package io.prestosql.server.security;

import com.google.common.collect.ImmutableList;
import io.prestosql.spi.security.Identity;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/prestosql/server/security/CertificateAuthenticator.class */
public class CertificateAuthenticator implements Authenticator {
    private static final String X509_ATTRIBUTE = "javax.servlet.request.X509Certificate";
    private final CertificateAuthenticatorManager authenticatorManager;
    private final UserMapping userMapping;

    @Inject
    public CertificateAuthenticator(CertificateAuthenticatorManager certificateAuthenticatorManager, CertificateConfig certificateConfig) {
        Objects.requireNonNull(certificateConfig, "config is null");
        this.userMapping = UserMapping.createUserMapping(certificateConfig.getUserMappingPattern(), certificateConfig.getUserMappingFile());
        this.authenticatorManager = (CertificateAuthenticatorManager) Objects.requireNonNull(certificateAuthenticatorManager, "authenticatorManager is null");
        certificateAuthenticatorManager.setRequired();
    }

    @Override // io.prestosql.server.security.Authenticator
    public Identity authenticate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        Object attribute = httpServletRequest.getAttribute(X509_ATTRIBUTE);
        if (attribute == null) {
            throw new AuthenticationException(null);
        }
        ImmutableList copyOf = ImmutableList.copyOf((X509Certificate[]) attribute);
        if (copyOf.isEmpty()) {
            throw new AuthenticationException(null);
        }
        try {
            Principal authenticate = this.authenticatorManager.getAuthenticator().authenticate(copyOf);
            return Identity.forUser(this.userMapping.mapUser(authenticate.toString())).withPrincipal(authenticate).build();
        } catch (UserMappingException e) {
            throw new AuthenticationException(e.getMessage());
        } catch (RuntimeException e2) {
            throw new RuntimeException("Authentication error", e2);
        }
    }
}
