package io.quarkus.oidc.runtime;

import io.quarkus.security.credential.TokenCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TokenAuthenticationRequest;
import io.quarkus.vertx.core.runtime.context.VertxContextSafetyToggle;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils;
import io.smallrye.mutiny.Uni;
import io.vertx.core.Context;
import io.vertx.core.Vertx;
import io.vertx.ext.web.RoutingContext;

/* loaded from: input_file:io/quarkus/oidc/runtime/AbstractOidcAuthenticationMechanism.class */
abstract class AbstractOidcAuthenticationMechanism {
    private static final String OIDC_PROPAGATE_TOKEN_CREDENTIAL = "io.quarkus.oidc.runtime.AbstractOidcAuthenticationMechanism.PROPAGATE_TOKEN_CREDENTIAL_WITH_DUPLICATED_CTX";
    private static final String ERROR_MSG = "OIDC requires a safe (isolated) Vert.x sub-context for propagation of the '" + TokenCredential.class.getName() + "', but the current context hasn't been flagged as such.";
    protected DefaultTenantConfigResolver resolver;
    private final boolean propagateTokenCredentialWithDuplicatedCtx = Boolean.getBoolean(OIDC_PROPAGATE_TOKEN_CREDENTIAL);
    private HttpAuthenticationMechanism parent;

    /* JADX INFO: Access modifiers changed from: protected */
    public Uni<SecurityIdentity> authenticate(IdentityProviderManager identityProviderManager, RoutingContext routingContext, TokenCredential tokenCredential) {
        routingContext.put(HttpAuthenticationMechanism.class.getName(), this.parent);
        if (!this.propagateTokenCredentialWithDuplicatedCtx) {
            return identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new TokenAuthenticationRequest(tokenCredential), routingContext));
        }
        VertxContextSafetyToggle.validateContextIfExists(ERROR_MSG, ERROR_MSG);
        final Context currentContext = Vertx.currentContext();
        currentContext.putLocal(TokenCredential.class.getName(), tokenCredential);
        return identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new TokenAuthenticationRequest(tokenCredential), routingContext)).invoke(new Runnable() { // from class: io.quarkus.oidc.runtime.AbstractOidcAuthenticationMechanism.1
            @Override // java.lang.Runnable
            public void run() {
                currentContext.removeLocal(TokenCredential.class.getName());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init(HttpAuthenticationMechanism httpAuthenticationMechanism, DefaultTenantConfigResolver defaultTenantConfigResolver) {
        this.parent = httpAuthenticationMechanism;
        this.resolver = defaultTenantConfigResolver;
    }
}
