package com.xforceplus.ultraman.bocp.uc.sureness.processor;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.provider.SurenessAccountProvider;
import com.usthe.sureness.subject.Subject;
import com.usthe.sureness.subject.support.JwtSubject;
import com.usthe.sureness.subject.support.SinglePrincipalMap;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.SignatureException;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xforceplus/ultraman/bocp/uc/sureness/processor/RefreshJwtProcessor.class */
public class RefreshJwtProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger(RefreshJwtProcessor.class);
    private static final String TOKEN_SPLIT = "--";
    private static final int START_TIME_INDEX = 1;
    private static final int PERIOD_TIME_INDEX = 2;
    private static final int DOUBLE_TIME = 2;
    private SurenessAccountProvider accountProvider;

    public boolean canSupportSubjectClass(Class<?> cls) {
        return cls == JwtSubject.class;
    }

    public Class<?> getSupportSubjectClass() {
        return JwtSubject.class;
    }

    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {
        String str = (String) subject.getCredential();
        if (JsonWebTokenUtil.isNotJsonWebToken(str)) {
            throw new IncorrectCredentialsException("this jwt credential is illegal");
        }
        try {
            Claims parseJwt = JsonWebTokenUtil.parseJwt(str);
            JwtSubject.Builder principal = JwtSubject.builder(subject).setPrincipal(parseJwt.getSubject());
            List list = (List) parseJwt.get("roles", List.class);
            if (list != null) {
                principal.setOwnRoles(list);
            }
            SinglePrincipalMap singlePrincipalMap = new SinglePrincipalMap();
            for (Map.Entry entry : parseJwt.entrySet()) {
                singlePrincipalMap.setPrincipal((String) entry.getKey(), entry.getValue());
            }
            principal.setPrincipalMap(singlePrincipalMap);
            return principal.build();
        } catch (ExpiredJwtException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated expired, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            if (e.getClaims().getExpiration().getTime() - System.currentTimeMillis() <= 18000) {
                throw new RefreshExpiredTokenException(JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), e.getClaims().getSubject(), "uc-auth-server", 1800L, (List) e.getClaims().get("roles", List.class), (List) null, false));
            }
            throw new ExpiredCredentialsException("this jwt has expired");
        } catch (SignatureException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("jwtProcessor authenticated fail, user: {}, jwt: {}", subject.getPrincipal(), str);
            }
            throw new IncorrectCredentialsException("this jwt error:" + e2.getMessage());
        }
    }
}
