package io.quarkus.oidc.runtime;

import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.vertx.core.http.HttpHeaders;
import io.vertx.ext.web.RoutingContext;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;

/* loaded from: input_file:io/quarkus/oidc/runtime/BearerAuthenticationMechanism.class */
public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
    private static final String BEARER = "Bearer";

    public CompletionStage<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager, DefaultTenantConfigResolver defaultTenantConfigResolver) {
        String extractBearerToken = extractBearerToken(routingContext);
        return extractBearerToken != null ? authenticate(identityProviderManager, new AccessTokenCredential(extractBearerToken, routingContext)) : CompletableFuture.completedFuture(null);
    }

    public CompletionStage<ChallengeData> getChallenge(RoutingContext routingContext, DefaultTenantConfigResolver defaultTenantConfigResolver) {
        return extractBearerToken(routingContext) == null ? CompletableFuture.completedFuture(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), null, null)) : CompletableFuture.completedFuture(new ChallengeData(HttpResponseStatus.FORBIDDEN.code(), null, null));
    }

    private String extractBearerToken(RoutingContext routingContext) {
        int indexOf;
        String str = routingContext.request().headers().get(HttpHeaders.AUTHORIZATION);
        if (str != null && (indexOf = str.indexOf(32)) > 0 && BEARER.equalsIgnoreCase(str.substring(0, indexOf))) {
            return str.substring(indexOf + 1);
        }
        return null;
    }
}
