package io.quarkus.elytron.security.runtime;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.Iterator;
import java.util.function.Supplier;
import org.jboss.logging.Logger;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.evidence.BearerTokenEvidence;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/elytron/security/runtime/ElytronTokenIdentityProvider.class */
public class ElytronTokenIdentityProvider implements IdentityProvider<TokenAuthenticationRequest> {
    private static final Logger log = Logger.getLogger(ElytronTokenIdentityProvider.class);

    @Inject
    SecurityDomain domain;

    public Class<TokenAuthenticationRequest> getRequestType() {
        return TokenAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(final TokenAuthenticationRequest tokenAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        return authenticationRequestContext.runBlocking(new Supplier<SecurityIdentity>() { // from class: io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public SecurityIdentity get() {
                try {
                    org.wildfly.security.auth.server.SecurityIdentity authenticate = ElytronTokenIdentityProvider.this.domain.authenticate(new BearerTokenEvidence(tokenAuthenticationRequest.getToken().getToken()));
                    if (authenticate == null) {
                        throw new AuthenticationFailedException();
                    }
                    QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
                    for (Attributes.Entry entry : authenticate.getAttributes().entries()) {
                        builder.addAttribute(entry.getKey(), entry);
                    }
                    builder.setPrincipal(authenticate.getPrincipal());
                    Iterator it = authenticate.getRoles().iterator();
                    while (it.hasNext()) {
                        builder.addRole((String) it.next());
                    }
                    builder.addCredential(tokenAuthenticationRequest.getToken());
                    return builder.build();
                } catch (RealmUnavailableException e) {
                    throw new RuntimeException((Throwable) e);
                } catch (SecurityException e2) {
                    ElytronTokenIdentityProvider.log.debug("Authentication failed", e2);
                    throw new AuthenticationFailedException(e2);
                }
            }
        });
    }
}
