package io.trino.server.security.oauth2;

import io.trino.server.security.AbstractBearerAuthenticator;
import io.trino.server.security.AuthenticationException;
import io.trino.server.security.UserMapping;
import io.trino.spi.security.BasicPrincipal;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/oauth2/OAuth2Authenticator.class */
public class OAuth2Authenticator extends AbstractBearerAuthenticator {
    private final OAuth2Service service;
    private final String principalField;

    @Inject
    public OAuth2Authenticator(OAuth2Service oAuth2Service, OAuth2Config oAuth2Config) {
        super(UserMapping.createUserMapping(oAuth2Config.getUserMappingPattern(), oAuth2Config.getUserMappingFile()));
        this.service = (OAuth2Service) Objects.requireNonNull(oAuth2Service, "service is null");
        this.principalField = oAuth2Config.getPrincipalField();
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected Optional<Principal> extractPrincipalFromToken(String str) {
        try {
            Optional<U> map = this.service.convertTokenToClaims(str).map(map2 -> {
                return map2.get(this.principalField);
            });
            Class<String> cls = String.class;
            Objects.requireNonNull(String.class);
            return map.map(cls::cast).map(BasicPrincipal::new);
        } catch (ChallengeFailedException e) {
            return Optional.empty();
        }
    }

    @Override // io.trino.server.security.AbstractBearerAuthenticator
    protected AuthenticationException needAuthentication(ContainerRequestContext containerRequestContext, String str) {
        UUID randomUUID = UUID.randomUUID();
        return new AuthenticationException(str, String.format("Bearer x_redirect_server=\"%s\", x_token_server=\"%s\"", containerRequestContext.getUriInfo().getBaseUri().resolve(OAuth2TokenExchangeResource.getInitiateUri(randomUUID)), containerRequestContext.getUriInfo().getBaseUri().resolve(OAuth2TokenExchangeResource.getTokenUri(randomUUID))));
    }
}
