package com.xforceplus.delivery.cloud.secure.jjwt;

import com.xforceplus.delivery.cloud.common.util.DateUtils;
import com.xforceplus.delivery.cloud.common.util.UUIDUtils;
import com.xforceplus.delivery.cloud.secure.AuthCenterProperties;
import com.xforceplus.delivery.cloud.secure.JWT;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2AdditionalInfo;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2Principal;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2Token;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClaims;
import java.security.KeyPair;
import java.time.LocalDateTime;
import java.util.Date;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/xforceplus/delivery/cloud/secure/jjwt/JwtCreator.class */
public class JwtCreator {
    private static final Logger log = LoggerFactory.getLogger(JwtCreator.class);

    @Autowired(required = false)
    private KeyPair keyPair;

    @Autowired
    private JwtVadator jwtVadator;

    @Autowired
    private AuthCenterProperties authCenterProperties;

    private Date generateExpirationDate() {
        long expiration = this.authCenterProperties.getExpiration();
        if (expiration <= 0) {
            expiration = 86400;
        }
        return new Date(System.currentTimeMillis() + (expiration * 1000));
    }

    public OAuth2Token newOAuth2Token(OAuth2Principal oAuth2Principal, OAuth2AdditionalInfo oAuth2AdditionalInfo) {
        DefaultClaims defaultClaims = new DefaultClaims();
        defaultClaims.setSubject(oAuth2Principal.getUsername());
        defaultClaims.put("additionalInfo", oAuth2AdditionalInfo);
        defaultClaims.put("authorities", oAuth2Principal.getPerms());
        defaultClaims.put("user_name", oAuth2Principal.getUsername());
        defaultClaims.put("scope", oAuth2Principal.getScope());
        OAuth2Token signCompact = signCompact(Jwts.builder().setHeaderParam("typ", "JWT").setClaims(defaultClaims));
        signCompact.setAdditionalInfo(oAuth2AdditionalInfo);
        return signCompact;
    }

    private OAuth2Token signCompact(JwtBuilder jwtBuilder) {
        Date generateExpirationDate = generateExpirationDate();
        OAuth2Token oAuth2Token = new OAuth2Token();
        oAuth2Token.setExpires_in(DateUtils.format(generateExpirationDate));
        oAuth2Token.setJti(UUIDUtils.uuid36());
        oAuth2Token.setRefresh_token(null);
        oAuth2Token.setToken_type(JWT.BEARER_TYPE);
        oAuth2Token.setAccess_token(jwtBuilder.setId(oAuth2Token.getJti()).setIssuer("xforceplus.com").setIssuedAt(DateUtils.toDate(LocalDateTime.now())).setExpiration(generateExpirationDate).signWith(SignatureAlgorithm.RS256, this.keyPair.getPrivate()).compact());
        return oAuth2Token;
    }

    public Optional<String> refreshHeadToken(Jws<Claims> jws) {
        Claims claims = (Claims) jws.getBody();
        if (this.jwtVadator.isTokenExpired(claims)) {
            throw new ExpiredJwtException(jws.getHeader(), claims, "");
        }
        if (this.jwtVadator.tokenRefreshJustBefore(claims, 1800)) {
            return Optional.empty();
        }
        claims.put(JWT.CLAIM_KEY_CREATED, new Date());
        return Optional.of(signCompact(Jwts.builder().setClaims(claims)).getAccess_token());
    }
}
