package org.interledger.connector.server.spring.auth.ilpoverhttp;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Verification;
import com.auth0.spring.security.api.authentication.JwtAuthentication;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:BOOT-INF/classes/org/interledger/connector/server/spring/auth/ilpoverhttp/JwtHs256AuthenticationProvider.class */
public class JwtHs256AuthenticationProvider implements AuthenticationProvider {
    private final String subject;
    private byte[] decryptedSharedSecret;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private long leeway = 0;
    private final Optional<String> issuer = Optional.empty();
    private final Optional<String> audience = Optional.empty();

    public JwtHs256AuthenticationProvider(String str, byte[] bArr) {
        this.subject = str;
        this.decryptedSharedSecret = bArr;
    }

    private static JWTVerifier providerForHS256(JwtHs256AuthenticationProvider jwtHs256AuthenticationProvider) {
        Verification acceptLeeway = JWT.require(Algorithm.HMAC256(jwtHs256AuthenticationProvider.decryptedSharedSecret)).acceptLeeway(jwtHs256AuthenticationProvider.leeway);
        acceptLeeway.withSubject(jwtHs256AuthenticationProvider.subject);
        Optional<String> optional = jwtHs256AuthenticationProvider.issuer;
        acceptLeeway.getClass();
        optional.ifPresent(str -> {
            acceptLeeway.withIssuer(str);
        });
        Optional<String> optional2 = jwtHs256AuthenticationProvider.audience;
        acceptLeeway.getClass();
        optional2.ifPresent(str2 -> {
            acceptLeeway.withAudience(str2);
        });
        return acceptLeeway.build();
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return JwtAuthentication.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        try {
            Authentication verify = ((JwtAuthentication) authentication).verify(jwtVerifier());
            this.logger.debug("Authenticated jwt with scopes {}", verify.getAuthorities());
            return verify;
        } catch (JWTVerificationException e) {
            throw new BadCredentialsException("Not a valid token", e);
        }
    }

    private JWTVerifier jwtVerifier() throws AuthenticationException {
        if (this.decryptedSharedSecret != null) {
            return providerForHS256(this);
        }
        throw new AuthenticationServiceException("Missing shared-secret!");
    }
}
