package org.springframework.security.oauth2.server.resource.authentication;

import java.time.Instant;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.util.Assert;

/* loaded from: input_file:datasets/datasets-service.jar:BOOT-INF/lib/spring-security-oauth2-resource-server-5.7.4.jar:org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.class */
public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider {
    private final Log logger = LogFactory.getLog(getClass());
    private final OpaqueTokenIntrospector introspector;

    public OpaqueTokenAuthenticationProvider(OpaqueTokenIntrospector opaqueTokenIntrospector) {
        Assert.notNull(opaqueTokenIntrospector, "introspector cannot be null");
        this.introspector = opaqueTokenIntrospector;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!(authentication instanceof BearerTokenAuthenticationToken)) {
            return null;
        }
        BearerTokenAuthenticationToken bearerTokenAuthenticationToken = (BearerTokenAuthenticationToken) authentication;
        AbstractAuthenticationToken convert = convert(getOAuth2AuthenticatedPrincipal(bearerTokenAuthenticationToken), bearerTokenAuthenticationToken.getToken());
        convert.setDetails(bearerTokenAuthenticationToken.getDetails());
        this.logger.debug("Authenticated token");
        return convert;
    }

    private OAuth2AuthenticatedPrincipal getOAuth2AuthenticatedPrincipal(BearerTokenAuthenticationToken bearerTokenAuthenticationToken) {
        try {
            return this.introspector.introspect(bearerTokenAuthenticationToken.getToken());
        } catch (BadOpaqueTokenException e) {
            this.logger.debug("Failed to authenticate since token was invalid");
            throw new InvalidBearerTokenException(e.getMessage(), e);
        } catch (OAuth2IntrospectionException e2) {
            throw new AuthenticationServiceException(e2.getMessage(), e2);
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return BearerTokenAuthenticationToken.class.isAssignableFrom(cls);
    }

    private AbstractAuthenticationToken convert(OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal, String str) {
        return new BearerTokenAuthentication(oAuth2AuthenticatedPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, str, (Instant) oAuth2AuthenticatedPrincipal.getAttribute("iat"), (Instant) oAuth2AuthenticatedPrincipal.getAttribute("exp")), oAuth2AuthenticatedPrincipal.getAuthorities());
    }
}
