package io.prestosql.server.security;

import io.prestosql.server.security.Authenticator;
import java.security.cert.X509Certificate;
import java.util.Objects;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/prestosql/server/security/CertificateAuthenticator.class */
public class CertificateAuthenticator implements Authenticator {
    private static final String X509_ATTRIBUTE = "javax.servlet.request.X509Certificate";
    private final UserMapping userMapping;

    @Inject
    public CertificateAuthenticator(CertificateConfig certificateConfig) {
        Objects.requireNonNull(certificateConfig, "config is null");
        this.userMapping = UserMapping.createUserMapping(certificateConfig.getUserMappingPattern(), certificateConfig.getUserMappingFile());
    }

    @Override // io.prestosql.server.security.Authenticator
    public Authenticator.AuthenticatedPrincipal authenticate(HttpServletRequest httpServletRequest) throws AuthenticationException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute(X509_ATTRIBUTE);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new AuthenticationException(null);
        }
        X500Principal subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal();
        try {
            return new Authenticator.AuthenticatedPrincipal(this.userMapping.mapUser(subjectX500Principal.toString()), subjectX500Principal);
        } catch (UserMappingException e) {
            throw new AuthenticationException(e.getMessage());
        }
    }
}
