package io.github.lishangbu.avalon.security.util;

import io.github.lishangbu.avalon.security.constant.JwtClaimConstants;
import io.github.lishangbu.avalon.security.core.UserPrincipal;
import io.github.lishangbu.avalon.security.properties.JwtProperties;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.TemporalUnit;
import java.util.Base64;
import java.util.Date;
import java.util.stream.Collectors;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:io/github/lishangbu/avalon/security/util/JwtUtils.class */
public class JwtUtils implements InitializingBean {
    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;
    private final JwtProperties jwtProperties;
    private final ResourceLoader resourceLoader;

    public JwtUtils(JwtProperties jwtProperties, ResourceLoader resourceLoader) {
        this.jwtProperties = jwtProperties;
        this.resourceLoader = resourceLoader;
    }

    public String generateAccessTokenByAuthentication(Authentication authentication) {
        UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
        return Jwts.builder().issuedAt(new Date()).expiration(Date.from(Instant.now().plus(this.jwtProperties.getAccessTokenTtl().longValue(), (TemporalUnit) this.jwtProperties.getAccessTokenTtlUnit()))).subject(userPrincipal.getUsername()).claim(JwtClaimConstants.USER_ID, userPrincipal.id()).claim(JwtClaimConstants.AUTHORITIES, userPrincipal.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(","))).signWith(this.privateKey).compact();
    }

    public String generateRefreshTokenByAuthentication() {
        return Jwts.builder().issuedAt(new Date()).expiration(Date.from(Instant.now().plus(this.jwtProperties.getRefreshTokenTtl().longValue(), (TemporalUnit) this.jwtProperties.getRefreshTokenTtlUnit()))).signWith(this.privateKey).compact();
    }

    public Claims verifyJsonWebTokenByAuthentication(String str) {
        return (Claims) Jwts.parser().verifyWith(this.publicKey).build().parseSignedClaims(str).getPayload();
    }

    private static RSAPublicKey loadPublicKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replaceAll("\\s", ""))));
    }

    private static RSAPrivateKey loadPrivateKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s", ""))));
    }

    public void afterPropertiesSet() throws Exception {
        InputStream inputStream = this.resourceLoader.getResource(this.jwtProperties.getPublicKeyPath()).getInputStream();
        try {
            this.publicKey = loadPublicKey(new String(inputStream.readAllBytes()));
            if (inputStream != null) {
                inputStream.close();
            }
            inputStream = this.resourceLoader.getResource(this.jwtProperties.getPrivateKeyPath()).getInputStream();
            try {
                this.privateKey = loadPrivateKey(new String(inputStream.readAllBytes()));
                if (inputStream != null) {
                    inputStream.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
