package com.usthe.sureness.processor.support;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.processor.exception.SurenessAuthorizationException;
import com.usthe.sureness.processor.exception.UnauthorizedException;
import com.usthe.sureness.subject.SubjectAuToken;
import com.usthe.sureness.subject.support.JwtSubjectToken;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/usthe/sureness/processor/support/JwtProcessor.class */
public class JwtProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger(JwtProcessor.class);

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public boolean canSupportAuTokenClass(Class<?> cls) {
        return cls != null && cls == JwtSubjectToken.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public Class<?> getSupportAuTokenClass() {
        return JwtSubjectToken.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public SubjectAuToken authenticated(SubjectAuToken subjectAuToken) throws SurenessAuthenticationException {
        String str = (String) subjectAuToken.getCredentials();
        if (JsonWebTokenUtil.isNotJsonWebToken(str)) {
            throw new IncorrectCredentialsException("this jwt credential is illegal");
        }
        try {
            Claims parseJwt = JsonWebTokenUtil.parseJwt(str);
            JwtSubjectToken.Builder principal = JwtSubjectToken.builder(subjectAuToken).setPrincipal(parseJwt.getSubject());
            String str2 = (String) parseJwt.get("roles", String.class);
            if (str2 != null) {
                principal.setOwnRoles(Arrays.asList(str2.split(",")));
            }
            return principal.build();
        } catch (ExpiredJwtException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated expired, user: {}, jwt: {}", new Object[]{subjectAuToken.getPrincipal(), str, e});
            }
            throw new ExpiredCredentialsException("this jwt has expired");
        } catch (SignatureException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated fail, user: {}, jwt: {}", new Object[]{subjectAuToken.getPrincipal(), str, e2});
            }
            throw new IncorrectCredentialsException("this jwt error:" + e2.getMessage());
        }
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public void authorized(SubjectAuToken subjectAuToken) throws SurenessAuthorizationException {
        List list = (List) subjectAuToken.getOwnRoles();
        List list2 = (List) subjectAuToken.getSupportRoles();
        if (list2 != null) {
            Stream stream = list2.stream();
            Objects.requireNonNull(list);
            if (stream.noneMatch((v1) -> {
                return r1.contains(v1);
            })) {
                throw new UnauthorizedException("do not have the role access");
            }
        }
    }
}
