package org.molgenis.security.twofactor.auth;

import java.util.Objects;
import org.molgenis.security.twofactor.service.RecoveryService;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/molgenis/security/twofactor/auth/RecoveryAuthenticationProviderImpl.class */
public class RecoveryAuthenticationProviderImpl implements RecoveryAuthenticationProvider {
    private final RecoveryService recoveryService;

    public RecoveryAuthenticationProviderImpl(RecoveryService recoveryService) {
        this.recoveryService = (RecoveryService) Objects.requireNonNull(recoveryService);
    }

    public Authentication authenticate(Authentication authentication) {
        if (!supports(authentication.getClass())) {
            throw new IllegalArgumentException("Only RecoveryAuthenticationToken is supported");
        }
        RecoveryAuthenticationToken recoveryAuthenticationToken = (RecoveryAuthenticationToken) authentication;
        if (recoveryAuthenticationToken.getRecoveryCode() == null) {
            throw new BadCredentialsException("Invalid recovery code or code already used");
        }
        this.recoveryService.useRecoveryCode(recoveryAuthenticationToken.getRecoveryCode());
        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return new RecoveryAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities(), recoveryAuthenticationToken.getRecoveryCode());
    }

    public boolean supports(Class<?> cls) {
        return RecoveryAuthenticationToken.class.isAssignableFrom(cls);
    }
}
