package net.ibizsys.central.cloud.core.sysutil;

import com.nimbusds.jwt.SignedJWT;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Clock;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.DefaultClock;
import java.util.Date;
import java.util.function.Function;
import net.ibizsys.central.cloud.core.security.IAuthenticationUser;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:net/ibizsys/central/cloud/core/sysutil/JWTSysUAAUtilRuntime.class */
public class JWTSysUAAUtilRuntime extends SysUAAUtilRuntimeBase {
    private static final Log log = LogFactory.getLog(JWTSysUAAUtilRuntime.class);
    private String secret;
    private Clock clock = DefaultClock.INSTANCE;
    private boolean enableSignedJWT = false;

    protected String getSecret() {
        return this.secret;
    }

    protected void setSecret(String str) {
        this.secret = str;
    }

    protected Clock getClock() {
        return this.clock;
    }

    protected void setClock(Clock clock) {
        this.clock = clock;
    }

    protected boolean isEnableSignedJWT(String str) {
        return this.enableSignedJWT;
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase
    protected boolean onValidateToken(String str, IAuthenticationUser iAuthenticationUser) throws Throwable {
        return getUsernameFromToken(str).contentEquals(iAuthenticationUser.getUsername()) && !getExpirationDateFromToken(str).before(this.clock.now());
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase
    protected String onGetUsernameFromToken(String str) throws Throwable {
        return !isEnableSignedJWT(str) ? (String) getClaimFromToken(str, (v0) -> {
            return v0.getSubject();
        }) : SignedJWT.parse(str).getJWTClaimsSet().getSubject();
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase
    protected Date onGetExpirationDateFromToken(String str) throws Throwable {
        return !isEnableSignedJWT(str) ? (Date) getClaimFromToken(str, (v0) -> {
            return v0.getExpiration();
        }) : SignedJWT.parse(str).getJWTClaimsSet().getExpirationTime();
    }

    protected <T> T getClaimFromToken(String str, Function<Claims, T> function) throws Throwable {
        return function.apply(getAllClaimsFromToken(str));
    }

    protected Claims getAllClaimsFromToken(String str) throws Throwable {
        return (Claims) Jwts.parser().setSigningKey(getPublicKey(getPublicKeyString())).parseClaimsJws(str).getBody();
    }
}
