package org.springframework.security.boot.jwt.authentication;

import com.github.hiwepy.jwt.JwtPayload;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.boot.biz.userdetails.JwtPayloadRepository;
import org.springframework.security.boot.biz.userdetails.SecurityPrincipal;
import org.springframework.security.boot.jwt.exception.AuthenticationJwtExpiredException;
import org.springframework.security.boot.jwt.exception.AuthenticationJwtNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/boot/jwt/authentication/JwtAuthorizationProvider.class */
public class JwtAuthorizationProvider implements AuthenticationProvider {
    private final JwtPayloadRepository payloadRepository;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
    private boolean checkExpiry = false;
    private boolean checkPrincipal = false;

    public JwtAuthorizationProvider(JwtPayloadRepository jwtPayloadRepository) {
        this.payloadRepository = jwtPayloadRepository;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.notNull(authentication, "No authentication data provided");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Processing authentication request : " + authentication);
        }
        if (StringUtils.isBlank((String) authentication.getCredentials())) {
            this.logger.debug("No JWT found in request.");
            throw new AuthenticationJwtNotFoundException("No JWT found in request.");
        }
        JwtAuthorizationToken jwtAuthorizationToken = (JwtAuthorizationToken) authentication;
        if (isCheckExpiry() && !getPayloadRepository().verify(jwtAuthorizationToken, isCheckExpiry())) {
            throw new AuthenticationJwtExpiredException("Token Expired");
        }
        JwtPayload payload = getPayloadRepository().getPayload(jwtAuthorizationToken, this.checkExpiry);
        if (isCheckExpiry() && !getPayloadRepository().verify(jwtAuthorizationToken, isCheckExpiry())) {
            throw new AuthenticationJwtExpiredException("Token Expired");
        }
        HashSet hashSet = new HashSet();
        hashSet.add(new SimpleGrantedAuthority("ROLE_" + payload.getRkey()));
        Set perms = payload.getPerms();
        Iterator it = perms.iterator();
        while (it.hasNext()) {
            hashSet.add(new SimpleGrantedAuthority((String) it.next()));
        }
        String defaultString = StringUtils.defaultString(MapUtils.getString(payload.getClaims(), "uid"), payload.getClientId());
        SecurityPrincipal securityPrincipal = new SecurityPrincipal(defaultString, payload.getTokenId(), payload.isEnabled(), payload.isAccountNonExpired(), payload.isCredentialsNonExpired(), payload.isAccountNonLocked(), hashSet);
        securityPrincipal.setUid(defaultString);
        securityPrincipal.setUuid(payload.getUuid());
        securityPrincipal.setUkey(payload.getUkey());
        securityPrincipal.setUcode(payload.getUcode());
        securityPrincipal.setPerms(new HashSet(perms));
        securityPrincipal.setRid(payload.getRid());
        securityPrincipal.setRkey(payload.getRkey());
        securityPrincipal.setRoles(payload.getRoles());
        securityPrincipal.setBound(payload.isBound());
        securityPrincipal.setInitial(payload.isInitial());
        securityPrincipal.setProfile(payload.getProfile());
        securityPrincipal.setSign(jwtAuthorizationToken.getSign());
        securityPrincipal.setLongitude(jwtAuthorizationToken.getLongitude());
        securityPrincipal.setLatitude(jwtAuthorizationToken.getLatitude());
        getUserDetailsChecker().check(securityPrincipal);
        JwtAuthorizationToken jwtAuthorizationToken2 = new JwtAuthorizationToken(securityPrincipal, payload, securityPrincipal.getAuthorities());
        jwtAuthorizationToken2.setDetails(authentication.getDetails());
        return jwtAuthorizationToken2;
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthorizationToken.class.isAssignableFrom(cls);
    }

    public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
        this.userDetailsChecker = userDetailsChecker;
    }

    public UserDetailsChecker getUserDetailsChecker() {
        return this.userDetailsChecker;
    }

    public JwtPayloadRepository getPayloadRepository() {
        return this.payloadRepository;
    }

    public boolean isCheckExpiry() {
        return this.checkExpiry;
    }

    public void setCheckExpiry(boolean z) {
        this.checkExpiry = z;
    }

    public boolean isCheckPrincipal() {
        return this.checkPrincipal;
    }

    public void setCheckPrincipal(boolean z) {
        this.checkPrincipal = z;
    }
}
