package cool.mtc.security.auth.jwt;

import cool.mtc.core.result.ResultConstant;
import cool.mtc.security.data.model.UserDetailsSupport;
import cool.mtc.security.exception.AuthException;
import cool.mtc.security.plugin.jwt.JwtConstant;
import cool.mtc.security.plugin.jwt.JwtTemplate;
import cool.mtc.security.service.SecurityService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import java.util.Optional;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.Assert;

/* loaded from: input_file:cool/mtc/security/auth/jwt/JwtAuthProvider.class */
public class JwtAuthProvider implements AuthenticationProvider, InitializingBean {
    private SecurityService securityService;
    private JwtTemplate jwtTemplate;

    public void afterPropertiesSet() {
        Assert.notNull(this.securityService, "A SecurityService Bean Must Be Set");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Claims claims;
        String token = ((JwtAuthToken) authentication).getToken();
        boolean z = false;
        try {
            claims = parseToken(token);
        } catch (ExpiredJwtException e) {
            claims = e.getClaims();
            z = true;
        }
        handleCheckTokenInWhiteList(token);
        UserDetailsSupport userDetailsSupport = (UserDetailsSupport) Optional.ofNullable(getUserDetailsByToken(claims)).orElseThrow(() -> {
            return new AuthException(ResultConstant.A0301);
        });
        handleCheckUserStatus(userDetailsSupport);
        JwtAuthToken jwtAuthToken = new JwtAuthToken(token, z, userDetailsSupport.getAuthorities());
        jwtAuthToken.setDetails(userDetailsSupport);
        return jwtAuthToken;
    }

    public boolean supports(Class<?> cls) {
        return JwtAuthToken.class.isAssignableFrom(cls);
    }

    private Claims parseToken(String str) throws ExpiredJwtException {
        try {
            return this.jwtTemplate.parse(str);
        } catch (Exception e) {
            throw new AuthException(ResultConstant.A0301);
        } catch (ExpiredJwtException e2) {
            throw e2;
        }
    }

    private UserDetailsSupport getUserDetailsByToken(Claims claims) {
        try {
            return this.securityService.loadByUserIdAndOrgIdAndAuthType(claims.get(JwtConstant.PARAM_KEY_USER_ID), claims.get(JwtConstant.PARAM_KEY_ORG_ID), claims.get(JwtConstant.PARAM_KEY_AUTH_TYPE).toString());
        } catch (NullPointerException e) {
            throw new AuthException(ResultConstant.A0301);
        }
    }

    private void handleCheckTokenInWhiteList(String str) {
        if (!this.securityService.isTokenInAllowList(str)) {
            throw new AuthException(ResultConstant.A0311);
        }
    }

    private void handleCheckUserStatus(UserDetailsSupport userDetailsSupport) {
        if (!userDetailsSupport.isEnabled()) {
            throw new AuthException(ResultConstant.A0200.newInstance(), "login.status.error");
        }
    }

    @Autowired
    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    @Autowired
    public void setJwtTemplate(JwtTemplate jwtTemplate) {
        this.jwtTemplate = jwtTemplate;
    }
}
