package io.quarkus.smallrye.jwt.runtime.auth;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.jwt.auth.principal.DefaultJWTCallerPrincipal;
import io.smallrye.jwt.auth.principal.DefaultJWTTokenParser;
import io.smallrye.jwt.auth.principal.JWTAuthContextInfo;
import io.smallrye.jwt.auth.principal.ParseException;
import io.smallrye.mutiny.Uni;
import java.util.HashSet;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.jboss.logging.Logger;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/smallrye/jwt/runtime/auth/MpJwtValidator.class */
public class MpJwtValidator implements IdentityProvider<TokenAuthenticationRequest> {
    private static final Logger log = Logger.getLogger(MpJwtValidator.class);
    final JWTAuthContextInfo authContextInfo;
    private final DefaultJWTTokenParser parser;

    public MpJwtValidator() {
        this.parser = new DefaultJWTTokenParser();
        this.authContextInfo = null;
    }

    @Inject
    public MpJwtValidator(JWTAuthContextInfo jWTAuthContextInfo) {
        this.parser = new DefaultJWTTokenParser();
        this.authContextInfo = jWTAuthContextInfo;
    }

    public Class<TokenAuthenticationRequest> getRequestType() {
        return TokenAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(TokenAuthenticationRequest tokenAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        try {
            JwtClaims jwtClaims = this.parser.parse(tokenAuthenticationRequest.getToken().getToken(), this.authContextInfo).getJwtClaims();
            String str = (String) jwtClaims.getClaimValue("upn", String.class);
            if (str == null) {
                str = (String) jwtClaims.getClaimValue("preferred_username", String.class);
                if (str == null) {
                    str = jwtClaims.getSubject();
                }
            }
            DefaultJWTCallerPrincipal quarkusJwtCallerPrincipal = new QuarkusJwtCallerPrincipal(str, jwtClaims);
            return Uni.createFrom().item(QuarkusSecurityIdentity.builder().setPrincipal(quarkusJwtCallerPrincipal).addRoles(new HashSet(jwtClaims.getStringListClaimValue("groups"))).addAttribute("quarkus.user", quarkusJwtCallerPrincipal).build());
        } catch (ParseException | MalformedClaimException e) {
            log.debug("Authentication failed", e);
            return Uni.createFrom().failure(new AuthenticationFailedException(e));
        }
    }
}
