package io.stargate.sgv2.api.common.security;

import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils;
import io.smallrye.mutiny.Uni;
import io.stargate.sgv2.api.common.security.challenge.ChallengeSender;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.inject.Instance;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/stargate/sgv2/api/common/security/HeaderBasedAuthenticationMechanism.class */
public class HeaderBasedAuthenticationMechanism implements HttpAuthenticationMechanism {
    private static final Logger LOG = LoggerFactory.getLogger(HeaderBasedAuthenticationMechanism.class);
    private final String headerName;
    private final Instance<ChallengeSender> customChallengeSender;

    public HeaderBasedAuthenticationMechanism(String str, Instance<ChallengeSender> instance) {
        this.headerName = str;
        this.customChallengeSender = instance;
    }

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        String header = routingContext.request().getHeader(this.headerName);
        if (null == header) {
            return Uni.createFrom().optional(Optional.empty());
        }
        HeaderAuthenticationRequest headerAuthenticationRequest = new HeaderAuthenticationRequest(this.headerName, header);
        HttpSecurityUtils.setRoutingContextAttribute(headerAuthenticationRequest, routingContext);
        return identityProviderManager.authenticate(headerAuthenticationRequest);
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return Uni.createFrom().item(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), (CharSequence) null, (String) null));
    }

    public Uni<Boolean> sendChallenge(RoutingContext routingContext) {
        return !this.customChallengeSender.isResolvable() ? super.sendChallenge(routingContext) : getChallenge(routingContext).flatMap(challengeData -> {
            return ((ChallengeSender) this.customChallengeSender.get()).apply(routingContext, challengeData);
        });
    }

    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return Collections.singleton(HeaderAuthenticationRequest.class);
    }

    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext routingContext) {
        return Uni.createFrom().item(new HttpCredentialTransport(HttpCredentialTransport.Type.OTHER_HEADER, this.headerName));
    }
}
