package cn.omisheep.authz.core.tk;

import cn.omisheep.authz.core.AuthzProperties;
import cn.omisheep.authz.core.TokenException;
import cn.omisheep.authz.core.auth.deviced.Device;
import cn.omisheep.authz.core.config.Constants;
import cn.omisheep.authz.core.helper.BaseHelper;
import cn.omisheep.authz.core.oauth.AuthorizationInfo;
import cn.omisheep.authz.core.util.HttpUtils;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.commons.util.TimeUtils;
import cn.omisheep.commons.util.UUIDBits;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.CompressionCodec;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.servlet.http.Cookie;

/* loaded from: input_file:cn/omisheep/authz/core/tk/TokenHelper.class */
public class TokenHelper extends BaseHelper {
    private static final Long accessTime;
    private static final Long refreshTime;
    private static final int expire;
    private static final String cookieName;
    private static final SecretKey secretKey;
    private static final SignatureAlgorithm alg;
    private static final CompressionCodec codec = CompressionCodecs.GZIP;
    private static final int tokenIdBits;
    private static final String prefix;

    private TokenHelper() {
        throw new UnsupportedOperationException();
    }

    public static boolean hasKey() {
        return secretKey != null;
    }

    public static TokenPair createTokenPair(AuthorizationInfo authorizationInfo) {
        return createTokenPair(authorizationInfo.getUserId(), null, null, authorizationInfo.getClientId(), authorizationInfo.getScope(), authorizationInfo.getGrantType());
    }

    public static TokenPair createTokenPair(Object obj, String str, String str2) {
        return createTokenPair(obj, str, str2, null, null, null);
    }

    public static TokenPair createTokenPair(Object obj, String str, String str2, String str3, String str4, GrantType grantType) {
        Date now = TimeUtils.now();
        Date datePlus = TimeUtils.datePlus(now, accessTime.longValue());
        Date datePlus2 = TimeUtils.datePlus(now, refreshTime.longValue());
        return createTokenPair(obj, str, str2, str3, str4, grantType, UUIDBits.getUUIDBits(tokenIdBits), UUIDBits.getUUIDBits(tokenIdBits), datePlus, datePlus2);
    }

    public static TokenPair createTokenPair(Object obj, String str, String str2, String str3, String str4, GrantType grantType, String str5, String str6, Date date, Date date2) {
        AccessToken createAccessToken = createAccessToken(obj, str, str2, str5, str6, date, str3, str4, grantType);
        return new TokenPair(createAccessToken, createRefreshToken(createAccessToken, date2));
    }

    private static AccessToken createAccessToken(Object obj, String str, String str2, String str3, String str4, Date date, String str5, String str6, GrantType grantType) {
        Claims claims = Jwts.claims();
        claims.put(Constants.USER_ID, obj);
        claims.put(Constants.ID, str4);
        if (str5 != null) {
            if (grantType != null) {
                claims.put(Constants.GRANT_TYPE, grantType.getType());
            }
            if (str6 != null) {
                claims.put(Constants.SCOPE, str6);
            }
            claims.put(Constants.CLIENT_ID, str5);
        } else {
            claims.put(Constants.DEVICE_ID, str2);
            claims.put(Constants.DEVICE_TYPE, str);
        }
        JwtBuilder expiration = Jwts.builder().setClaims(claims).setId(str3).compressWith(codec).setExpiration(date);
        if (hasKey()) {
            expiration.signWith(secretKey, alg);
        }
        String compact = expiration.compact();
        return new AccessToken(str4, compact.substring(compact.indexOf(".") + 1), str3, accessTime, Long.valueOf(date.getTime()), grantType, str5, str6, obj, str, str2);
    }

    private static RefreshToken createRefreshToken(AccessToken accessToken, Date date) {
        Claims claims = Jwts.claims();
        claims.put(Constants.USER_ID, accessToken.getUserId());
        claims.put(Constants.CLIENT_ID, accessToken.getClientId());
        JwtBuilder compressWith = Jwts.builder().setClaims(claims).setId(accessToken.getId()).setExpiration(date).compressWith(codec);
        if (hasKey()) {
            compressWith.signWith(secretKey, alg);
        }
        String compact = compressWith.compact();
        return new RefreshToken(accessToken.getId(), compact.substring(compact.indexOf(".") + 1), refreshTime, Long.valueOf(date.getTime()), accessToken.getUserId(), accessToken.getClientId());
    }

    public static TokenPair refreshToken(String str) throws TokenException {
        return refreshToken(parseRefreshToken(str));
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [java.time.ZonedDateTime] */
    public static TokenPair refreshToken(RefreshToken refreshToken) {
        if (refreshToken == null) {
            return null;
        }
        Device device = refreshToken.getClientId() == null ? (Device) cache.get(Constants.USER_DEVICE_KEY_PREFIX.get() + refreshToken.getUserId() + ":" + refreshToken.getId(), Device.class) : (Device) cache.get(Constants.OAUTH_USER_DEVICE_KEY_PREFIX.get() + refreshToken.getUserId() + ":" + refreshToken.getId(), Device.class);
        if (device == null) {
            return null;
        }
        return createTokenPair(refreshToken.getUserId(), device.getDeviceType(), device.getDeviceId(), device.getClientId(), device.getScope(), device.getGrantType(), device.getAccessTokenId(), refreshToken.getId(), Date.from(LocalDateTime.now().plus(accessTime.longValue(), (TemporalUnit) ChronoUnit.MILLIS).atZone(ZoneId.systemDefault()).toInstant()), new Date(refreshToken.getExpiresAt().longValue()));
    }

    public static Cookie generateCookie(AccessToken accessToken) {
        if (accessToken == null) {
            return null;
        }
        Cookie cookie = new Cookie(cookieName, accessToken.getToken());
        cookie.setPath(Constants.SLASH);
        cookie.setHttpOnly(true);
        cookie.setMaxAge(expire);
        return cookie;
    }

    public static void clearCookie() {
        Cookie readSingleCookieInRequestByName;
        if (HttpUtils.currentResponse.get() == null || (readSingleCookieInRequestByName = HttpUtils.readSingleCookieInRequestByName(cookieName)) == null) {
            return;
        }
        readSingleCookieInRequestByName.setMaxAge(0);
        HttpUtils.currentResponse.get().addCookie(readSingleCookieInRequestByName);
    }

    private static Claims parseToken(String str) {
        if (str == null || str.equals("")) {
            return null;
        }
        JwtParserBuilder parserBuilder = Jwts.parserBuilder();
        if (hasKey()) {
            parserBuilder.setSigningKey(secretKey);
        }
        return (Claims) parserBuilder.build().parseClaimsJws(prefix + str).getBody();
    }

    public static AccessToken parseAccessToken(String str) throws TokenException {
        Claims parseToken = parseToken(str);
        if (parseToken == null || parseToken.get(Constants.ID, String.class) == null) {
            throw new TokenException();
        }
        return new AccessToken((String) parseToken.get(Constants.ID, String.class), str, parseToken.getId(), null, Long.valueOf(parseToken.getExpiration().getTime()), GrantType.grantType((String) parseToken.get(Constants.GRANT_TYPE, String.class)), (String) parseToken.get(Constants.CLIENT_ID, String.class), (String) parseToken.get(Constants.SCOPE, String.class), parseToken.get(Constants.USER_ID), (String) parseToken.get(Constants.DEVICE_TYPE, String.class), (String) parseToken.get(Constants.DEVICE_ID, String.class));
    }

    public static RefreshToken parseRefreshToken(String str) throws TokenException {
        Claims parseToken = parseToken(str);
        if (parseToken == null) {
            throw new TokenException();
        }
        return new RefreshToken(str, parseToken.getId(), null, Long.valueOf(parseToken.getExpiration().getTime()), parseToken.get(Constants.USER_ID), (String) parseToken.get(Constants.CLIENT_ID, String.class));
    }

    public static IssueToken createIssueToken(TokenPair tokenPair) {
        GrantType grantType = tokenPair.getAccessToken().getGrantType();
        IssueToken expiresIn = new IssueToken().setAccessToken(tokenPair.getAccessToken().getToken()).setScope(tokenPair.getAccessToken().getScope()).setExpiresIn(tokenPair.getAccessToken().getExpiresIn());
        return !GrantType.CLIENT_CREDENTIALS.equals(grantType) ? expiresIn.setRefreshToken(tokenPair.getRefreshToken().getToken()) : expiresIn;
    }

    static {
        String str;
        AuthzProperties.TokenConfig token = properties.getToken();
        String key = token.getKey();
        tokenIdBits = token.getIdBits();
        if (key == null || key.equals("")) {
            secretKey = null;
            alg = SignatureAlgorithm.NONE;
        } else {
            StringBuilder sb = new StringBuilder(key);
            if (sb.length() * 8 < SignatureAlgorithm.HS256.getMinKeyLength()) {
                while (sb.length() * 8 < SignatureAlgorithm.HS256.getMinKeyLength()) {
                    sb.append(".");
                }
            }
            secretKey = Keys.hmacShaKeyFor(sb.toString().getBytes(StandardCharsets.UTF_8));
            alg = SignatureAlgorithm.HS256;
        }
        JwsHeader jwsHeader = Jwts.jwsHeader();
        if (alg != SignatureAlgorithm.NONE) {
            jwsHeader.setAlgorithm(alg.getValue());
        }
        jwsHeader.setCompressionAlgorithm(codec.getAlgorithmName());
        try {
            str = ((String) Encoders.BASE64URL.encode(new ObjectMapper().writeValueAsBytes(jwsHeader))) + ".";
        } catch (JsonProcessingException e) {
            LogUtils.error(e);
            str = "";
        }
        prefix = str;
        cookieName = properties.getToken().getCookieName();
        accessTime = Long.valueOf(TimeUtils.parseTimeValue(token.getAccessTime()));
        refreshTime = Long.valueOf(TimeUtils.parseTimeValue(token.getRefreshTime()));
        expire = (int) (accessTime.longValue() / 1000);
    }
}
