package org.springframework.security.oauth2.provider.authentication;

import java.util.Set;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/provider/authentication/OAuth2AuthenticationManager.class */
public class OAuth2AuthenticationManager implements AuthenticationManager, InitializingBean {
    private ResourceServerTokenServices tokenServices;
    private String resourceId;

    public void setResourceId(String str) {
        this.resourceId = str;
    }

    public void setTokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        this.tokenServices = resourceServerTokenServices;
    }

    public void afterPropertiesSet() {
        Assert.state(this.tokenServices != null, "TokenServices are required");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String str = (String) authentication.getPrincipal();
        OAuth2Authentication loadAuthentication = this.tokenServices.loadAuthentication(str);
        if (loadAuthentication == null) {
            throw new InvalidTokenException("Invalid token: " + str);
        }
        Set<String> resourceIds = loadAuthentication.getAuthorizationRequest().getResourceIds();
        if (this.resourceId != null && resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(this.resourceId)) {
            throw new OAuth2AccessDeniedException("Invalid token does not contain resource id (" + this.resourceId + ")");
        }
        loadAuthentication.setDetails(authentication.getDetails());
        return loadAuthentication;
    }
}
