package org.linuxprobe.shiro.base.pac4j.jwt;

import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import org.linuxprobe.shiro.base.session.SessionTokenStore;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.profile.ProfileHelper;
import org.pac4j.jwt.config.encryption.EncryptionConfiguration;
import org.pac4j.jwt.config.signature.SignatureConfiguration;
import org.pac4j.jwt.credentials.authenticator.JwtAuthenticator;

/* loaded from: input_file:org/linuxprobe/shiro/base/pac4j/jwt/Pac4jJwtAuthenticator.class */
public class Pac4jJwtAuthenticator extends JwtAuthenticator {
    private SessionTokenStore sessionTokenStore;

    public Pac4jJwtAuthenticator(SignatureConfiguration signatureConfiguration, EncryptionConfiguration encryptionConfiguration, SessionTokenStore sessionTokenStore) {
        super(signatureConfiguration, encryptionConfiguration);
        this.sessionTokenStore = sessionTokenStore;
    }

    protected void createJwtProfile(TokenCredentials tokenCredentials, JWT jwt) throws ParseException {
        JWTClaimsSet jWTClaimsSet = jwt.getJWTClaimsSet();
        String subject = jWTClaimsSet.getSubject();
        if (subject == null) {
            throw new TechnicalException("JWT must contain a subject ('sub' claim)");
        }
        if (!this.sessionTokenStore.isValidToken(tokenCredentials.getToken())) {
            this.logger.error("The JWT is expired: no profile is built");
            return;
        }
        HashMap hashMap = new HashMap(jWTClaimsSet.getClaims());
        hashMap.remove("sub");
        hashMap.remove("$int_roles");
        hashMap.remove("$int_perms");
        tokenCredentials.setUserProfile(ProfileHelper.restoreOrBuildProfile(getProfileDefinition(), subject, hashMap, (Map) null, new Object[0]));
    }

    public Pac4jJwtAuthenticator() {
    }

    public SessionTokenStore getSessionTokenStore() {
        return this.sessionTokenStore;
    }

    public void setSessionTokenStore(SessionTokenStore sessionTokenStore) {
        this.sessionTokenStore = sessionTokenStore;
    }
}
