package me.ahoo.pigeon.core.security.authorization.jwt;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.primitives.Longs;
import io.jsonwebtoken.Claims;
import java.util.Map;
import java.util.Objects;
import me.ahoo.pigeon.core.message.Message;
import me.ahoo.pigeon.core.security.SecurityContext;
import me.ahoo.pigeon.core.security.authorization.AuthorizationSupport;
import me.ahoo.pigeon.core.security.authorization.AuthorizeResult;
import me.ahoo.pigeon.core.security.authorization.User;
import me.ahoo.pigeon.core.security.authorization.UserAuthorization;
import me.ahoo.pigeon.core.security.authorization.jwt.config.UserConfig;
import org.springframework.core.annotation.Order;

@Order(Integer.MIN_VALUE)
/* loaded from: input_file:me/ahoo/pigeon/core/security/authorization/jwt/JwtUserAuthorization.class */
public class JwtUserAuthorization implements UserAuthorization, AuthorizationSupport {
    private final JwtProvider jwtProvider;
    private String claimId;
    private String claimUsername;
    private String claimNickname;
    private String claimAvatar;
    private String claimRole;
    private static final String CLAIM_MAP_ID = "id";
    private static final String CLAIM_MAP_USERNAME = "username";
    private static final String CLAIM_MAP_NICKNAME = "nickname";
    private static final String CLAIM_MAP_ROLE = "role";
    private static final String CLAIM_MAP_AVATAR = "avatar";

    public JwtUserAuthorization(UserConfig userConfig) {
        this.claimId = "id";
        this.claimUsername = CLAIM_MAP_USERNAME;
        this.claimNickname = CLAIM_MAP_NICKNAME;
        this.claimAvatar = CLAIM_MAP_AVATAR;
        this.claimRole = CLAIM_MAP_ROLE;
        this.jwtProvider = new JwtProvider(userConfig.getAlgName(), userConfig.getSecretKey(), userConfig.getValidityTime());
        Map<String, String> claimMap = userConfig.getClaimMap();
        if (Objects.nonNull(claimMap)) {
            this.claimId = claimMap.getOrDefault("id", this.claimId);
            this.claimUsername = claimMap.getOrDefault(CLAIM_MAP_USERNAME, this.claimUsername);
            this.claimNickname = claimMap.getOrDefault(CLAIM_MAP_NICKNAME, this.claimNickname);
            this.claimAvatar = claimMap.getOrDefault(CLAIM_MAP_AVATAR, this.claimAvatar);
            this.claimRole = claimMap.getOrDefault(CLAIM_MAP_ROLE, this.claimRole);
        }
    }

    @Override // me.ahoo.pigeon.core.security.authorization.UserAuthorization
    public AuthorizeResult<User> authorize(SecurityContext securityContext, Message message) {
        Object obj = message.getHeader().get("auth");
        Preconditions.checkNotNull(obj, "Header.%s can not be null.", "auth");
        Claims parseClaims = this.jwtProvider.parseClaims(obj.toString());
        User.UserBuilder builder = User.builder();
        Object obj2 = parseClaims.get(this.claimId);
        Preconditions.checkNotNull(obj2, "id can not be null.");
        builder.id(Longs.tryParse(obj2.toString()));
        Object obj3 = parseClaims.get(this.claimUsername);
        if (Objects.nonNull(obj3)) {
            builder.username(obj3.toString());
        }
        Object obj4 = parseClaims.get(this.claimNickname);
        if (Objects.nonNull(obj4)) {
            builder.nickname(obj4.toString());
        }
        Object obj5 = parseClaims.get(this.claimAvatar);
        if (Objects.nonNull(obj5)) {
            builder.avatar(obj5.toString());
        }
        Object obj6 = parseClaims.get(this.claimRole);
        if (Objects.nonNull(obj6)) {
            builder.role(obj6.toString());
        }
        builder.attr(ImmutableMap.copyOf(parseClaims));
        return AuthorizeResult.builder().accessToken(obj.toString()).body(builder.build()).build();
    }

    @Override // me.ahoo.pigeon.core.security.authorization.AuthorizationSupport
    public boolean support(Message message) {
        Object obj = message.getHeader().get("auth");
        if (Objects.isNull(obj)) {
            return false;
        }
        return obj.toString().startsWith(JwtConstants.TOKEN_PREFIX);
    }
}
