package io.camunda.operate.webapp.security.oauth2;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Profile({"!identity-auth"})
@Component
/* loaded from: input_file:io/camunda/operate/webapp/security/oauth2/Jwt2AuthenticationTokenConverter.class */
public class Jwt2AuthenticationTokenConverter implements Converter<Jwt, AbstractAuthenticationToken> {
    private final JwtAuthenticationConverter delegate = new JwtAuthenticationConverter();

    @Autowired
    private JwtAuthenticationTokenValidator validator;

    public AbstractAuthenticationToken convert(Jwt jwt) {
        JwtAuthenticationToken convert = this.delegate.convert(jwt);
        if (this.validator.isValid(convert)) {
            return convert;
        }
        throw new InvalidBearerTokenException("JWT payload validation failed");
    }
}
