package cn.nxtools.jwt;

import cn.nxtools.common.CollectionUtil;
import cn.nxtools.common.JsonUtil;
import cn.nxtools.common.LocalDateTimeUtil;
import cn.nxtools.common.StringUtil;
import cn.nxtools.common.base.Preconditions;
import cn.nxtools.common.collect.Lists;
import cn.nxtools.common.collect.Maps;
import cn.nxtools.jwt.autoconfigure.JwtServerProperties;
import cn.nxtools.jwt.config.JwtSecretKey;
import cn.nxtools.jwt.domain.CustomUserDetail;
import cn.nxtools.jwt.domain.JwtTokenDto;
import com.fasterxml.jackson.core.type.TypeReference;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:cn/nxtools/jwt/JwtUtil.class */
public class JwtUtil {
    private static final Logger logger = Logger.getLogger(JwtUtil.class.getName());

    @Autowired(required = false)
    private StringRedisTemplate redisTemplate;

    @Autowired
    private JwtServerProperties jwtServerProperties;

    @Autowired(required = false)
    private JwtSecretKey jwtSecretKey;
    public static final String REFRESH_TOKEN_PERMISSIONS = "ROLE_REFRESH_TOKEN_PERMISSIONS";
    private static final String CLAIMS_AUTHORITIES_KEY = "authorities";
    private static final String CLAIMS_USER_ID_KEY = "user_id";
    private static final String CLAIMS_ATTACHED_KEY = "attached";
    private static final String REDIS_TOKEN_DEADLINE_KEY = "NXTOOLS_JWT_DEADLINE_KEY_%s";
    private static final String REDIS_TOKEN_DEADLINE_ALL_CLIENT_KEY = "NXTOOLS_JWT_DEADLINE_ALL_CLIENT_KEY_%s";
    private final Map<String, Long> TOKEN_DEADLINE = new ConcurrentHashMap();
    private final Map<String, Long> TOKEN_DEADLINE_ALL_CLIENT = new ConcurrentHashMap();

    public CustomUserDetail tokenToUser(String str) {
        Preconditions.checkNotNull(str, "access_token cannot be null");
        CustomUserDetail customUserDetail = null;
        try {
            customUserDetail = claimsToUser(tokenToClaims(str));
        } catch (Exception e) {
            logger.log(Level.WARNING, "token to user error", (Throwable) e);
        }
        return customUserDetail;
    }

    private Claims tokenToClaims(String str) {
        Claims claims = null;
        try {
            Jwts.parser();
            claims = this.jwtServerProperties.getSignatureAlgorithm().isNone() ? (Claims) Jwts.parser().parseClaimsJwt(str).getBody() : this.jwtServerProperties.getSignatureAlgorithm().isHmac() ? (Claims) Jwts.parser().setSigningKey(this.jwtServerProperties.getSecret()).parseClaimsJws(str).getBody() : (Claims) Jwts.parser().setSigningKey(this.jwtSecretKey.getPublicKey()).parseClaimsJws(str).getBody();
        } catch (ExpiredJwtException e) {
            claims = e.getClaims();
        } catch (Exception e2) {
            logger.log(Level.WARNING, "token to claims error", (Throwable) e2);
        }
        return claims;
    }

    private CustomUserDetail claimsToUser(Claims claims) {
        CustomUserDetail customUserDetail = new CustomUserDetail(claims.getSubject(), (List) ((List) JsonUtil.toObj(claims.get(CLAIMS_AUTHORITIES_KEY).toString(), new TypeReference<List<String>>() { // from class: cn.nxtools.jwt.JwtUtil.1
        })).stream().map(str -> {
            return new SimpleGrantedAuthority(str);
        }).collect(Collectors.toList()));
        customUserDetail.setUserId(claims.get(CLAIMS_USER_ID_KEY).toString());
        if (claims.get(CLAIMS_ATTACHED_KEY) != null) {
            customUserDetail.setAttached((Map) JsonUtil.toObj(claims.get(CLAIMS_ATTACHED_KEY).toString(), new TypeReference<Map<String, String>>() { // from class: cn.nxtools.jwt.JwtUtil.2
            }));
        }
        return customUserDetail;
    }

    public boolean checkToken(String str, CustomUserDetail customUserDetail) {
        Preconditions.checkNotNull(customUserDetail, "userDetail cannot be null");
        String userIdFromToken = getUserIdFromToken(str);
        if (StringUtil.isEmpty(userIdFromToken) || StringUtil.isEmpty(customUserDetail.getUserId()) || !userIdFromToken.equals(customUserDetail.getUserId())) {
            return false;
        }
        return checkToken(str);
    }

    public boolean checkToken(String str) {
        return (checkTokenExpired(str) || checkTokenLogout(str)) ? false : true;
    }

    public String getUserIdFromToken(String str) {
        if (StringUtil.isEmpty(str)) {
            return null;
        }
        return tokenToClaims(str).get(CLAIMS_USER_ID_KEY).toString();
    }

    private boolean checkTokenExpired(String str) {
        return getExpirationFromToken(str).before(new Date());
    }

    private Date getExpirationFromToken(String str) {
        return tokenToClaims(str).getExpiration();
    }

    public boolean checkTokenLogout(String str) {
        Long deadlineTimeFromRedis;
        if (this.jwtServerProperties.getEnabledLogout() == null || !this.jwtServerProperties.getEnabledLogout().booleanValue()) {
            return false;
        }
        Claims claims = tokenToClaims(str);
        if (this.jwtServerProperties.getLogoutAllClients() == null || !this.jwtServerProperties.getLogoutAllClients().booleanValue()) {
            String id = claims.getId();
            deadlineTimeFromRedis = checkRedisEnabled() ? getDeadlineTimeFromRedis(String.format(REDIS_TOKEN_DEADLINE_KEY, id)) : this.TOKEN_DEADLINE.get(id);
        } else {
            String obj = claims.get(CLAIMS_USER_ID_KEY).toString();
            deadlineTimeFromRedis = checkRedisEnabled() ? getDeadlineTimeFromRedis(String.format(REDIS_TOKEN_DEADLINE_ALL_CLIENT_KEY, obj)) : this.TOKEN_DEADLINE_ALL_CLIENT.get(obj);
        }
        return (deadlineTimeFromRedis == null || new Date(deadlineTimeFromRedis.longValue()).before(claims.getIssuedAt())) ? false : true;
    }

    private boolean checkRedisEnabled() {
        return (this.redisTemplate == null || this.redisTemplate.getConnectionFactory().getConnection() == null) ? false : true;
    }

    private Long getDeadlineTimeFromRedis(String str) {
        String str2 = (String) this.redisTemplate.opsForValue().get(str);
        if (StringUtil.isEmpty(str2)) {
            return null;
        }
        return Long.valueOf(str2);
    }

    public JwtTokenDto generateJwtTokenDto(CustomUserDetail customUserDetail) {
        Preconditions.checkNotNull(customUserDetail, "userDetail cannot be null");
        Preconditions.checkNotNull(customUserDetail.getUserId(), "userId cannot be null");
        Map<String, Object> userDetailToClaims = userDetailToClaims(customUserDetail);
        JwtTokenDto jwtTokenDto = new JwtTokenDto();
        String generateAccessToken = generateAccessToken(customUserDetail.getUsername(), userDetailToClaims);
        jwtTokenDto.setAccess_token(generateAccessToken);
        String generateRefreshToken = generateRefreshToken(customUserDetail.getUsername(), userDetailToClaims);
        jwtTokenDto.setRefresh_token(generateRefreshToken);
        Claims claims = tokenToClaims(generateAccessToken);
        jwtTokenDto.setJti(claims.getId());
        jwtTokenDto.setExpires_in(Long.valueOf(claims.getExpiration().getTime()));
        jwtTokenDto.setRefresh_expires_in(Long.valueOf(tokenToClaims(generateRefreshToken).getExpiration().getTime()));
        return jwtTokenDto;
    }

    private String generateAccessToken(String str, Map<String, Object> map) {
        return generateToken(str, map, this.jwtServerProperties.getExpiration().longValue());
    }

    private String generateRefreshToken(String str, Map<String, Object> map) {
        HashMap newHashMap = Maps.newHashMap(map);
        newHashMap.put(CLAIMS_AUTHORITIES_KEY, JsonUtil.toString(Lists.newArrayList(new String[]{this.jwtServerProperties.getRefreshTokenPermissions()})));
        return generateToken(str, newHashMap, this.jwtServerProperties.getRefreshExpiration().longValue());
    }

    private String generateToken(String str, Map<String, Object> map, long j) {
        Date date = new Date();
        JwtBuilder compressWith = Jwts.builder().setClaims(map).setSubject(str).setId(UUID.randomUUID().toString()).setIssuedAt(date).setExpiration(new Date(date.getTime() + (j * 1000))).compressWith(CompressionCodecs.DEFLATE);
        if (!this.jwtServerProperties.getSignatureAlgorithm().isNone()) {
            if (this.jwtServerProperties.getSignatureAlgorithm().isHmac()) {
                compressWith.signWith(this.jwtServerProperties.getSignatureAlgorithm().getJwtSignatureAlgorithm(), this.jwtServerProperties.getSecret());
            } else {
                compressWith.signWith(this.jwtServerProperties.getSignatureAlgorithm().getJwtSignatureAlgorithm(), this.jwtSecretKey.getPrivateKey());
            }
        }
        return compressWith.compact();
    }

    private Map<String, Object> userDetailToClaims(CustomUserDetail customUserDetail) {
        ArrayList newArrayListWithSize;
        HashMap newHashMapWithSize = Maps.newHashMapWithSize(16);
        newHashMapWithSize.put(CLAIMS_USER_ID_KEY, customUserDetail.getUserId());
        if (CollectionUtil.isEmpty(customUserDetail.getAttached())) {
            newHashMapWithSize.put(CLAIMS_ATTACHED_KEY, JsonUtil.toString(Maps.newHashMap()));
        } else {
            newHashMapWithSize.put(CLAIMS_ATTACHED_KEY, JsonUtil.toString(customUserDetail.getAttached()));
        }
        if (CollectionUtil.isEmpty(customUserDetail.getAuthorities())) {
            newArrayListWithSize = Lists.newArrayListWithSize(0);
        } else {
            newArrayListWithSize = Lists.newArrayListWithSize(customUserDetail.getAuthorities().size());
            Iterator<? extends GrantedAuthority> it = customUserDetail.getAuthorities().iterator();
            while (it.hasNext()) {
                newArrayListWithSize.add(it.next().getAuthority());
            }
        }
        newHashMapWithSize.put(CLAIMS_AUTHORITIES_KEY, JsonUtil.toString(newArrayListWithSize));
        return newHashMapWithSize;
    }

    public void logout(String str) {
        if (StringUtil.isEmpty(str)) {
            return;
        }
        if ((this.jwtServerProperties.getEnabledLogout() == null || this.jwtServerProperties.getEnabledLogout().booleanValue()) && checkToken(str)) {
            Claims claims = tokenToClaims(str);
            if (!checkRedisEnabled()) {
                if (this.jwtServerProperties.getLogoutAllClients() == null || !this.jwtServerProperties.getLogoutAllClients().booleanValue()) {
                    this.TOKEN_DEADLINE.put(claims.getId(), Long.valueOf(LocalDateTimeUtil.currentTimeMillis()));
                    return;
                } else {
                    this.TOKEN_DEADLINE_ALL_CLIENT.put(claims.get(CLAIMS_USER_ID_KEY).toString(), Long.valueOf(LocalDateTimeUtil.currentTimeMillis()));
                    return;
                }
            }
            if (this.jwtServerProperties.getLogoutAllClients() != null && this.jwtServerProperties.getLogoutAllClients().booleanValue()) {
                this.redisTemplate.opsForValue().set(String.format(REDIS_TOKEN_DEADLINE_ALL_CLIENT_KEY, claims.get(CLAIMS_USER_ID_KEY)), String.valueOf(LocalDateTimeUtil.currentTimeMillis()));
                return;
            }
            String format = String.format(REDIS_TOKEN_DEADLINE_KEY, claims.getId());
            long time = claims.getExpiration().getTime() - LocalDateTimeUtil.currentTimeMillis();
            if (time > 0) {
                this.redisTemplate.opsForValue().set(format, String.valueOf(LocalDateTimeUtil.currentTimeSecond()), time, TimeUnit.MILLISECONDS);
            }
        }
    }
}
