package org.apache.syncope.core.spring.security;

import java.util.Collection;
import java.util.Date;
import java.util.Set;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:org/apache/syncope/core/spring/security/JWTAuthenticationProvider.class */
public class JWTAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private AuthDataAccessor dataAccessor;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        final JWTAuthentication jWTAuthentication = (JWTAuthentication) authentication;
        AuthContextUtils.execWithAuthContext(jWTAuthentication.m5getDetails().getDomain(), new AuthContextUtils.Executable<Void>() { // from class: org.apache.syncope.core.spring.security.JWTAuthenticationProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.syncope.core.spring.security.AuthContextUtils.Executable
            public Void exec() {
                Pair<String, Set<SyncopeGrantedAuthority>> authenticate = JWTAuthenticationProvider.this.dataAccessor.authenticate(jWTAuthentication);
                jWTAuthentication.setUsername((String) authenticate.getLeft());
                jWTAuthentication.getAuthorities().addAll((Collection) authenticate.getRight());
                return null;
            }
        });
        JwtClaims claims = jWTAuthentication.getClaims();
        Long valueOf = Long.valueOf(new Date().getTime());
        Long expiryTime = claims.getExpiryTime();
        if (expiryTime == null || expiryTime.longValue() * 1000 < valueOf.longValue()) {
            this.dataAccessor.removeExpired(claims.getTokenId());
            throw new CredentialsExpiredException("JWT is expired");
        }
        Long notBefore = claims.getNotBefore();
        if (notBefore == null || notBefore.longValue() * 1000 > valueOf.longValue()) {
            throw new CredentialsExpiredException("JWT not valid yet");
        }
        jWTAuthentication.setAuthenticated(true);
        return jWTAuthentication;
    }

    public boolean supports(Class<?> cls) {
        return JWTAuthentication.class.isAssignableFrom(cls);
    }
}
