package com.iscas.base.biz.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.iscas.base.biz.autoconfigure.auth.TokenProps;
import com.iscas.base.biz.config.Constants;
import com.iscas.base.biz.service.IAuthCacheService;
import com.iscas.common.tools.core.date.DateRaiseUtils;
import com.iscas.common.tools.core.io.file.ConfigUtils;
import com.iscas.templet.exception.Exceptions;
import com.iscas.templet.exception.ValidTokenException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:com/iscas/base/biz/util/JWTUtils.class */
public class JWTUtils {
    public static final String SECRET = "ISCAS";
    public static final String ISS = "1234567890";

    /* loaded from: input_file:com/iscas/base/biz/util/JWTUtils$AlgorithmType.class */
    public enum AlgorithmType {
        HMAC256("hmac256"),
        RSA("rsa");

        private final String value;

        public String getValue() {
            return this.value;
        }

        AlgorithmType(String str) {
            this.value = str;
        }

        public static AlgorithmType getEnum(String str) {
            return (AlgorithmType) Arrays.stream(values()).filter(algorithmType -> {
                return algorithmType.value.equalsIgnoreCase(str);
            }).findFirst().orElse(null);
        }
    }

    private JWTUtils() {
    }

    public static String createToken(String str, int i) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        return createToken(str, i, AlgorithmType.HMAC256);
    }

    public static String createToken(String str, int i, AlgorithmType algorithmType) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        Date date = new Date();
        Date afterOffsetDate = DateRaiseUtils.afterOffsetDate(i * 60 * 1000);
        HashMap hashMap = new HashMap(8);
        hashMap.put("alg", "HS256");
        hashMap.put("typ", "JWT");
        String doCreateToken = doCreateToken(str, date, afterOffsetDate, hashMap, algorithmType);
        CacheUtils.putCache(Constants.AUTH_CACHE, doCreateToken, date);
        return doCreateToken;
    }

    public static Map<String, Claim> verifyToken(String str) throws IOException, ValidTokenException, NoSuchAlgorithmException, InvalidKeySpecException {
        return verifyToken(str, AlgorithmType.HMAC256);
    }

    public static Map<String, Claim> verifyToken(String str, AlgorithmType algorithmType) throws IOException, ValidTokenException, NoSuchAlgorithmException, InvalidKeySpecException {
        JWTVerifier build;
        if (CacheUtils.getCache(Constants.AUTH_CACHE, str, String.class) == null) {
            throw Exceptions.validTokenException("登录凭证校验失败", "token:" + str + "不存在或已经被注销");
        }
        Algorithm verifyAlgorithm = getVerifyAlgorithm(algorithmType);
        switch (algorithmType) {
            case HMAC256:
                build = JWT.require(verifyAlgorithm).build();
                break;
            case RSA:
                build = JWT.require(verifyAlgorithm).withIssuer(ISS).build();
                break;
            default:
                throw Exceptions.formatUnsupportedOperationException("不支持的加密算法类型:[{}]", new Object[]{algorithmType});
        }
        try {
            return build.verify(str).getClaims();
        } catch (Exception e) {
            throw Exceptions.validTokenException("登录凭证校验失败", "token:" + str + "校验失败", e);
        }
    }

    public static DecodedJWT decodeHMAC256(String str, String str2) throws UnsupportedEncodingException {
        return JWT.require(Algorithm.HMAC256(str2)).build().verify(str);
    }

    public static String getLoginUsername() {
        String token = AuthUtils.getToken();
        if (token == null) {
            throw Exceptions.authenticationRuntimeException("未携带身份认证信息", "header中未携带 Authorization 或未携带cookie或cookie中无Authorization");
        }
        try {
            String asString = verifyToken(token, ((TokenProps) SpringUtils.getBean(TokenProps.class)).getCreatorMode()).get("username").asString();
            if (asString == null) {
                throw Exceptions.validTokenException("token 校验失败, username不存在");
            }
            if (((IAuthCacheService) SpringUtils.getApplicationContext().getBean(IAuthCacheService.class)).listContains("user-token:" + asString, token)) {
                return asString;
            }
            throw Exceptions.authenticationRuntimeException("身份认证信息有误", "token有误或已被注销");
        } catch (ValidTokenException | IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw Exceptions.authenticationRuntimeException("未获取到当前登录的用户信息", e);
        }
    }

    private static Algorithm createRsaAlgorithm(Boolean bool) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        RSAPrivateKey rSAPrivateKey = null;
        RSAPublicKey rSAPublicKey = null;
        if (bool == null || bool.booleanValue()) {
            InputStream inOutConfigStream = ConfigUtils.getInOutConfigStream("/rsakey/pkcs8_private.key");
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                inOutConfigStream.transferTo(byteArrayOutputStream);
                rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(byteArrayOutputStream.toByteArray()));
                if (Collections.singletonList(inOutConfigStream).get(0) != null) {
                    inOutConfigStream.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(inOutConfigStream).get(0) != null) {
                    inOutConfigStream.close();
                }
                throw th;
            }
        } else {
            PemReader pemReader = new PemReader(new InputStreamReader(ConfigUtils.getInOutConfigStream("/rsakey/rsa-public-key.pem")));
            try {
                rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(pemReader.readPemObject().getContent()));
                if (Collections.singletonList(pemReader).get(0) != null) {
                    pemReader.close();
                }
            } catch (Throwable th2) {
                if (Collections.singletonList(pemReader).get(0) != null) {
                    pemReader.close();
                }
                throw th2;
            }
        }
        return Algorithm.RSA256(rSAPublicKey, rSAPrivateKey);
    }

    private static String doCreateToken(String str, Date date, Date date2, Map<String, Object> map, AlgorithmType algorithmType) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        String str2;
        int i = -1;
        if (str.contains(";")) {
            String[] split = str.split(";");
            i = Integer.parseInt(split[0]);
            str2 = split[1];
        } else {
            str2 = str;
        }
        switch (algorithmType) {
            case HMAC256:
                return JWT.create().withHeader(map).withClaim("username", str2).withClaim("userId", Integer.valueOf(i)).withClaim("date", date).withExpiresAt(date2).withIssuedAt(date).sign(Algorithm.HMAC256(SECRET));
            case RSA:
                return JWT.create().withHeader(map).withIssuer(ISS).withClaim("username", str2).withClaim("userId", Integer.valueOf(i)).withClaim("date", date).withClaim("sub", ISS).withClaim("iss", ISS).withExpiresAt(date2).withIssuedAt(date).sign(createRsaAlgorithm(true));
            default:
                throw Exceptions.formatUnsupportedOperationException("不支持的加密算法类型:[{}]", new Object[]{algorithmType});
        }
    }

    private static Algorithm getVerifyAlgorithm(AlgorithmType algorithmType) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        switch (algorithmType) {
            case HMAC256:
                return Algorithm.HMAC256(SECRET);
            case RSA:
                return createRsaAlgorithm(false);
            default:
                throw Exceptions.formatUnsupportedOperationException("不支持的加密算法类型:[{}]", new Object[]{algorithmType});
        }
    }
}
