package org.macrocloud.kernel.security.utils;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.macrocloud.kernel.auth.TokenInfo;
import org.macrocloud.kernel.auth.exception.SecureException;
import org.macrocloud.kernel.auth.utils.AuthUtil;
import org.macrocloud.kernel.auth.utils.JwtUtil;
import org.macrocloud.kernel.security.constant.SecureConstant;
import org.macrocloud.kernel.security.provider.IClientDetails;
import org.macrocloud.kernel.security.provider.IClientDetailsService;
import org.macrocloud.kernel.toolkit.utils.Charsets;
import org.macrocloud.kernel.toolkit.utils.Func;
import org.macrocloud.kernel.toolkit.utils.SpringUtil;
import org.macrocloud.kernel.toolkit.utils.StringUtil;
import org.macrocloud.kernel.toolkit.utils.WebUtil;

/* loaded from: input_file:org/macrocloud/kernel/security/utils/SecureUtil.class */
public class SecureUtil extends AuthUtil {
    private static final String CLIENT_ID = "client_id";
    private static IClientDetailsService clientDetailsService;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static IClientDetailsService getClientDetailsService() {
        if (clientDetailsService == null) {
            clientDetailsService = (IClientDetailsService) SpringUtil.getBean(IClientDetailsService.class);
        }
        return clientDetailsService;
    }

    public static TokenInfo createJWT(Map<String, Object> map, String str, String str2, String str3) {
        String[] extractAndDecodeHeader = extractAndDecodeHeader();
        String str4 = extractAndDecodeHeader[0];
        String str5 = extractAndDecodeHeader[1];
        if (!validateClient(clientDetails(str4), str4, str5)) {
            throw new SecureException("client authentication failed, please check the header parameters");
        }
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        JwtBuilder signWith = Jwts.builder().setHeaderParam("typ", "JWT").setIssuer(str2).setAudience(str).signWith(new SecretKeySpec(Base64.getDecoder().decode(JwtUtil.getBase64Security()), signatureAlgorithm.getJcaName()));
        Objects.requireNonNull(signWith);
        map.forEach(signWith::claim);
        signWith.claim(CLIENT_ID, str4);
        long intValue = str3.equals("access_token") ? r0.getAccessTokenValidity().intValue() * 1000 : str3.equals("refresh_token") ? r0.getRefreshTokenValidity().intValue() * 1000 : getExpire();
        signWith.setExpiration(new Date(currentTimeMillis + intValue)).setNotBefore(date);
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo.setToken(signWith.compact());
        tokenInfo.setExpire((int) (intValue / 1000));
        if ("access_token".equals(str3)) {
            String.valueOf(map.get("tenant_id"));
            String.valueOf(map.get("user_id"));
        }
        return tokenInfo;
    }

    public static long getExpire() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 1);
        calendar.set(11, 3);
        calendar.set(13, 0);
        calendar.set(12, 0);
        calendar.set(14, 0);
        return calendar.getTimeInMillis() - System.currentTimeMillis();
    }

    public static String[] extractAndDecodeHeader() {
        String replace = Func.toStr(((HttpServletRequest) Objects.requireNonNull(WebUtil.getRequest())).getHeader(SecureConstant.BASIC_HEADER_KEY)).replace(SecureConstant.BASIC_HEADER_PREFIX_EXT, SecureConstant.BASIC_HEADER_PREFIX);
        if (!replace.startsWith(SecureConstant.BASIC_HEADER_PREFIX)) {
            throw new SecureException("no client information in request header");
        }
        try {
            String str = new String(Base64.getDecoder().decode(replace.substring(6).getBytes(Charsets.UTF_8_NAME)), Charsets.UTF_8_NAME);
            int indexOf = str.indexOf(":");
            if (indexOf == -1) {
                throw new RuntimeException("invalid basic authentication token");
            }
            return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new RuntimeException("failed to decode basic authentication token");
        }
    }

    public static String getClientIdFromHeader() {
        String[] extractAndDecodeHeader = extractAndDecodeHeader();
        if ($assertionsDisabled || extractAndDecodeHeader.length == 2) {
            return extractAndDecodeHeader[0];
        }
        throw new AssertionError();
    }

    private static IClientDetails clientDetails(String str) {
        return getClientDetailsService().loadClientByClientId(str);
    }

    private static boolean validateClient(IClientDetails iClientDetails, String str, String str2) {
        return iClientDetails != null && StringUtil.equals(str, iClientDetails.getClientId()) && StringUtil.equals(str2, iClientDetails.getClientSecret());
    }

    static {
        $assertionsDisabled = !SecureUtil.class.desiredAssertionStatus();
    }
}
