package org.minbox.framework.on.security.authorization.server.oauth2.authentication.support;

import java.time.LocalDateTime;
import java.util.List;
import java.util.Map;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.support.OnSecurityAccessAuthorizationAuthenticationToken;
import org.minbox.framework.on.security.core.authorization.AbstractOnSecurityAuthenticationProvider;
import org.minbox.framework.on.security.core.authorization.data.attribute.SecurityAttributeService;
import org.minbox.framework.on.security.core.authorization.data.attribute.UserAuthorizationAttribute;
import org.minbox.framework.on.security.core.authorization.data.resource.SecurityResourceService;
import org.minbox.framework.on.security.core.authorization.data.resource.UserAuthorizationResource;
import org.minbox.framework.on.security.core.authorization.data.role.SecurityRoleService;
import org.minbox.framework.on.security.core.authorization.data.role.UserAuthorizationRole;
import org.minbox.framework.on.security.core.authorization.data.session.SecuritySession;
import org.minbox.framework.on.security.core.authorization.data.session.SecuritySessionJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.session.SecuritySessionRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUser;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserRepository;
import org.minbox.framework.on.security.core.authorization.exception.OnSecurityError;
import org.minbox.framework.on.security.core.authorization.exception.OnSecurityErrorCodes;
import org.minbox.framework.on.security.core.authorization.exception.OnSecurityOAuth2AuthenticationException;
import org.springframework.context.ApplicationContext;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/authentication/support/OnSecurityAccessAuthorizationAuthenticationProvider.class */
public final class OnSecurityAccessAuthorizationAuthenticationProvider extends AbstractOnSecurityAuthenticationProvider {
    private SecuritySessionRepository sessionRepository;
    private SecurityUserRepository userRepository;
    private SecurityResourceService resourceService;
    private SecurityAttributeService attributeService;
    private SecurityRoleService roleService;

    public OnSecurityAccessAuthorizationAuthenticationProvider(Map<Class<?>, Object> map) {
        super(map);
        JdbcOperations jdbcOperations = (JdbcOperations) ((ApplicationContext) map.get(ApplicationContext.class)).getBean(JdbcOperations.class);
        this.sessionRepository = new SecuritySessionJdbcRepository(jdbcOperations);
        this.userRepository = new SecurityUserJdbcRepository(jdbcOperations);
        this.resourceService = new SecurityResourceService(jdbcOperations);
        this.attributeService = new SecurityAttributeService(jdbcOperations);
        this.roleService = new SecurityRoleService(jdbcOperations);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OnSecurityAccessAuthorizationRequestToken onSecurityAccessAuthorizationRequestToken = (OnSecurityAccessAuthorizationRequestToken) authentication;
        if (ObjectUtils.isEmpty(onSecurityAccessAuthorizationRequestToken.getAccessTokenValue())) {
            throw new OnSecurityOAuth2AuthenticationException(new OnSecurityError("invalid_token", (String) null, "No access token passed.", "https://github.com/On-Security/on-security/issues"));
        }
        SecuritySession findByToken = this.sessionRepository.findByToken(onSecurityAccessAuthorizationRequestToken.getAccessTokenValue(), OAuth2TokenType.ACCESS_TOKEN);
        if (findByToken == null) {
            throw new OnSecurityOAuth2AuthenticationException(new OnSecurityError("invalid_token", (String) null, "Invalid access token.", "https://github.com/On-Security/on-security/issues"));
        }
        if (LocalDateTime.now().isAfter(findByToken.getAccessTokenExpiresAt())) {
            throw new OnSecurityOAuth2AuthenticationException(new OnSecurityError("invalid_token", (String) null, "access token has expired.", "https://github.com/On-Security/on-security/issues"));
        }
        SecurityUser selectOne = this.userRepository.selectOne(findByToken.getUserId());
        if (selectOne == null || selectOne.isDeleted() || !selectOne.isEnabled()) {
            throw new OnSecurityOAuth2AuthenticationException(new OnSecurityError(OnSecurityErrorCodes.INVALID_USER.getValue(), (String) null, "The user to which the access token belongs is invalid.", "https://github.com/On-Security/on-security/issues"));
        }
        OnSecurityAccessAuthorizationAuthenticationToken.Builder withUserAndSession = OnSecurityAccessAuthorizationAuthenticationToken.withUserAndSession(selectOne, findByToken);
        List<UserAuthorizationResource> findByUserId = this.resourceService.findByUserId(findByToken.getUserId());
        if (!ObjectUtils.isEmpty(findByUserId)) {
            withUserAndSession.userAuthorizationResourceList(findByUserId);
        }
        List<UserAuthorizationAttribute> findByUserId2 = this.attributeService.findByUserId(selectOne.getId());
        if (!ObjectUtils.isEmpty(findByUserId2)) {
            withUserAndSession.userAuthorizationAttributeList(findByUserId2);
        }
        List<UserAuthorizationRole> findByUserId3 = this.roleService.findByUserId(selectOne.getId());
        if (!ObjectUtils.isEmpty(findByUserId3)) {
            withUserAndSession.userAuthorizationRoleList(findByUserId3);
        }
        return withUserAndSession.build();
    }

    public boolean supports(Class<?> cls) {
        return OnSecurityAccessAuthorizationRequestToken.class.isAssignableFrom(cls);
    }
}
