package dev.flyfish.framework.configuration.jwt;

import dev.flyfish.framework.utils.ReactiveRedisOperations;
import dev.flyfish.framework.utils.UUIDUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DecodingException;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecurityException;
import jakarta.annotation.Resource;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:dev/flyfish/framework/configuration/jwt/TokenProvider.class */
public class TokenProvider implements InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(TokenProvider.class);
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String AUTHORITIES_KEY = "auth";
    private static final String TOKEN_BLOCK_PREFIX = "tk_blk_";
    private final Boolean remember;
    private final long tokenValidityInMilliseconds;
    private final long tokenValidityInMillisecondsForRememberMe;

    @Resource
    private ReactiveRedisOperations reactiveRedisOperations;

    @Resource
    private JwtProperties jwtProperties;
    private SecretKey key;

    public TokenProvider(JwtProperties jwtProperties) {
        this.remember = Boolean.valueOf(jwtProperties.isRemember());
        this.tokenValidityInMilliseconds = jwtProperties.getTokenValidityInSeconds() * 1000;
        this.tokenValidityInMillisecondsForRememberMe = jwtProperties.getTokenValidityInSecondsForRememberMe() * 1000;
    }

    public void afterPropertiesSet() {
        this.key = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(this.jwtProperties.getBase64Secret()));
    }

    public Optional<String> retrieveToken(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        String first = request.getHeaders().getFirst(AUTHORIZATION_HEADER);
        return (StringUtils.isNotBlank(first) && first.startsWith("Bearer ")) ? Optional.of(first.substring(7)) : MapUtils.isNotEmpty(request.getCookies()) ? request.getCookies().keySet().stream().filter(str -> {
            return str.equals(AUTHORIZATION_HEADER);
        }).findFirst().flatMap(str2 -> {
            return ((List) request.getCookies().get(str2)).stream().filter(httpCookie -> {
                return StringUtils.isNotBlank(httpCookie.getValue()) && httpCookie.getValue().startsWith("Bearer-");
            }).findFirst();
        }).map(httpCookie -> {
            return httpCookie.getValue().substring(7);
        }) : Optional.empty();
    }

    public void addToken(ServerWebExchange serverWebExchange, Authentication authentication) {
        String createToken = createToken(authentication, this.remember.booleanValue());
        HttpHeaders headers = serverWebExchange.getResponse().getHeaders();
        headers.add("Token", createToken);
        headers.add("Token-Valid-Time", String.valueOf(this.remember.booleanValue() ? this.tokenValidityInMillisecondsForRememberMe : this.tokenValidityInMilliseconds));
    }

    public Mono<Void> removeToken(ServerWebExchange serverWebExchange) {
        return Mono.justOrEmpty(retrieveToken(serverWebExchange)).map(this::parseToken).flatMap(claims -> {
            long time = claims.getExpiration().getTime() - System.currentTimeMillis();
            return this.reactiveRedisOperations.set(getCacheKey(claims.getId()), (Object) true, Duration.ofMillis(time)).then();
        }).onErrorResume(th -> {
            return Mono.empty();
        });
    }

    public String createToken(Authentication authentication, boolean z) {
        return Jwts.builder().subject(authentication.getName()).id(UUIDUtils.generateShortUuid()).claim(AUTHORITIES_KEY, (String) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(","))).signWith(this.key).expiration(new Date(new Date().getTime() + (z ? this.tokenValidityInMillisecondsForRememberMe : this.tokenValidityInMilliseconds))).compact();
    }

    public Authentication getAuthentication(String str) {
        Claims parseToken = parseToken(str);
        Collection collection = (Collection) Arrays.stream(parseToken.get(AUTHORITIES_KEY).toString().split(",")).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
        return new UsernamePasswordAuthenticationToken(new User(parseToken.getSubject(), "", collection), str, collection);
    }

    public Claims parseToken(String str) {
        return (Claims) Jwts.parser().decryptWith(this.key).build().parseEncryptedClaims(str).getPayload();
    }

    private String getCacheKey(String str) {
        return "tk_blk_" + str;
    }

    public Mono<String> validateToken(String str) {
        if (StringUtils.isBlank(str)) {
            log.debug("no valid JWT token found");
            return Mono.empty();
        }
        try {
            Claims parseToken = parseToken(str);
            return this.reactiveRedisOperations.hasKey(getCacheKey(parseToken.getId())).filter(bool -> {
                return !bool.booleanValue();
            }).thenReturn(parseToken.getSubject());
        } catch (ExpiredJwtException e) {
            log.info("Expired JWT token.");
            log.trace("Expired JWT token trace: {}", e, e);
            return Mono.empty();
        } catch (DecodingException e2) {
            log.info("Token解析失败！");
            log.trace("Token解析失败: {}", e2, e2);
            return Mono.empty();
        } catch (SecurityException | MalformedJwtException e3) {
            log.info("Invalid JWT signature.");
            log.trace("Invalid JWT signature trace: {}", e3, e3);
            return Mono.empty();
        } catch (IllegalArgumentException e4) {
            log.info("JWT token compact of handler are invalid.");
            log.trace("JWT token compact of handler are invalid trace: {}", e4, e4);
            return Mono.empty();
        } catch (UnsupportedJwtException e5) {
            log.info("Unsupported JWT token.");
            log.trace("Unsupported JWT token trace: {}", e5, e5);
            return Mono.empty();
        }
    }
}
