package io.gitee.lglbc.easy.security.core.util;

import com.alibaba.fastjson2.JSON;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.RSAKey;
import io.gitee.lglbc.easy.security.core.exception.TokenException;
import io.gitee.lglbc.easy.security.core.token.EasyPayload;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.util.DigestUtils;

/* loaded from: input_file:io/gitee/lglbc/easy/security/core/util/JwtTokenUtil.class */
public class JwtTokenUtil {
    private static final String slat = "dafa#$%^&*()VBNM<>)(*&^%$%^&*()";

    public static String generateTokenByHMAC(String str, String str2) {
        try {
            JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.HS256).type(JOSEObjectType.JWT).build(), new Payload(str));
            jWSObject.sign(new MACSigner(md5(str2)));
            return jWSObject.serialize();
        } catch (JOSEException e) {
            throw new TokenException("400", "token生成失败!");
        }
    }

    public static EasyPayload checkTokenByHMAC(String str, String str2) {
        try {
            JWSObject parse = JWSObject.parse(str);
            if (!parse.verify(new MACVerifier(md5(str2)))) {
                throw new TokenException("401", "token签名不合法!");
            }
            EasyPayload easyPayload = (EasyPayload) JSON.parseObject(parse.getPayload().toString(), EasyPayload.class);
            if (easyPayload.getExp().longValue() < new Date().getTime()) {
                throw new TokenException("402", "token已过期!");
            }
            return easyPayload;
        } catch (Exception e) {
            throw new TokenException("403", "token校验失败!");
        }
    }

    public static String generateTokenByRSA(String str, RSAKey rSAKey) {
        try {
            JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(), new Payload(str));
            jWSObject.sign(new RSASSASigner(rSAKey, true));
            return jWSObject.serialize();
        } catch (JOSEException e) {
            throw new TokenException("400", "token verify failed");
        }
    }

    public static EasyPayload checkTokenByRSA(String str, RSAKey rSAKey) {
        try {
            JWSObject parse = JWSObject.parse(str);
            if (!parse.verify(new RSASSAVerifier(rSAKey.toPublicJWK()))) {
                throw new TokenException("401", "token key is invalid");
            }
            EasyPayload easyPayload = (EasyPayload) JSON.parseObject(parse.getPayload().toString(), EasyPayload.class);
            if (easyPayload.getExp().longValue() < new Date().getTime()) {
                throw new TokenException("402", "token expire");
            }
            return easyPayload;
        } catch (Exception e) {
            throw new TokenException("403", "token verify failed");
        }
    }

    public static RSAKey getRSAKey(String str, String str2) {
        KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource(str), str2.toCharArray()).getKeyPair("jwt", str2.toCharArray());
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
        return new RSAKey.Builder(rSAPublicKey).privateKey(keyPair.getPrivate()).build();
    }

    public static String md5(String str) {
        return DigestUtils.md5DigestAsHex((str + "/dafa#$%^&*()VBNM<>)(*&^%$%^&*()").getBytes());
    }
}
