package io.quarkus.oidc.runtime;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import java.util.function.Function;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/oidc/runtime/BearerAuthenticationMechanism.class */
public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
    private static final Logger LOG = Logger.getLogger(BearerAuthenticationMechanism.class);

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager, OidcTenantConfig oidcTenantConfig) {
        LOG.debug("Starting a bearer access token authentication");
        String extractBearerToken = OidcUtils.extractBearerToken(routingContext, oidcTenantConfig);
        if (extractBearerToken != null) {
            return authenticate(identityProviderManager, routingContext, new AccessTokenCredential(extractBearerToken));
        }
        LOG.debug("Bearer access token is not available");
        return Uni.createFrom().nullItem();
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return this.resolver.resolveContext(routingContext).onItem().transformToUni(new Function<TenantConfigContext, Uni<? extends ChallengeData>>() { // from class: io.quarkus.oidc.runtime.BearerAuthenticationMechanism.1
            @Override // java.util.function.Function
            public Uni<ChallengeData> apply(TenantConfigContext tenantConfigContext) {
                return Uni.createFrom().item(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, tenantConfigContext.oidcConfig().token.authorizationScheme));
            }
        });
    }
}
