package cn.smallbun.scaffold.framework.security.jwt;

import cn.smallbun.scaffold.framework.common.toolkit.StringUtil;
import cn.smallbun.scaffold.framework.configurer.SmallBunDefaults;
import cn.smallbun.scaffold.framework.configurer.SmallBunProperties;
import cn.smallbun.scaffold.framework.security.domain.User;
import com.google.common.collect.Lists;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SecurityException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.util.StringUtils;

/* loaded from: input_file:cn/smallbun/scaffold/framework/security/jwt/TokenProvider.class */
public class TokenProvider implements InitializingBean {
    private final Logger logger = LoggerFactory.getLogger(TokenProvider.class);
    private static final String AUTHORITIES_KEY = "AUTHORITIES";
    private static final String USER_ID = "USER_ID";
    private Key key;
    private long tokenValidityInMilliseconds;
    private long tokenValidityInMillisecondsForRememberMe;
    private final SmallBunProperties.Security security;

    public TokenProvider(SmallBunProperties smallBunProperties) {
        this.security = smallBunProperties.getSecurity();
    }

    public void afterPropertiesSet() {
        byte[] bArr;
        String secret = this.security.getAuthentication().getJwt().getSecret();
        if (StringUtils.isEmpty(secret)) {
            this.logger.debug("使用Base64编码的JWT密钥");
            bArr = (byte[]) Decoders.BASE64.decode(this.security.getAuthentication().getJwt().getBase64Secret());
        } else {
            this.logger.warn("警告：使用的JWT密钥不是Base64编码的. 我们建议使用`cn.smallbun.scaffold.security.authentication.jwt.base64-secret`密钥以获得最佳安全性.");
            bArr = secret.getBytes(StandardCharsets.UTF_8);
        }
        this.key = Keys.hmacShaKeyFor(bArr);
        this.tokenValidityInMilliseconds = 1000 * this.security.getAuthentication().getJwt().getTokenValidityInSeconds();
        this.tokenValidityInMillisecondsForRememberMe = 1000 * this.security.getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe();
    }

    public String createToken(Authentication authentication, boolean z) {
        String str = (String) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(StringUtil.SPLIT_DEFAULT));
        long time = new Date().getTime();
        return Jwts.builder().setSubject(authentication.getName()).claim(AUTHORITIES_KEY, str).claim(USER_ID, ((User) authentication.getPrincipal()).getId()).signWith(this.key, SignatureAlgorithm.HS512).setExpiration(z ? new Date(time + this.tokenValidityInMillisecondsForRememberMe) : new Date(time + this.tokenValidityInMilliseconds)).compact();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.util.Collection] */
    public Authentication getAuthentication(String str) {
        Claims claims = (Claims) Jwts.parser().setSigningKey(this.key).parseClaimsJws(str).getBody();
        ArrayList newArrayList = Lists.newArrayList();
        if (!StringUtils.isEmpty(claims.get(AUTHORITIES_KEY).toString())) {
            newArrayList = (Collection) Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(StringUtil.SPLIT_DEFAULT)).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
        }
        return new UsernamePasswordAuthenticationToken(new User(claims.getSubject(), SmallBunDefaults.Web.IS_PHONE_PATH, claims.get(USER_ID).toString(), newArrayList), str, newArrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean validateToken(String str) {
        try {
            Jwts.parser().setSigningKey(this.key).parseClaimsJws(str);
            return true;
        } catch (ExpiredJwtException e) {
            this.logger.info("Expired JWT token.");
            this.logger.trace("Expired JWT token trace: {}", e);
            return false;
        } catch (SecurityException | MalformedJwtException e2) {
            this.logger.info("Invalid JWT signature.");
            this.logger.trace("Invalid JWT signature trace: {}", e2);
            return false;
        } catch (IllegalArgumentException e3) {
            this.logger.info("JWT token compact of handler are invalid.");
            this.logger.trace("JWT token compact of handler are invalid trace: {}", e3);
            return false;
        } catch (UnsupportedJwtException e4) {
            this.logger.info("Unsupported JWT token.");
            this.logger.trace("Unsupported JWT token trace: {}", e4);
            return false;
        }
    }
}
