package io.quarkus.oidc;

import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.vertx.core.AsyncResult;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.oauth2.AccessToken;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import javax.enterprise.context.ApplicationScoped;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.consumer.InvalidJwtException;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/oidc/VertxOAuth2IdentityProvider.class */
public class VertxOAuth2IdentityProvider implements IdentityProvider<TokenAuthenticationRequest> {
    private volatile OAuth2Auth auth;

    public OAuth2Auth getAuth() {
        return this.auth;
    }

    public VertxOAuth2IdentityProvider setAuth(OAuth2Auth oAuth2Auth) {
        this.auth = oAuth2Auth;
        return this;
    }

    public Class<TokenAuthenticationRequest> getRequestType() {
        return TokenAuthenticationRequest.class;
    }

    public CompletionStage<SecurityIdentity> authenticate(final TokenAuthenticationRequest tokenAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        final CompletableFuture completableFuture = new CompletableFuture();
        this.auth.decodeToken(tokenAuthenticationRequest.getToken().getToken(), new Handler<AsyncResult<AccessToken>>() { // from class: io.quarkus.oidc.VertxOAuth2IdentityProvider.1
            public void handle(AsyncResult<AccessToken> asyncResult) {
                JsonArray jsonArray;
                if (asyncResult.failed()) {
                    completableFuture.completeExceptionally(asyncResult.cause());
                    return;
                }
                AccessToken accessToken = (AccessToken) asyncResult.result();
                QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
                try {
                    builder.setPrincipal(new VertxJwtCallerPrincipal(accessToken.principal().getString("username"), JwtClaims.parse(accessToken.accessToken().encode())));
                    JsonObject jsonObject = accessToken.accessToken().getJsonObject("realm_access");
                    if (jsonObject != null && (jsonArray = jsonObject.getJsonArray("roles")) != null) {
                        Iterator it = jsonArray.iterator();
                        while (it.hasNext()) {
                            builder.addRole(it.next().toString());
                        }
                    }
                    builder.addCredential(tokenAuthenticationRequest.getToken());
                    completableFuture.complete(builder.build());
                } catch (InvalidJwtException e) {
                    completableFuture.completeExceptionally(e);
                }
            }
        });
        return completableFuture;
    }
}
