package com.mapr.admin.security;

import com.google.gson.Gson;
import com.mapr.admin.service.AdminService;
import com.mapr.admin.service.impl.MapRAdminService;
import com.mapr.admin.util.JwtUtils;
import com.mapr.admin.util.Oauth2Util;
import com.mapr.baseutils.sso.JwtValidator;
import java.security.InvalidParameterException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/mapr/admin/security/JwtAuthenticationProvider.class */
public class JwtAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LogManager.getLogger((Class<?>) JwtAuthenticationProvider.class);
    AdminService adminService = new MapRAdminService();

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        try {
            String token = ((JwtAuthToken) authentication).getToken();
            JwtValidator jwtValidator = Oauth2Util.getInstance().getJwtValidator();
            jwtValidator.validate(token);
            List claimAsList = jwtValidator.getClaimAsList(token, "gids");
            String claim = jwtValidator.getClaim(token, "uid");
            if (claimAsList == null || StringUtils.isBlank(claim)) {
                throw new Exception("missing uid or gid in sso token");
            }
            String userName = jwtValidator.getUserName(token);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            JwtAuthToken jwtAuthToken = new JwtAuthToken(token, userName, arrayList);
            SecurityContextHolder.getContext().setAuthentication(jwtAuthToken);
            return jwtAuthToken;
        } catch (Exception e) {
            throw new AuthenticationServiceException("JWT validation failed: " + e.getMessage());
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return JwtAuthToken.class.isAssignableFrom(cls);
    }

    private String validate(String str) throws Exception {
        JwtPayload jwtPayload = (JwtPayload) new Gson().fromJson(new String(Base64.getUrlDecoder().decode(JwtUtils.verifyToken(str).getPayload())), JwtPayload.class);
        if (StringUtils.isBlank(jwtPayload.getGiven_name())) {
            throw new InvalidParameterException("missing given_name field in claim");
        }
        return jwtPayload.getGiven_name();
    }
}
