package io.quarkus.oidc.runtime;

import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.smallrye.mutiny.Uni;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.ext.web.RoutingContext;

/* loaded from: input_file:io/quarkus/oidc/runtime/BearerAuthenticationMechanism.class */
public class BearerAuthenticationMechanism extends AbstractOidcAuthenticationMechanism {
    protected static final ChallengeData UNAUTHORIZED_CHALLENGE = new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), (CharSequence) null, (String) null);

    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        String extractBearerToken = extractBearerToken(routingContext, this.resolver.resolveConfig(routingContext));
        return extractBearerToken != null ? authenticate(identityProviderManager, new AccessTokenCredential(extractBearerToken, routingContext)) : Uni.createFrom().nullItem();
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        return Uni.createFrom().item(UNAUTHORIZED_CHALLENGE);
    }

    private String extractBearerToken(RoutingContext routingContext, OidcTenantConfig oidcTenantConfig) {
        HttpServerRequest request = routingContext.request();
        String charSequence = oidcTenantConfig.token.header.isPresent() ? oidcTenantConfig.token.header.get() : HttpHeaders.AUTHORIZATION.toString();
        String str = request.headers().get(charSequence);
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(32);
        String substring = indexOf > 0 ? str.substring(0, indexOf) : null;
        if (substring == null && !charSequence.equalsIgnoreCase(HttpHeaders.AUTHORIZATION.toString())) {
            return str;
        }
        if ("Bearer".equalsIgnoreCase(substring)) {
            return str.substring(indexOf + 1);
        }
        return null;
    }
}
