package com.alibaba.nacos.plugin.auth.impl;

import com.alibaba.nacos.common.event.ServerConfigChangeEvent;
import com.alibaba.nacos.common.notify.Event;
import com.alibaba.nacos.common.notify.NotifyCenter;
import com.alibaba.nacos.common.notify.listener.Subscriber;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import com.alibaba.nacos.sys.env.EnvUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/JwtTokenManager.class */
public class JwtTokenManager extends Subscriber<ServerConfigChangeEvent> {
    private static final String AUTHORITIES_KEY = "auth";
    private volatile long tokenValidityInSeconds;
    private volatile JwtParser jwtParser;
    private volatile SecretKey secretKey;

    public JwtTokenManager() {
        NotifyCenter.registerSubscriber(this);
        processProperties();
    }

    private void processProperties() {
        this.tokenValidityInSeconds = ((Long) EnvUtil.getProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, Long.class, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS)).longValue();
        try {
            this.secretKey = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(EnvUtil.getProperty(AuthConstants.TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY)));
            this.jwtParser = Jwts.parserBuilder().setSigningKey(this.secretKey).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("the length of  must great than or equal 32 bytes; And the secret key  must be encoded by base64", e);
        }
    }

    public String createToken(Authentication authentication) {
        return createToken(authentication.getName());
    }

    public String createToken(String str) {
        return Jwts.builder().setClaims(Jwts.claims().setSubject(str)).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(getTokenValidityInSeconds()))).signWith(this.secretKey, SignatureAlgorithm.HS256).compact();
    }

    public Authentication getAuthentication(String str) {
        Claims claims = (Claims) this.jwtParser.parseClaimsJws(str).getBody();
        List commaSeparatedStringToAuthorityList = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get(AUTHORITIES_KEY));
        return new UsernamePasswordAuthenticationToken(new User(claims.getSubject(), AuthConstants.DEFAULT_TOKEN_SECRET_KEY, commaSeparatedStringToAuthorityList), AuthConstants.DEFAULT_TOKEN_SECRET_KEY, commaSeparatedStringToAuthorityList);
    }

    public void validateToken(String str) {
        this.jwtParser.parseClaimsJws(str);
    }

    public long getTokenValidityInSeconds() {
        return this.tokenValidityInSeconds;
    }

    public void onEvent(ServerConfigChangeEvent serverConfigChangeEvent) {
        processProperties();
    }

    public Class<? extends Event> subscribeType() {
        return ServerConfigChangeEvent.class;
    }
}
