package com.supwisdom.infras.security.utils;

import com.supwisdom.infras.security.cert.CertUtil;
import com.supwisdom.infras.security.token.store.redis.JWTTokenRedisStore;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/infras-security-0.1.1-SNAPSHOT.jar:com/supwisdom/infras/security/utils/JWTTokenUtil.class */
public class JWTTokenUtil implements InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JWTTokenUtil.class);
    private static ConcurrentMap<String, Long> mapTokenExpiration = new ConcurrentHashMap();

    @Autowired(required = false)
    private JWTTokenRedisStore redisTokenStore;

    @Value("${infras.security.jwt.iss:supwisdom}")
    private String issuer;

    @Value("${infras.security.jwt.jti:supwisdom-jwt}")
    private String jti;

    @Value("${infras.security.jwt.expiration:2592000}")
    private Long expiration;

    @Value("${infras.security.jwt.kickout.enabled:false}")
    private boolean kickoutEnabled;

    @Value("${infras.security.jwt.key-alias:supwisdom-jwt-key}")
    private String keyAlias;

    @Value("${infras.security.jwt.key-password:kingstar}")
    private String keyPassword;

    @Value("${infras.security.jwt.key-store:}")
    private String keyStore;

    @Value("${infras.security.jwt.key-store-password:kingstar}")
    private String keyStorePassword;

    @Value("${infras.security.jwt.public-key-pem:}")
    private String publicKeyPem;

    @Value("${infras.security.jwt.private-key-pem-pkcs8:}")
    private String privateKeyPemPKCS8;
    private KeyPair keyPair;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        initKey();
    }

    public void initKey() {
        try {
            this.keyPair = CertUtil.initKeyFromPem(this.publicKeyPem, this.privateKeyPemPKCS8);
            logger.debug("init keyPair from pem");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            try {
                this.keyPair = CertUtil.initKeyFromKeyStore(this.keyStore, this.keyStorePassword, this.keyAlias, this.keyPassword);
                logger.debug("init keyPair from keyStore");
            } catch (IOException e2) {
                e2.printStackTrace();
            } catch (KeyStoreException e3) {
                e3.printStackTrace();
            } catch (NoSuchAlgorithmException e4) {
                e4.printStackTrace();
            } catch (UnrecoverableKeyException e5) {
                e5.printStackTrace();
            } catch (CertificateException e6) {
                e6.printStackTrace();
            }
        } catch (InvalidKeySpecException e7) {
            e7.printStackTrace();
            this.keyPair = CertUtil.initKeyFromKeyStore(this.keyStore, this.keyStorePassword, this.keyAlias, this.keyPassword);
            logger.debug("init keyPair from keyStore");
        }
    }

    public RSAPublicKey getPublicKey() {
        return (RSAPublicKey) this.keyPair.getPublic();
    }

    public RSAPrivateKey getPrivateKey() {
        return (RSAPrivateKey) this.keyPair.getPrivate();
    }

    public String getPublicKeyPem() {
        return CertUtil.publicKeyToPem(getPublicKey());
    }

    private void storeTokenExpiration(String str, Long l) {
        if (this.kickoutEnabled) {
            logger.debug("store <token, expiration> to Map");
            mapTokenExpiration.put(str, l);
            if (this.redisTokenStore != null) {
                logger.debug("store <token, expiration> to Redis");
                this.redisTokenStore.storeTokenExpiration(str, l);
            }
        }
    }

    private Long loadTokenExpiration(String str) {
        if (!this.kickoutEnabled) {
            return Long.MAX_VALUE;
        }
        if (this.redisTokenStore != null) {
            logger.debug("load <token, expiration> from Redis");
            return this.redisTokenStore.loadTokenExpiration(str, -1L);
        }
        logger.debug("load <token, expiration> from Map");
        return mapTokenExpiration.getOrDefault(str, -1L);
    }

    public String generateToken(Map<String, Object> map) {
        Date date = new Date(System.currentTimeMillis() + (this.expiration.longValue() * 1000));
        String compact = Jwts.builder().setClaims(map).setIssuer(this.issuer).setId(this.jti).setIssuedAt(new Date(System.currentTimeMillis())).setExpiration(date).signWith(SignatureAlgorithm.RS512, getPrivateKey()).compact();
        storeTokenExpiration(compact, Long.valueOf(date.getTime()));
        return compact;
    }

    public Claims getClaimsFromToken(String str) {
        Claims claims;
        try {
            claims = Jwts.parser().setSigningKey(getPublicKey()).parseClaimsJws(str).getBody();
        } catch (Exception e) {
            claims = null;
        }
        return claims;
    }

    public Boolean isTokenExpired(String str) {
        try {
            Date expiration = getClaimsFromToken(str).getExpiration();
            Date date = new Date();
            if (loadTokenExpiration(str).longValue() < date.getTime()) {
                return true;
            }
            return Boolean.valueOf(expiration.before(date));
        } catch (Exception e) {
            return false;
        }
    }

    public String refreshToken(String str) {
        String str2;
        try {
            Claims claimsFromToken = getClaimsFromToken(str);
            claimsFromToken.put("created", new Date());
            str2 = generateToken(claimsFromToken);
        } catch (Exception e) {
            str2 = null;
        }
        return str2;
    }

    public Boolean validateToken(String str, String str2) {
        return Boolean.valueOf(getClaimsFromToken(str).getSubject().equals(str2) && !isTokenExpired(str).booleanValue());
    }

    public void expireToken(String str) {
        if (isTokenExpired(str).booleanValue()) {
            return;
        }
        storeTokenExpiration(str, -1L);
    }
}
