package com.dtt.ora.common.security.component;

import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.StrUtil;
import com.dtt.ora.common.core.constant.CommonConstants;
import com.dtt.ora.common.core.constant.SecurityConstants;
import com.dtt.ora.common.security.exception.OraAuth2Exception;
import com.dtt.ora.common.security.service.OraUser;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:BOOT-INF/lib/ora-common-security-3.9.0.jar:com/dtt/ora/common/security/component/OraUserAuthenticationConverter.class */
public class OraUserAuthenticationConverter implements UserAuthenticationConverter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OraUserAuthenticationConverter.class);
    private static final String N_A = "N/A";

    @Override // org.springframework.security.oauth2.provider.token.UserAuthenticationConverter
    public Map<String, ?> convertUserAuthentication(Authentication authentication) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(UserAuthenticationConverter.USERNAME, authentication.getName());
        if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
            linkedHashMap.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
        }
        return linkedHashMap;
    }

    @Override // org.springframework.security.oauth2.provider.token.UserAuthenticationConverter
    public Authentication extractAuthentication(Map<String, ?> map) {
        if (!map.containsKey(UserAuthenticationConverter.USERNAME)) {
            return null;
        }
        Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
        Map<String, ?> map2 = (Map) MapUtil.get(map, SecurityConstants.DETAILS_USER, Map.class);
        validateTenantId(map2);
        String str = MapUtil.getStr(map2, "username");
        return new UsernamePasswordAuthenticationToken(new OraUser(MapUtil.getInt(map2, "id"), MapUtil.getInt(map2, SecurityConstants.DETAILS_DEPT_ID), MapUtil.getStr(map2, SecurityConstants.DETAILS_PHONE), MapUtil.getStr(map2, SecurityConstants.DETAILS_AVATAR), MapUtil.getInt(map2, "tenantId"), str, N_A, true, true, true, true, authorities), N_A, authorities);
    }

    private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map) {
        Object obj = map.get("authorities");
        return obj instanceof String ? AuthorityUtils.commaSeparatedStringToAuthorityList((String) obj) : obj instanceof Collection ? AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils.collectionToCommaDelimitedString((Collection) obj)) : AuthorityUtils.NO_AUTHORITIES;
    }

    private void validateTenantId(Map<String, ?> map) {
        String currentTenantId = getCurrentTenantId();
        Integer num = MapUtil.getInt(map, "tenantId");
        if (!StrUtil.isNotBlank(currentTenantId) || num.toString().equals(currentTenantId)) {
            return;
        }
        log.warn("请求头中的租户ID({})和用户的租户ID({})不一致", currentTenantId, num);
        throw new OraAuth2Exception(SpringSecurityMessageSource.getAccessor().getMessage("AbstractUserDetailsAuthenticationProvider.badTenantId", "Bad tenant ID"));
    }

    private Optional<HttpServletRequest> getCurrentHttpRequest() {
        return Optional.ofNullable(RequestContextHolder.getRequestAttributes()).filter(requestAttributes -> {
            return ServletRequestAttributes.class.isAssignableFrom(requestAttributes.getClass());
        }).map(requestAttributes2 -> {
            return (ServletRequestAttributes) requestAttributes2;
        }).map((v0) -> {
            return v0.getRequest();
        });
    }

    private String getCurrentTenantId() {
        return (String) getCurrentHttpRequest().map(httpServletRequest -> {
            return httpServletRequest.getHeader(CommonConstants.TENANT_ID);
        }).orElse(null);
    }
}
