package io.quarkus.amazon.lambda.http;

import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import java.security.Principal;
import java.util.Map;
import java.util.Optional;
import javax.enterprise.context.ApplicationScoped;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/amazon/lambda/http/DefaultLambdaIdentityProvider.class */
public final class DefaultLambdaIdentityProvider implements IdentityProvider<DefaultLambdaAuthenticationRequest> {
    public Class<DefaultLambdaAuthenticationRequest> getRequestType() {
        return DefaultLambdaAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(DefaultLambdaAuthenticationRequest defaultLambdaAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        SecurityIdentity authenticate = authenticate(defaultLambdaAuthenticationRequest.getEvent());
        return authenticate == null ? Uni.createFrom().optional(Optional.empty()) : Uni.createFrom().item(authenticate);
    }

    public static SecurityIdentity authenticate(APIGatewayV2HTTPEvent aPIGatewayV2HTTPEvent) {
        Principal principal = getPrincipal(aPIGatewayV2HTTPEvent);
        if (principal == null) {
            return null;
        }
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
        builder.setPrincipal(principal);
        return builder.build();
    }

    protected static Principal getPrincipal(APIGatewayV2HTTPEvent aPIGatewayV2HTTPEvent) {
        APIGatewayV2HTTPEvent.RequestContext.Authorizer authorizer;
        Object obj;
        Map<String, String> map = System.getenv();
        boolean parseBoolean = Boolean.parseBoolean(map.get("AWS_SAM_LOCAL"));
        APIGatewayV2HTTPEvent.RequestContext requestContext = aPIGatewayV2HTTPEvent.getRequestContext();
        if (parseBoolean && (requestContext == null || requestContext.getAuthorizer() == null)) {
            String str = map.get("QUARKUS_AWS_LAMBDA_FORCE_USER_NAME");
            if (str == null || str.isEmpty()) {
                return null;
            }
            return new QuarkusPrincipal(str);
        }
        if (requestContext == null || (authorizer = requestContext.getAuthorizer()) == null) {
            return null;
        }
        if (authorizer.getJwt() != null) {
            APIGatewayV2HTTPEvent.RequestContext.Authorizer.JWT jwt = authorizer.getJwt();
            Map claims = jwt.getClaims();
            if (claims == null || !claims.containsKey("cognito:username")) {
                return null;
            }
            return new CognitoPrincipal(jwt);
        }
        if (authorizer.getIam() != null) {
            if (authorizer.getIam().getUserId() != null) {
                return new IAMPrincipal(authorizer.getIam());
            }
            return null;
        }
        if (authorizer.getLambda() == null || (obj = authorizer.getLambda().get("principalId")) == null || !(obj instanceof String)) {
            return null;
        }
        return new CustomPrincipal((String) obj, authorizer.getLambda());
    }
}
