package cn.fightingguys.security.web.wechat.auth;

import cn.fightingguys.security.web.wechat.config.WeChatMiniProgramSecurityJwtSettings;
import cn.fightingguys.security.web.wechat.config.WeChatMiniProgramSecurityProviderSettings;
import cn.fightingguys.security.web.wechat.entity.WeChatC2SJacksonHttpMessageConverter;
import cn.fightingguys.security.web.wechat.entity.WeChatMiniProgramCode2Session;
import cn.fightingguys.security.web.wechat.entity.WeChatMiniProgramUserDetails;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import java.security.Key;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.provisioning.UserDetailsManager;

/* loaded from: input_file:cn/fightingguys/security/web/wechat/auth/WeChatMiniProgramAuthenticationProvider.class */
public class WeChatMiniProgramAuthenticationProvider implements AuthenticationProvider {
    private final Logger log = LoggerFactory.getLogger(WeChatMiniProgramAuthenticationProvider.class);
    public static final String DEFAULT_ISSUER_NAME = "WeChatAuthProviderService";
    public static final String JS_CODE_TO_SESSION_ENDPOINT = "https://api.weixin.qq.com/sns/jscode2session?appid=%s&secret=%s&js_code=%s&grant_type=authorization_code";
    public static final String DEFAULT_AUTHORITIES_NAME = "Verified";
    private String issuerName;
    private String authoritiesName;
    private final String appId;
    private final String appSecret;
    private final Key key;
    private final UserDetailsManager userDetailsManager;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        WeChatMiniProgramAuthenticationToken weChatMiniProgramAuthenticationToken = (WeChatMiniProgramAuthenticationToken) authentication;
        return !weChatMiniProgramAuthenticationToken.isVerify() ? verifyJsCode(weChatMiniProgramAuthenticationToken) : verifyAuthentication(weChatMiniProgramAuthenticationToken);
    }

    public boolean supports(Class<?> cls) {
        return WeChatMiniProgramAuthenticationToken.class.isAssignableFrom(cls);
    }

    public WeChatMiniProgramAuthenticationProvider(WeChatMiniProgramSecurityProviderSettings weChatMiniProgramSecurityProviderSettings, WeChatMiniProgramSecurityJwtSettings weChatMiniProgramSecurityJwtSettings, UserDetailsManager userDetailsManager) {
        this.issuerName = DEFAULT_ISSUER_NAME;
        this.authoritiesName = DEFAULT_AUTHORITIES_NAME;
        this.appId = weChatMiniProgramSecurityProviderSettings.appId();
        this.appSecret = weChatMiniProgramSecurityProviderSettings.secret();
        this.authoritiesName = weChatMiniProgramSecurityProviderSettings.authorizationName();
        this.key = weChatMiniProgramSecurityJwtSettings.privateKey();
        this.issuerName = weChatMiniProgramSecurityJwtSettings.issuer();
        this.userDetailsManager = userDetailsManager;
    }

    private void checkCode2SessionService(WeChatMiniProgramCode2Session weChatMiniProgramCode2Session) {
        if (weChatMiniProgramCode2Session == null) {
            throw new AuthenticationServiceException("code2Session is null");
        }
        if (weChatMiniProgramCode2Session.getErrCode() != 0) {
            throw new AuthenticationServiceException(weChatMiniProgramCode2Session.getErrMsg());
        }
    }

    private String createJwt(String str) {
        return Jwts.builder().setClaims(new HashMap()).setId(UUID.randomUUID().toString()).setIssuedAt(new Date()).setIssuer(this.issuerName).setSubject(str).signWith(this.key).compact();
    }

    private UserDetails createUser(String str) {
        return WeChatMiniProgramUserDetails.builder().openId(str).authorities(this.authoritiesName).build();
    }

    private Authentication verifyJsCode(WeChatMiniProgramAuthenticationToken weChatMiniProgramAuthenticationToken) {
        WeChatMiniProgramCode2Session weChatMiniProgramCode2Session = (WeChatMiniProgramCode2Session) new RestTemplateBuilder(new RestTemplateCustomizer[0]).messageConverters(new HttpMessageConverter[]{new WeChatC2SJacksonHttpMessageConverter()}).build().getForObject(String.format(JS_CODE_TO_SESSION_ENDPOINT, this.appId, this.appSecret, weChatMiniProgramAuthenticationToken.getCredentials()), WeChatMiniProgramCode2Session.class, new Object[0]);
        checkCode2SessionService(weChatMiniProgramCode2Session);
        return createWeChatMiniProgramAuthenticationToken(weChatMiniProgramCode2Session.getOpenId());
    }

    private Authentication verifyAuthentication(WeChatMiniProgramAuthenticationToken weChatMiniProgramAuthenticationToken) {
        String str = (String) weChatMiniProgramAuthenticationToken.getCredentials();
        try {
            return createWeChatMiniProgramAuthenticationToken(((Claims) Jwts.parserBuilder().setSigningKey(this.key).build().parseClaimsJws(str).getBody()).getSubject(), str);
        } catch (JwtException e) {
            throw new AuthenticationServiceException(e.getMessage());
        }
    }

    public Authentication createWeChatMiniProgramAuthenticationToken(String str) {
        return createWeChatMiniProgramAuthenticationToken(str, createJwt(str));
    }

    private Authentication createWeChatMiniProgramAuthenticationToken(String str, String str2) {
        UserDetails loadUserByUsername;
        if (this.userDetailsManager.userExists(str)) {
            loadUserByUsername = this.userDetailsManager.loadUserByUsername(str);
        } else {
            loadUserByUsername = createUser(str);
            this.userDetailsManager.createUser(loadUserByUsername);
        }
        WeChatMiniProgramAuthenticationToken weChatMiniProgramAuthenticationToken = new WeChatMiniProgramAuthenticationToken(str2, (Collection<? extends GrantedAuthority>) loadUserByUsername.getAuthorities());
        weChatMiniProgramAuthenticationToken.setDetails(loadUserByUsername);
        return weChatMiniProgramAuthenticationToken;
    }
}
