package com.atlassian.asap.core.server.springsecurity;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.JwtBuilder;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.exception.PublicKeyNotFoundException;
import com.atlassian.asap.core.validator.JwtValidator;
import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:com/atlassian/asap/core/server/springsecurity/AsapAuthenticationProvider.class */
public class AsapAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(AsapAuthenticationProvider.class);
    private final JwtValidator jwtValidator;
    private final Set<GrantedAuthority> defaultAuthorities;

    public AsapAuthenticationProvider(JwtValidator jwtValidator, Collection<GrantedAuthority> collection) {
        this.jwtValidator = (JwtValidator) Objects.requireNonNull(jwtValidator);
        this.defaultAuthorities = ImmutableSet.copyOf(collection);
    }

    public AsapAuthenticationProvider(JwtValidator jwtValidator) {
        this(jwtValidator, Collections.emptySet());
    }

    public final Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            Jwt readAndValidate = this.jwtValidator.readAndValidate((String) authentication.getCredentials());
            return new PreAuthenticatedAuthenticationToken(extractPrincipal(readAndValidate), immutableAndSerializable(readAndValidate), getGrantedAuthorities(readAndValidate));
        } catch (PublicKeyNotFoundException e) {
            logger.debug("Public key not found", e);
            throw new BadCredentialsException("Unable to verify token");
        } catch (CannotRetrieveKeyException e2) {
            logger.error("Failed to retrieve public key", e2);
            throw new AuthenticationServiceException("Failed to retrieve public key");
        } catch (InvalidTokenException e3) {
            logger.debug("Invalid token", e3);
            throw new BadCredentialsException("Invalid token");
        }
    }

    private static Jwt immutableAndSerializable(Jwt jwt) {
        return JwtBuilder.copyJwt(jwt).build();
    }

    protected Collection<GrantedAuthority> getGrantedAuthorities(Jwt jwt) throws AuthenticationException {
        return this.defaultAuthorities;
    }

    protected String extractPrincipal(Jwt jwt) {
        return effectiveSubject(jwt);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String effectiveSubject(Jwt jwt) {
        return (String) jwt.getClaims().getSubject().orElse(jwt.getClaims().getIssuer());
    }

    public final boolean supports(Class<?> cls) {
        return UnverifiedBearerToken.class.isAssignableFrom(cls);
    }

    protected Collection<GrantedAuthority> getDefaultAuthorities() {
        return this.defaultAuthorities;
    }
}
