package io.rocketbase.commons.security;

import io.rocketbase.commons.dto.authentication.LoginRequest;
import io.rocketbase.commons.dto.authentication.LoginResponse;
import io.rocketbase.commons.resource.LoginResource;
import io.rocketbase.commons.util.JwtTokenStore;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestClientException;

/* loaded from: input_file:io/rocketbase/commons/security/LoginAuthenticationProvider.class */
public class LoginAuthenticationProvider implements AuthenticationProvider {
    private final String baseAuthApiUrl;
    private final LoginResource loginResource;
    private final JwtTokenService jwtTokenService;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            LoginResponse login = this.loginResource.login(new LoginRequest(authentication.getName(), String.valueOf(authentication.getCredentials())));
            return new CommonsAuthenticationToken(this.jwtTokenService.getAuthoritiesFromToken(login.getJwtTokenBundle().getToken()), login.getUser(), new JwtTokenStore(this.baseAuthApiUrl, login.getJwtTokenBundle()));
        } catch (RestClientException e) {
            throw new InternalAuthenticationServiceException("service is not available?", e);
        } catch (HttpClientErrorException e2) {
            if (e2.getStatusCode().equals(HttpStatus.FORBIDDEN)) {
                throw new BadCredentialsException("wrong username/password", e2);
            }
            throw new InternalAuthenticationServiceException("got http error with status: " + e2.getRawStatusCode(), e2);
        }
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public LoginAuthenticationProvider(String str, LoginResource loginResource, JwtTokenService jwtTokenService) {
        this.baseAuthApiUrl = str;
        this.loginResource = loginResource;
        this.jwtTokenService = jwtTokenService;
    }
}
