package pl.edu.icm.jupiter.web.security;

import com.auth0.spring.security.api.JwtAuthenticationProvider;
import com.auth0.spring.security.api.authentication.AuthenticationJsonWebToken;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import pl.edu.icm.jupiter.services.api.model.security.UserBean;

@Scope(proxyMode = ScopedProxyMode.TARGET_CLASS)
@Component
/* loaded from: input_file:pl/edu/icm/jupiter/web/security/UserDetailsJwtAuthenticationProvider.class */
public class UserDetailsJwtAuthenticationProvider extends JwtAuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private RoleHierarchy roleHierarchy;

    public UserDetailsJwtAuthenticationProvider(@Value("${spring.security.jwt.secret}") String str, @Value("${spring.security.jwt.issuer}") String str2, @Value("${spring.security.jwt.audience}") String str3) {
        super(new Base64(true).decode(str), str2, str3);
    }

    @Transactional
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication == null) {
            return authentication;
        }
        AuthenticationJsonWebToken authenticate = super.authenticate(authentication);
        if (!authenticate.isAuthenticated()) {
            return authenticate;
        }
        AuthenticationJsonWebToken authenticationJsonWebToken = authenticate;
        UserBean loadUserByUsername = this.userDetailsService.loadUserByUsername(authenticationJsonWebToken.getName());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loadUserByUsername, authenticationJsonWebToken, this.roleHierarchy.getReachableGrantedAuthorities(loadUserByUsername.getAuthorities()));
        if ((loadUserByUsername instanceof UserBean) && loadUserByUsername.getGroup() != null && loadUserByUsername.getGroup().isLocked()) {
            usernamePasswordAuthenticationToken.setAuthenticated(false);
            ((UserBean) usernamePasswordAuthenticationToken.getPrincipal()).setAccountNonLocked(false);
        }
        return usernamePasswordAuthenticationToken;
    }
}
