package io.quarkus.amazon.lambda.http;

import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.vertx.http.runtime.QuarkusHttpHeaders;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/amazon/lambda/http/LambdaHttpAuthenticationMechanism.class */
public class LambdaHttpAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    Instance<IdentityProvider<LambdaAuthenticationRequest>> identityProviders;
    boolean useDefault;
    static final Set<Class<? extends AuthenticationRequest>> credentialTypes = new HashSet();

    @PostConstruct
    public void initialize() {
        this.useDefault = !this.identityProviders.iterator().hasNext();
    }

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        QuarkusHttpHeaders headers = routingContext.request().headers();
        if (headers instanceof QuarkusHttpHeaders) {
            Map contextObjects = headers.getContextObjects();
            if (contextObjects.containsKey(APIGatewayV2HTTPEvent.class)) {
                APIGatewayV2HTTPEvent aPIGatewayV2HTTPEvent = (APIGatewayV2HTTPEvent) contextObjects.get(APIGatewayV2HTTPEvent.class);
                if (isAuthenticatable(aPIGatewayV2HTTPEvent)) {
                    return this.useDefault ? identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new DefaultLambdaAuthenticationRequest(aPIGatewayV2HTTPEvent), routingContext)) : identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new LambdaAuthenticationRequest(aPIGatewayV2HTTPEvent), routingContext));
                }
            }
        }
        return Uni.createFrom().optional(Optional.empty());
    }

    private boolean isAuthenticatable(APIGatewayV2HTTPEvent aPIGatewayV2HTTPEvent) {
        Map<String, String> map = System.getenv();
        return (Boolean.parseBoolean(map.get("AWS_SAM_LOCAL")) && map.get("QUARKUS_AWS_LAMBDA_FORCE_USER_NAME") != null) || !(aPIGatewayV2HTTPEvent.getRequestContext() == null || aPIGatewayV2HTTPEvent.getRequestContext().getAuthorizer() == null);
    }

    public Uni<Boolean> sendChallenge(RoutingContext routingContext) {
        return Uni.createFrom().item(false);
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return Uni.createFrom().nullItem();
    }

    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return credentialTypes;
    }

    public HttpCredentialTransport getCredentialTransport() {
        return null;
    }

    static {
        credentialTypes.add(LambdaAuthenticationRequest.class);
        credentialTypes.add(DefaultLambdaAuthenticationRequest.class);
    }
}
