package com.github.yingzhuo.carnival.security.authentication;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.InvalidClaimException;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.github.yingzhuo.carnival.security.exception.JwtDecodeException;
import com.github.yingzhuo.carnival.security.exception.UserDetailsNotFoundException;
import com.github.yingzhuo.carnival.security.jwt.JwtCustomizer;
import com.github.yingzhuo.carnival.security.token.Token;
import com.github.yingzhuo.carnival.security.token.TokenAuthenticationToken;
import java.util.Objects;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:com/github/yingzhuo/carnival/security/authentication/JwtAuthenticationProvider.class */
public abstract class JwtAuthenticationProvider implements AuthenticationProvider {
    private final Algorithm algorithm;
    private final JwtCustomizer jwtCustomizer;

    public JwtAuthenticationProvider(Algorithm algorithm) {
        this(algorithm, null);
    }

    public JwtAuthenticationProvider(Algorithm algorithm, JwtCustomizer jwtCustomizer) {
        this.algorithm = (Algorithm) Objects.requireNonNull(algorithm);
        this.jwtCustomizer = jwtCustomizer != null ? jwtCustomizer : verification -> {
            return verification;
        };
    }

    public boolean supports(Class<?> cls) {
        return Token.class.isAssignableFrom(cls);
    }

    public final Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        Token token = (Token) authentication;
        try {
            JWTVerifier build = this.jwtCustomizer.customize(JWT.require(this.algorithm)).build();
            String key = token.getKey();
            UserDetails doAuthenticate = doAuthenticate(key, build.verify(key));
            if (doAuthenticate == null) {
                throw new UserDetailsNotFoundException(null);
            }
            if (!doAuthenticate.isEnabled()) {
                throw new DisabledException((String) null);
            }
            if (!doAuthenticate.isAccountNonExpired()) {
                throw new AccountExpiredException((String) null);
            }
            if (!doAuthenticate.isAccountNonLocked()) {
                throw new LockedException((String) null);
            }
            if (!doAuthenticate.isCredentialsNonExpired()) {
                throw new CredentialsExpiredException((String) null);
            }
            TokenAuthenticationToken tokenAuthenticationToken = new TokenAuthenticationToken(token.getKey(), doAuthenticate);
            tokenAuthenticationToken.setAuthenticated(true);
            return tokenAuthenticationToken;
        } catch (SignatureVerificationException e) {
            throw new com.github.yingzhuo.carnival.security.exception.SignatureVerificationException(e.getMessage(), e);
        } catch (InvalidClaimException e2) {
            throw new com.github.yingzhuo.carnival.security.exception.InvalidClaimException(e2.getMessage(), e2);
        } catch (JWTDecodeException e3) {
            throw new JwtDecodeException(e3.getMessage(), e3);
        } catch (AlgorithmMismatchException e4) {
            throw new com.github.yingzhuo.carnival.security.exception.AlgorithmMismatchException(e4.getMessage(), e4);
        } catch (TokenExpiredException e5) {
            throw new com.github.yingzhuo.carnival.security.exception.TokenExpiredException(e5.getMessage(), e5);
        }
    }

    protected abstract UserDetails doAuthenticate(String str, DecodedJWT decodedJWT) throws AuthenticationException;

    public Algorithm getAlgorithm() {
        return this.algorithm;
    }
}
