package org.juiser.spring.security.authentication;

import io.jsonwebtoken.JwtException;
import java.util.function.Function;
import org.juiser.spring.security.core.ForwardedUserAuthentication;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/juiser/spring/security/authentication/HeaderAuthenticationProvider.class */
public class HeaderAuthenticationProvider implements AuthenticationProvider {
    private final Function<String, UserDetails> converter;

    public HeaderAuthenticationProvider(Function<String, UserDetails> function) {
        Assert.notNull(function, "converter function cannot be null.");
        this.converter = function;
    }

    public boolean supports(Class<?> cls) {
        return HeaderAuthenticationToken.class.isAssignableFrom(cls);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Object credentials = ((HeaderAuthenticationToken) authentication).getCredentials();
        if (!(credentials instanceof String)) {
            throw new BadCredentialsException("HeaderAuthenticationToken credentials must be a String.");
        }
        String str = (String) credentials;
        if (!StringUtils.hasText(str)) {
            throw new BadCredentialsException("HeaderAuthenticationToken credentials String cannot be null or empty.");
        }
        try {
            return new ForwardedUserAuthentication(this.converter.apply(str));
        } catch (Exception e) {
            throw new InternalAuthenticationServiceException("Unexpected exception during authentication header parsing: " + e.getMessage(), e);
        } catch (JwtException e2) {
            throw new BadCredentialsException("Invalid or unsupported request header JWT: " + e2.getMessage(), e2);
        }
    }
}
