package com.fujieid.jap.ids.util;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.log.Log;
import cn.hutool.log.LogFactory;
import com.fujieid.jap.ids.JapIds;
import com.fujieid.jap.ids.config.IdsConfig;
import com.fujieid.jap.ids.config.JwtConfig;
import com.fujieid.jap.ids.exception.IdsTokenException;
import com.fujieid.jap.ids.exception.InvalidJwksException;
import com.fujieid.jap.ids.exception.InvalidTokenException;
import com.fujieid.jap.ids.model.IdsConsts;
import com.fujieid.jap.ids.model.UserInfo;
import com.fujieid.jap.ids.model.enums.ErrorResponse;
import com.fujieid.jap.ids.model.enums.JwtVerificationType;
import com.fujieid.jap.ids.model.enums.ResponseType;
import com.fujieid.jap.ids.model.enums.ScopeClaimsMapping;
import com.fujieid.jap.ids.model.enums.TokenSigningAlg;
import com.xkcoding.json.JsonUtil;
import com.xkcoding.json.util.Kv;
import com.xkcoding.json.util.StringUtil;
import java.util.Map;
import java.util.Set;
import org.jose4j.jwk.HttpsJwks;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver;
import org.jose4j.keys.resolvers.JwksVerificationKeyResolver;
import org.jose4j.lang.JoseException;

/* loaded from: input_file:com/fujieid/jap/ids/util/JwtUtil.class */
public class JwtUtil {
    private static final Log log = LogFactory.get();

    /* loaded from: input_file:com/fujieid/jap/ids/util/JwtUtil$IdsVerificationKeyResolver.class */
    public static class IdsVerificationKeyResolver {
        public static JsonWebKeySet createJsonWebKeySet(String str) {
            InvalidJwksException invalidJwksException = new InvalidJwksException(ErrorResponse.INVALID_JWKS);
            if (StringUtil.isEmpty(str)) {
                throw invalidJwksException;
            }
            try {
                return new JsonWebKeySet(str);
            } catch (JoseException e) {
                throw invalidJwksException;
            }
        }

        public static PublicJsonWebKey createPublicJsonWebKey(String str, String str2, TokenSigningAlg tokenSigningAlg) {
            TokenSigningAlg tokenSigningAlg2 = null == tokenSigningAlg ? TokenSigningAlg.RS256 : tokenSigningAlg;
            JsonWebKeySet createJsonWebKeySet = createJsonWebKeySet(str2);
            String keyType = tokenSigningAlg2.getKeyType();
            boolean z = -1;
            switch (keyType.hashCode()) {
                case 2206:
                    if (keyType.equals("EC")) {
                        z = true;
                        break;
                    }
                    break;
                case 81440:
                    if (keyType.equals("RSA")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return createJsonWebKeySet.findJsonWebKey(str, tokenSigningAlg2.getKeyType(), "sig", tokenSigningAlg2.getAlg());
                case true:
                    return createJsonWebKeySet.findJsonWebKey(str, tokenSigningAlg2.getKeyType(), "sig", tokenSigningAlg2.getAlg());
                default:
                    return null;
            }
        }
    }

    public static String createJwtToken(String str, UserInfo userInfo, Long l, String str2, String str3) {
        return createJwtToken(str, userInfo, l, str2, null, null, str3);
    }

    public static String createJwtToken(String str, UserInfo userInfo, Long l, String str2, Set<String> set, String str3, String str4) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(str4);
        jwtClaims.setSubject(null == userInfo ? str : userInfo.getId());
        jwtClaims.setAudience(str);
        jwtClaims.setExpirationTime(NumericDate.fromMilliseconds(System.currentTimeMillis() + (l.longValue() * 1000)));
        jwtClaims.setIssuedAt(NumericDate.fromMilliseconds(System.currentTimeMillis()));
        if (!StringUtil.isEmpty(str2)) {
            jwtClaims.setStringClaim(IdsConsts.NONCE, str2);
        }
        setUserInfoClaim(userInfo, set, str3, jwtClaims);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jwtClaims.toJson());
        JwtConfig jwtConfig = JapIds.getContext().getIdentityService().getJwtConfig(str);
        if (null == jwtConfig) {
            throw new InvalidJwksException("Unable to create Jwt Token: jwt config cannot be empty.");
        }
        PublicJsonWebKey createPublicJsonWebKey = IdsVerificationKeyResolver.createPublicJsonWebKey(jwtConfig.getJwksKeyId(), jwtConfig.getJwksJson(), jwtConfig.getTokenSigningAlg());
        if (null == createPublicJsonWebKey) {
            throw new InvalidJwksException("Unable to create Jwt Token: Unable to create public json web key.");
        }
        jsonWebSignature.setKey(createPublicJsonWebKey.getPrivateKey());
        jsonWebSignature.setKeyIdHeaderValue(createPublicJsonWebKey.getKeyId());
        jsonWebSignature.setAlgorithmHeaderValue(jwtConfig.getTokenSigningAlg().getAlg());
        try {
            return jsonWebSignature.getCompactSerialization();
        } catch (JoseException e) {
            throw new IdsTokenException("Unable to create Jwt Token: " + e.getMessage());
        }
    }

    private static void setUserInfoClaim(UserInfo userInfo, Set<String> set, String str, JwtClaims jwtClaims) {
        if (null != userInfo) {
            jwtClaims.setStringClaim(IdsConsts.USERNAME, userInfo.getUsername());
            if (ObjectUtil.isNotNull(set) && ResponseType.ID_TOKEN.getType().equalsIgnoreCase(str)) {
                Kv parseKv = JsonUtil.parseKv(JsonUtil.toJsonString(userInfo));
                if (set.contains("profile")) {
                    for (String str2 : ScopeClaimsMapping.profile.getClaims()) {
                        if (parseKv.containsKey(str2) && null != parseKv.get(str2)) {
                            jwtClaims.setClaim(str2, parseKv.get(str2));
                        }
                    }
                }
                if (set.contains("email")) {
                    for (String str3 : ScopeClaimsMapping.email.getClaims()) {
                        if (parseKv.containsKey(str3) && null != parseKv.get(str3)) {
                            jwtClaims.setClaim(str3, parseKv.get(str3));
                        }
                    }
                }
                if (set.contains("phone")) {
                    for (String str4 : ScopeClaimsMapping.phone.getClaims()) {
                        if (parseKv.containsKey(str4) && null != parseKv.get(str4)) {
                            jwtClaims.setClaim(str4, parseKv.get(str4));
                        }
                    }
                }
                if (set.contains("address")) {
                    for (String str5 : ScopeClaimsMapping.address.getClaims()) {
                        if (parseKv.containsKey(str5) && null != parseKv.get(str5)) {
                            jwtClaims.setClaim(str5, parseKv.get(str5));
                        }
                    }
                }
            }
        }
    }

    public static Map<String, Object> parseJwtToken(String str) {
        JwtConfig jwtConfig = JapIds.getContext().getIdentityService().getJwtConfig(null);
        if (null == jwtConfig) {
            throw new InvalidJwksException("Unable to parse Jwt Token: jwt config cannot be empty.");
        }
        PublicJsonWebKey createPublicJsonWebKey = IdsVerificationKeyResolver.createPublicJsonWebKey(jwtConfig.getJwksKeyId(), jwtConfig.getJwksJson(), jwtConfig.getTokenSigningAlg());
        if (null == createPublicJsonWebKey) {
            throw new InvalidJwksException("Unable to parse Jwt Token: Unable to create public json web key.");
        }
        try {
            return new JwtConsumerBuilder().setSkipDefaultAudienceValidation().setAllowedClockSkewInSeconds(30).setVerificationKey(createPublicJsonWebKey.getPublicKey()).build().processToClaims(str).getClaimsMap();
        } catch (InvalidJwtException e) {
            log.error("Invalid Jwt Token : " + JsonUtil.toJsonString(e.getErrorDetails()), new Object[]{e});
            if (e.hasExpired()) {
                throw new InvalidTokenException(ErrorResponse.EXPIRED_TOKEN);
            }
            throw new InvalidTokenException(ErrorResponse.INVALID_TOKEN);
        }
    }

    public static Map<String, Object> validateJwtToken(String str, String str2, String str3, String str4) {
        IdsConfig idsConfig = JapIds.getIdsConfig();
        JwtConfig jwtConfig = JapIds.getContext().getIdentityService().getJwtConfig(str);
        if (null == jwtConfig) {
            throw new InvalidJwksException("Unable to validate Jwt Token: jwt config cannot be empty.");
        }
        JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
        JwtVerificationType jwtVerificationType = jwtConfig.getJwtVerificationType();
        if (null != jwtVerificationType) {
            if (jwtVerificationType == JwtVerificationType.HTTPS_JWKS_ENDPOINT) {
                jwtConsumerBuilder.setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(new HttpsJwks(str4)));
            } else if (jwtVerificationType == JwtVerificationType.JWKS) {
                jwtConsumerBuilder.setVerificationKeyResolver(new JwksVerificationKeyResolver(IdsVerificationKeyResolver.createJsonWebKeySet(jwtConfig.getJwksJson()).getJsonWebKeys()));
            }
        }
        PublicJsonWebKey createPublicJsonWebKey = IdsVerificationKeyResolver.createPublicJsonWebKey(jwtConfig.getJwksKeyId(), jwtConfig.getJwksJson(), jwtConfig.getTokenSigningAlg());
        if (null == createPublicJsonWebKey) {
            throw new InvalidJwksException("Unable to verify Jwt Token: Unable to create public json web key.");
        }
        try {
            return jwtConsumerBuilder.setRequireIssuedAt().setRequireExpirationTime().setRequireSubject().setExpectedIssuer(idsConfig.getIssuer()).setExpectedSubject(StringUtil.isEmpty(str2) ? str : str2).setExpectedAudience(new String[]{str}).setAllowedClockSkewInSeconds(30).setVerificationKey(createPublicJsonWebKey.getPublicKey()).build().processToClaims(str3).getClaimsMap();
        } catch (InvalidJwtException e) {
            log.error("Invalid Jwt Token! ", new Object[]{e});
            if (!e.hasExpired()) {
                throw new InvalidTokenException(ErrorResponse.INVALID_TOKEN);
            }
            try {
                log.error("Jwt Token expired at " + e.getJwtContext().getJwtClaims().getExpirationTime(), new Object[0]);
            } catch (MalformedClaimException e2) {
                e2.printStackTrace();
            }
            throw new InvalidTokenException(ErrorResponse.EXPIRED_TOKEN);
        }
    }
}
