package org.bremersee.security.authentication;

import org.bremersee.security.OAuth2Properties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.server.resource.BearerTokenError;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/bremersee/security/authentication/PasswordFlowAuthenticationManager.class */
public class PasswordFlowAuthenticationManager extends AbstractPasswordFlowAuthenticationManager implements AuthenticationManager, AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(PasswordFlowAuthenticationManager.class);
    private static final OAuth2Error DEFAULT_INVALID_TOKEN = invalidToken("An error occurred while attempting to decode the Jwt: Invalid token");
    private final AccessTokenRetriever<MultiValueMap<String, String>, String> accessTokenRetriever;
    private final JwtDecoder jwtDecoder;
    private Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter;

    public PasswordFlowAuthenticationManager(OAuth2Properties oAuth2Properties, JwtDecoder jwtDecoder, RestTemplateBuilder restTemplateBuilder) {
        super(oAuth2Properties);
        this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
        this.jwtDecoder = jwtDecoder;
        this.accessTokenRetriever = new PasswordFlowAccessTokenRetriever(restTemplateBuilder, oAuth2Properties.getPasswordFlow().getTokenEndpoint());
    }

    public PasswordFlowAuthenticationManager(OAuth2Properties oAuth2Properties, JwtDecoder jwtDecoder, RestTemplate restTemplate) {
        super(oAuth2Properties);
        this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
        this.jwtDecoder = jwtDecoder;
        this.accessTokenRetriever = new PasswordFlowAccessTokenRetriever(restTemplate, oAuth2Properties.getPasswordFlow().getTokenEndpoint());
    }

    public PasswordFlowAuthenticationManager(OAuth2Properties oAuth2Properties, JwtDecoder jwtDecoder, AccessTokenRetriever<MultiValueMap<String, String>, String> accessTokenRetriever) {
        super(oAuth2Properties);
        this.jwtAuthenticationConverter = new JwtAuthenticationConverter();
        this.jwtDecoder = jwtDecoder;
        this.accessTokenRetriever = accessTokenRetriever;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            return (Authentication) this.jwtAuthenticationConverter.convert(this.jwtDecoder.decode((String) this.accessTokenRetriever.retrieveAccessToken(createPasswordFlowBody(authentication))));
        } catch (JwtException e) {
            OAuth2Error invalidToken = invalidToken(e.getMessage());
            throw new OAuth2AuthenticationException(invalidToken, invalidToken.getDescription(), e);
        }
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    private static OAuth2Error invalidToken(String str) {
        try {
            return new BearerTokenError("invalid_token", HttpStatus.UNAUTHORIZED, str, "https://tools.ietf.org/html/rfc6750#section-3.1");
        } catch (IllegalArgumentException e) {
            return DEFAULT_INVALID_TOKEN;
        }
    }

    public void setJwtAuthenticationConverter(Converter<Jwt, ? extends AbstractAuthenticationToken> converter) {
        this.jwtAuthenticationConverter = converter;
    }
}
