package org.rdlinux.ezsecurity.shiro.security.client.impl.encryptionjwt;

import java.net.URLDecoder;
import org.rdlinux.ErrorCodeException;
import org.rdlinux.ezsecurity.constant.AuthConstant;
import org.rdlinux.ezsecurity.constant.ErrorConstant;
import org.rdlinux.ezsecurity.shiro.security.credentials.Credentials;
import org.rdlinux.ezsecurity.shiro.security.profile.ProfileCreator;
import org.rdlinux.ezsecurity.shiro.security.profile.SubjectProfile;
import org.rdlinux.ezsecurity.shiro.utils.AESUtils;
import org.rdlinux.ezsecurity.shiro.utils.RSAUtils;
import org.rdlinux.ezsecurity.utils.Assert;
import org.rdlinux.luava.json.JacksonUtils;

/* loaded from: input_file:org/rdlinux/ezsecurity/shiro/security/client/impl/encryptionjwt/EncryptionJwtProfileCreator.class */
public class EncryptionJwtProfileCreator implements ProfileCreator {
    private String publicKey;
    private PublicKeyHolder publicKeyHolder;

    @FunctionalInterface
    /* loaded from: input_file:org/rdlinux/ezsecurity/shiro/security/client/impl/encryptionjwt/EncryptionJwtProfileCreator$PublicKeyHolder.class */
    public interface PublicKeyHolder {
        String getPublicKey();
    }

    public EncryptionJwtProfileCreator(String str) {
        Assert.notEmpty(str, "publicKey can not be empty");
        this.publicKey = str;
    }

    public EncryptionJwtProfileCreator(PublicKeyHolder publicKeyHolder) {
        Assert.notNull(publicKeyHolder, "publicKeyHolder can not be null");
        this.publicKeyHolder = publicKeyHolder;
    }

    private String getPublicKey() {
        return this.publicKeyHolder != null ? this.publicKeyHolder.getPublicKey() : this.publicKey;
    }

    public SubjectProfile validate(String str) {
        return create(new Credentials(str));
    }

    @Override // org.rdlinux.ezsecurity.shiro.security.profile.ProfileCreator
    public SubjectProfile create(Credentials credentials) {
        if (credentials == null || credentials.getCredentialsValue() == null) {
            return null;
        }
        String[] split = decodeToken(credentials.get()).split(EncryptionJwtTokenGenerator.SPLIT_STR);
        if (split.length != 2) {
            throw new ErrorCodeException(ErrorConstant.UN_AUTHENTICATED, ErrorConstant.getMsg(ErrorConstant.UN_AUTHENTICATED));
        }
        try {
            SubjectProfile subjectProfile = (SubjectProfile) JacksonUtils.conversion(AESUtils.decrypt(split[1], RSAUtils.decryptByPublicKey(split[0], getPublicKey())), SubjectProfile.class);
            if (Long.parseLong(subjectProfile.getAttributes().get(EncryptionJwtTokenGenerator.EXPIRATION_KEY).toString()) * 1000 < System.currentTimeMillis()) {
                throw new ErrorCodeException(ErrorConstant.UN_AUTHENTICATED, ErrorConstant.getMsg(ErrorConstant.UN_AUTHENTICATED));
            }
            subjectProfile.getAttributes().put(AuthConstant.TOKEN_KEY, credentials.get());
            return subjectProfile;
        } catch (Exception e) {
            throw new ErrorCodeException(ErrorConstant.UN_AUTHENTICATED, ErrorConstant.getMsg(ErrorConstant.UN_AUTHENTICATED));
        }
    }

    public String decodeToken(String str) {
        while (str.contains("%")) {
            try {
                str = URLDecoder.decode(str, "UTF-8");
            } catch (Exception e) {
            }
        }
        return str;
    }
}
