package net.ideahut.springboot.api;

import com.fasterxml.jackson.core.type.TypeReference;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import java.util.Set;
import javax.crypto.SecretKey;
import net.ideahut.springboot.api.ApiHelper;
import net.ideahut.springboot.mapper.DataMapper;
import net.ideahut.springboot.object.Message;
import net.ideahut.springboot.object.StringMap;
import net.ideahut.springboot.util.FrameworkUtil;
import net.ideahut.springboot.util.TimeUtil;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:net/ideahut/springboot/api/ApiTokenServiceImpl.class */
public class ApiTokenServiceImpl implements ApiTokenService, InitializingBean {
    private Long timeSpanMillis;
    private DataMapper dataMapper;
    private JwtProcessor jwtProcessor;
    private Consumer consumer;
    private Integer signatureTimeSpan;

    /* loaded from: input_file:net/ideahut/springboot/api/ApiTokenServiceImpl$Consumer.class */
    public static class Consumer {
        private String secret;
        private String digest;
        private Long expiry;

        public Consumer setSecret(String str) {
            this.secret = str;
            return this;
        }

        public Consumer setDigest(String str) {
            this.digest = str;
            return this;
        }

        public Consumer setExpiry(Long l) {
            this.expiry = l;
            return this;
        }

        public String getSecret() {
            return this.secret;
        }

        public String getDigest() {
            return this.digest;
        }

        public Long getExpiry() {
            return this.expiry;
        }
    }

    /* loaded from: input_file:net/ideahut/springboot/api/ApiTokenServiceImpl$JwtProcessor.class */
    public static class JwtProcessor extends Consumer {
        @Override // net.ideahut.springboot.api.ApiTokenServiceImpl.Consumer
        public JwtProcessor setSecret(String str) {
            super.setSecret(str);
            return this;
        }

        @Override // net.ideahut.springboot.api.ApiTokenServiceImpl.Consumer
        public JwtProcessor setDigest(String str) {
            super.setDigest(str);
            return this;
        }

        @Override // net.ideahut.springboot.api.ApiTokenServiceImpl.Consumer
        public JwtProcessor setExpiry(Long l) {
            super.setExpiry(l);
            return this;
        }
    }

    public ApiTokenServiceImpl setDataMapper(DataMapper dataMapper) {
        this.dataMapper = dataMapper;
        return this;
    }

    public ApiTokenServiceImpl setJwtProcessor(JwtProcessor jwtProcessor) {
        this.jwtProcessor = jwtProcessor;
        return this;
    }

    public ApiTokenServiceImpl setConsumer(Consumer consumer) {
        this.consumer = consumer;
        return this;
    }

    public ApiTokenServiceImpl setSignatureTimeSpan(Integer num) {
        this.signatureTimeSpan = num;
        return this;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.consumer == null) {
            this.consumer = new Consumer();
        }
        if (this.consumer.getExpiry() == null) {
            this.consumer.setExpiry(0L);
        }
        if (this.jwtProcessor == null) {
            this.jwtProcessor = new JwtProcessor();
        }
        if (this.jwtProcessor.getExpiry() == null) {
            this.jwtProcessor.setExpiry((Long) 3600L);
        }
        if (this.signatureTimeSpan == null || this.signatureTimeSpan.intValue() < 0) {
            this.signatureTimeSpan = 120;
        }
        this.timeSpanMillis = Long.valueOf(1000 * this.signatureTimeSpan.intValue());
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public String createConsumerToken(ApiHeader apiHeader, ApiSource apiSource, ApiRequest apiRequest) {
        Set hosts = apiSource.getHosts();
        if (hosts != null && !hosts.isEmpty()) {
            ApiHelper.throwIfTrue(!hosts.contains(apiRequest.getRemoteHost()), ApiHelper.Error.HOST_NOT_VALID);
        }
        String header = apiRequest.getHeader(apiHeader.getSignatureHeader(), "");
        ApiHelper.throwIfTrue(header.isEmpty(), ApiHelper.Error.REQUEST_NOT_VALID);
        Message validateSignature = validateSignature(apiHeader, apiSource, apiRequest, header);
        ApiHelper.throwIfTrue(validateSignature != null, validateSignature);
        StringMap stringMap = (StringMap) FrameworkUtil.getOrDefault(apiSource.getConfig(), new StringMap());
        String configValue = getConfigValue(stringMap, "CONSUMER_JWT_SECRET", this.consumer.getSecret());
        ApiHelper.throwIfTrue(configValue == null || configValue.isEmpty(), ApiHelper.Error.TOKEN_SECRET_REQUIRED);
        String fixDigest = ApiHelper.fixDigest(getConfigValue(stringMap, "CONSUMER_JWT_DIGEST", ""), this.consumer.getDigest());
        Long l = (Long) stringMap.getValue(Long.class, "CONSUMER_JWT_EXPIRY", this.consumer.getExpiry());
        SecretKey jwtSecretKey = getJwtSecretKey(configValue, fixDigest);
        Long l2 = 0L;
        if (l.longValue() > 0) {
            l2 = Long.valueOf(TimeUtil.currentEpochMillis().longValue() + (l.longValue() * 1000));
        }
        return createJwtToken(jwtSecretKey, new ApiAccess().setConsumerId(apiSource.getApiName()).setValidUntil(l2));
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public ApiAccess getConsumerApiAccess(ApiSource apiSource, String str) {
        StringMap stringMap = (StringMap) FrameworkUtil.getOrDefault(apiSource.getConfig(), new StringMap());
        String configValue = getConfigValue(stringMap, "CONSUMER_JWT_SECRET", this.consumer.getSecret());
        ApiHelper.throwIfTrue(configValue == null || configValue.isEmpty(), ApiHelper.Error.TOKEN_SECRET_REQUIRED);
        return (ApiAccess) getJwtPayload(ApiAccess.class, getJwtSecretKey(configValue, ApiHelper.fixDigest(getConfigValue(stringMap, "CONSUMER_JWT_DIGEST", ""), this.consumer.getDigest())), str);
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public String createJwtProcessorToken(ApiSource apiSource, ApiAccess apiAccess) {
        StringMap stringMap = (StringMap) FrameworkUtil.getOrDefault(apiSource.getConfig(), new StringMap());
        String configValue = getConfigValue(stringMap, "PROCESSOR_JWT_SECRET", this.jwtProcessor.getSecret());
        ApiHelper.throwIfTrue(configValue == null || configValue.isEmpty(), ApiHelper.Error.JWT_SECRET_REQUIRED);
        String fixDigest = ApiHelper.fixDigest(getConfigValue(stringMap, "PROCESSOR_JWT_DIGEST", ""), this.jwtProcessor.getDigest());
        Long validUntil = apiAccess.getValidUntil();
        if (validUntil == null) {
            Long l = (Long) stringMap.getValue(Long.class, "PROCESSOR_JWT_EXPIRY", this.jwtProcessor.getExpiry());
            validUntil = Long.valueOf(l.longValue() > 0 ? TimeUtil.currentEpochMillis().longValue() + (l.longValue() * 1000) : 0L);
        }
        apiAccess.setValidUntil(validUntil);
        return createJwtToken(getJwtSecretKey(configValue, fixDigest), apiAccess);
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public ApiAccess getJwtProcessorApiAccess(ApiSource apiSource, String str) {
        StringMap stringMap = (StringMap) FrameworkUtil.getOrDefault(apiSource.getConfig(), new StringMap());
        String configValue = getConfigValue(stringMap, "PROCESSOR_JWT_SECRET", this.jwtProcessor.getSecret());
        ApiHelper.throwIfTrue(configValue == null || configValue.isEmpty(), ApiHelper.Error.JWT_SECRET_REQUIRED);
        return (ApiAccess) getJwtPayload(ApiAccess.class, getJwtSecretKey(configValue, ApiHelper.fixDigest(getConfigValue(stringMap, "PROCESSOR_JWT_DIGEST", ""), this.jwtProcessor.getDigest())), str);
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public SecretKey getJwtSecretKey(String str, String str2) {
        String replace = str2 != null ? str2.toUpperCase().replace("-", "") : "";
        int i = "SHA512".equals(replace) ? 64 : "SHA384".equals(replace) ? 48 : 32;
        String str3 = str;
        if (str3.length() < i) {
            str3 = StringUtils.rightPad(str3, i, " ");
        }
        return Keys.hmacShaKeyFor(str3.getBytes());
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public <T> T getJwtPayload(Class<T> cls, SecretKey secretKey, String str) {
        return (T) this.dataMapper.copy(Jwts.parser().verifyWith(secretKey).build().parse(str).getPayload(), cls);
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public <T> T getJwtPayload(TypeReference<T> typeReference, SecretKey secretKey, String str) {
        return (T) this.dataMapper.copy(Jwts.parser().verifyWith(secretKey).build().parse(str).getPayload(), typeReference);
    }

    @Override // net.ideahut.springboot.api.ApiTokenService
    public Message validateSignature(ApiHeader apiHeader, ApiSource apiSource, ApiRequest apiRequest, String str) {
        Long l = (Long) apiRequest.getHeader(Long.class, apiHeader.getTimestampHeader());
        if (l == null) {
            return ApiHelper.Error.TIMESTAMP_REQUIRED;
        }
        Long[] timespan = getTimespan();
        if (l.longValue() < timespan[0].longValue() || l.longValue() > timespan[1].longValue()) {
            return ApiHelper.Error.TIMESTAMP_NOT_VALID;
        }
        if (FrameworkUtil.digest(apiSource.getDigest(), apiSource.getSecret() + l).equals(str)) {
            return null;
        }
        return ApiHelper.Error.SIGNATURE_NOT_VALID;
    }

    private String getConfigValue(StringMap stringMap, String str, String str2) {
        String str3 = (String) stringMap.getOrDefault(str, "");
        if (str3.isEmpty()) {
            str3 = str2;
        }
        return str3;
    }

    private Long[] getTimespan() {
        Long currentEpochMillis = TimeUtil.currentEpochMillis();
        return new Long[]{Long.valueOf(currentEpochMillis.longValue() - this.timeSpanMillis.longValue()), Long.valueOf(currentEpochMillis.longValue() + this.timeSpanMillis.longValue())};
    }

    private String createJwtToken(SecretKey secretKey, Object obj) {
        return Jwts.builder().content(this.dataMapper.writeAsBytes(obj, 1)).signWith(secretKey).compact();
    }
}
