package com.azure.spring.aad.webapi;

import java.util.Collection;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.util.Assert;

/* loaded from: input_file:com/azure/spring/aad/webapi/AADJwtBearerTokenAuthenticationConverter.class */
public class AADJwtBearerTokenAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
    private static final String DEFAULT_AUTHORITY_PREFIX = "SCOPE_";
    private Converter<Jwt, Collection<GrantedAuthority>> converter;

    public AADJwtBearerTokenAuthenticationConverter() {
        this.converter = new AADJwtGrantedAuthoritiesConverter();
    }

    public AADJwtBearerTokenAuthenticationConverter(String str) {
        this(str, DEFAULT_AUTHORITY_PREFIX);
    }

    public AADJwtBearerTokenAuthenticationConverter(String str, String str2) {
        Assert.notNull(str, "authoritiesClaimName cannot be null");
        Assert.notNull(str2, "authorityPrefix cannot be null");
        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName(str);
        jwtGrantedAuthoritiesConverter.setAuthorityPrefix(str2);
        this.converter = jwtGrantedAuthoritiesConverter;
    }

    protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
        return (Collection) this.converter.convert(jwt);
    }

    public AbstractAuthenticationToken convert(Jwt jwt) {
        OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt());
        Collection<GrantedAuthority> extractAuthorities = extractAuthorities(jwt);
        return new BearerTokenAuthentication(new AADOAuth2AuthenticatedPrincipal(jwt.getHeaders(), jwt.getClaims(), extractAuthorities, jwt.getTokenValue()), oAuth2AccessToken, extractAuthorities);
    }

    public void setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>> converter) {
        this.converter = converter;
    }
}
