package online.inote.naruto.api.access.validator;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.IncorrectClaimException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.MalformedJwtException;
import java.util.Date;
import java.util.Objects;
import online.inote.naruto.api.access.jwt.JwtHelper;
import online.inote.naruto.api.access.props.ApiAccessProperties;
import online.inote.naruto.cache.CacheSupport;
import online.inote.naruto.exception.token.TokenException;
import online.inote.naruto.utils.Assert;
import online.inote.naruto.utils.DateTimeUtils;
import online.inote.naruto.utils.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:online/inote/naruto/api/access/validator/ApiAccessValidator.class */
public class ApiAccessValidator {
    private static final Logger logger = LoggerFactory.getLogger(ApiAccessValidator.class);

    /* loaded from: input_file:online/inote/naruto/api/access/validator/ApiAccessValidator$ApiAccessValidatorWorker.class */
    public static class ApiAccessValidatorWorker {
        private String token;
        private String method;

        public ApiAccessValidatorWorker token(String str) {
            Assert.notBlank(str, "Token不能为空");
            this.token = str;
            return this;
        }

        public ApiAccessValidatorWorker method(String str) {
            Assert.notBlank(str, "method不能为空");
            this.method = str;
            return this;
        }

        public void execute() {
            Jws<Claims> claims = JwtHelper.getClaims(this.token);
            Claims claims2 = (Claims) claims.getBody();
            if (StringUtils.isBlank(claims2.getIssuer()) || Objects.isNull(claims2.getIssuedAt())) {
                throw new MalformedJwtException("Token解析失败");
            }
            if (ApiAccessValidator.logger.isDebugEnabled()) {
                ApiAccessValidator.logger.debug("Token发行者为:[ {} ], 于[ {} ]生成, 授权给[ {} ]", new Object[]{claims2.getIssuer(), DateTimeUtils.format(claims2.getIssuedAt()), claims2.getAudience()});
            }
            isExpired(claims);
            if (ApiAccessProperties.props().getCache().getEnable().booleanValue()) {
                isForgery(claims);
                isPermission(claims);
            }
        }

        private void isPermission(Jws<Claims> jws) {
            if (!CacheSupport.isMember(getSystemAuthInterfaceKey((Claims) jws.getBody()), this.method).booleanValue()) {
                throw new TokenException("无权访问");
            }
        }

        private void isExpired(Jws<Claims> jws) {
            Claims claims = (Claims) jws.getBody();
            Date expiration = claims.getExpiration();
            if (Objects.nonNull(expiration) && expiration.before(DateTimeUtils.getNow())) {
                throw new ExpiredJwtException(jws.getHeader(), claims, "Token已过期(签署)");
            }
            if (ApiAccessProperties.props().getCache().getEnable().booleanValue() && !CacheSupport.isExist(getTokenKey(claims))) {
                throw new ExpiredJwtException(jws.getHeader(), claims, "Token已过期(缓存)");
            }
        }

        private void isForgery(Jws<Claims> jws) {
            if (!StringUtils.equals(this.token, CacheSupport.get(getTokenKey((Claims) jws.getBody())))) {
                throw new IncorrectClaimException(jws.getHeader(), (Claims) jws.getBody(), "伪造的Token信息");
            }
        }

        private String getTokenKey(Claims claims) {
            return cacheProps().initSystemTokenCacheKey(claims.getId());
        }

        private String getSystemAuthInterfaceKey(Claims claims) {
            return cacheProps().initSystemAuthInterfacePathCacheKey(claims.getId());
        }

        private ApiAccessProperties.Cache cacheProps() {
            return ApiAccessProperties.props().getCache();
        }
    }

    public static ApiAccessValidatorWorker builder() {
        return new ApiAccessValidatorWorker();
    }
}
