package io.quarkiverse.googlecloudservices.firebase.admin.runtime.authentication.http;

import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.auth.FirebaseToken;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.security.Principal;
import java.util.Optional;

@ApplicationScoped
/* loaded from: input_file:io/quarkiverse/googlecloudservices/firebase/admin/runtime/authentication/http/DefaultFirebaseIdentityProvider.class */
public class DefaultFirebaseIdentityProvider implements IdentityProvider<FirebaseAuthenticationRequest> {

    @Inject
    FirebaseAuth auth;

    public Class<FirebaseAuthenticationRequest> getRequestType() {
        return FirebaseAuthenticationRequest.class;
    }

    public Uni<SecurityIdentity> authenticate(FirebaseAuthenticationRequest firebaseAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
        return Uni.createFrom().future(this.auth.verifyIdTokenAsync(firebaseAuthenticationRequest.getToken())).onItem().transformToUni(firebaseToken -> {
            SecurityIdentity authenticate = authenticate(firebaseToken);
            return authenticate == null ? Uni.createFrom().optional(Optional.empty()) : Uni.createFrom().item(authenticate);
        });
    }

    public static SecurityIdentity authenticate(FirebaseToken firebaseToken) {
        return QuarkusSecurityIdentity.builder().setPrincipal(getPrincipal(firebaseToken)).build();
    }

    public static Principal getPrincipal(FirebaseToken firebaseToken) {
        return new FirebasePrincipal(firebaseToken);
    }
}
