package io.trino.server.security;

import io.jsonwebtoken.JwtException;
import io.trino.spi.security.Identity;
import java.util.List;
import java.util.Optional;
import javax.ws.rs.container.ContainerRequestContext;

/* loaded from: input_file:io/trino/server/security/AbstractBearerAuthenticator.class */
public abstract class AbstractBearerAuthenticator implements Authenticator {
    @Override // io.trino.server.security.Authenticator
    public Identity authenticate(ContainerRequestContext containerRequestContext) throws AuthenticationException {
        return authenticate(containerRequestContext, extractToken(containerRequestContext));
    }

    public Identity authenticate(ContainerRequestContext containerRequestContext, String str) throws AuthenticationException {
        try {
            return createIdentity(str).orElseThrow(() -> {
                return needAuthentication(containerRequestContext, "Invalid credentials");
            });
        } catch (JwtException | UserMappingException e) {
            throw needAuthentication(containerRequestContext, e.getMessage());
        } catch (RuntimeException e2) {
            throw new RuntimeException("Authentication error", e2);
        }
    }

    public String extractToken(ContainerRequestContext containerRequestContext) throws AuthenticationException {
        List list = (List) containerRequestContext.getHeaders().get("Authorization");
        if (list == null || list.size() == 0) {
            throw needAuthentication(containerRequestContext, null);
        }
        if (list.size() > 1) {
            throw new IllegalArgumentException(String.format("Multiple %s headers detected: %s, where only single %s header is supported", "Authorization", list, "Authorization"));
        }
        String str = (String) list.get(0);
        int indexOf = str.indexOf(32);
        if (indexOf < 0 || !str.substring(0, indexOf).equalsIgnoreCase("bearer")) {
            throw needAuthentication(containerRequestContext, null);
        }
        String trim = str.substring(indexOf + 1).trim();
        if (trim.isEmpty()) {
            throw needAuthentication(containerRequestContext, null);
        }
        return trim;
    }

    protected abstract Optional<Identity> createIdentity(String str) throws UserMappingException;

    protected abstract AuthenticationException needAuthentication(ContainerRequestContext containerRequestContext, String str);
}
