package pl.decerto.hyperon.rest.configuration.security.jwt;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import pl.decerto.hyperon.common.security.dao.UserManagementDao;
import pl.decerto.hyperon.common.security.domain.SystemUserJPA;

@ConditionalOnProperty(name = {"authType"}, havingValue = "jwt")
@Service
/* loaded from: input_file:pl/decerto/hyperon/rest/configuration/security/jwt/JwtUserDetailsService.class */
class JwtUserDetailsService {
    private static final Logger log = LoggerFactory.getLogger(JwtUserDetailsService.class);
    private final UserManagementDao userManagementDao;

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserDetails loadUser(Jws<Claims> jws) {
        String claimOrThrow = JwtTokenUtils.getClaimOrThrow(JwtTokenUtils.PAYLOAD_USER_LOGIN, jws);
        String claimOrThrow2 = JwtTokenUtils.getClaimOrThrow(JwtTokenUtils.PAYLOAD_FIRST_NAME, jws);
        String claimOrThrow3 = JwtTokenUtils.getClaimOrThrow(JwtTokenUtils.PAYLOAD_LAST_NAME, jws);
        String claimOrThrow4 = JwtTokenUtils.getClaimOrThrow(JwtTokenUtils.PAYLOAD_EMAIL, jws);
        SystemUserJPA findByLogin = this.userManagementDao.findByLogin(claimOrThrow);
        if (findByLogin == null) {
            throw new JwtTokenNotValidException(String.format("Cannot find user with login: '%s' from token", claimOrThrow));
        }
        if (isClaimsObjectNotValid(findByLogin, claimOrThrow2, claimOrThrow3, claimOrThrow4)) {
            throw new JwtTokenNotValidException("Payload values from JWT token are not equal with loaded user");
        }
        return User.withUsername(claimOrThrow).authorities(new String[]{claimOrThrow2, claimOrThrow3, claimOrThrow4}).password("").accountExpired(false).accountLocked(false).credentialsExpired(false).disabled(false).build();
    }

    private boolean isClaimsObjectNotValid(SystemUserJPA systemUserJPA, String str, String str2, String str3) {
        return (str.equals(systemUserJPA.getFirstName()) && str2.equals(systemUserJPA.getLastName()) && str3.equals(systemUserJPA.getEmail())) ? false : true;
    }

    public JwtUserDetailsService(UserManagementDao userManagementDao) {
        this.userManagementDao = userManagementDao;
    }
}
