package org.activiti.cloud.services.notifications.qraphql.ws.security;

import java.util.Collection;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessToken;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.userdetails.User;

@Qualifier("websoket")
/* loaded from: input_file:BOOT-INF/lib/activiti-cloud-services-notifications-graphql-security-7.1.414.jar:org/activiti/cloud/services/notifications/qraphql/ws/security/JWSAuthenticationManager.class */
public class JWSAuthenticationManager implements AuthenticationManager {
    private final KeycloakAccessTokenVerifier tokenVerifier;
    private Attributes2GrantedAuthoritiesMapper authoritiesMapper = new SimpleAttributes2GrantedAuthoritiesMapper();

    public JWSAuthenticationManager(KeycloakAccessTokenVerifier keycloakAccessTokenVerifier) {
        this.tokenVerifier = keycloakAccessTokenVerifier;
    }

    @Override // org.springframework.security.authentication.AuthenticationManager
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            String str = (String) ((JWSAuthentication) JWSAuthentication.class.cast(authentication)).getCredentials();
            AccessToken verifyToken = this.tokenVerifier.verifyToken(str);
            Collection<? extends GrantedAuthority> grantedAuthorities = this.authoritiesMapper.getGrantedAuthorities(verifyToken.getRealmAccess().getRoles());
            JWSAuthentication jWSAuthentication = new JWSAuthentication(str, new User(verifyToken.getPreferredUsername(), str, grantedAuthorities), grantedAuthorities);
            jWSAuthentication.setDetails(verifyToken);
            return jWSAuthentication;
        } catch (VerificationException e) {
            throw new BadCredentialsException("Invalid token", e);
        }
    }

    public void setAuthoritiesMapper(Attributes2GrantedAuthoritiesMapper attributes2GrantedAuthoritiesMapper) {
        this.authoritiesMapper = attributes2GrantedAuthoritiesMapper;
    }
}
