package org.springframework.security.oauth2.server.resource.authentication;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-resource-server-6.5.0.jar:org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationProvider.class */
public final class JwtAuthenticationProvider implements AuthenticationProvider {
    private final JwtDecoder jwtDecoder;
    private final Log logger = LogFactory.getLog(getClass());
    private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter = new JwtAuthenticationConverter();

    public JwtAuthenticationProvider(JwtDecoder jwtDecoder) {
        Assert.notNull(jwtDecoder, "jwtDecoder cannot be null");
        this.jwtDecoder = jwtDecoder;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        BearerTokenAuthenticationToken bearerTokenAuthenticationToken = (BearerTokenAuthenticationToken) authentication;
        AbstractAuthenticationToken convert = this.jwtAuthenticationConverter.convert(getJwt(bearerTokenAuthenticationToken));
        if (convert.getDetails() == null) {
            convert.setDetails(bearerTokenAuthenticationToken.getDetails());
        }
        this.logger.debug("Authenticated token");
        return convert;
    }

    private Jwt getJwt(BearerTokenAuthenticationToken bearerTokenAuthenticationToken) {
        try {
            return this.jwtDecoder.decode(bearerTokenAuthenticationToken.getToken());
        } catch (BadJwtException e) {
            this.logger.debug("Failed to authenticate since the JWT was invalid");
            throw new InvalidBearerTokenException(e.getMessage(), e);
        } catch (JwtException e2) {
            throw new AuthenticationServiceException(e2.getMessage(), e2);
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return BearerTokenAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void setJwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken> converter) {
        Assert.notNull(converter, "jwtAuthenticationConverter cannot be null");
        this.jwtAuthenticationConverter = converter;
    }
}
