package de.cidaas.interceptor.authentication.provider;

import de.cidaas.jwt.JWTValidation;
import de.cidaas.jwt.TokenType;
import de.cidaas.jwt.exceptions.TokenExpiredException;
import de.cidaas.jwt.helper.OpenIdConfigurationLoader;
import de.cidaas.model.JwtAuthentication;
import org.apache.http.HttpHost;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:de/cidaas/interceptor/authentication/provider/IntrospectionAuthenticationProvider.class */
public class IntrospectionAuthenticationProvider implements AuthenticationProvider {
    private final String clientId;
    private final String issuer;
    private final JWTValidation jwtValidation;
    private final OpenIdConfigurationLoader openIdConfigLoader = OpenIdConfigurationLoader.getInstance();

    public IntrospectionAuthenticationProvider(String str, String str2, JWTValidation jWTValidation) {
        this.clientId = str;
        this.issuer = str2;
        this.jwtValidation = jWTValidation;
    }

    public void setProxy(String str, int i, String str2) {
        HttpHost httpHost = new HttpHost(str, i, str2);
        this.openIdConfigLoader.setProxy(httpHost);
        this.jwtValidation.setProxy(httpHost);
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthentication.class.equals(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            JwtAuthentication jwtAuthentication = (JwtAuthentication) authentication;
            if (!this.jwtValidation.validateWithIntrospection(jwtAuthentication.m2getCredentials().getTokenAsString(), TokenType.ACCESS.typeHint, this.clientId, this.openIdConfigLoader.getIntrospectionURL(this.issuer)).isActive()) {
                throw new TokenExpiredException("Token not active!");
            }
            jwtAuthentication.setAuthenticated(true);
            return jwtAuthentication;
        } catch (Exception e) {
            throw new AuthenticationServiceException("Failed to verify token!", e);
        }
    }
}
