package org.interledger.connector.server.spring.auth.ilpoverhttp;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Verification;
import com.auth0.spring.security.api.authentication.JwtAuthentication;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/interledger/connector/server/spring/auth/ilpoverhttp/JwtHs256AuthenticationProvider.class */
public class JwtHs256AuthenticationProvider implements AuthenticationProvider {
    private final Logger logger;
    private final Optional<String> issuer;
    private final Optional<String> audience;
    private long leeway;
    private byte[] decryptedSharedSecret;

    public JwtHs256AuthenticationProvider(byte[] bArr) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.leeway = 0L;
        this.decryptedSharedSecret = bArr;
        this.issuer = Optional.empty();
        this.audience = Optional.empty();
    }

    public JwtHs256AuthenticationProvider(byte[] bArr, String str, String str2) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.leeway = 0L;
        this.decryptedSharedSecret = bArr;
        this.issuer = Optional.of(str);
        this.audience = Optional.of(str2);
    }

    private static JWTVerifier providerForHS256(JwtHs256AuthenticationProvider jwtHs256AuthenticationProvider) {
        Verification acceptLeeway = JWT.require(Algorithm.HMAC256(jwtHs256AuthenticationProvider.decryptedSharedSecret)).acceptLeeway(jwtHs256AuthenticationProvider.leeway);
        Optional<String> optional = jwtHs256AuthenticationProvider.issuer;
        acceptLeeway.getClass();
        optional.ifPresent(acceptLeeway::withIssuer);
        Optional<String> optional2 = jwtHs256AuthenticationProvider.audience;
        acceptLeeway.getClass();
        optional2.ifPresent(str -> {
            acceptLeeway.withAudience(new String[]{str});
        });
        return acceptLeeway.build();
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthentication.class.isAssignableFrom(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        try {
            Authentication verify = ((JwtAuthentication) authentication).verify(jwtVerifier());
            this.logger.debug("Authenticated jwt with scopes {}", verify.getAuthorities());
            return verify;
        } catch (JWTVerificationException e) {
            throw new BadCredentialsException("Not a valid token", e);
        }
    }

    private JWTVerifier jwtVerifier() throws AuthenticationException {
        if (this.decryptedSharedSecret != null) {
            return providerForHS256(this);
        }
        throw new AuthenticationServiceException("Missing shared-secret!");
    }
}
