package com.sap.cloud.security.xsuaa.token;

import com.sap.cloud.security.xsuaa.extractor.AuthoritiesExtractor;
import com.sap.cloud.security.xsuaa.token.authentication.XsuaaJwtDecoder;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.util.Assert;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/token/SpringSecurityContext.class */
public class SpringSecurityContext {
    private SpringSecurityContext() {
    }

    public static Token getToken() {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            throw new AccessDeniedException("Access forbidden: not authenticated");
        }
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (principal instanceof Token) {
            return (Token) principal;
        }
        throw new AccessDeniedException("Access forbidden: SecurityContextHolder does not contain a principal of type 'Token' " + principal);
    }

    public static void init(String str, JwtDecoder jwtDecoder, AuthoritiesExtractor authoritiesExtractor) {
        Assert.isInstanceOf(XsuaaJwtDecoder.class, jwtDecoder, "Passed JwtDecoder instance must be of type 'XsuaaJwtDecoder'");
        AbstractAuthenticationToken convert = new TokenAuthenticationConverter(authoritiesExtractor).convert(jwtDecoder.decode(str));
        SecurityContextHolder.createEmptyContext();
        SecurityContextHolder.getContext().setAuthentication(convert);
    }

    public static void clear() {
        SecurityContextHolder.clearContext();
    }
}
