package org.jsets.shiro.authc;

import com.google.common.base.Strings;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.SignatureException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.jsets.shiro.cache.CacheDelegator;
import org.jsets.shiro.config.MessageConfig;
import org.jsets.shiro.config.ShiroProperties;
import org.jsets.shiro.model.StatelessLogined;
import org.jsets.shiro.service.ShiroCryptoService;
import org.jsets.shiro.service.ShiroStatelessAccountProvider;
import org.jsets.shiro.util.Commons;

/* loaded from: input_file:org/jsets/shiro/authc/JsetsJwtMatcher.class */
public class JsetsJwtMatcher implements CredentialsMatcher {
    private ShiroProperties properties;
    private MessageConfig messages;
    private ShiroCryptoService cryptoService;
    private ShiroStatelessAccountProvider accountProvider;
    private CacheDelegator cacheDelegator;

    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        StatelessLogined parseJwt;
        String str = (String) authenticationInfo.getCredentials();
        try {
            if (Commons.hasLen(this.properties.getJwtSecretKey())) {
                parseJwt = this.cryptoService.parseJwt(str);
            } else {
                String loadAppKey = this.accountProvider.loadAppKey((String) Commons.readValue(Commons.parseJwtPayload(str)).get("subject"));
                if (Strings.isNullOrEmpty(loadAppKey)) {
                    throw new AuthenticationException(MessageConfig.MSG_NO_SECRET_KEY);
                }
                parseJwt = this.cryptoService.parseJwt(str, loadAppKey);
            }
            if (null == parseJwt) {
                throw new AuthenticationException(this.messages.getMsgJwtError());
            }
            String tokenId = parseJwt.getTokenId();
            if (this.properties.isJwtBurnEnabled() && this.cacheDelegator.cutBurnedToken(tokenId)) {
                throw new AuthenticationException(MessageConfig.MSG_BURNED_TOKEN);
            }
            return true;
        } catch (ExpiredJwtException e) {
            throw new AuthenticationException(this.messages.getMsgJwtTimeout());
        } catch (Exception e2) {
            throw new AuthenticationException(this.messages.getMsgJwtError());
        } catch (SignatureException e3) {
            throw new AuthenticationException(this.properties.getJwtSecretKey());
        }
    }

    public void setProperties(ShiroProperties shiroProperties) {
        this.properties = shiroProperties;
    }

    public void setCryptoService(ShiroCryptoService shiroCryptoService) {
        this.cryptoService = shiroCryptoService;
    }

    public void setMessages(MessageConfig messageConfig) {
        this.messages = messageConfig;
    }

    public void setCacheDelegator(CacheDelegator cacheDelegator) {
        this.cacheDelegator = cacheDelegator;
    }
}
