package io.quarkus.elytron.security.runtime;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.vertx.http.runtime.security.TrustedAuthenticationRequest;
import java.util.Iterator;
import java.util.concurrent.CompletionStage;
import java.util.function.Supplier;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.jboss.logging.Logger;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.credential.PasswordCredential;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/elytron/security/runtime/ElytronTrustedIdentityProvider.class */
public class ElytronTrustedIdentityProvider implements IdentityProvider<TrustedAuthenticationRequest> {
    private static Logger log = Logger.getLogger(ElytronTrustedIdentityProvider.class);

    @Inject
    SecurityDomain domain;

    public Class<TrustedAuthenticationRequest> getRequestType() {
        return TrustedAuthenticationRequest.class;
    }

    public CompletionStage<SecurityIdentity> authenticate(final TrustedAuthenticationRequest trustedAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        return authenticationRequestContext.runBlocking(new Supplier<SecurityIdentity>() { // from class: io.quarkus.elytron.security.runtime.ElytronTrustedIdentityProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public SecurityIdentity get() {
                try {
                    RealmIdentity identity = ElytronTrustedIdentityProvider.this.domain.getIdentity(trustedAuthenticationRequest.getPrincipal());
                    if (!identity.exists()) {
                        return null;
                    }
                    PasswordCredential credential = identity.getCredential(PasswordCredential.class);
                    ServerAuthenticationContext createNewAuthenticationContext = ElytronTrustedIdentityProvider.this.domain.createNewAuthenticationContext();
                    createNewAuthenticationContext.setAuthenticationName(trustedAuthenticationRequest.getPrincipal());
                    createNewAuthenticationContext.addPrivateCredential(credential);
                    createNewAuthenticationContext.authorize();
                    org.wildfly.security.auth.server.SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                    if (authorizedIdentity == null) {
                        throw new AuthenticationFailedException();
                    }
                    QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
                    builder.setPrincipal(authorizedIdentity.getPrincipal());
                    Iterator it = authorizedIdentity.getRoles().iterator();
                    while (it.hasNext()) {
                        builder.addRole((String) it.next());
                    }
                    return builder.build();
                } catch (RealmUnavailableException e) {
                    throw new RuntimeException((Throwable) e);
                } catch (SecurityException e2) {
                    ElytronTrustedIdentityProvider.log.debug("Authentication failed", e2);
                    throw new AuthenticationFailedException();
                }
            }
        });
    }
}
