package io.quarkus.oidc.runtime;

import io.quarkus.oidc.OIDCException;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import java.util.Collections;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/oidc/runtime/OidcAuthenticationMechanism.class */
public class OidcAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    DefaultTenantConfigResolver resolver;
    private BearerAuthenticationMechanism bearerAuth = new BearerAuthenticationMechanism();
    private CodeAuthenticationMechanism codeAuth = new CodeAuthenticationMechanism();

    @PostConstruct
    public void init() {
        this.bearerAuth.setResolver(this.resolver);
        this.codeAuth.setResolver(this.resolver);
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        OidcTenantConfig resolve = resolve(routingContext);
        return !resolve.tenantEnabled ? Uni.createFrom().nullItem() : isWebApp(routingContext, resolve) ? this.codeAuth.authenticate(routingContext, identityProviderManager) : this.bearerAuth.authenticate(routingContext, identityProviderManager);
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        OidcTenantConfig resolve = resolve(routingContext);
        return !resolve.tenantEnabled ? Uni.createFrom().nullItem() : isWebApp(routingContext, resolve) ? this.codeAuth.getChallenge(routingContext) : this.bearerAuth.getChallenge(routingContext);
    }

    private OidcTenantConfig resolve(RoutingContext routingContext) {
        OidcTenantConfig resolveConfig = this.resolver.resolveConfig(routingContext);
        if (resolveConfig == null) {
            throw new OIDCException("Tenant configuration has not been resolved");
        }
        return resolveConfig;
    }

    private boolean isWebApp(RoutingContext routingContext, OidcTenantConfig oidcTenantConfig) {
        return OidcTenantConfig.ApplicationType.HYBRID == oidcTenantConfig.applicationType ? routingContext.request().getHeader("Authorization") == null : OidcTenantConfig.ApplicationType.WEB_APP == oidcTenantConfig.applicationType;
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return Collections.singleton(TokenAuthenticationRequest.class);
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public HttpCredentialTransport getCredentialTransport() {
        return new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, "bearer");
    }
}
