package org.apache.syncope.core.spring.security;

import com.fasterxml.jackson.core.type.TypeReference;
import java.util.Collections;
import java.util.Set;
import javax.annotation.Resource;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsVerificationSignature;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.AccessToken;
import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
import org.apache.syncope.core.spring.security.jws.AccessTokenJwsSignatureVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.class */
public class SyncopeJWTSSOProvider implements JWTSSOProvider {
    private static final Logger LOG = LoggerFactory.getLogger(SyncopeJWTSSOProvider.class);
    private static final Encryptor ENCRYPTOR = Encryptor.getInstance();

    @Resource(name = "jwtIssuer")
    private String jwtIssuer;

    @Autowired
    private AccessTokenJwsSignatureVerifier delegate;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private AccessTokenDAO accessTokenDAO;

    @Override // org.apache.syncope.core.spring.security.JWTSSOProvider
    public String getIssuer() {
        return this.jwtIssuer;
    }

    public SignatureAlgorithm getAlgorithm() {
        return this.delegate.getAlgorithm();
    }

    public boolean verify(JwsHeaders jwsHeaders, String str, byte[] bArr) {
        return this.delegate.verify(jwsHeaders, str, bArr);
    }

    public JwsVerificationSignature createJwsVerificationSignature(JwsHeaders jwsHeaders) {
        return this.delegate.createJwsVerificationSignature(jwsHeaders);
    }

    @Override // org.apache.syncope.core.spring.security.JWTSSOProvider
    @Transactional(readOnly = true)
    public Pair<User, Set<SyncopeGrantedAuthority>> resolve(JwtClaims jwtClaims) {
        User findByUsername = this.userDAO.findByUsername(jwtClaims.getSubject());
        Set emptySet = Collections.emptySet();
        if (findByUsername != null) {
            AccessToken find = this.accessTokenDAO.find(jwtClaims.getTokenId());
            if (find.getAuthorities() != null) {
                try {
                    emptySet = (Set) POJOHelper.deserialize(ENCRYPTOR.decode(new String(find.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { // from class: org.apache.syncope.core.spring.security.SyncopeJWTSSOProvider.1
                    });
                } catch (Throwable th) {
                    LOG.error("Could not read stored authorities", th);
                }
            }
        }
        return Pair.of(findByUsername, emptySet);
    }
}
