package org.minbox.framework.on.security.application.service.authentication;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.util.Map;
import org.minbox.framework.on.security.application.service.authentication.context.OnSecurityApplicationContextHolder;
import org.minbox.framework.on.security.application.service.authentication.context.OnSecurityApplicationContextImpl;
import org.minbox.framework.on.security.application.service.exception.OnSecurityApplicationResourceAuthenticationException;
import org.minbox.framework.on.security.application.service.exception.ResourceAuthenticationErrorCode;
import org.minbox.framework.on.security.core.authorization.AbstractOnSecurityAuthenticationProvider;
import org.minbox.framework.on.security.core.authorization.endpoint.AccessTokenAuthorization;
import org.minbox.framework.on.security.core.authorization.jackson2.OnSecurityJsonMapper;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/on-security-application-service-0.0.7.jar:org/minbox/framework/on/security/application/service/authentication/OnSecurityAccessTokenAuthorizationProvider.class */
public final class OnSecurityAccessTokenAuthorizationProvider extends AbstractOnSecurityAuthenticationProvider {
    private static final String BEARER_TOKEN_VALUE_FORMAT = "Bearer %s";
    private static final String ACCESS_AUTHORIZATION_URI = "/access/authorization";
    private static final String ERROR_CODE_RESPONSE_PARAM = "errorCode";
    private RestTemplate restTemplate;

    public OnSecurityAccessTokenAuthorizationProvider(Map<Class<?>, Object> map) {
        super(map);
        this.restTemplate = new RestTemplate();
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OnSecurityAccessTokenAuthorizationToken onSecurityAccessTokenAuthorizationToken = (OnSecurityAccessTokenAuthorizationToken) authentication;
        String accessToken = onSecurityAccessTokenAuthorizationToken.getAccessToken();
        AccessTokenAuthorization accessAuthorization = AccessTokenAuthorizationCache.getAccessAuthorization(accessToken);
        if (accessAuthorization == null) {
            accessAuthorization = getAccessAuthorizationFromIssuer(accessToken);
            if (accessAuthorization == null) {
                throw new OnSecurityApplicationResourceAuthenticationException("Failed to get token authorization resource.", ResourceAuthenticationErrorCode.UNAUTHORIZED_ACCESS, new String[0]);
            }
            AccessTokenAuthorizationCache.setAccessAuthorization(accessToken, accessAuthorization);
        }
        OnSecurityApplicationContextHolder.setContext(OnSecurityApplicationContextImpl.withAccessToken(accessToken).accessTokenAuthorization(accessAuthorization).build());
        return onSecurityAccessTokenAuthorizationToken;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return OnSecurityAccessTokenAuthorizationToken.class.isAssignableFrom(cls);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private AccessTokenAuthorization getAccessAuthorizationFromIssuer(String str) throws OnSecurityApplicationResourceAuthenticationException {
        try {
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.set("Authorization", String.format(BEARER_TOKEN_VALUE_FORMAT, str));
            ResponseEntity exchange = this.restTemplate.exchange(getIssuer() + ACCESS_AUTHORIZATION_URI, HttpMethod.GET, new HttpEntity<>(null, httpHeaders), String.class, new Object[0]);
            OnSecurityJsonMapper onSecurityJsonMapper = new OnSecurityJsonMapper();
            if (checkIfHaveError((String) exchange.getBody(), onSecurityJsonMapper)) {
                throw new OnSecurityApplicationResourceAuthenticationException("Invalid access token", ResourceAuthenticationErrorCode.INVALID_ACCESS_TOKEN, new String[0]);
            }
            return (AccessTokenAuthorization) onSecurityJsonMapper.readValue((String) exchange.getBody(), AccessTokenAuthorization.class);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private boolean checkIfHaveError(String str, OnSecurityJsonMapper onSecurityJsonMapper) throws JsonProcessingException {
        return ((Map) onSecurityJsonMapper.readValue(str, Map.class)).containsKey(ERROR_CODE_RESPONSE_PARAM);
    }

    private String getIssuer() {
        return (String) ((JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getTokenAttributes().get("iss");
    }
}
