package io.apicurio.tenantmanager.auth;

import io.apicurio.tenantmanager.logging.audit.AuditHttpRequestContext;
import io.apicurio.tenantmanager.logging.audit.AuditHttpRequestInfo;
import io.apicurio.tenantmanager.logging.audit.AuditLogService;
import io.apicurio.tenantmanager.metrics.MetricsConstants;
import io.quarkus.oidc.runtime.BearerAuthenticationMechanism;
import io.quarkus.oidc.runtime.OidcAuthenticationMechanism;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import java.util.function.BiConsumer;
import javax.annotation.Priority;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Alternative;
import javax.inject.Inject;
import org.slf4j.Logger;

@Alternative
@Priority(1)
@ApplicationScoped
/* loaded from: input_file:io/apicurio/tenantmanager/auth/CustomAuthenticationMechanism.class */
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    Logger log;

    @Inject
    OidcAuthenticationMechanism oidcAuthenticationMechanism;

    @Inject
    AuditLogService auditLog;
    private final BearerAuthenticationMechanism bearerAuth = new BearerAuthenticationMechanism();

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        BiConsumer biConsumer = (BiConsumer) routingContext.get("io.quarkus.vertx.http.auth-failure-handler");
        routingContext.put("io.quarkus.vertx.http.auth-failure-handler", (routingContext2, th) -> {
            biConsumer.accept(routingContext2, th);
            if (routingContext2.response().getStatusCode() >= 400) {
                HashMap hashMap = new HashMap();
                hashMap.put(MetricsConstants.REST_REQUESTS_TAG_METHOD, routingContext2.request().method().name());
                hashMap.put(MetricsConstants.REST_REQUESTS_TAG_PATH, routingContext2.request().path());
                hashMap.put("response_code", String.valueOf(routingContext2.response().getStatusCode()));
                if (th != null) {
                    hashMap.put("error_msg", th.getMessage());
                }
                this.auditLog.log("authenticate", AuditHttpRequestContext.FAILURE, hashMap, new AuditHttpRequestInfo() { // from class: io.apicurio.tenantmanager.auth.CustomAuthenticationMechanism.1
                    @Override // io.apicurio.tenantmanager.logging.audit.AuditHttpRequestInfo
                    public String getSourceIp() {
                        return routingContext2.request().remoteAddress().toString();
                    }

                    @Override // io.apicurio.tenantmanager.logging.audit.AuditHttpRequestInfo
                    public String getForwardedFor() {
                        return routingContext2.request().getHeader(AuditHttpRequestContext.X_FORWARDED_FOR_HEADER);
                    }
                });
            }
        });
        return this.oidcAuthenticationMechanism.authenticate(routingContext, identityProviderManager);
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return this.bearerAuth.getChallenge(routingContext);
    }

    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return Collections.singleton(TokenAuthenticationRequest.class);
    }

    public HttpCredentialTransport getCredentialTransport() {
        return new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "bearer");
    }
}
