package io.trino.server.ui;

import io.airlift.log.Logger;
import io.trino.server.security.PasswordAuthenticatorConfig;
import io.trino.server.security.PasswordAuthenticatorManager;
import io.trino.server.security.SecurityConfig;
import io.trino.server.security.UserMapping;
import io.trino.server.security.UserMappingException;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.PasswordAuthenticator;
import java.util.Iterator;
import java.util.Objects;
import java.util.Optional;
import javax.inject.Inject;

/* loaded from: input_file:io/trino/server/ui/PasswordManagerFormAuthenticator.class */
public class PasswordManagerFormAuthenticator implements FormAuthenticator {
    private static final Logger log = Logger.get(PasswordManagerFormAuthenticator.class);
    private final PasswordAuthenticatorManager passwordAuthenticatorManager;
    private final UserMapping userMapping;
    private final boolean insecureAuthenticationOverHttpAllowed;

    @Inject
    public PasswordManagerFormAuthenticator(PasswordAuthenticatorManager passwordAuthenticatorManager, PasswordAuthenticatorConfig passwordAuthenticatorConfig, SecurityConfig securityConfig) {
        this.passwordAuthenticatorManager = (PasswordAuthenticatorManager) Objects.requireNonNull(passwordAuthenticatorManager, "passwordAuthenticatorManager is null");
        passwordAuthenticatorManager.setRequired();
        this.userMapping = UserMapping.createUserMapping(passwordAuthenticatorConfig.getUserMappingPattern(), passwordAuthenticatorConfig.getUserMappingFile());
        this.insecureAuthenticationOverHttpAllowed = securityConfig.isInsecureAuthenticationOverHttpAllowed();
    }

    @Override // io.trino.server.ui.FormAuthenticator
    public boolean isLoginEnabled(boolean z) {
        if (z) {
            return true;
        }
        return this.insecureAuthenticationOverHttpAllowed;
    }

    @Override // io.trino.server.ui.FormAuthenticator
    public boolean isPasswordAllowed(boolean z) {
        return z;
    }

    @Override // io.trino.server.ui.FormAuthenticator
    public Optional<String> isValidCredential(String str, String str2, boolean z) {
        if (str == null) {
            return Optional.empty();
        }
        if (!z) {
            return Optional.of(str).filter(str3 -> {
                return this.insecureAuthenticationOverHttpAllowed && str2 == null;
            });
        }
        Iterator<PasswordAuthenticator> it = this.passwordAuthenticatorManager.getAuthenticators().iterator();
        while (it.hasNext()) {
            try {
                return Optional.of(this.userMapping.mapUser(it.next().createAuthenticatedPrincipal(str, str2).toString()));
            } catch (AccessDeniedException | UserMappingException e) {
            } catch (RuntimeException e2) {
                log.debug(e2, "Error authenticating user for Web UI");
            }
        }
        return Optional.empty();
    }
}
