package net.optionfactory.spring.authentication.jws;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.optionfactory.spring.authentication.bearer.token.BearerToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:net/optionfactory/spring/authentication/jws/JwsAuthenticationProvider.class */
public class JwsAuthenticationProvider implements AuthenticationProvider {
    private final byte[] key;
    private final Function<Claims, List<GrantedAuthority>> authoritiesMapper;

    public JwsAuthenticationProvider(byte[] bArr, Function<Claims, List<GrantedAuthority>> function) {
        this.key = bArr;
        this.authoritiesMapper = function;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static GrantedAuthority toAuthority(String str, String str2) {
        return new SimpleGrantedAuthority(String.format("%s_%s", str.toUpperCase(), str2.toUpperCase().replace('-', '_')));
    }

    public static List<GrantedAuthority> rolesAndGroupsFromClaims(Claims claims) {
        List list = (List) claims.get("roles", List.class);
        List list2 = (List) claims.get("groups", List.class);
        List of = list != null ? list : List.of();
        List of2 = list2 != null ? list2 : List.of();
        return (List) Stream.concat(Stream.concat(Stream.of(new SimpleGrantedAuthority("ROLE_USER")), of.stream().map(str -> {
            return toAuthority("ROLE", str);
        })), of2.stream().map(str2 -> {
            return toAuthority("GROUP", str2);
        })).collect(Collectors.toList());
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        BearerToken bearerToken = (BearerToken) authentication;
        Claims claims = (Claims) Jwts.parser().setSigningKey(this.key).build().parseClaimsJws(bearerToken.getCredentials()).getBody();
        JwsAuthenticatedToken jwsAuthenticatedToken = new JwsAuthenticatedToken(bearerToken.getCredentials(), claims, this.authoritiesMapper.apply(claims));
        jwsAuthenticatedToken.setDetails(bearerToken.getDetails());
        return jwsAuthenticatedToken;
    }

    public boolean supports(Class<?> cls) {
        return BearerToken.class.isAssignableFrom(cls);
    }
}
