package vip.isass.core.web.security.authentication.jwt;

import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import vip.isass.core.support.LocalDateTimeUtil;
import vip.isass.core.web.security.IsassGrantedAuthority;
import vip.isass.core.web.security.RoleVo;
import vip.isass.core.web.security.metadata.SecurityMetadataSourceProviderManager;

@Component
/* loaded from: input_file:vip/isass/core/web/security/authentication/jwt/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationProvider.class);

    @Value("${security.jwt.secret:vpAMjyZ9JqW4QNsw}")
    private String secret;

    @Resource
    private SecurityMetadataSourceProviderManager securityMetadataSourceProviderManager;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.util.Collection] */
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String str = (String) authentication.getCredentials();
        try {
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.secret).parseClaimsJws(str).getBody();
            if (claims.getExpiration().before(LocalDateTimeUtil.nowDate())) {
                throw new BadCredentialsException(str);
            }
            JwtClaim jwtClaim = new JwtClaim();
            BeanUtil.copyProperties(claims, jwtClaim);
            List emptyList = Collections.emptyList();
            Collection<RoleVo> findRolesByUserId = this.securityMetadataSourceProviderManager.findRolesByUserId(jwtClaim.getUid());
            if (!CollUtil.isEmpty(findRolesByUserId)) {
                emptyList = (Collection) findRolesByUserId.stream().filter((v0) -> {
                    return Objects.nonNull(v0);
                }).filter(roleVo -> {
                    return StrUtil.isNotBlank(roleVo.getCode());
                }).map(roleVo2 -> {
                    return new IsassGrantedAuthority(roleVo2.getId(), roleVo2.getCode());
                }).collect(Collectors.toList());
            }
            return new JwtAuthenticationToken(str, jwtClaim, emptyList);
        } catch (ExpiredJwtException e) {
            throw new CredentialsExpiredException("token");
        } catch (Exception e2) {
            throw new BadCredentialsException(str);
        }
    }

    public boolean supports(Class<?> cls) {
        return cls.isAssignableFrom(JwtAuthenticationToken.class);
    }
}
