package com.atlassian.asap.core.server.springsecurity;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.exception.PublicKeyNotFoundException;
import com.atlassian.asap.core.validator.JwtValidator;
import com.google.common.base.Preconditions;
import java.util.Collection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:com/atlassian/asap/core/server/springsecurity/AbstractAsapAuthenticationProvider.class */
public abstract class AbstractAsapAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(AbstractAsapAuthenticationProvider.class);
    private final JwtValidator jwtValidator;

    public AbstractAsapAuthenticationProvider(JwtValidator jwtValidator) {
        this.jwtValidator = (JwtValidator) Preconditions.checkNotNull(jwtValidator);
    }

    public final Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            return validatePrincipal(this.jwtValidator.readAndValidate((String) authentication.getPrincipal()));
        } catch (CannotRetrieveKeyException e) {
            logger.error("Failed to retrieve public key", e);
            throw new AuthenticationServiceException("Failed to retrieve public key");
        } catch (PublicKeyNotFoundException e2) {
            logger.debug("Public key not found", e2);
            throw new BadCredentialsException("Unable to verify token");
        } catch (InvalidTokenException e3) {
            logger.debug("Invalid token", e3);
            throw new BadCredentialsException("Invalid token");
        }
    }

    protected abstract Authentication validatePrincipal(Jwt jwt) throws AuthenticationException;

    protected static String effectiveSubject(Jwt jwt) {
        return (String) jwt.getClaims().getSubject().orElse(jwt.getClaims().getIssuer());
    }

    protected static Authentication createValidToken(Object obj, Jwt jwt, Collection<? extends GrantedAuthority> collection) {
        return new PreAuthenticatedAuthenticationToken(obj, jwt, collection);
    }

    public final boolean supports(Class<?> cls) {
        return PreAuthenticatedAuthenticationToken.class.isAssignableFrom(cls);
    }
}
