package org.interledger.connector.server.spring.auth.ilpoverhttp;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.spring.security.api.authentication.JwtAuthentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:BOOT-INF/classes/org/interledger/connector/server/spring/auth/ilpoverhttp/JwtRs256AuthenticationProvider.class */
public class JwtRs256AuthenticationProvider implements AuthenticationProvider {
    private final JwtRs256Configuration configuration;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private long leeway = 0;

    public JwtRs256AuthenticationProvider(JwtRs256Configuration jwtRs256Configuration) {
        this.configuration = jwtRs256Configuration;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return JwtAuthentication.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        try {
            Authentication verify = ((JwtAuthentication) authentication).verify(newJWTVerifier());
            this.logger.debug("Authenticated jwt with scopes {}", verify.getAuthorities());
            return verify;
        } catch (JWTVerificationException e) {
            throw new BadCredentialsException("Not a valid token", e);
        }
    }

    private JWTVerifier newJWTVerifier() {
        return JWT.require(Algorithm.RSA256(this.configuration.keyProvider())).acceptLeeway(this.leeway).withSubject(this.configuration.subject()).withIssuer(this.configuration.issuer().toString()).withAudience(this.configuration.audience()).build();
    }
}
