package io.quarkus.smallrye.jwt.runtime.auth;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils;
import io.smallrye.jwt.auth.principal.JWTParser;
import io.smallrye.jwt.auth.principal.ParseException;
import io.smallrye.mutiny.Uni;
import io.smallrye.mutiny.subscription.UniEmitter;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.function.Consumer;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/MpJwtValidator.class */
public class MpJwtValidator implements IdentityProvider<TokenAuthenticationRequest> {
    private static final Logger log = Logger.getLogger(MpJwtValidator.class);
    final JWTParser parser;
    final boolean blockingAuthentication;

    public MpJwtValidator() {
        this.parser = null;
        this.blockingAuthentication = false;
    }

    @Inject
    public MpJwtValidator(JWTParser jWTParser, SmallRyeJwtConfig smallRyeJwtConfig) {
        this.parser = jWTParser;
        this.blockingAuthentication = smallRyeJwtConfig == null ? false : smallRyeJwtConfig.blockingAuthentication();
    }

    public Class<TokenAuthenticationRequest> getRequestType() {
        return TokenAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(final TokenAuthenticationRequest tokenAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        return !(tokenAuthenticationRequest.getToken() instanceof JsonWebTokenCredential) ? Uni.createFrom().nullItem() : !this.blockingAuthentication ? Uni.createFrom().emitter(new Consumer<UniEmitter<? super SecurityIdentity>>() { // from class: io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator.1
            @Override // java.util.function.Consumer
            public void accept(UniEmitter<? super SecurityIdentity> uniEmitter) {
                try {
                    uniEmitter.complete(MpJwtValidator.this.createSecurityIdentity(tokenAuthenticationRequest));
                } catch (AuthenticationFailedException e) {
                    uniEmitter.fail(e);
                }
            }
        }) : authenticationRequestContext.runBlocking(() -> {
            return createSecurityIdentity(tokenAuthenticationRequest);
        });
    }

    private SecurityIdentity createSecurityIdentity(TokenAuthenticationRequest tokenAuthenticationRequest) {
        try {
            JsonWebToken parse = this.parser.parse(tokenAuthenticationRequest.getToken().getToken());
            QuarkusSecurityIdentity.Builder addAttribute = QuarkusSecurityIdentity.builder().setPrincipal(parse).addCredential(tokenAuthenticationRequest.getToken()).addRoles(parse.getGroups()).addAttribute("quarkus.user", parse);
            RoutingContext routingContextAttribute = HttpSecurityUtils.getRoutingContextAttribute(tokenAuthenticationRequest);
            if (routingContextAttribute != null) {
                addAttribute.addAttribute(RoutingContext.class.getName(), routingContextAttribute);
            }
            return addAttribute.build();
        } catch (ParseException e) {
            log.debug("Authentication failed", e);
            throw new AuthenticationFailedException(e);
        }
    }
}
