package com.sap.cloud.security.spring.token;

import com.sap.cloud.security.spring.token.authentication.HybridJwtDecoder;
import com.sap.cloud.security.token.AccessToken;
import com.sap.cloud.security.token.Token;
import javax.annotation.Nullable;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.util.Assert;

/* loaded from: input_file:com/sap/cloud/security/spring/token/SpringSecurityContext.class */
public class SpringSecurityContext {
    private SpringSecurityContext() {
    }

    @Nullable
    public static Token getToken() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            throw new AccessDeniedException("Access forbidden: not authenticated");
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof Token) {
            return (Token) principal;
        }
        throw new AccessDeniedException("Access forbidden: SecurityContextHolder does not contain a principal of type 'Token'. Found instead a principal of type " + principal.getClass());
    }

    @Nullable
    public static AccessToken getAccessToken() {
        AccessToken token = getToken();
        if (token instanceof AccessToken) {
            return token;
        }
        return null;
    }

    public static void clear() {
        SecurityContextHolder.clearContext();
    }

    public static void init(String str, JwtDecoder jwtDecoder, Converter<Jwt, AbstractAuthenticationToken> converter) {
        Assert.isInstanceOf(HybridJwtDecoder.class, jwtDecoder, "Passed JwtDecoder instance must be of type 'HybridJwtDecoder'");
        Assert.notNull(converter, "Passed converter must not be null");
        Authentication authentication = (Authentication) converter.convert(jwtDecoder.decode(str));
        SecurityContextHolder.createEmptyContext();
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }
}
