package org.onetwo.ext.security.jwt;

import com.google.common.collect.Maps;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClaims;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.joda.time.DateTime;
import org.onetwo.common.date.Dates;
import org.onetwo.common.exception.BaseException;
import org.onetwo.common.reflect.BeanToMapConvertor;
import org.onetwo.common.utils.GuavaUtils;
import org.onetwo.common.utils.StringUtils;
import org.onetwo.common.web.userdetails.GenericUserDetail;
import org.onetwo.ext.permission.utils.UrlResourceInfoParser;
import org.onetwo.ext.security.utils.GenericLoginUserDetails;
import org.onetwo.ext.security.utils.SecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;

/* loaded from: input_file:org/onetwo/ext/security/jwt/DefaultJwtSecurityTokenService.class */
public class DefaultJwtSecurityTokenService implements JwtSecurityTokenService {

    @Autowired
    private SecurityConfig securityConfig;
    private final BeanToMapConvertor beanToMap = BeanToMapConvertor.BeanToMapBuilder.newBuilder().enableFieldNameAnnotation().build();
    private String propertyKey = JwtSecurityUtils.PROPERTY_KEY;

    protected Long getExpirationInSeconds() {
        return this.securityConfig.getJwt().getExpirationInSeconds();
    }

    protected GenericUserDetail<?> createUserDetailForAuthentication(Serializable serializable, String str, Collection<? extends GrantedAuthority> collection, Claims claims) {
        return new GenericLoginUserDetails(serializable, str, "N/A", collection);
    }

    protected GenericUserDetail<?> createUserDetailForToken(User user) {
        return new GenericLoginUserDetails(0L, user.getUsername(), "N/A", user.getAuthorities());
    }

    @Override // org.onetwo.ext.security.jwt.JwtSecurityTokenService
    public JwtSecurityTokenInfo generateToken(Authentication authentication) {
        GenericUserDetail<?> createUserDetailForToken;
        if (authentication == null) {
            return null;
        }
        String str = "";
        if (authentication.getPrincipal() instanceof GenericUserDetail) {
            createUserDetailForToken = (GenericUserDetail) authentication.getPrincipal();
        } else {
            User user = (User) authentication.getPrincipal();
            createUserDetailForToken = createUserDetailForToken(user);
            str = GuavaUtils.join((Collection) user.getAuthorities().stream().map(grantedAuthority -> {
                return grantedAuthority.getAuthority();
            }).collect(Collectors.toSet()), UrlResourceInfoParser.URL_JOINER);
        }
        if (StringUtils.isBlank(createUserDetailForToken.getUserName())) {
            throw new BaseException("username can not be blank");
        }
        SecurityConfig.JwtConfig jwt = this.securityConfig.getJwt();
        Map flatMap = this.beanToMap.toFlatMap(createUserDetailForToken);
        Long l = (Long) flatMap.remove(JwtSecurityUtils.CLAIM_USER_ID);
        String str2 = (String) flatMap.remove(JwtSecurityUtils.CLAIM_USER_NAME);
        LocalDateTime now = LocalDateTime.now();
        JwtBuilder signWith = Jwts.builder().setSubject(str2).setIssuer(jwt.getIssuer()).setAudience(jwt.getAudience()).claim(JwtSecurityUtils.CLAIM_USER_ID, l).claim(JwtSecurityUtils.CLAIM_AUTHORITIES, str).setIssuedAt(Dates.toDate(now)).setExpiration(Dates.toDate(now.plusSeconds(getExpirationInSeconds().intValue()))).signWith(SignatureAlgorithm.HS512, jwt.getSigningKey());
        if (flatMap != null && !flatMap.isEmpty()) {
            flatMap.forEach((str3, obj) -> {
                signWith.claim(getPropertyKey(str3), obj);
            });
        }
        return JwtSecurityTokenInfo.builder().token(signWith.compact()).build();
    }

    protected Map<String, Object> toMap(Claims claims) {
        return claims == null ? Maps.newHashMap() : (Map) claims.entrySet().stream().filter(entry -> {
            return isPropertyKey(entry.getKey());
        }).collect(Collectors.toMap(entry2 -> {
            return getProperty((String) entry2.getKey());
        }, entry3 -> {
            return entry3.getValue();
        }));
    }

    private boolean isPropertyKey(Object obj) {
        return obj.toString().startsWith(this.propertyKey);
    }

    private String getProperty(String str) {
        return str.substring(this.propertyKey.length());
    }

    private String getPropertyKey(String str) {
        return this.propertyKey + str;
    }

    @Override // org.onetwo.ext.security.jwt.JwtSecurityTokenService
    public Authentication createAuthentication(String str) throws BadCredentialsException {
        Claims createClaimsFromToken = createClaimsFromToken(str);
        if (new DateTime(createClaimsFromToken.getExpiration()).isBeforeNow()) {
            return null;
        }
        List<GrantedAuthority> emptyList = Collections.emptyList();
        if (createClaimsFromToken.containsKey(JwtSecurityUtils.CLAIM_AUTHORITIES)) {
            emptyList = (List) GuavaUtils.splitAsStream(createClaimsFromToken.get(JwtSecurityUtils.CLAIM_AUTHORITIES).toString(), UrlResourceInfoParser.URL_JOINER).map(str2 -> {
                return new SimpleGrantedAuthority(str2);
            }).collect(Collectors.toList());
        }
        return buildAuthentication(createClaimsFromToken, emptyList);
    }

    protected Authentication buildAuthentication(Claims claims, List<GrantedAuthority> list) {
        return new UsernamePasswordAuthenticationToken(createUserDetailForAuthentication((Serializable) claims.get(JwtSecurityUtils.CLAIM_USER_ID), claims.getSubject(), list, claims), "", list);
    }

    protected final Claims createClaimsFromToken(String str) throws BadCredentialsException {
        try {
            return (DefaultClaims) Jwts.parser().setSigningKey(this.securityConfig.getJwt().getSigningKey()).parse(str).getBody();
        } catch (Exception e) {
            throw new CredentialsExpiredException("error token", e);
        } catch (ExpiredJwtException e2) {
            throw new CredentialsExpiredException("session expired", e2);
        }
    }

    public void setSecurityConfig(SecurityConfig securityConfig) {
        this.securityConfig = securityConfig;
    }

    public void setPropertyKey(String str) {
        this.propertyKey = str;
    }
}
