package com.supwisdom.insititute.token.server.security.domain.utils;

import com.supwisdom.insititute.token.server.core.utils.RandomValueStringGenerator;
import com.supwisdom.insititute.token.server.security.domain.token.store.JWTTokenStore;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.0.9-RELEASE.jar:com/supwisdom/insititute/token/server/security/domain/utils/JWTTokenUtil.class */
public class JWTTokenUtil implements InitializingBean {
    private static final String ID_TOKEN_PREFIX = "Id-Token-";
    private RandomValueStringGenerator randomValueStringGenerator = new RandomValueStringGenerator(16);

    @Autowired(required = false)
    private JWTTokenStore redisJWTTokenStore;

    @Value("${token-server.security.jwt.iss:token.supwisdom.com}")
    private String iss;

    @Value("${token-server.security.jwt.expiration:2592000}")
    private Long expiration;

    @Value("${token-server.security.jwt.kickout.enabled:false}")
    private boolean kickoutEnabled;

    @Value("${token-server.security.jwt.key-alias:supwisdom-jwt-key}")
    private String keyAlias;

    @Value("${token-server.security.jwt.key-password:kingstar}")
    private String keyPassword;

    @Value("${token-server.security.jwt.key-store:}")
    private String keyStore;

    @Value("${token-server.security.jwt.key-store-password:kingstar}")
    private String keyStorePassword;

    @Value("${token-server.security.jwt.public-key-pem:}")
    private String publicKeyPem;

    @Value("${token-server.security.jwt.private-key-pem-pkcs8:}")
    private String privateKeyPemPKCS8;
    private KeyPair keyPair;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JWTTokenUtil.class);
    private static ConcurrentMap<String, Long> mapTokenExpiration = new ConcurrentHashMap();

    private String generateJTI() {
        return ID_TOKEN_PREFIX + this.randomValueStringGenerator.generate();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        initKey();
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0085  */
    /* JADX WARN: Removed duplicated region for block: B:18:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void initKey() throws java.lang.Exception {
        /*
            r6 = this;
            r0 = r6
            r1 = r6
            java.lang.String r1 = r1.publicKeyPem     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            r2 = r6
            java.lang.String r2 = r2.privateKeyPemPKCS8     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            java.security.KeyPair r1 = com.supwisdom.insititute.token.server.security.domain.utils.CertUtil.initKeyFromPem(r1, r2)     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            r0.keyPair = r1     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            org.slf4j.Logger r0 = com.supwisdom.insititute.token.server.security.domain.utils.JWTTokenUtil.logger     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            java.lang.String r1 = "init keyPair from pem"
            r0.debug(r1)     // Catch: java.security.NoSuchAlgorithmException -> L1a java.security.spec.InvalidKeySpecException -> L22 java.lang.Exception -> L2a
            return
        L1a:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L2f
        L22:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L2f
        L2a:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
        L2f:
            r0 = r6
            r1 = r6
            java.lang.String r1 = r1.keyStore     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            r2 = r6
            java.lang.String r2 = r2.keyStorePassword     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            r3 = r6
            java.lang.String r3 = r3.keyAlias     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            r4 = r6
            java.lang.String r4 = r4.keyPassword     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            java.security.KeyPair r1 = com.supwisdom.insititute.token.server.security.domain.utils.CertUtil.initKeyFromKeyStore(r1, r2, r3, r4)     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            r0.keyPair = r1     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            org.slf4j.Logger r0 = com.supwisdom.insititute.token.server.security.domain.utils.JWTTokenUtil.logger     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            java.lang.String r1 = "init keyPair from keyStore"
            r0.debug(r1)     // Catch: java.security.UnrecoverableKeyException -> L51 java.security.KeyStoreException -> L59 java.security.cert.CertificateException -> L61 java.io.IOException -> L69 java.security.NoSuchAlgorithmException -> L71 java.lang.Exception -> L79
            return
        L51:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L7e
        L59:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L7e
        L61:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L7e
        L69:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L7e
        L71:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
            goto L7e
        L79:
            r7 = move-exception
            r0 = r7
            r0.printStackTrace()
        L7e:
            r0 = r6
            java.security.KeyPair r0 = r0.keyPair
            if (r0 != 0) goto L8f
            org.slf4j.Logger r0 = com.supwisdom.insititute.token.server.security.domain.utils.JWTTokenUtil.logger
            java.lang.String r1 = "init keyPair error, keyPair not config"
            r0.warn(r1)
        L8f:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.supwisdom.insititute.token.server.security.domain.utils.JWTTokenUtil.initKey():void");
    }

    public RSAPublicKey getPublicKey() {
        return (RSAPublicKey) this.keyPair.getPublic();
    }

    public RSAPrivateKey getPrivateKey() {
        return (RSAPrivateKey) this.keyPair.getPrivate();
    }

    public String getPublicKeyPem() {
        return CertUtil.publicKeyToPem(getPublicKey());
    }

    private void storeTokenExpiration(String str, Long l) {
        if (this.kickoutEnabled) {
            logger.debug("store <token, expiration> to Map");
            mapTokenExpiration.put(str, l);
            if (this.redisJWTTokenStore != null) {
                logger.debug("store <token, expiration> to Redis");
                this.redisJWTTokenStore.storeTokenExpiration(str, l);
            }
        }
    }

    private Long loadTokenExpiration(String str) {
        if (!this.kickoutEnabled) {
            return Long.MAX_VALUE;
        }
        if (this.redisJWTTokenStore != null) {
            logger.debug("load <token, expiration> from Redis");
            return this.redisJWTTokenStore.loadTokenExpiration(str, -1L);
        }
        logger.debug("load <token, expiration> from Map");
        return mapTokenExpiration.getOrDefault(str, -1L);
    }

    public String generateToken(Map<String, Object> map) {
        String generateJTI = generateJTI();
        Date date = new Date(System.currentTimeMillis() + (this.expiration.longValue() * 1000));
        String compact = Jwts.builder().setClaims(map).setId(generateJTI).setIssuer(this.iss).setIssuedAt(new Date(System.currentTimeMillis())).setExpiration(date).signWith(SignatureAlgorithm.RS512, getPrivateKey()).compact();
        storeTokenExpiration(compact, Long.valueOf(date.getTime()));
        return compact;
    }

    public Claims getClaimsFromToken(String str) {
        Claims claims;
        try {
            claims = Jwts.parser().setSigningKey(getPublicKey()).requireIssuer(this.iss).parseClaimsJws(str).getBody();
        } catch (Exception e) {
            claims = null;
        }
        return claims;
    }

    public Boolean isTokenExpired(String str) {
        try {
            Date expiration = getClaimsFromToken(str).getExpiration();
            Date date = new Date();
            if (loadTokenExpiration(str).longValue() < date.getTime()) {
                return true;
            }
            return Boolean.valueOf(expiration.before(date));
        } catch (Exception e) {
            return true;
        }
    }

    public String refreshToken(String str) {
        String str2;
        try {
            str2 = generateToken(getClaimsFromToken(str));
        } catch (Exception e) {
            str2 = null;
        }
        return str2;
    }

    public Boolean validateToken(String str, String str2) {
        return Boolean.valueOf(getClaimsFromToken(str).getSubject().equals(str2) && !isTokenExpired(str).booleanValue());
    }

    public void expireToken(String str) {
        if (isTokenExpired(str).booleanValue()) {
            return;
        }
        storeTokenExpiration(str, -1L);
    }
}
