package cn.insmart.iam.resource.validator;

import cn.insmart.fx.common.lang.util.Message;
import cn.insmart.fx.web.util.IpUtils;
import cn.insmart.iam.common.constant.Claims;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:BOOT-INF/lib/iam-resource-starter-IAM.2022.2.16.jar:cn/insmart/iam/resource/validator/HostValidator.class */
public class HostValidator implements OAuth2TokenValidator<Jwt> {
    @Override // org.springframework.security.oauth2.core.OAuth2TokenValidator
    public OAuth2TokenValidatorResult validate(Jwt jwt) {
        List<String> claimAsStringList = jwt.getClaimAsStringList(Claims.HOST);
        if (CollectionUtils.isEmpty(claimAsStringList)) {
            return OAuth2TokenValidatorResult.success();
        }
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
        Assert.notNull(request, "http request is null!");
        String ip = IpUtils.getIp(request);
        Assert.hasText(ip, "ip is null");
        Stream<R> map = claimAsStringList.stream().map(str -> {
            return str.endsWith("*") ? str.substring(0, str.length() - 1) : str;
        });
        Objects.requireNonNull(ip);
        return map.anyMatch(ip::startsWith) ? OAuth2TokenValidatorResult.success() : OAuth2TokenValidatorResult.failure(new OAuth2Error("invalid_token", Message.of("Invalid token ip {} does not allow to access, allowed host {}", ip, claimAsStringList), null));
    }
}
