package leap.web.security.user;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.ioc.PostCreateBean;
import leap.core.security.Authentication;
import leap.core.security.Credentials;
import leap.core.security.SimpleUserPrincipal;
import leap.core.security.UserPrincipal;
import leap.core.security.token.TokenCredentials;
import leap.core.security.token.jwt.JwtSigner;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.MacSigner;
import leap.lang.Out;
import leap.lang.Strings;
import leap.web.Request;
import leap.web.Response;
import leap.web.security.SecurityConfig;
import leap.web.security.authc.AuthenticationException;
import leap.web.security.authc.TokenAuthenticator;
import leap.web.security.authc.credentials.CredentialsAuthenticationContext;

/* loaded from: input_file:leap/web/security/user/JwtTokenAuthenticator.class */
public class JwtTokenAuthenticator extends UsernameBasedTokenAuthenticator implements TokenAuthenticator, PostCreateBean {
    public static final String CLAIM_NAME = "name";

    @Inject
    protected SecurityConfig config;
    protected JwtSigner signer;
    protected JwtVerifier verifier;

    @Override // leap.web.security.authc.TokenAuthenticator
    public String generateAuthenticationToken(Request request, Response response, Authentication authentication) {
        return this.signer.sign(createClaims(authentication));
    }

    @Override // leap.web.security.authc.credentials.CredentialsAuthenticator
    public boolean authenticate(CredentialsAuthenticationContext credentialsAuthenticationContext, Credentials credentials, Out<UserPrincipal> out) throws AuthenticationException {
        if (!(credentials instanceof TokenCredentials)) {
            return false;
        }
        Map<String, Object> verify = this.verifier.verify(((TokenCredentials) credentials).getToken());
        String str = (String) verify.get(CLAIM_NAME);
        String str2 = (String) verify.get("jti");
        if (Strings.isEmpty(str) || Strings.isEmpty(str2)) {
            return false;
        }
        if (this.sc.getUserStore() != null) {
            UserDetails resolveUserDetails = resolveUserDetails(credentialsAuthenticationContext, str, verify);
            if (null == resolveUserDetails) {
                return false;
            }
            out.set(resolveUserDetails);
            return true;
        }
        SimpleUserPrincipal simpleUserPrincipal = new SimpleUserPrincipal();
        simpleUserPrincipal.setId(str2);
        simpleUserPrincipal.setLoginName(str);
        simpleUserPrincipal.setName(str);
        simpleUserPrincipal.setProperties(verify);
        out.set(simpleUserPrincipal);
        return true;
    }

    @Override // leap.web.security.user.UsernameBasedTokenAuthenticator
    protected Map<String, Object> createDefaultClaims(Authentication authentication) {
        UserPrincipal user = authentication.getUser();
        HashMap hashMap = new HashMap();
        hashMap.put("jti", UUID.randomUUID().toString());
        hashMap.put(CLAIM_NAME, user.getLoginName());
        return hashMap;
    }

    public void postCreate(BeanFactory beanFactory) throws Throwable {
        if (null == this.signer) {
            this.signer = new MacSigner(this.config.getSecret(), this.config.getDefaultAuthenticationExpires());
            this.verifier = this.signer;
        }
    }

    public JwtSigner getSigner() {
        return this.signer;
    }

    public void setSigner(JwtSigner jwtSigner) {
        this.signer = jwtSigner;
    }

    public JwtVerifier getVerifier() {
        return this.verifier;
    }

    public void setVerifier(JwtVerifier jwtVerifier) {
        this.verifier = jwtVerifier;
    }
}
