package com.odianyun.user.business.common.utils;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwk.Jwk;
import com.odianyun.exception.factory.OdyExceptionFactory;
import com.odianyun.user.business.common.utils.CacheVerificationUtil;
import com.odianyun.weixin.mp.util.HttpUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.security.PublicKey;
import java.util.Objects;
import org.apache.tomcat.util.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:WEB-INF/lib/ouser-business-prod2.10.0-SNAPSHOT.jar:com/odianyun/user/business/common/utils/IosIdentityVerifyUtil.class */
public class IosIdentityVerifyUtil {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) IosIdentityVerifyUtil.class);
    private static final String APPLE_ID_URL = "https://appleid.apple.com";
    private static final String APPLE_ID_AUTH_URL = "https://appleid.apple.com/auth/keys";

    public static String verify(String str) {
        try {
            String[] split = str.split("\\.");
            JSONObject parseObject = JSONObject.parseObject(new String(Base64.decodeBase64(split[0]), "UTF-8"));
            JSONObject parseObject2 = JSONObject.parseObject(new String(Base64Utils.decodeFromString(split[1]), "UTF-8"));
            String string = parseObject2.getString(Claims.AUDIENCE);
            String string2 = parseObject2.getString("sub");
            if (verify(str, string, string2, parseObject.getString(JwsHeader.KEY_ID))) {
                return string2;
            }
            return null;
        } catch (Exception e) {
            throw OdyExceptionFactory.businessException(e, "010009", new Object[0]);
        }
    }

    private static boolean verify(String str, String str2, String str3, String str4) {
        try {
            PublicKey publicKey = getPublicKey(str4);
            if (publicKey == null) {
                return false;
            }
            JwtParser signingKey = Jwts.parser().setSigningKey(publicKey);
            signingKey.requireIssuer(APPLE_ID_URL);
            signingKey.requireAudience(str2);
            signingKey.requireSubject(str3);
            Jws<Claims> parseClaimsJws = signingKey.parseClaimsJws(str);
            if (parseClaimsJws != null) {
                return parseClaimsJws.getBody().containsKey("auth_time");
            }
            return false;
        } catch (ExpiredJwtException e) {
            throw OdyExceptionFactory.businessException(e, "010010", new Object[0]);
        } catch (Exception e2) {
            logger.info("identityToken={}, aud= {}, sub={}, kid={},验证异常：", str, str2, str3, str4, e2);
            throw OdyExceptionFactory.businessException(e2, "010009", new Object[0]);
        }
    }

    private static PublicKey getPublicKey(String str) {
        JSONObject iosPublicKey = CacheVerificationUtil.Ios.getIosPublicKey(str);
        if (null == iosPublicKey) {
            JSONObject jSONObject = HttpUtil.get(APPLE_ID_AUTH_URL);
            JSONArray jSONArray = jSONObject.getJSONArray("keys");
            if (null == jSONArray) {
                throw OdyExceptionFactory.businessException("010011", new Object[0]);
            }
            int i = 0;
            while (true) {
                if (i >= jSONArray.size()) {
                    break;
                }
                JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                if (Objects.equals(jSONObject2.getString(JwsHeader.KEY_ID), str)) {
                    iosPublicKey = jSONObject2;
                    CacheVerificationUtil.Ios.setIosPublicKey(str, iosPublicKey);
                    break;
                }
                i++;
            }
            if (null == iosPublicKey) {
                logger.info("kid == {}, apple public key = {}", str, jSONObject.toJSONString());
                throw OdyExceptionFactory.businessException("010012", str);
            }
        }
        try {
            return Jwk.fromValues(iosPublicKey).getPublicKey();
        } catch (Exception e) {
            logger.error("生成apple public key 报错：", (Throwable) e);
            throw OdyExceptionFactory.businessException(e, "010012", str);
        }
    }
}
