package com.asiainfo.aiedge.util;

import com.asiainfo.aiedge.basic.string.StringUtil;
import com.asiainfo.aiedge.basic.util.AiedgeUtility;
import com.asiainfo.aiedge.common.date.DateUtils;
import com.asiainfo.aiedge.config.JwtConfiguration;
import com.asiainfo.aiedge.spring.SpringBeanUtil;
import com.asiainfo.aiedge.spring.SpringBootUtil;
import com.asiainfo.aiedge.util.AiedgeRestConstant;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.AeadAlgorithm;
import io.jsonwebtoken.security.KeyAlgorithm;
import io.lettuce.core.RedisConnectionException;
import io.netty.channel.ConnectTimeoutException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.core.io.ClassPathResource;
import org.springframework.data.redis.RedisConnectionFailureException;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.stereotype.Component;

@ConditionalOnClass({Jwts.class, KeyStoreKeyFactory.class})
@Component
/* loaded from: input_file:com/asiainfo/aiedge/util/JwtUtils.class */
public class JwtUtils {
    private static final Logger log = LoggerFactory.getLogger(JwtUtils.class);
    private StringRedisTemplate stringRedisTemplate;

    @Autowired
    private JwtConfiguration jwtConfig;
    private PublicKey publicKey;
    private KeyPair keyPair;

    public RSAPrivateKey getPrivateKey() {
        return (RSAPrivateKey) generalKeyPair().getPrivate();
    }

    public KeyPair generalKeyPair() {
        if (this.keyPair == null) {
            this.keyPair = new KeyStoreKeyFactory(new ClassPathResource(this.jwtConfig.getKeystore()), this.jwtConfig.getStorepass().toCharArray()).getKeyPair(this.jwtConfig.getAlias(), this.jwtConfig.getKeypass().toCharArray());
        }
        return this.keyPair;
    }

    public RSAPublicKey getPublicKeyUsingPrivateKey() {
        return (RSAPublicKey) generalKeyPair().getPublic();
    }

    public PublicKey getPublicKey() {
        if (this.publicKey == null) {
            InputStream inputStream = null;
            try {
                try {
                    inputStream = getClass().getClassLoader().getResourceAsStream(this.jwtConfig.getPublicfile());
                    this.publicKey = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream)).getPublicKey();
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            log.error(e.getMessage());
                        }
                    }
                } catch (Exception e2) {
                    log.error("Please check the public key file " + this.jwtConfig.getPublicfile() + "\t" + e2);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            log.error(e3.getMessage());
                        }
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                        log.error(e4.getMessage());
                    }
                }
                throw th;
            }
        }
        return this.publicKey;
    }

    public String addJwt(String str, String str2, String str3, String str4, int i) {
        return (StringUtil.isEmpty(this.jwtConfig.getValidateType()) || "jws".equalsIgnoreCase(this.jwtConfig.getValidateType())) ? addJws(str, str2, str3, str4, i) : addJwe(str, str2, str3, str4, i);
    }

    public String addJws(String str, String str2, String str3, String str4, int i) {
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = i > 0 ? new Date(currentTimeMillis + (i * 1000)) : new Date(currentTimeMillis + (this.jwtConfig.getExpireSecs() * 1000));
        HashMap hashMap = new HashMap();
        hashMap.put("alg", "RS256");
        hashMap.put("typ", "JWT");
        JwtBuilder issuedAt = Jwts.builder().claims(hashMap).id(str).issuedAt(date);
        if (!StringUtil.isEmpty(str2)) {
            issuedAt = issuedAt.issuer(str2);
        }
        if (StringUtil.isEmpty(str4)) {
            issuedAt = issuedAt.subject(str4);
        }
        if (date2 != null) {
            issuedAt = issuedAt.expiration(date2);
        }
        if (StringUtil.isEmpty(str3)) {
            issuedAt = (JwtBuilder) issuedAt.audience().add(str3).and();
        }
        String compact = issuedAt.signWith(getPrivateKey()).compact();
        JwtManager.addJwt(getTokenId(str), compact);
        if ("redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            writeCache(getTokenId(str), compact, date);
        }
        return compact;
    }

    public String addJwe(String str, String str2, String str3, String str4, int i) {
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = i > 0 ? new Date(currentTimeMillis + (i * 1000)) : new Date(currentTimeMillis + (this.jwtConfig.getExpireSecs() * 1000));
        KeyAlgorithm keyAlgorithm = Jwts.KEY.RSA_OAEP_256;
        AeadAlgorithm aeadAlgorithm = Jwts.ENC.A256GCM;
        JwtBuilder issuedAt = Jwts.builder().id(str).issuedAt(date);
        if (!StringUtil.isEmpty(str2)) {
            issuedAt = issuedAt.issuer(str2);
        }
        if (StringUtil.isEmpty(str4)) {
            issuedAt = issuedAt.subject(str4);
        }
        if (date2 != null) {
            issuedAt = issuedAt.expiration(date2);
        }
        if (StringUtil.isEmpty(str3)) {
            issuedAt = (JwtBuilder) issuedAt.audience().add(str3).and();
        }
        String compact = issuedAt.encryptWith(getPublicKey(), keyAlgorithm, aeadAlgorithm).compact();
        JwtManager.addJwt(getTokenId(str), compact);
        if ("redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            writeCache(getTokenId(str), compact, date);
        }
        return compact;
    }

    private StringRedisTemplate getRedisTemplate() {
        if (this.stringRedisTemplate == null) {
            this.stringRedisTemplate = (StringRedisTemplate) SpringBeanUtil.getBean("stringRedisTemplate");
        }
        return this.stringRedisTemplate;
    }

    private void writeCache(String str, String str2, Date date) {
        try {
            getRedisTemplate().opsForValue().set(str, StringUtil.isEmpty(str2) ? "[null]" : str2);
            String rejectId = getRejectId(str);
            if (getRedisTemplate().hasKey(rejectId).booleanValue()) {
                getRedisTemplate().delete(rejectId);
                log.error(rejectId + " is deleted." + date);
            }
        } catch (Throwable th) {
            if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
            }
            AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
        }
    }

    public boolean validateJwt(String str) {
        try {
            Claims claimsFromJwt = getClaimsFromJwt(str);
            if (claimsFromJwt == null || !"redis".equalsIgnoreCase(this.jwtConfig.getType())) {
                if (claimsFromJwt == null) {
                    return false;
                }
                String id = claimsFromJwt.getId();
                return (JwtManager.isExist(getTokenId(id)) && str.equalsIgnoreCase(JwtManager.getJwt(getTokenId(id))) && !JwtManager.isReject(getRejectId(id)) && !isJwtExpired(str)) || JwtManager.isPermit(getPermitId(id));
            }
            String id2 = claimsFromJwt.getId();
            String rejectId = getRejectId(id2);
            String permitId = getPermitId(id2);
            try {
                if (!getRedisTemplate().hasKey(getTokenId(id2)).booleanValue() || !str.equalsIgnoreCase((String) getRedisTemplate().opsForValue().get(getTokenId(id2))) || getRedisTemplate().hasKey(rejectId).booleanValue() || isJwtExpired(str)) {
                    if (!getRedisTemplate().hasKey(permitId).booleanValue()) {
                        return false;
                    }
                }
                return true;
            } catch (Throwable th) {
                if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                    AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
                }
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
                return false;
            }
        } catch (Exception e) {
            log.error("Invalid Token!" + e);
            throw new IllegalStateException("Invalid Token!" + e);
        }
    }

    private boolean expireJwt(String str) {
        Claims claimsFromJwt = getClaimsFromJwt(str);
        if (claimsFromJwt == null) {
            return true;
        }
        String id = claimsFromJwt.getId();
        if (!"redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            return JwtManager.delJwt(getTokenId(id), str);
        }
        try {
            if (!getRedisTemplate().hasKey(getTokenId(id)).booleanValue() || !str.equalsIgnoreCase((String) getRedisTemplate().opsForValue().get(getTokenId(id)))) {
                return false;
            }
            addReject(id, DateUtils.getTimeInterval(new Date(), claimsFromJwt.getExpiration(), TimeUnit.MICROSECONDS), TimeUnit.MICROSECONDS);
            return getRedisTemplate().delete(getTokenId(id)).booleanValue();
        } catch (Throwable th) {
            if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
            }
            AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
            return false;
        }
    }

    private String getTokenId(String str) {
        return "jwt:" + str;
    }

    private String getRejectId(String str) {
        return "reject:" + str;
    }

    private String getPermitId(String str) {
        return "permit:" + str;
    }

    private void delRejectJwt(String str) {
        Claims claimsFromJwt = getClaimsFromJwt(str);
        if (claimsFromJwt != null) {
            delReject(claimsFromJwt.getId());
        }
    }

    private void delReject(String str) {
        JwtManager.delPermit(getTokenId(str));
        if ("redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            try {
                getRedisTemplate().delete(getTokenId(str));
            } catch (Throwable th) {
                if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                    AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
                }
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
            }
        }
    }

    public void addReject(String str, long j, TimeUnit timeUnit) {
        JwtManager.addReject(getRejectId(str));
        if ("redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            try {
                getRedisTemplate().opsForValue().set(getRejectId(str), AiedgeRestConstant.ResultCode.DEFAULT_PARA_ERROR, j, timeUnit);
            } catch (Throwable th) {
                if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                    AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
                }
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
            }
        }
    }

    public boolean addRejectJwt(String str) {
        Claims claimsFromJwt = getClaimsFromJwt(str);
        if (claimsFromJwt == null) {
            return false;
        }
        addReject(claimsFromJwt.getId(), DateUtils.getTimeInterval(new Date(), claimsFromJwt.getExpiration(), TimeUnit.MICROSECONDS), TimeUnit.MICROSECONDS);
        return false;
    }

    public boolean addPermitJwt(String str) {
        Claims claimsFromJwt = getClaimsFromJwt(str);
        if (claimsFromJwt == null) {
            return false;
        }
        addPermit(claimsFromJwt.getId());
        return false;
    }

    public void addPermit(String str) {
        JwtManager.addPermit(getPermitId(str));
        if ("redis".equalsIgnoreCase(this.jwtConfig.getType())) {
            try {
                getRedisTemplate().opsForValue().set(getPermitId(str), DateUtils.getDateTime(new Date()));
            } catch (Throwable th) {
                if ((th instanceof RedisConnectionFailureException) || (th instanceof RedisConnectionException) || (th instanceof ConnectTimeoutException)) {
                    AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_REDIS_UNAVAILABLE, AiedgeRestConstant.ResultCode.DEFAULT_REDIS_UNAVAILABLE_ERROR));
                }
                AiedgeUtility.errorCode(SpringBootUtil.getEnvironment().getProperty(AiedgeRestConstant.ApplicationEnv.ERROR_CODE, AiedgeRestConstant.ResultCode.DEFAULT_ERROR));
            }
        }
    }

    public Claims getClaimsFromJwt(String str) {
        return (StringUtil.isEmpty(this.jwtConfig.getValidateType()) || "jws".equalsIgnoreCase(this.jwtConfig.getValidateType())) ? getClaimsFromJws(str) : getClaimsFromJwe(str);
    }

    public Claims getClaimsFromJws(String str) {
        return (Claims) Jwts.parser().verifyWith(getPublicKey()).build().parseSignedClaims(str).getPayload();
    }

    public Claims getClaimsFromJwe(String str) {
        return (Claims) Jwts.parser().decryptWith(getPrivateKey()).build().parseEncryptedClaims(str).getPayload();
    }

    public boolean isJwtExpired(String str) {
        return getExpirationDateFromJwt(str).before(new Date());
    }

    public Date getExpirationDateFromJwt(String str) {
        return getClaimsFromJwt(str).getExpiration();
    }
}
