package org.crue.hercules.sgi.framework.security.oauth2.server.resource.authentication;

import java.util.Collection;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/sgi-framework-spring-0.1.1-SNAPSHOT.jar:org/crue/hercules/sgi/framework/security/oauth2/server/resource/authentication/SgiJwtAuthenticationConverter.class */
public class SgiJwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
    private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
    private static final String MESSAGE_NOT_EMPTY = "{} cannot be empty";
    private String userNameClaim;
    public static final String CLIENT_ID = "clientId";

    @Override // org.springframework.core.convert.converter.Converter
    public final AbstractAuthenticationToken convert(Jwt jwt) {
        Collection<GrantedAuthority> extractAuthorities = extractAuthorities(jwt);
        if (this.userNameClaim == null) {
            return new JwtAuthenticationToken(jwt, extractAuthorities);
        }
        if (Boolean.TRUE.equals(jwt.containsClaim(this.userNameClaim))) {
            String claimAsString = jwt.getClaimAsString(this.userNameClaim);
            Assert.hasText(claimAsString, String.format(MESSAGE_NOT_EMPTY, this.userNameClaim));
            return new JwtAuthenticationToken(jwt, extractAuthorities, claimAsString);
        }
        if (!Boolean.TRUE.equals(jwt.containsClaim(CLIENT_ID))) {
            throw new IllegalArgumentException(String.format(MESSAGE_NOT_EMPTY, this.userNameClaim));
        }
        String claimAsString2 = jwt.getClaimAsString(CLIENT_ID);
        Assert.hasText(claimAsString2, String.format(MESSAGE_NOT_EMPTY, CLIENT_ID));
        return new JwtAuthenticationToken(jwt, extractAuthorities, claimAsString2);
    }

    protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
        return this.jwtGrantedAuthoritiesConverter.convert(jwt);
    }

    public void setJwtGrantedAuthoritiesConverter(Converter<Jwt, Collection<GrantedAuthority>> converter) {
        Assert.notNull(converter, "jwtGrantedAuthoritiesConverter cannot be null");
        this.jwtGrantedAuthoritiesConverter = converter;
    }

    public void setUserNameClaim(String str) {
        this.userNameClaim = str;
    }
}
