package io.trino.server.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import io.airlift.configuration.secrets.SecretsResolver;
import io.trino.spi.security.AccessDeniedException;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.HeaderAuthenticator;
import io.trino.spi.security.HeaderAuthenticatorFactory;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/trino/server/security/TestHeaderAuthenticatorManager.class */
public class TestHeaderAuthenticatorManager {

    /* loaded from: input_file:io/trino/server/security/TestHeaderAuthenticatorManager$TestingHeaderAuthenticatorFactory.class */
    private static class TestingHeaderAuthenticatorFactory implements HeaderAuthenticatorFactory {
        private final String header;
        private final String name;

        TestingHeaderAuthenticatorFactory(String str, String str2) {
            this.header = (String) Objects.requireNonNull(str2, "header is null");
            this.name = (String) Objects.requireNonNull(str, "name is null");
        }

        public String getName() {
            return this.name;
        }

        public HeaderAuthenticator create(Map<String, String> map) {
            return headers -> {
                return (Principal) Optional.ofNullable(headers.getHeader(this.header)).map(list -> {
                    return new BasicPrincipal((String) list.get(0));
                }).orElseThrow(() -> {
                    return new AccessDeniedException("You shall not pass!");
                });
            };
        }
    }

    @Test
    public void testMultipleConfigFiles() throws Exception {
        Path createTempFile = Files.createTempFile("headerConfig", "1", new FileAttribute[0]);
        Path createTempFile2 = Files.createTempFile("headerConfig", "2", new FileAttribute[0]);
        Files.write(createTempFile, (Iterable<? extends CharSequence>) ImmutableList.of("header-authenticator.name=type1"), new OpenOption[0]);
        Files.write(createTempFile2, (Iterable<? extends CharSequence>) ImmutableList.of("header-authenticator.name=type2"), new OpenOption[0]);
        ImmutableMap of = ImmutableMap.of("x-forwarded-client-cert", ImmutableList.of("foo", "bar"));
        ImmutableMap of2 = ImmutableMap.of("forwarded-client-cert", ImmutableList.of("cat", "dog"));
        ImmutableMap of3 = ImmutableMap.of("try-hard-authn", ImmutableList.of("foo", "bar"));
        HeaderAuthenticatorManager headerAuthenticatorManager = new HeaderAuthenticatorManager(new HeaderAuthenticatorConfig().setHeaderAuthenticatorFiles(ImmutableList.of(createTempFile.toAbsolutePath().toString(), createTempFile2.toAbsolutePath().toString())), new SecretsResolver(ImmutableMap.of()));
        headerAuthenticatorManager.setRequired();
        headerAuthenticatorManager.addHeaderAuthenticatorFactory(new TestingHeaderAuthenticatorFactory("type1", "x-forwarded-client-cert"));
        headerAuthenticatorManager.addHeaderAuthenticatorFactory(new TestingHeaderAuthenticatorFactory("type2", "forwarded-client-cert"));
        headerAuthenticatorManager.loadHeaderAuthenticator();
        List<HeaderAuthenticator> authenticators = headerAuthenticatorManager.getAuthenticators();
        Objects.requireNonNull(of);
        Assertions.assertThat(login(authenticators, (v1) -> {
            return r2.get(v1);
        })).isTrue();
        Objects.requireNonNull(of2);
        Assertions.assertThat(login(authenticators, (v1) -> {
            return r2.get(v1);
        })).isTrue();
        Objects.requireNonNull(of3);
        Assertions.assertThat(login(authenticators, (v1) -> {
            return r2.get(v1);
        })).isFalse();
    }

    private boolean login(List<HeaderAuthenticator> list, HeaderAuthenticator.Headers headers) {
        return list.stream().anyMatch(headerAuthenticator -> {
            try {
                headerAuthenticator.createAuthenticatedPrincipal(headers);
                return true;
            } catch (AccessDeniedException e) {
                return false;
            }
        });
    }
}
