package com.usthe.sureness.processor.support;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.processor.exception.SurenessAuthorizationException;
import com.usthe.sureness.processor.exception.UnauthorizedException;
import com.usthe.sureness.subject.Subject;
import com.usthe.sureness.subject.support.JwtSubject;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.util.List;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/usthe/sureness/processor/support/JwtProcessor.class */
public class JwtProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger(JwtProcessor.class);

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public boolean canSupportAuTokenClass(Class<?> cls) {
        return cls == JwtSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public Class<?> getSupportAuTokenClass() {
        return JwtSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {
        String str = (String) subject.getCredentials();
        if (JsonWebTokenUtil.isNotJsonWebToken(str)) {
            throw new IncorrectCredentialsException("this jwt credential is illegal");
        }
        try {
            Claims parseJwt = JsonWebTokenUtil.parseJwt(str);
            JwtSubject.Builder principal = JwtSubject.builder(subject).setPrincipal(parseJwt.getSubject());
            List<String> list = (List) parseJwt.get("roles", List.class);
            if (list != null) {
                principal.setOwnRoles(list);
            }
            return principal.build();
        } catch (ExpiredJwtException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated expired, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            throw new ExpiredCredentialsException("this jwt has expired");
        } catch (SignatureException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated fail, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            throw new IncorrectCredentialsException("this jwt error:" + e2.getMessage());
        }
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public void authorized(Subject subject) throws SurenessAuthorizationException {
        List list = (List) subject.getOwnRoles();
        List list2 = (List) subject.getSupportRoles();
        if (list2 == null || list2.isEmpty()) {
            return;
        }
        Stream stream = list2.stream();
        list.getClass();
        if (!stream.anyMatch((v1) -> {
            return r1.contains(v1);
        })) {
            throw new UnauthorizedException("do not have the role to access resource");
        }
    }
}
