package com.supwisdom.institute.cas.site.common.util;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.time.ZonedDateTime;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.util.DateTimeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:com/supwisdom/institute/cas/site/common/util/JJWTTokenUtil.class */
public class JJWTTokenUtil implements InitializingBean {
    private static JJWTTokenUtil instance;
    private ExpirationPolicy expirationPolicy;

    @Value("${cas-server.jwt.iss:cas.supwisdom.com}")
    private String iss;

    @Value("${cas-server.jwt.kickout.enabled:false}")
    private boolean kickoutEnabled;

    @Value("${cas-server.jwt.timeToExpirationInSeconds:0}")
    private Long timeToExpiration;

    @Value("${cas-server.jwt.public-key-pem:}")
    private String publicKeyPem;

    @Value("${cas-server.jwt.private-key-pem-pkcs8:}")
    private String privateKeyPemPKCS8;
    private KeyPair keyPair;
    private static final Logger log = LoggerFactory.getLogger(JJWTTokenUtil.class);
    private static ConcurrentMap<String, Long> mapTokenExpiration = new ConcurrentHashMap();

    public static JJWTTokenUtil instance() {
        return instance;
    }

    public void afterPropertiesSet() throws Exception {
        initKey();
        instance = this;
    }

    public void initKey() {
        try {
            this.keyPair = CertUtil.initKeyFromPem(this.publicKeyPem, this.privateKeyPemPKCS8);
            log.debug("init keyPair from pem");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (InvalidKeySpecException e2) {
            e2.printStackTrace();
        }
    }

    public RSAPublicKey getPublicKey() {
        return (RSAPublicKey) this.keyPair.getPublic();
    }

    public RSAPrivateKey getPrivateKey() {
        return (RSAPrivateKey) this.keyPair.getPrivate();
    }

    public String getPublicKeyPem() {
        return CertUtil.publicKeyToPem(getPublicKey());
    }

    public String getPrivateKeyPem() {
        return CertUtil.privateKeyToPem(getPrivateKey());
    }

    private void storeTokenExpiration(String str, Long l) {
        if (this.kickoutEnabled) {
            log.debug("store <token, expiration> to Map");
            mapTokenExpiration.put(str, l);
        }
    }

    private Long loadTokenExpiration(String str) {
        if (!this.kickoutEnabled) {
            return Long.MAX_VALUE;
        }
        log.debug("load <token, expiration> from Map");
        return mapTokenExpiration.getOrDefault(str, -1L);
    }

    public String bulidToken(String str, String str2, String str3, String str4, Date date, Date date2, Map<String, Object> map) {
        return Jwts.builder().setClaims(map).setId(str).setSubject(str2).setAudience(str3).setIssuer(str4).setIssuedAt(date).setExpiration(date2).signWith(SignatureAlgorithm.RS512, getPrivateKey()).compact();
    }

    public String generateToken(String str, Map<String, Object> map) {
        Date dateOf;
        if (this.timeToExpiration != null && this.timeToExpiration.longValue() > 0) {
            dateOf = DateTimeUtils.dateOf(ZonedDateTime.now().plusSeconds(this.timeToExpiration.longValue()));
        } else if (this.expirationPolicy == null) {
            Calendar calendar = Calendar.getInstance();
            calendar.add(5, 1);
            if (calendar.get(11) > 20) {
                calendar.add(5, 1);
            }
            calendar.set(11, 2);
            calendar.set(12, 0);
            calendar.set(13, 0);
            calendar.set(14, 0);
            dateOf = calendar.getTime();
        } else {
            dateOf = DateTimeUtils.dateOf(ZonedDateTime.now().plusSeconds(this.expirationPolicy.getTimeToIdle().longValue()));
        }
        if (dateOf == null) {
            return null;
        }
        String compact = Jwts.builder().setClaims(map).setId(str).setIssuer(this.iss).setIssuedAt(new Date(System.currentTimeMillis())).setExpiration(dateOf).signWith(SignatureAlgorithm.RS512, getPrivateKey()).compact();
        storeTokenExpiration(compact, Long.valueOf(dateOf.getTime()));
        return compact;
    }

    public Claims getClaimsFromToken(String str) {
        Claims claims;
        try {
            claims = (Claims) Jwts.parser().setSigningKey(getPublicKey()).parseClaimsJws(str).getBody();
        } catch (Exception e) {
            claims = null;
        }
        return claims;
    }

    public Boolean isTokenExpired(String str) {
        try {
            Date expiration = getClaimsFromToken(str).getExpiration();
            Date date = new Date();
            if (loadTokenExpiration(str).longValue() < date.getTime()) {
                return true;
            }
            return Boolean.valueOf(expiration.before(date));
        } catch (Exception e) {
            return true;
        }
    }

    public String refreshToken(String str, String str2) {
        String str3;
        try {
            str3 = generateToken(str, getClaimsFromToken(str2));
        } catch (Exception e) {
            str3 = null;
        }
        return str3;
    }

    public Boolean validateToken(String str, String str2) {
        return Boolean.valueOf(getClaimsFromToken(str).getSubject().equals(str2) && !isTokenExpired(str).booleanValue());
    }

    public void expireToken(String str) {
        if (isTokenExpired(str).booleanValue()) {
            return;
        }
        storeTokenExpiration(str, -1L);
    }

    public void setExpirationPolicy(ExpirationPolicy expirationPolicy) {
        this.expirationPolicy = expirationPolicy;
    }
}
