package io.trino.server;

import com.google.common.net.MediaType;
import io.trino.spi.security.BasicPrincipal;
import io.trino.spi.security.Identity;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.security.Principal;
import java.util.Collection;
import java.util.Iterator;
import java.util.Optional;

/* loaded from: input_file:io/trino/server/ServletSecurityUtils.class */
public final class ServletSecurityUtils {
    private static final String AUTHENTICATED_IDENTITY = "trino.authenticated-identity";

    private ServletSecurityUtils() {
    }

    public static void sendErrorMessage(ContainerRequestContext containerRequestContext, Response.Status status, String str) {
        containerRequestContext.abortWith(errorResponse(status, str).build());
    }

    public static void sendWwwAuthenticate(ContainerRequestContext containerRequestContext, String str, Collection<String> collection) {
        containerRequestContext.abortWith(authenticateResponse(str, collection).build());
    }

    private static Response.ResponseBuilder authenticateResponse(String str, Collection<String> collection) {
        Response.ResponseBuilder errorResponse = errorResponse(Response.Status.UNAUTHORIZED, str);
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            errorResponse.header("WWW-Authenticate", it.next());
        }
        return errorResponse;
    }

    private static Response.ResponseBuilder errorResponse(Response.Status status, String str) {
        return Response.status(status.getStatusCode(), str).type(MediaType.PLAIN_TEXT_UTF_8.toString()).entity(str);
    }

    public static Optional<Identity> authenticatedIdentity(ContainerRequestContext containerRequestContext) {
        return Optional.ofNullable((Identity) containerRequestContext.getProperty(AUTHENTICATED_IDENTITY));
    }

    public static Optional<Identity> authenticatedIdentity(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable((Identity) httpServletRequest.getAttribute(AUTHENTICATED_IDENTITY));
    }

    public static void clearAuthenticatedIdentity(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute(AUTHENTICATED_IDENTITY, (Object) null);
    }

    public static void setAuthenticatedIdentity(ContainerRequestContext containerRequestContext, String str) {
        setAuthenticatedIdentity(containerRequestContext, Identity.forUser(str).withPrincipal(new BasicPrincipal(str)).build());
    }

    public static void setAuthenticatedIdentity(ContainerRequestContext containerRequestContext, Identity identity) {
        containerRequestContext.setProperty(AUTHENTICATED_IDENTITY, identity);
        final boolean isSecure = containerRequestContext.getSecurityContext().isSecure();
        final Principal principal = (Principal) identity.getPrincipal().orElse(null);
        containerRequestContext.setSecurityContext(new SecurityContext() { // from class: io.trino.server.ServletSecurityUtils.1
            public Principal getUserPrincipal() {
                return principal;
            }

            public boolean isUserInRole(String str) {
                return false;
            }

            public boolean isSecure() {
                return isSecure;
            }

            public String getAuthenticationScheme() {
                return "trino";
            }
        });
    }
}
