package net.guerlab.cloud.auth.factory;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.SignatureException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import net.guerlab.cloud.auth.domain.TokenInfo;
import net.guerlab.cloud.auth.enums.TokenType;
import net.guerlab.cloud.auth.properties.JwtTokenFactoryProperties;

/* loaded from: input_file:net/guerlab/cloud/auth/factory/AbstractJwtTokenFactory.class */
public abstract class AbstractJwtTokenFactory<T, P extends JwtTokenFactoryProperties> extends AbstractTokenFactory<T, P> {
    protected AbstractJwtTokenFactory(P p) {
        super(p);
    }

    private static JwtBuilder builder() {
        JwtBuilder builder = Jwts.builder();
        builder.header().add("typ", "JWT");
        return builder;
    }

    private static TokenInfo build(String str, JwtBuilder jwtBuilder, long j, PrivateKey privateKey) {
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        Date date2 = null;
        LocalDateTime localDateTime = null;
        if (j >= 0) {
            date2 = new Date(currentTimeMillis + j);
            localDateTime = LocalDateTime.ofInstant(date2.toInstant(), ZoneId.systemDefault());
            jwtBuilder.expiration(date2).notBefore(date);
        }
        jwtBuilder.signWith(privateKey, Jwts.SIG.RS256);
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo.setExpire(Long.valueOf(date2 == null ? -1L : j));
        tokenInfo.setToken(str + jwtBuilder.compact());
        if (localDateTime != null) {
            tokenInfo.setExpireAt(localDateTime);
        }
        return tokenInfo;
    }

    private static Jws<Claims> parserToken(String str, PublicKey publicKey, TokenType tokenType) {
        try {
            return Jwts.parser().verifyWith(publicKey).build().parseSignedClaims(str);
        } catch (MalformedJwtException | SignatureException | UnsupportedJwtException | IllegalArgumentException e) {
            throw tokenType.invalidException();
        } catch (ExpiredJwtException e2) {
            throw tokenType.expiredException();
        }
    }

    @Override // net.guerlab.cloud.auth.factory.TokenFactory
    public final TokenInfo generateByAccessToken(T t) {
        JwtBuilder builder = builder();
        generateToken0(builder, t);
        return build(getAccessTokenPrefix(), builder, ((JwtTokenFactoryProperties) this.properties).getAccessTokenExpire(), ((JwtTokenFactoryProperties) this.properties).getAccessTokenKey().getPrivateKeyRef());
    }

    @Override // net.guerlab.cloud.auth.factory.TokenFactory
    public final TokenInfo generateByRefreshToken(T t) {
        JwtBuilder builder = builder();
        generateToken0(builder, t);
        return build(getRefreshTokenPrefix(), builder, ((JwtTokenFactoryProperties) this.properties).getRefreshTokenExpire(), ((JwtTokenFactoryProperties) this.properties).getRefreshTokenKey().getPrivateKeyRef());
    }

    @Override // net.guerlab.cloud.auth.factory.TokenFactory
    public final T parseByAccessToken(String str) {
        return parse0((Claims) parserToken(str.substring(getAccessTokenPrefix().length()), ((JwtTokenFactoryProperties) this.properties).getAccessTokenKey().getPublicKeyRef(), TokenType.ACCESS_TOKEN).getPayload());
    }

    @Override // net.guerlab.cloud.auth.factory.TokenFactory
    public final T parseByRefreshToken(String str) {
        return parse0((Claims) parserToken(str.substring(getRefreshTokenPrefix().length()), ((JwtTokenFactoryProperties) this.properties).getRefreshTokenKey().getPublicKeyRef(), TokenType.REFRESH_TOKEN).getPayload());
    }

    protected abstract T parse0(Claims claims);

    protected abstract void generateToken0(JwtBuilder jwtBuilder, T t);
}
