package io.micronaut.function.aws.proxy.security;

import com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent;
import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.async.publisher.Publishers;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.filters.AuthenticationFetcher;
import io.micronaut.servlet.http.ServletHttpRequest;
import jakarta.inject.Singleton;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.reactivestreams.Publisher;

@Singleton
@Requires(classes = {AuthenticationFetcher.class})
/* loaded from: input_file:io/micronaut/function/aws/proxy/security/MicronautLambdaAuthenticationFetcher.class */
public class MicronautLambdaAuthenticationFetcher implements AuthenticationFetcher<HttpRequest<?>> {
    private static final String HEADER_OIDC_IDENTITY = "x-amzn-oidc-identity";
    private static final String CLAIM_SUB = "sub";
    private static final String CLAIMS = "claims";

    public Publisher<Authentication> fetchAuthentication(HttpRequest<?> httpRequest) {
        Optional<Authentication> empty = Optional.empty();
        if (httpRequest instanceof ServletHttpRequest) {
            Object nativeRequest = ((ServletHttpRequest) httpRequest).getNativeRequest();
            if (nativeRequest instanceof APIGatewayV2HTTPEvent) {
                empty = fetchAuthentication((APIGatewayV2HTTPEvent) nativeRequest);
            } else if (nativeRequest instanceof APIGatewayProxyRequestEvent) {
                empty = fetchAuthentication((APIGatewayProxyRequestEvent) nativeRequest);
            }
        }
        if (empty.isEmpty()) {
            empty = fetchAuthenticationFromHeader(httpRequest);
        }
        return (Publisher) empty.map((v0) -> {
            return Publishers.just(v0);
        }).orElseGet(Publishers::empty);
    }

    private Optional<Authentication> fetchAuthenticationFromHeader(HttpRequest<?> httpRequest) {
        String str = (String) httpRequest.getHeaders().get(HEADER_OIDC_IDENTITY);
        return str != null ? Optional.of(Authentication.build(str, Collections.emptyMap())) : Optional.empty();
    }

    private Optional<Authentication> fetchAuthentication(APIGatewayProxyRequestEvent aPIGatewayProxyRequestEvent) {
        Map<String, Object> authorizer = aPIGatewayProxyRequestEvent.getRequestContext().getAuthorizer();
        if (authorizer == null) {
            return Optional.empty();
        }
        if (authorizer.containsKey(CLAIM_SUB)) {
            return fetchAuthentication(authorizer);
        }
        if (authorizer.containsKey(CLAIMS)) {
            Object obj = authorizer.get(CLAIMS);
            if (obj instanceof Map) {
                return fetchAuthentication((Map<String, Object>) obj);
            }
        }
        return Optional.empty();
    }

    private Optional<Authentication> fetchAuthentication(APIGatewayV2HTTPEvent aPIGatewayV2HTTPEvent) {
        APIGatewayV2HTTPEvent.RequestContext.Authorizer authorizer;
        APIGatewayV2HTTPEvent.RequestContext.Authorizer.JWT jwt;
        HashMap hashMap;
        Object obj;
        return (aPIGatewayV2HTTPEvent.getRequestContext() == null || (authorizer = aPIGatewayV2HTTPEvent.getRequestContext().getAuthorizer()) == null || (jwt = authorizer.getJwt()) == null || jwt.getClaims() == null || (obj = (hashMap = new HashMap(jwt.getClaims())).get(CLAIM_SUB)) == null) ? Optional.empty() : Optional.of(Authentication.build(obj.toString(), hashMap));
    }

    @NonNull
    private Optional<Authentication> fetchAuthentication(@NonNull Map<String, Object> map) {
        Object obj = map.get(CLAIM_SUB);
        return obj != null ? Optional.of(Authentication.build(obj.toString(), map)) : Optional.empty();
    }
}
