package io.quarkus.smallrye.jwt.runtime.auth;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.smallrye.jwt.auth.AbstractBearerTokenExtractor;
import io.smallrye.jwt.auth.principal.JWTAuthContextInfo;
import io.smallrye.mutiny.Uni;
import io.vertx.core.http.HttpHeaders;
import io.vertx.ext.web.RoutingContext;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/JWTAuthMechanism.class */
public class JWTAuthMechanism implements HttpAuthenticationMechanism {
    protected static final String COOKIE_HEADER = "Cookie";
    protected static final String AUTHORIZATION_HEADER = "Authorization";
    protected static final String BEARER = "Bearer";

    @Inject
    private JWTAuthContextInfo authContextInfo;

    /* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/JWTAuthMechanism$VertxBearerTokenExtractor.class */
    private static class VertxBearerTokenExtractor extends AbstractBearerTokenExtractor {
        private RoutingContext httpExchange;

        VertxBearerTokenExtractor(JWTAuthContextInfo jWTAuthContextInfo, RoutingContext routingContext) {
            super(jWTAuthContextInfo);
            this.httpExchange = routingContext;
        }

        protected String getHeaderValue(String str) {
            return this.httpExchange.request().headers().get(str);
        }

        protected String getCookieValue(String str) {
            String str2 = this.httpExchange.request().headers().get(HttpHeaders.COOKIE);
            if (str2 != null && this.httpExchange.cookieCount() == 0) {
                for (Cookie cookie : ServerCookieDecoder.STRICT.decode(str2)) {
                    if (cookie.name().equals(str)) {
                        return cookie.value();
                    }
                }
            }
            io.vertx.ext.web.Cookie cookie2 = this.httpExchange.getCookie(str);
            if (cookie2 != null) {
                return cookie2.getValue();
            }
            return null;
        }
    }

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        String bearerToken = new VertxBearerTokenExtractor(this.authContextInfo, routingContext).getBearerToken();
        return bearerToken != null ? identityProviderManager.authenticate(new TokenAuthenticationRequest(new JsonWebTokenCredential(bearerToken))) : Uni.createFrom().optional(Optional.empty());
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return Uni.createFrom().item(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, "Bearer {token}"));
    }

    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return Collections.singleton(TokenAuthenticationRequest.class);
    }

    public HttpCredentialTransport getCredentialTransport() {
        String tokenHeader = this.authContextInfo.getTokenHeader();
        if (!COOKIE_HEADER.equals(tokenHeader)) {
            return AUTHORIZATION_HEADER.equals(tokenHeader) ? new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, BEARER) : new HttpCredentialTransport(HttpCredentialTransport.Type.OTHER_HEADER, tokenHeader);
        }
        String tokenCookie = this.authContextInfo.getTokenCookie();
        if (tokenCookie == null) {
            tokenCookie = BEARER;
        }
        return new HttpCredentialTransport(HttpCredentialTransport.Type.COOKIE, tokenCookie);
    }
}
