package com.github.ibole.infrastructure.security.jwt.jose4j;

import com.github.ibole.infrastructure.cache.redis.RedisSimpleTempalte;
import com.github.ibole.infrastructure.security.jwt.BaseTokenAuthenticator;
import com.github.ibole.infrastructure.security.jwt.JwtObject;
import com.github.ibole.infrastructure.security.jwt.RefreshTokenNotFoundException;
import com.github.ibole.infrastructure.security.jwt.TokenParseException;
import com.github.ibole.infrastructure.security.jwt.TokenStatus;
import com.google.common.base.Stopwatch;
import com.google.common.base.Strings;
import java.util.concurrent.TimeUnit;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:com/github/ibole/infrastructure/security/jwt/jose4j/EcTokenAuthenticator.class */
public class EcTokenAuthenticator extends BaseTokenAuthenticator<EllipticCurveJsonWebKey, EllipticCurveJsonWebKey> {
    public EcTokenAuthenticator(RedisSimpleTempalte redisSimpleTempalte) {
        super(redisSimpleTempalte);
    }

    @Override // com.github.ibole.infrastructure.security.jwt.BaseTokenAuthenticator, com.github.ibole.infrastructure.security.jwt.TokenAuthenticator
    public String createAccessToken(JwtObject jwtObject, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) throws TokenParseException {
        try {
            if (!"Anonymous".equalsIgnoreCase(jwtObject.getLoginId()) && !getRedisTemplate().exists("auth.refresh.token." + jwtObject.getLoginId()).booleanValue()) {
                throw new RefreshTokenNotFoundException("Refresh token not found.");
            }
            String createJwtWithECKey = JwtUtils.createJwtWithECKey(jwtObject, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2);
            getRedisTemplate().hset("auth.refresh.token." + jwtObject.getLoginId(), "AccessToken", createJwtWithECKey);
            return createJwtWithECKey;
        } catch (JoseException e) {
            this.logger.error("Error happened when generating the jwt token.", e);
            throw new TokenParseException((Throwable) e);
        }
    }

    @Override // com.github.ibole.infrastructure.security.jwt.BaseTokenAuthenticator, com.github.ibole.infrastructure.security.jwt.TokenAuthenticator
    public String createRefreshToken(JwtObject jwtObject, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) throws TokenParseException {
        try {
            String createJwtWithECKey = JwtUtils.createJwtWithECKey(jwtObject, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2);
            getRedisTemplate().hset("auth.refresh.token." + jwtObject.getLoginId(), "RefreshToken", createJwtWithECKey);
            getRedisTemplate().hset("auth.refresh.token." + jwtObject.getLoginId(), "ClientId", jwtObject.getClientId());
            getRedisTemplate().expire("auth.refresh.token." + jwtObject.getLoginId(), jwtObject.getTtlSeconds());
            return createJwtWithECKey;
        } catch (JoseException e) {
            this.logger.error("Error happened when generating the jwt token.", e);
            throw new TokenParseException((Throwable) e);
        }
    }

    @Override // com.github.ibole.infrastructure.security.jwt.BaseTokenAuthenticator, com.github.ibole.infrastructure.security.jwt.TokenAuthenticator
    public TokenStatus validAccessToken(String str, String str2, String str3, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) {
        TokenStatus tokenStatus;
        TokenStatus tokenStatus2 = TokenStatus.VALIDATED;
        try {
            if (Strings.isNullOrEmpty(str)) {
                tokenStatus = TokenStatus.ILLEGAL;
            } else {
                Stopwatch createStarted = Stopwatch.createStarted();
                boolean validateToken = JwtUtils.validateToken(str, str2, str3, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2);
                this.logger.info("JwtUtils.validateToken elapsed time: {} ms", Long.toString(createStarted.elapsed(TimeUnit.MILLISECONDS)));
                if (validateToken) {
                    Stopwatch createStarted2 = Stopwatch.createStarted();
                    tokenStatus = validateTokenExpired(str, str2, str3, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2);
                    this.logger.info("JwtUtils.validateTokenExpired elapsed time: {} ms", Long.toString(createStarted2.elapsed(TimeUnit.MILLISECONDS)));
                } else {
                    tokenStatus = TokenStatus.ILLEGAL;
                }
            }
        } catch (TokenParseException e) {
            this.logger.error("Invalid token '{}' for '{}:{}'.", new Object[]{str, str3, str2, e});
            tokenStatus = TokenStatus.ILLEGAL;
        }
        return tokenStatus;
    }

    private TokenStatus validateTokenExpired(String str, String str2, String str3, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) {
        TokenStatus tokenStatus = TokenStatus.VALIDATED;
        if (JwtUtils.isExpired(str, str3, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2)) {
            tokenStatus = TokenStatus.ACCESS_TOKEN_EXPIRED;
            if ("Anonymous".equalsIgnoreCase(str3)) {
                return TokenStatus.ACCESS_TOKEN_EXPIRED;
            }
            if (Strings.isNullOrEmpty(getRedisTemplate().hget("auth.refresh.token." + str3, "RefreshToken"))) {
                tokenStatus = TokenStatus.REFRESH_TOKEN_EXPIRED;
            }
        } else if (!str2.equals(getRedisTemplate().hget("auth.refresh.token." + str3, "ClientId"))) {
            tokenStatus = TokenStatus.REFRESH_TOKEN_EXPIRED;
        }
        return tokenStatus;
    }

    @Override // com.github.ibole.infrastructure.security.jwt.BaseTokenAuthenticator, com.github.ibole.infrastructure.security.jwt.TokenAuthenticator
    public String renewToken(String str, int i, boolean z, EllipticCurveJsonWebKey ellipticCurveJsonWebKey, EllipticCurveJsonWebKey ellipticCurveJsonWebKey2) throws TokenParseException {
        JwtObject claimsOfTokenWithoutValidation = JwtUtils.claimsOfTokenWithoutValidation(str, ellipticCurveJsonWebKey2);
        claimsOfTokenWithoutValidation.setTtlSeconds(i);
        return z ? createRefreshToken(claimsOfTokenWithoutValidation, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2) : createAccessToken(claimsOfTokenWithoutValidation, ellipticCurveJsonWebKey, ellipticCurveJsonWebKey2);
    }
}
