package org.thingsboard.server.service.security.auth.jwt;

import java.beans.ConstructorProperties;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import org.thingsboard.server.service.security.auth.JwtAuthenticationToken;
import org.thingsboard.server.service.security.auth.TokenOutdatingService;
import org.thingsboard.server.service.security.exception.JwtExpiredTokenException;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
import org.thingsboard.server.service.security.model.token.RawAccessJwtToken;

@Component
/* loaded from: input_file:org/thingsboard/server/service/security/auth/jwt/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider implements AuthenticationProvider {
    private final JwtTokenFactory tokenFactory;
    private final TokenOutdatingService tokenOutdatingService;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return new JwtAuthenticationToken(authenticate(((RawAccessJwtToken) authentication.getCredentials()).getToken()));
    }

    public SecurityUser authenticate(String str) throws AuthenticationException {
        if (StringUtils.isEmpty(str)) {
            throw new BadCredentialsException("Token is invalid");
        }
        SecurityUser parseAccessJwtToken = this.tokenFactory.parseAccessJwtToken(str);
        if (this.tokenOutdatingService.isOutdated(str, parseAccessJwtToken.getId())) {
            throw new JwtExpiredTokenException("Token is outdated");
        }
        return parseAccessJwtToken;
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthenticationToken.class.isAssignableFrom(cls);
    }

    @ConstructorProperties({"tokenFactory", "tokenOutdatingService"})
    public JwtAuthenticationProvider(JwtTokenFactory jwtTokenFactory, TokenOutdatingService tokenOutdatingService) {
        this.tokenFactory = jwtTokenFactory;
        this.tokenOutdatingService = tokenOutdatingService;
    }
}
