package cn.herodotus.engine.oauth2.authorization.customizer;

import cn.herodotus.engine.assistant.core.support.BearerTokenResolver;
import cn.herodotus.engine.assistant.definition.domain.oauth2.PrincipalDetails;
import cn.herodotus.engine.oauth2.core.utils.PrincipalUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authorization/customizer/HerodotusBearerTokenResolver.class */
public class HerodotusBearerTokenResolver implements BearerTokenResolver {
    private static final Logger log = LoggerFactory.getLogger(HerodotusBearerTokenResolver.class);
    private final JwtDecoder jwtDecoder;
    private final OpaqueTokenIntrospector opaqueTokenIntrospector;
    private final boolean isRemoteValidate;

    public HerodotusBearerTokenResolver(JwtDecoder jwtDecoder, OpaqueTokenIntrospector opaqueTokenIntrospector, boolean z) {
        this.jwtDecoder = jwtDecoder;
        this.opaqueTokenIntrospector = opaqueTokenIntrospector;
        this.isRemoteValidate = z;
    }

    public PrincipalDetails resolve(String str) {
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("token can not be null");
        }
        BearerTokenAuthenticationToken bearerTokenAuthenticationToken = new BearerTokenAuthenticationToken(str);
        if (this.isRemoteValidate) {
            OAuth2AuthenticatedPrincipal opaque = getOpaque(bearerTokenAuthenticationToken);
            if (!ObjectUtils.isNotEmpty(opaque)) {
                return null;
            }
            PrincipalDetails principalDetails = PrincipalUtils.toPrincipalDetails(opaque);
            log.debug("[Herodotus] |- Resolve OPAQUE token to principal details [{}]", principalDetails);
            return principalDetails;
        }
        Jwt jwt = getJwt(bearerTokenAuthenticationToken);
        if (!ObjectUtils.isNotEmpty(jwt)) {
            return null;
        }
        PrincipalDetails principalDetails2 = PrincipalUtils.toPrincipalDetails(jwt);
        log.debug("[Herodotus] |- Resolve JWT token to principal details [{}]", principalDetails2);
        return principalDetails2;
    }

    private Jwt getJwt(BearerTokenAuthenticationToken bearerTokenAuthenticationToken) {
        try {
            return this.jwtDecoder.decode(bearerTokenAuthenticationToken.getToken());
        } catch (JwtException e) {
            log.warn("[Herodotus] |- Failed to decode JWT, catch exception", e);
            return null;
        } catch (BadJwtException e2) {
            log.warn("[Herodotus] |- Failed to decode since the JWT was invalid");
            return null;
        }
    }

    private OAuth2AuthenticatedPrincipal getOpaque(BearerTokenAuthenticationToken bearerTokenAuthenticationToken) {
        try {
            return this.opaqueTokenIntrospector.introspect(bearerTokenAuthenticationToken.getToken());
        } catch (BadOpaqueTokenException e) {
            log.warn("Failed to introspect since the Opaque was invalid");
            return null;
        } catch (OAuth2IntrospectionException e2) {
            log.warn("[Herodotus] |- Failed to introspect Opaque, catch exception", e2);
            return null;
        }
    }
}
