package net.hlinfo.pbp.pay.opt.apple;

import cn.hutool.core.codec.Base64;
import cn.hutool.http.HttpUtil;
import com.auth0.jwk.Jwk;
import com.fasterxml.jackson.databind.JsonNode;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import net.hlinfo.opt.Func;
import net.hlinfo.opt.Jackson;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/hlinfo/pbp/pay/opt/apple/AppleSignValidateUtils.class */
public class AppleSignValidateUtils {
    protected static Logger log = LoggerFactory.getLogger(AppleSignValidateUtils.class);

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v77, types: [java.util.Map] */
    public AppleSignValidateVo verifyIdentifyToken(String str) {
        AppleSignValidateVo appleSignValidateVo = new AppleSignValidateVo();
        try {
            String str2 = HttpUtil.get("https://appleid.apple.com/auth/keys");
            if (str2 == null) {
                log.error("[校验identifyToken]获取Apple的公钥失败,resp.getContent():" + str2);
                appleSignValidateVo.setMsg("获取Apple的公钥失败,resp.getContent():" + str2);
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
            log.debug(str2);
            JsonNode jsonNode = Jackson.toJsonObject(str2).get("keys");
            if (str.split("\\.").length < 2) {
                log.error("[校验identifyToken]获取identifyToken失败，identifyToken格式异常");
                appleSignValidateVo.setMsg("获取identifyToken失败，identifyToken格式异常");
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
            if (!jsonNode.isArray()) {
                log.error("[校验identifyToken]解析apple公钥失败");
                appleSignValidateVo.setMsg("获取apple公钥失败");
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
            HashMap hashMap = new HashMap();
            String asText = Jackson.toJsonObject(new String(Base64.decodeStr(str.split("\\.")[0]))).get("kid").asText();
            Iterator it = jsonNode.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                JsonNode jsonNode2 = (JsonNode) it.next();
                if (asText.equals(jsonNode2.get("kid").asText())) {
                    hashMap = (Map) Jackson.toJavaObject(Jackson.toJSONString(jsonNode2), Map.class);
                    log.debug("checkIdentifyToken-jsonObject1:" + hashMap);
                    break;
                }
            }
            try {
                PublicKey publicKey = Jwk.fromValues(hashMap).getPublicKey();
                try {
                    String str3 = new String(Base64.decodeStr(str.split("\\.")[1]));
                    log.debug("checkIdentifyToken-claim:{}", str3);
                    JsonNode jsonObject = Jackson.toJsonObject(str3);
                    return verify(publicKey, str, jsonObject.get("aud") == null ? "" : jsonObject.get("aud").asText(), jsonObject.get("sub") == null ? "" : jsonObject.get("sub").asText());
                } catch (Exception e) {
                    log.error("[校验identifyToken]Token解码失败：" + e.getMessage());
                    appleSignValidateVo.setMsg("Token解码失败：" + e.getMessage());
                    appleSignValidateVo.setSuccess(false);
                    return appleSignValidateVo;
                }
            } catch (Exception e2) {
                log.error("[校验identifyToken]生成公钥失败: " + e2.getMessage());
                appleSignValidateVo.setMsg("生成公钥失败: " + e2.getMessage());
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
        } catch (Exception e3) {
            log.error("[校验identifyToken]获取apple公钥失败： " + e3.getMessage());
            appleSignValidateVo.setMsg("获取apple公钥失败： " + e3.getMessage());
            appleSignValidateVo.setSuccess(false);
            return appleSignValidateVo;
        }
    }

    private AppleSignValidateVo verify(PublicKey publicKey, String str, String str2, String str3) {
        AppleSignValidateVo appleSignValidateVo = new AppleSignValidateVo();
        JwtParser signingKey = Jwts.parser().setSigningKey(publicKey);
        signingKey.requireIssuer("https://appleid.apple.com");
        signingKey.requireAudience(str2);
        signingKey.requireSubject(str3);
        try {
            log.debug("[校验identifyToken]验证开始");
            Jws parseClaimsJws = signingKey.parseClaimsJws(str);
            log.debug("[校验identifyToken]-apple-verify-claim:{}", Jackson.toJSONString(parseClaimsJws));
            if (parseClaimsJws == null || !((Claims) parseClaimsJws.getBody()).containsKey("auth_time")) {
                log.error("[校验identifyToken]验证失败，identifyToken中没有auth_time等参数 ");
                appleSignValidateVo.setMsg("验证失败，identifyToken中没有auth_time等参数");
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
            JsonNode jsonObject = Jackson.toJsonObject(parseClaimsJws.getBody());
            appleSignValidateVo.setRsemail(jsonObject.get("email").asText());
            appleSignValidateVo.setRsappid(jsonObject.get("aud").asText());
            appleSignValidateVo.setRsopenid(jsonObject.get("sub").asText());
            if (System.currentTimeMillis() / 1000 > Func.string2Long(jsonObject.get("exp").asText()).longValue()) {
                log.error("[校验identifyToken]令牌已过期: ");
                appleSignValidateVo.setMsg("令牌已过期: ");
                appleSignValidateVo.setSuccess(false);
                return appleSignValidateVo;
            }
            if (Func.equals("com.jiudingcheng.ios.policy", appleSignValidateVo.getRsappid())) {
                appleSignValidateVo.setSuccess(true);
                return appleSignValidateVo;
            }
            log.error("[校验identifyToken]校验失败，解析Token中的参数不合法 ");
            appleSignValidateVo.setMsg("校验失败，解析Token中的参数不合法 ");
            appleSignValidateVo.setSuccess(false);
            return appleSignValidateVo;
        } catch (ExpiredJwtException e) {
            log.error("[校验identifyToken]令牌已过期: " + e.getMessage());
            appleSignValidateVo.setMsg("令牌已过期: " + e.getMessage());
            appleSignValidateVo.setSuccess(false);
            return appleSignValidateVo;
        } catch (Exception e2) {
            log.error("[校验identifyToken]令牌非法: " + e2.getMessage());
            appleSignValidateVo.setMsg("令牌非法: " + e2.getMessage());
            appleSignValidateVo.setSuccess(false);
            return appleSignValidateVo;
        }
    }
}
