package net.takela.common.webflux.security.service;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import java.lang.reflect.Type;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.takela.common.utils.AesUtils;
import net.takela.common.utils.JSONUtils;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpCookie;
import org.springframework.http.server.reactive.ServerHttpRequest;

/* loaded from: input_file:net/takela/common/webflux/security/service/AuthTokenManager.class */
public class AuthTokenManager {
    private Long expiration;
    private String key;
    private String userInfoKey;
    private String header;
    private String headerPrefix;
    private String cookieName;
    private String issuer;
    private String audience;
    private static int CHECK_CODE_LEN = 8;
    private static int VER_LEN = 2;
    private static SecretKey secretKey;
    private String userClaimKey = "userInfo";
    private String versionClaimKey = "version";
    private String encryptVersion = "AA";
    private SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

    public Long getExpiration() {
        return this.expiration;
    }

    public void setExpiration(Long l) {
        this.expiration = l;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public String getHeader() {
        return this.header;
    }

    public void setHeader(String str) {
        this.header = str;
    }

    public String getHeaderPrefix() {
        return this.headerPrefix;
    }

    public void setHeaderPrefix(String str) {
        this.headerPrefix = str;
    }

    public String getCookieName() {
        return this.cookieName;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public String getAudience() {
        return this.audience;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public String getUserClaimKey() {
        return this.userClaimKey;
    }

    public void setUserClaimKey(String str) {
        this.userClaimKey = str;
    }

    public String getUserInfoKey() {
        return this.userInfoKey;
    }

    public void setUserInfoKey(String str) {
        this.userInfoKey = str;
    }

    public String getVersionClaimKey() {
        return this.versionClaimKey;
    }

    public void setVersionClaimKey(String str) {
        this.versionClaimKey = str;
    }

    public String getEncryptVersion() {
        return this.encryptVersion;
    }

    public void setEncryptVersion(String str) {
        this.encryptVersion = str;
    }

    public SecretKey getSecretKey() {
        if (secretKey == null) {
            synchronized (this) {
                if (secretKey == null) {
                    secretKey = new SecretKeySpec((byte[]) Decoders.BASE64.decode(this.key), this.signatureAlgorithm.getJcaName());
                }
            }
        }
        return secretKey;
    }

    private String addTokenShell(String str) {
        if (!StringUtils.isNotEmpty(this.encryptVersion)) {
            return str;
        }
        return this.encryptVersion + str + DigestUtils.sha256Hex(str).substring(0, CHECK_CODE_LEN);
    }

    private String removeTokenShell(String str) {
        if (StringUtils.isEmpty(this.encryptVersion)) {
            return str;
        }
        String substring = str.substring(str.length() - CHECK_CODE_LEN);
        str.substring(0, VER_LEN);
        String substring2 = str.substring(VER_LEN, str.length() - CHECK_CODE_LEN);
        return substring.equalsIgnoreCase(DigestUtils.sha256Hex(substring2).substring(0, CHECK_CODE_LEN)) ? substring2 : str;
    }

    public String createJwtToken(String str, Object obj) {
        return addTokenShell(JWT.create().withIssuer(this.issuer).withSubject(str).withAudience(new String[]{this.audience}).withClaim(this.userClaimKey, JSONUtils.toString(obj)).withExpiresAt(new Date(System.currentTimeMillis() + (this.expiration.longValue() * 1000))).sign(Algorithm.HMAC256(this.key)));
    }

    public Claims parseJwts(String str) {
        return (Claims) Jwts.parser().setSigningKey(this.key).build().parseClaimsJws(str).getBody();
    }

    private String parseTokenFromHeader(ServerHttpRequest serverHttpRequest) {
        String first = serverHttpRequest.getHeaders().getFirst(this.header);
        if (first != null && first.startsWith(this.headerPrefix)) {
            first = first.substring(this.headerPrefix.length());
        }
        return first;
    }

    private String parseTokenFromCookie(ServerHttpRequest serverHttpRequest) {
        HttpCookie httpCookie;
        if (StringUtils.isEmpty(this.cookieName) || serverHttpRequest.getCookies() == null || (httpCookie = (HttpCookie) serverHttpRequest.getCookies().getFirst(this.cookieName)) == null) {
            return null;
        }
        return httpCookie.getValue();
    }

    public <T> T parseUserInfoFromRequest(ServerHttpRequest serverHttpRequest, Type type) {
        String parseTokenFromHeader = parseTokenFromHeader(serverHttpRequest);
        if (StringUtils.isEmpty(parseTokenFromHeader)) {
            parseTokenFromHeader = parseTokenFromCookie(serverHttpRequest);
        }
        if (StringUtils.isEmpty(parseTokenFromHeader)) {
            return null;
        }
        DecodedJWT verify = JWT.require(Algorithm.HMAC256(this.key)).build().verify(removeTokenShell(parseTokenFromHeader));
        Claim claim = verify.getClaim(this.userClaimKey);
        if (claim == null) {
            return null;
        }
        String asString = claim.asString();
        Claim claim2 = verify.getClaim(this.versionClaimKey);
        if (claim2 != null && !claim2.isMissing() && claim2.asInt().intValue() >= 3000) {
            asString = AesUtils.decryptString(Base64.decodeBase64(asString), this.userInfoKey);
        }
        return (T) JSONUtils.parse(asString, type);
    }

    public void removeToken(String str) {
    }
}
