package org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.customizer;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.minbox.framework.on.security.core.authorization.adapter.OnSecurityUserDetails;
import org.minbox.framework.on.security.core.authorization.data.group.SecurityGroupAuthorizeRoleJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.group.SecurityGroupAuthorizeRoleRepository;
import org.minbox.framework.on.security.core.authorization.data.role.SecurityRoleJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.role.SecurityRoleRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserAuthorizeRoleJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserAuthorizeRoleRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserGroupJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserGroupRepository;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/authentication/token/customizer/OnSecurityUserBindGroupJwtClaimsCustomizer.class */
public class OnSecurityUserBindGroupJwtClaimsCustomizer implements OnSecuritySortTokenCustomizer<JwtEncodingContext> {
    private SecurityUserGroupRepository userGroupRepository;
    private SecurityGroupAuthorizeRoleRepository groupAuthorizeRoleRepository;
    private SecurityUserAuthorizeRoleRepository userAuthorizeRoleRepository;
    private SecurityRoleRepository roleRepository;

    public OnSecurityUserBindGroupJwtClaimsCustomizer(JdbcOperations jdbcOperations) {
        Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
        this.userAuthorizeRoleRepository = new SecurityUserAuthorizeRoleJdbcRepository(jdbcOperations);
        this.userGroupRepository = new SecurityUserGroupJdbcRepository(jdbcOperations);
        this.groupAuthorizeRoleRepository = new SecurityGroupAuthorizeRoleJdbcRepository(jdbcOperations);
        this.roleRepository = new SecurityRoleJdbcRepository(jdbcOperations);
    }

    public void customize(JwtEncodingContext jwtEncodingContext) {
        if (jwtEncodingContext.getTokenType() != null) {
            if (OAuth2TokenType.ACCESS_TOKEN.equals(jwtEncodingContext.getTokenType()) || "id_token".equals(jwtEncodingContext.getTokenType().getValue())) {
                OAuth2TokenFormat accessTokenFormat = jwtEncodingContext.getRegisteredClient().getTokenSettings().getAccessTokenFormat();
                if ((!OAuth2TokenType.ACCESS_TOKEN.equals(jwtEncodingContext.getTokenType()) || OAuth2TokenFormat.SELF_CONTAINED.equals(accessTokenFormat)) && (jwtEncodingContext.getPrincipal() instanceof UsernamePasswordAuthenticationToken)) {
                    OnSecurityUserDetails onSecurityUserDetails = (OnSecurityUserDetails) jwtEncodingContext.getPrincipal().getPrincipal();
                    ArrayList arrayList = new ArrayList();
                    List findByUserId = this.userAuthorizeRoleRepository.findByUserId(onSecurityUserDetails.getUserId());
                    if (!ObjectUtils.isEmpty(findByUserId)) {
                        arrayList.addAll((Collection) findByUserId.stream().map((v0) -> {
                            return v0.getRoleId();
                        }).collect(Collectors.toList()));
                    }
                    List findByUserId2 = this.userGroupRepository.findByUserId(onSecurityUserDetails.getUserId());
                    if (!ObjectUtils.isEmpty(findByUserId2)) {
                        findByUserId2.stream().forEach(securityUserGroup -> {
                            List findByGroupId = this.groupAuthorizeRoleRepository.findByGroupId(securityUserGroup.getGroupId());
                            if (ObjectUtils.isEmpty(findByGroupId)) {
                                return;
                            }
                            arrayList.addAll((Collection) findByGroupId.stream().map((v0) -> {
                                return v0.getRoleId();
                            }).collect(Collectors.toList()));
                        });
                    }
                    if (ObjectUtils.isEmpty(arrayList)) {
                        return;
                    }
                    List findByIds = this.roleRepository.findByIds(jwtEncodingContext.getRegisteredClient().getId(), arrayList);
                    if (ObjectUtils.isEmpty(findByIds)) {
                        return;
                    }
                    jwtEncodingContext.getClaims().claim("auth_role", (List) findByIds.stream().map((v0) -> {
                        return v0.getCode();
                    }).collect(Collectors.toList()));
                }
            }
        }
    }
}
