package de.frachtwerk.essencium.backend.security;

import de.frachtwerk.essencium.backend.model.AbstractBaseUser;
import de.frachtwerk.essencium.backend.model.dto.UserDto;
import de.frachtwerk.essencium.backend.service.AbstractUserService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.lang.Assert;
import java.io.Serializable;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.www.NonceExpiredException;

/* loaded from: input_file:de/frachtwerk/essencium/backend/security/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider<USER extends AbstractBaseUser<ID>, ID extends Serializable, USERDTO extends UserDto<ID>> extends AbstractUserDetailsAuthenticationProvider {

    @Autowired
    private AbstractUserService<USER, ID, USERDTO> userService;
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtAuthenticationProvider.class);

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        Assert.isInstanceOf(JwtAuthenticationToken.class, usernamePasswordAuthenticationToken);
        Assert.isInstanceOf(AbstractBaseUser.class, userDetails);
        Optional ofNullable = Optional.ofNullable((String) ((Claims) usernamePasswordAuthenticationToken.getCredentials()).get("nonce", String.class));
        Optional ofNullable2 = Optional.ofNullable(((AbstractBaseUser) userDetails).getNonce());
        if (ofNullable2.isEmpty()) {
            LOGGER.warn("security nonce missing in database for user {} – you should set one!", userDetails.getUsername());
        }
        if (ofNullable.equals(ofNullable2)) {
            return;
        }
        usernamePasswordAuthenticationToken.eraseCredentials();
        throw new NonceExpiredException("nonce expired");
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        return this.userService.m28loadUserByUsername(str);
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(JwtAuthenticationToken.class);
    }
}
