package com.erudika.para.security;

import com.erudika.para.core.App;
import com.erudika.para.core.User;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:BOOT-INF/lib/para-server-1.41.3.jar:com/erudika/para/security/JWTAuthenticationProvider.class */
public class JWTAuthenticationProvider implements AuthenticationProvider {
    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        JWTAuthentication jWTAuthentication = (JWTAuthentication) authentication;
        if (jWTAuthentication == null || !supports(authentication.getClass())) {
            throw new AuthenticationServiceException("Unsupported token type.");
        }
        User authenticatedUser = SecurityUtils.getAuthenticatedUser(authentication);
        App app = jWTAuthentication.getApp();
        if (app == null) {
            throw new AuthenticationServiceException("App not found.");
        }
        boolean z = authenticatedUser != null;
        if (SecurityUtils.isValidJWToken(jWTAuthentication.getApp().getSecret() + (z ? authenticatedUser.getTokenSecret() : ""), jWTAuthentication.getJwt())) {
            return z ? jWTAuthentication : new AppAuthentication(app);
        }
        throw new BadCredentialsException("Invalid or expired token.");
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return JWTAuthentication.class.isAssignableFrom(cls);
    }
}
