package io.quarkus.smallrye.jwt.runtime.auth;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import io.quarkus.security.credential.TokenCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.HTTPAuthenticationMechanism;
import io.smallrye.jwt.auth.AbstractBearerTokenExtractor;
import io.smallrye.jwt.auth.cdi.PrincipalProducer;
import io.smallrye.jwt.auth.principal.JWTAuthContextInfo;
import io.vertx.core.http.HttpHeaders;
import io.vertx.ext.web.RoutingContext;
import java.lang.annotation.Annotation;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.spi.CDI;
import javax.inject.Inject;
import org.eclipse.microprofile.jwt.JsonWebToken;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/JWTAuthMechanism.class */
public class JWTAuthMechanism implements HTTPAuthenticationMechanism {

    @Inject
    private JWTAuthContextInfo authContextInfo;

    /* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/JWTAuthMechanism$VertxBearerTokenExtractor.class */
    private static class VertxBearerTokenExtractor extends AbstractBearerTokenExtractor {
        private RoutingContext httpExchange;

        VertxBearerTokenExtractor(JWTAuthContextInfo jWTAuthContextInfo, RoutingContext routingContext) {
            super(jWTAuthContextInfo);
            this.httpExchange = routingContext;
        }

        protected String getHeaderValue(String str) {
            return this.httpExchange.request().headers().get(str);
        }

        protected String getCookieValue(String str) {
            String str2 = this.httpExchange.request().headers().get(HttpHeaders.COOKIE);
            if (str2 != null && this.httpExchange.cookieCount() == 0) {
                for (Cookie cookie : ServerCookieDecoder.STRICT.decode(str2)) {
                    if (cookie.name().equals(str)) {
                        return cookie.value();
                    }
                }
            }
            io.vertx.ext.web.Cookie cookie2 = this.httpExchange.getCookie(str);
            if (cookie2 != null) {
                return cookie2.getValue();
            }
            return null;
        }
    }

    private void preparePrincipalProducer(JsonWebToken jsonWebToken) {
        ((PrincipalProducer) CDI.current().select(PrincipalProducer.class, new Annotation[0]).get()).setJsonWebToken(jsonWebToken);
    }

    public CompletionStage<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        String bearerToken = new VertxBearerTokenExtractor(this.authContextInfo, routingContext).getBearerToken();
        return bearerToken != null ? identityProviderManager.authenticate(new TokenAuthenticationRequest(new TokenCredential(bearerToken, "bearer"))) : CompletableFuture.completedFuture(null);
    }

    public CompletionStage<Boolean> sendChallenge(RoutingContext routingContext) {
        routingContext.response().headers().set(HttpHeaderNames.WWW_AUTHENTICATE, "Bearer {token}");
        routingContext.response().setStatusCode(HttpResponseStatus.UNAUTHORIZED.code());
        return CompletableFuture.completedFuture(true);
    }
}
