package io.trino.server.security;

import com.google.common.base.Strings;
import io.trino.client.ProtocolDetectionException;
import io.trino.client.ProtocolHeaders;
import io.trino.server.ProtocolConfig;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.Identity;
import java.util.Optional;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/InsecureAuthenticator.class */
public class InsecureAuthenticator implements Authenticator {
    private final UserMapping userMapping;
    private final Optional<String> alternateHeaderName;

    @Inject
    public InsecureAuthenticator(InsecureAuthenticatorConfig insecureAuthenticatorConfig, ProtocolConfig protocolConfig) {
        this.userMapping = UserMapping.createUserMapping(insecureAuthenticatorConfig.getUserMappingPattern(), insecureAuthenticatorConfig.getUserMappingFile());
        this.alternateHeaderName = protocolConfig.getAlternateHeaderName();
    }

    @Override // io.trino.server.security.Authenticator
    public Identity authenticate(ContainerRequestContext containerRequestContext) throws AuthenticationException {
        String str;
        Optional<BasicAuthCredentials> extractBasicAuthCredentials = BasicAuthCredentials.extractBasicAuthCredentials(containerRequestContext);
        if (!extractBasicAuthCredentials.isPresent()) {
            try {
                str = Strings.emptyToNull((String) containerRequestContext.getHeaders().getFirst(ProtocolHeaders.detectProtocol(this.alternateHeaderName, containerRequestContext.getHeaders().keySet()).requestUser()));
            } catch (ProtocolDetectionException e) {
                str = null;
            }
        } else {
            if (extractBasicAuthCredentials.get().getPassword().isPresent()) {
                throw new AuthenticationException("Password not allowed for insecure authentication", BasicAuthCredentials.AUTHENTICATE_HEADER);
            }
            str = extractBasicAuthCredentials.get().getUser();
        }
        if (str == null) {
            throw new AuthenticationException("Basic authentication or " + ProtocolHeaders.TRINO_HEADERS.requestUser() + " must be sent", BasicAuthCredentials.AUTHENTICATE_HEADER);
        }
        try {
            return Identity.forUser(this.userMapping.mapUser(str)).withPrincipal(new BasicPrincipal(str)).build();
        } catch (UserMappingException e2) {
            throw new AuthenticationException(e2.getMessage());
        }
    }
}
