package com.cleveranalytics.service.authn.authentication;

import com.cleveranalytics.service.authn.exception.AccountNotFoundException;
import com.cleveranalytics.service.authn.rest.dto.AccountIdentity;
import java.util.Collection;
import java.util.HashSet;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/authn-client-1.0.0-SNAPSHOT.jar:com/cleveranalytics/service/authn/authentication/AccountIdentityJwtAuthenticationConverter.class */
public class AccountIdentityJwtAuthenticationConverter implements Converter<Jwt, AccountIdentityJwtAuthenticationToken> {
    @Override // org.springframework.core.convert.converter.Converter
    public AccountIdentityJwtAuthenticationToken convert(Jwt jwt) {
        return new AccountIdentityJwtAuthenticationToken(jwt, buildAccountIdentity(jwt), getPlatformRoleAuthorities(jwt));
    }

    protected Collection<GrantedAuthority> getPlatformRoleAuthorities(Jwt jwt) {
        HashSet hashSet = new HashSet();
        String platformRole = getPlatformRole(jwt);
        if (StringUtils.hasText(platformRole)) {
            AccountIdentityService.logger.trace("granting a platform role={}", platformRole);
            hashSet.add(new SimpleGrantedAuthority(platformRole));
        }
        return hashSet;
    }

    private String getPlatformRole(Jwt jwt) {
        return jwt.containsClaim("can_platform_role").booleanValue() ? jwt.getClaimAsString("can_platform_role") : "";
    }

    protected AccountIdentity buildAccountIdentity(Jwt jwt) {
        if (jwt == null) {
            throw new AuthenticationCredentialsNotFoundException("Jwt token parameter must not be null");
        }
        if (jwt.getClaimAsString("uid") == null) {
            throw new AccountNotFoundException("Cannot build and account. Jwt claims does not contains required claim 'uid'.");
        }
        if (jwt.getClaimAsString("email") == null) {
            throw new AccountNotFoundException("Cannot build and account. Jwt claims does not contains required claim 'email'.");
        }
        AccountIdentity accountIdentity = new AccountIdentity();
        accountIdentity.setId(jwt.getClaimAsString("uid"));
        accountIdentity.setEmail(jwt.getClaimAsString("email"));
        AccountIdentityService.logger.trace("Created an account identity={}", accountIdentity.toString());
        return accountIdentity;
    }
}
