package xyz.weechang.moreco.security.auth.jwt;

import cn.hutool.crypto.SecureUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import xyz.weechang.moreco.security.auth.common.MorecoUserDetails;
import xyz.weechang.moreco.security.config.SecurityProperties;

@Component
/* loaded from: input_file:xyz/weechang/moreco/security/auth/jwt/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationProvider.class);

    @Autowired
    private JwtUserDetailsService jwtUserDetailsService;

    @Autowired
    private SecurityProperties securityProperties;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        DecodedJWT decode;
        String str = (String) authentication.getPrincipal();
        String str2 = (String) authentication.getCredentials();
        if (authentication instanceof JwtAuthenticationToken) {
            decode = ((JwtAuthenticationToken) authentication).getToken();
            if (isExpired(decode.getExpiresAt())) {
                throw new AccountExpiredException("token已过期");
            }
        } else {
            String sha256 = SecureUtil.sha256(SecureUtil.sha256(str) + SecureUtil.sha256(str2));
            UserDetails loadUserByUsername = this.jwtUserDetailsService.loadUserByUsername(str);
            if (!loadUserByUsername.getPassword().equals(sha256)) {
                throw new BadCredentialsException("用户名密码不正确，请重新登陆！");
            }
            decode = JWT.decode(this.jwtUserDetailsService.loginSuccess(loadUserByUsername));
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
        return new JwtAuthenticationToken(new MorecoUserDetails(str, str2), decode, null);
    }

    public boolean supports(Class<?> cls) {
        return true;
    }

    private boolean isExpired(Date date) {
        return LocalDateTime.now().minusSeconds(this.securityProperties.getTokenExpiredTime()).isAfter(LocalDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault()));
    }
}
