package com.usthe.sureness.processor.support;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.subject.Subject;
import com.usthe.sureness.subject.support.JwtSubject;
import com.usthe.sureness.subject.support.SinglePrincipalMap;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/sureness-core-1.0.8.jar:com/usthe/sureness/processor/support/JwtProcessor.class */
public class JwtProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JwtProcessor.class);

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public boolean canSupportSubjectClass(Class<?> cls) {
        return cls == JwtSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public Class<?> getSupportSubjectClass() {
        return JwtSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {
        String str = (String) subject.getCredential();
        if (JsonWebTokenUtil.isNotJsonWebToken(str)) {
            throw new IncorrectCredentialsException("this jwt credential is illegal");
        }
        try {
            Claims parseJwt = JsonWebTokenUtil.parseJwt(str);
            subject.setPrincipal(parseJwt.getSubject());
            List list = (List) parseJwt.get("roles", List.class);
            if (Objects.nonNull(list)) {
                subject.setOwnRoles(list);
            }
            SinglePrincipalMap singlePrincipalMap = new SinglePrincipalMap();
            for (Map.Entry<String, Object> entry : parseJwt.entrySet()) {
                singlePrincipalMap.setPrincipal(entry.getKey(), entry.getValue());
            }
            subject.setPrincipalMap(singlePrincipalMap);
            return subject;
        } catch (ExpiredJwtException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated expired, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            throw new ExpiredCredentialsException("this jwt has expired");
        } catch (MalformedJwtException | UnsupportedJwtException | SignatureException | IllegalArgumentException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated fail, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            throw new IncorrectCredentialsException("this jwt error:" + e2.getMessage());
        }
    }
}
