package site.zido.coffee.security.token;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.util.OnCommittedResponseWrapper;
import org.springframework.util.StringUtils;

/* loaded from: input_file:site/zido/coffee/security/token/JwtSecurityContextRepository.class */
public class JwtSecurityContextRepository implements SecurityContextRepository {
    public static final String DEFAULT_AUTH_HEADER_NAME = "Authorization";
    private static Logger LOGGER = LoggerFactory.getLogger(JwtSecurityContextRepository.class);
    private String jwtSecret;
    private long jwtExpirationInMs;
    private long jwtRenewInMs;
    private UserDetailsService userService;
    private String authHeaderName = DEFAULT_AUTH_HEADER_NAME;
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private String issue = "coffee-security";
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();

    /* loaded from: input_file:site/zido/coffee/security/token/JwtSecurityContextRepository$JwtWriterResponse.class */
    class JwtWriterResponse extends OnCommittedResponseWrapper {
        JwtWriterResponse(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
        }

        protected void onResponseCommitted() {
            writeToken(SecurityContextHolder.getContext());
            disableOnResponseCommitted();
        }

        protected void writeToken(SecurityContext securityContext) {
            if (isDisableOnResponseCommitted() || securityContext.getAuthentication() == null || !securityContext.getAuthentication().isAuthenticated()) {
                return;
            }
            JwtSecurityContextRepository.this.addTokenToResponse(getHttpResponse(), JwtSecurityContextRepository.this.generateNewToken(securityContext));
        }

        private HttpServletResponse getHttpResponse() {
            return getResponse();
        }
    }

    public JwtSecurityContextRepository() {
    }

    public JwtSecurityContextRepository(String str, long j, long j2) {
        this.jwtSecret = Base64.getEncoder().encodeToString(str.getBytes());
        this.jwtExpirationInMs = j;
        this.jwtRenewInMs = j2;
    }

    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        SecurityContext generateNewContext;
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        HttpServletResponse response = httpRequestResponseHolder.getResponse();
        String header = request.getHeader(this.authHeaderName);
        if (header == null) {
            LOGGER.debug("No token currently exists");
            generateNewContext = generateNewContext();
            httpRequestResponseHolder.setResponse(new JwtWriterResponse(response));
        } else {
            try {
                if (StringUtils.isEmpty(header)) {
                    return null;
                }
                try {
                    try {
                        try {
                            Claims claims = (Claims) Jwts.parser().setSigningKey(this.jwtSecret).parseClaimsJws(header).getBody();
                            String subject = claims.getSubject();
                            if (subject == null) {
                                return null;
                            }
                            UserDetails loadUserByUsername = this.userService.loadUserByUsername(subject);
                            generateNewContext = new SecurityContextImpl();
                            generateNewContext.setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, this.authoritiesMapper.mapAuthorities(loadUserByUsername.getAuthorities())));
                            if (this.jwtRenewInMs >= 0) {
                                Date issuedAt = claims.getIssuedAt();
                                Calendar calendar = Calendar.getInstance();
                                calendar.setTime(issuedAt);
                                calendar.add(14, (int) this.jwtRenewInMs);
                                if (calendar.getTime().before(new Date())) {
                                    httpRequestResponseHolder.setResponse(new JwtWriterResponse(response));
                                }
                            } else {
                                httpRequestResponseHolder.setResponse(new JwtWriterResponse(response));
                            }
                        } catch (SignatureException e) {
                            LOGGER.warn("签名异常:{}", header);
                            throw new TokenInvalidException("token失效", e);
                        }
                    } catch (ExpiredJwtException | UnsupportedJwtException e2) {
                        throw new TokenInvalidException("token失效", e2);
                    }
                } catch (MalformedJwtException e3) {
                    LOGGER.warn("jwt token被修改过:{}", header);
                    throw new TokenInvalidException("token失效", e3);
                } catch (IllegalArgumentException e4) {
                    LOGGER.warn("token串非法:{}", header);
                    throw new TokenInvalidException("token失效", e4);
                }
            } catch (TokenInvalidException e5) {
                generateNewContext = generateNewContext();
            }
        }
        LOGGER.debug("Obtained a valid SecurityContext from " + this.authHeaderName + " in request header: '" + generateNewContext + "'");
        return generateNewContext;
    }

    protected SecurityContext generateNewContext() {
        return SecurityContextHolder.createEmptyContext();
    }

    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletResponse instanceof JwtWriterResponse) {
            ((JwtWriterResponse) httpServletResponse).writeToken(securityContext);
        }
    }

    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return StringUtils.hasLength(httpServletRequest.getHeader(this.authHeaderName));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addTokenToResponse(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setHeader(this.authHeaderName, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String generateNewToken(SecurityContext securityContext) {
        Date date = new Date();
        return Jwts.builder().setSubject(securityContext.getAuthentication().getName()).setIssuedAt(date).setIssuer(this.issue).setExpiration(new Date(date.getTime() + this.jwtExpirationInMs)).signWith(SignatureAlgorithm.HS512, this.jwtSecret).compact();
    }

    public long getJwtRenewInMs() {
        return this.jwtRenewInMs;
    }

    public void setJwtRenewInMs(long j) {
        this.jwtRenewInMs = j;
    }

    public void setAuthHeaderName(String str) {
        this.authHeaderName = str;
    }

    public void setTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
        this.trustResolver = authenticationTrustResolver;
    }

    public void setUserService(UserDetailsService userDetailsService) {
        this.userService = userDetailsService;
    }

    public void setJwtSecret(String str) {
        this.jwtSecret = Base64.getEncoder().encodeToString(str.getBytes());
    }

    public void setJwtExpirationInMs(long j) {
        this.jwtExpirationInMs = j;
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public String getIssue() {
        return this.issue;
    }

    public void setIssue(String str) {
        this.issue = str;
    }
}
