstractBearerAuthenticator;
import io.trino.server.security.AuthenticationException;
import io.trino.server.security.UserMapping;
import java.util.Objects;
import java.util.UUID;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2Authenticator.class */
public class OAuth2Authenticator extends AbstractBearerAuthenticator {
    private final OAuth2Service service;

    @Inject
    public OAuth2Authenticator(OAuth2Service oAuth2Service, OAuth2Config oAuth2Config) {
        super(oAuth2Config.getPrincipalField(), UserMapping.createUserMapping(oAuth2Config.getUserMappingPattern(), oAuth2Config.getUserMappingFile()));
        this.service = (OAuth2Service) Objects.requireNonNull(oAuth2Service, "service is null");
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected Jws<Claims> parseClaimsJws(String str) {
        return this.service.parseClaimsJws(str);
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected AuthenticationException needAuthentication(ContainerRequestContext containerRequestContext, String str) {
        UUID randomUUID = UUID.randomUUID();
        return new AuthenticationException(str, String.format("Bearer x_redirect_server=\"%s\", x_token_server=\"%s\"", this.service.startRestChallenge(containerRequestContext.getUriInfo().getBaseUri().resolve(OAuth2CallbackResource.CALLBACK_ENDPOINT), randomUUID), containerRequestContext.getUriInfo().getBaseUri().resolve(OAuth2TokenExchangeResource.getTokenUri(randomUUID))));
    }
}
