package net.ideahut.springboot.api.processor;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
import net.ideahut.springboot.api.ApiAccess;
import net.ideahut.springboot.api.ApiAuth;
import net.ideahut.springboot.api.ApiConfiguration;
import net.ideahut.springboot.api.ApiParameter;
import net.ideahut.springboot.api.ApiProcessor;
import net.ideahut.springboot.api.ApiRequest;
import net.ideahut.springboot.api.ApiSourceEmpty;
import net.ideahut.springboot.object.StringMap;
import net.ideahut.springboot.util.FrameworkUtil;
import net.ideahut.springboot.util.TimeUtil;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.util.Assert;

/* loaded from: input_file:net/ideahut/springboot/api/processor/StandardJwtApiProcessor.class */
public class StandardJwtApiProcessor extends ApiProcessor {
    public static final String CODE = "A3";
    private static final String SCHEME = "Bearer";

    public StandardJwtApiProcessor(ApplicationContext applicationContext) {
        super(applicationContext);
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public String getCode() {
        return CODE;
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public ApiSourceEmpty getSourceEmpty() {
        return ApiSourceEmpty.REQUIRED;
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public ApiParameter getParameter(ApiRequest apiRequest) throws Exception {
        String header = getHeader(apiRequest, "Authorization", "");
        if (!(!header.isEmpty() && header.startsWith("Bearer "))) {
            throw exception(this, "00");
        }
        String substring = header.substring(SCHEME.length() + 1);
        ApiProcessor.Primary primary = getPrimary(apiRequest, substring.substring(0, substring.indexOf("::")));
        if (getCode().equals(primary.getCode())) {
            return new ApiParameter().setCode(getCode()).setScheme(SCHEME).setSource(primary.getSource()).setToken(substring).setKey(primary.getKey());
        }
        throw exception(this, "01");
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public ApiAccess getAccess(ApiConfiguration apiConfiguration, ApiParameter apiParameter) throws Exception {
        Assert.hasLength(apiParameter.getToken(), "Token is required");
        String str = (String) ((StringMap) FrameworkUtil.getOrDefault(apiConfiguration.getKeyValue(), new StringMap())).getOrDefault("SIGNATURE_SECRET", "");
        Assert.hasLength(str, "Configuration SIGNATURE_SECRET is required");
        ApiAccess apiAccess = (ApiAccess) this.dataMapper.copy(Jwts.parser().verifyWith(getSigningKey(str)).build().parse(apiParameter.getToken().substring(apiParameter.getToken().indexOf("::") + 1)).getPayload(), ApiAccess.class);
        apiAccess.setRole((String) ((StringMap) FrameworkUtil.getOrDefault(apiAccess.getServices(), new StringMap())).get(apiConfiguration.getApiName()));
        apiAccess.setServices((StringMap) null);
        return apiAccess;
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public boolean isAccessValid(ApiConfiguration apiConfiguration, ApiParameter apiParameter, ApiAccess apiAccess) {
        return true;
    }

    @Override // net.ideahut.springboot.api.ApiProcessor
    public ApiAuth createAuth(ApiConfiguration apiConfiguration, ApiParameter apiParameter) {
        Assert.notNull(apiParameter.getObject(), "Parameter Object is required");
        Assert.isTrue(apiParameter.getObject() instanceof ApiAccess, "Invalid Parameter Object type, require: " + ApiAccess.class.getName());
        ApiAccess apiAccess = (ApiAccess) apiParameter.getObject();
        byte[] writeAsBytes = this.dataMapper.writeAsBytes(apiAccess, 1);
        String str = (String) ((StringMap) FrameworkUtil.getOrDefault(apiConfiguration.getKeyValue(), new StringMap())).getOrDefault("SIGNATURE_SECRET", "");
        Assert.hasLength(str, "Configuration SIGNATURE_SECRET is required");
        Long currentEpochMillis = TimeUtil.currentEpochMillis();
        if (apiAccess.getExpiration() == null || apiAccess.getExpiration().longValue() <= currentEpochMillis.longValue()) {
            apiAccess.setExpiration(Long.valueOf(currentEpochMillis.longValue() + (((Integer) r0.getValue(Integer.class, "TOKEN_EXPIRY", 3600)).intValue() * 1000)));
        }
        String compact = Jwts.builder().content(writeAsBytes).signWith(getSigningKey(str)).compact();
        ApiProcessor.Primary source = new ApiProcessor.Primary().setCode(getCode()).setSource(apiConfiguration.getApiName());
        String str2 = createPrimary(source, compact) + "::" + compact;
        return new ApiAuth().setKey(source.getKey()).setToken(str2).setHeader("Authorization", "Bearer " + str2);
    }

    private SecretKey getSigningKey(String str) {
        String str2 = str;
        if (str2.length() < 48) {
            str2 = StringUtils.leftPad(str2, 48, "x");
        }
        return Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(str2));
    }
}
