package cc.chensoul.rose.security.support;

import cc.chensoul.rose.security.CacheConstants;
import cc.chensoul.rose.security.SecurityProperties;
import cc.chensoul.rose.security.exception.ExpiredTokenException;
import cc.chensoul.rose.security.util.Authority;
import cc.chensoul.rose.security.util.SecurityUser;
import cc.chensoul.rose.security.util.TokenPair;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.time.ZonedDateTime;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:cc/chensoul/rose/security/support/JwtTokenFactory.class */
public class JwtTokenFactory implements TokenFactory {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenFactory.class);
    private static final String SCOPES = "scopes";
    private static final String ENABLED = "enabled";
    private final RedisTemplate<String, Object> redisTemplate;
    private final SecurityProperties securityProperties;

    @Override // cc.chensoul.rose.security.support.TokenFactory
    public TokenPair createTokenPair(SecurityUser securityUser) {
        String createAccessToken = createAccessToken(securityUser, this.securityProperties.getAccessTokenExpireTime());
        String createRefreshToken = createRefreshToken(securityUser, this.securityProperties.getRefreshTokenExpireTime());
        this.redisTemplate.opsForValue().set(CacheConstants.USER_TOKEN_PREFIX + createAccessToken, this.securityProperties.getAccessTokenExpireTime(), this.securityProperties.getAccessTokenExpireTime().longValue());
        this.redisTemplate.opsForValue().set(CacheConstants.USER_REFRESH_TOKEN_PREFIX + createRefreshToken, this.securityProperties.getRefreshTokenExpireTime(), this.securityProperties.getRefreshTokenExpireTime().longValue());
        return new TokenPair(createAccessToken, createRefreshToken, securityUser.getAuthorities());
    }

    @Override // cc.chensoul.rose.security.support.TokenFactory
    public SecurityUser parseAccessToken(String str) {
        if (this.redisTemplate.opsForValue().get(CacheConstants.USER_TOKEN_PREFIX + str) == null) {
            throw new BadCredentialsException("Access token is invalid");
        }
        Claims claims = (Claims) parseTokenClaims(str).getBody();
        String subject = claims.getSubject();
        List list = (List) claims.get(SCOPES, List.class);
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("JWT Token doesn't have any scopes");
        }
        return new SecurityUser(subject, str, AuthorityUtils.createAuthorityList((String[]) list.toArray(new String[0])));
    }

    @Override // cc.chensoul.rose.security.support.TokenFactory
    public SecurityUser parseRefreshToken(String str) {
        if (this.redisTemplate.opsForValue().get(CacheConstants.USER_REFRESH_TOKEN_PREFIX + str) == null) {
            throw new BadCredentialsException("Refresh Token is invalid");
        }
        Claims claims = (Claims) parseTokenClaims(str).getBody();
        String subject = claims.getSubject();
        List list = (List) claims.get(SCOPES, List.class);
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("Refresh Token doesn't have any scopes");
        }
        if (((String) list.get(0)).equals(Authority.REFRESH_TOKEN.name())) {
            return new SecurityUser(subject, str, AuthorityUtils.createAuthorityList((String[]) list.toArray(new String[0])));
        }
        throw new IllegalArgumentException("Invalid Refresh Token scope");
    }

    @Override // cc.chensoul.rose.security.support.TokenFactory
    public TokenPair createPreVerificationTokenPair(SecurityUser securityUser) {
        return new TokenPair(setUpToken(securityUser, Collections.singletonList(Authority.PRE_VERIFICATION_TOKEN.name()), this.securityProperties.getAccessTokenExpireTime().longValue()).compact(), null, AuthorityUtils.createAuthorityList(new String[]{Authority.PRE_VERIFICATION_TOKEN.name()}));
    }

    private Jws<Claims> parseTokenClaims(String str) {
        try {
            return Jwts.parser().setSigningKey(this.securityProperties.getJwt().getTokenSigningKey()).build().parseClaimsJws(str);
        } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
            throw new BadCredentialsException("Token is Invalid", e);
        } catch (SignatureException | ExpiredJwtException e2) {
            throw new ExpiredTokenException(str, "Token has expired", e2);
        }
    }

    private String createAccessToken(SecurityUser securityUser, Long l) {
        JwtBuilder upToken = setUpToken(securityUser, (List) securityUser.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toList()), l.longValue());
        upToken.claim(ENABLED, Boolean.valueOf(securityUser.isEnabled()));
        return upToken.compact();
    }

    private String createRefreshToken(SecurityUser securityUser, Long l) {
        return setUpToken(securityUser, Collections.singletonList(Authority.REFRESH_TOKEN.name()), l.longValue()).id(UUID.randomUUID().toString()).compact();
    }

    private JwtBuilder setUpToken(SecurityUser securityUser, List<String> list, long j) {
        Claims claims = (Claims) Jwts.claims().setSubject(securityUser.getUsername()).add(SCOPES, list).build();
        ZonedDateTime now = ZonedDateTime.now();
        return Jwts.builder().setClaims(claims).issuer(this.securityProperties.getJwt().getTokenIssuer()).issuedAt(Date.from(now.toInstant())).expiration(Date.from(now.plusSeconds(j).toInstant())).signWith(SignatureAlgorithm.HS512, this.securityProperties.getJwt().getTokenSigningKey());
    }

    public JwtTokenFactory(RedisTemplate<String, Object> redisTemplate, SecurityProperties securityProperties) {
        this.redisTemplate = redisTemplate;
        this.securityProperties = securityProperties;
    }
}
