package org.mx.jwt.service.impl;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import org.mx.StringUtils;
import org.mx.TypeUtils;
import org.mx.error.UserInterfaceSystemErrorException;
import org.mx.jwt.config.AuthConfigBean;
import org.mx.jwt.error.UserInterfaceJwtErrorException;
import org.mx.jwt.service.JwtService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/mx/jwt/service/impl/JwtServiceImpl.class */
public class JwtServiceImpl implements JwtService {
    private static final Logger logger = LoggerFactory.getLogger(JwtServiceImpl.class);
    private AuthConfigBean authConfigBean;
    private Algorithm algorithm;
    private JWTVerifier verifier;

    public JwtServiceImpl(AuthConfigBean authConfigBean) {
        this.authConfigBean = authConfigBean;
    }

    private Algorithm getAlgorithm(String str) {
        if (str.startsWith("HS")) {
            return getHsAlgorithm(str);
        }
        if (str.startsWith("RSA")) {
            return getRsaAlgorithm(str);
        }
        if (logger.isErrorEnabled()) {
            logger.error(String.format("Unsupported algorithm: %s.", str));
        }
        throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_INITIALIZE_FAIL);
    }

    private Algorithm getHsAlgorithm(String str) {
        String secret = this.authConfigBean.getHsConfig().getSecret();
        try {
            boolean z = -1;
            switch (str.hashCode()) {
                case 69015912:
                    if (str.equals("HS256")) {
                        z = 2;
                        break;
                    }
                    break;
                case 69016964:
                    if (str.equals("HS384")) {
                        z = true;
                        break;
                    }
                    break;
                case 69018667:
                    if (str.equals("HS512")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return Algorithm.HMAC512(secret);
                case true:
                    return Algorithm.HMAC384(secret);
                case true:
                default:
                    return Algorithm.HMAC256(secret);
            }
        } catch (IllegalArgumentException e) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize JWT fail.", e);
            }
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_INITIALIZE_FAIL);
        }
    }

    private Algorithm getRsaAlgorithm(String str) {
        AuthConfigBean.RsaConfigBean rsaConfig = this.authConfigBean.getRsaConfig();
        String keystore = rsaConfig.getKeystore();
        String password1 = rsaConfig.getPassword1();
        String password2 = rsaConfig.getPassword2();
        String alias = rsaConfig.getAlias();
        if (StringUtils.isBlank(keystore) || StringUtils.isBlank(password1) || StringUtils.isBlank(password2) || StringUtils.isBlank(str)) {
            if (logger.isErrorEnabled()) {
                logger.error(String.format("Invalid parameter, keystore: %s, password1: %s, password2: %s, alias: %s.", keystore, password1, password2, alias));
            }
            throw new UserInterfaceSystemErrorException(UserInterfaceSystemErrorException.SystemErrors.SYSTEM_ILLEGAL_PARAM);
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(rsaConfig.getKeystore());
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(fileInputStream, rsaConfig.getPassword1().toCharArray());
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) keyStore.getKey(alias, password2.toCharArray());
                RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
                boolean z = -1;
                switch (str.hashCode()) {
                    case -1868738509:
                        if (str.equals("RSA256")) {
                            z = 2;
                            break;
                        }
                        break;
                    case -1868737457:
                        if (str.equals("RSA384")) {
                            z = true;
                            break;
                        }
                        break;
                    case -1868735754:
                        if (str.equals("RSA512")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        Algorithm RSA512 = Algorithm.RSA512(rSAPublicKey, rSAPrivateCrtKey);
                        fileInputStream.close();
                        return RSA512;
                    case true:
                        Algorithm RSA384 = Algorithm.RSA384(rSAPublicKey, rSAPrivateCrtKey);
                        fileInputStream.close();
                        return RSA384;
                    case true:
                    default:
                        Algorithm RSA256 = Algorithm.RSA256(rSAPublicKey, rSAPrivateCrtKey);
                        fileInputStream.close();
                        return RSA256;
                }
            } finally {
            }
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize the JWT fail.", e);
            }
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_INITIALIZE_FAIL);
        }
    }

    public void init() {
        try {
            this.algorithm = getAlgorithm(this.authConfigBean.getAlgorithm());
            this.verifier = JWT.require(this.algorithm).withIssuer(new String[]{this.authConfigBean.getIssuer()}).withSubject(this.authConfigBean.getSubject()).acceptLeeway(1L).acceptExpiresAt(1L).build();
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.error("Initialize the JWT fail.", e);
            }
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_INITIALIZE_FAIL);
        }
    }

    public void destroy() {
        if (this.verifier != null) {
            this.verifier = null;
        }
    }

    @Override // org.mx.jwt.service.JwtService
    public String signToken(String str) {
        return signToken(str, (String) null);
    }

    @Override // org.mx.jwt.service.JwtService
    public String signToken(String str, String str2) {
        HashMap hashMap = new HashMap(1);
        hashMap.put("accountCode", str);
        return signToken(hashMap, str2);
    }

    @Override // org.mx.jwt.service.JwtService
    public String signToken(Map<String, Object> map) {
        return signToken(map, (String) null);
    }

    @Override // org.mx.jwt.service.JwtService
    public String signToken(Map<String, Object> map, String str) {
        JWTCreator.Builder withExpiresAt = JWT.create().withIssuer(this.authConfigBean.getIssuer()).withSubject(this.authConfigBean.getSubject()).withExpiresAt(new Date(System.currentTimeMillis() + TypeUtils.string2TimePeriod(str, 3110400000000L)));
        if (withExpiresAt == null || this.algorithm == null) {
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_NOT_INITIALIZE);
        }
        if (map != null) {
            try {
                if (!map.isEmpty()) {
                    map.forEach((str2, obj) -> {
                        if (obj instanceof Boolean) {
                            withExpiresAt.withClaim(str2, (Boolean) obj);
                            return;
                        }
                        if (obj instanceof Integer) {
                            withExpiresAt.withClaim(str2, (Integer) obj);
                            return;
                        }
                        if (obj instanceof Long) {
                            withExpiresAt.withClaim(str2, (Long) obj);
                            return;
                        }
                        if (obj instanceof Date) {
                            withExpiresAt.withClaim(str2, (Date) obj);
                            return;
                        }
                        if (obj instanceof String) {
                            withExpiresAt.withClaim(str2, (String) obj);
                            return;
                        }
                        if (obj instanceof Double) {
                            withExpiresAt.withClaim(str2, (Double) obj);
                        } else if (obj instanceof List) {
                            withExpiresAt.withArrayClaim(str2, (String[]) ((List) obj).toArray(new String[0]));
                        } else {
                            withExpiresAt.withClaim(str2, obj.toString());
                        }
                    });
                }
            } catch (Exception e) {
                if (logger.isErrorEnabled()) {
                    logger.error("Sign the token fail.", e);
                }
                throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_SIGN_FAIL);
            }
        }
        String sign = withExpiresAt.sign(this.algorithm);
        if (logger.isDebugEnabled()) {
            logger.debug(String.format("Sign the token[%s] successfully.", sign));
        }
        return sign;
    }

    @Override // org.mx.jwt.service.JwtService
    public JwtService.JwtVerifyResult verifyToken(String str) {
        return verifyToken(str, null);
    }

    @Override // org.mx.jwt.service.JwtService
    public JwtService.JwtVerifyResult verifyToken(String str, Predicate<Map<String, Claim>> predicate) {
        if (StringUtils.isBlank(str)) {
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.BLANK_TOKEN);
        }
        if (this.verifier == null) {
            throw new UserInterfaceJwtErrorException(UserInterfaceJwtErrorException.JwtErrors.JWT_NOT_INITIALIZE);
        }
        try {
            DecodedJWT verify = this.verifier.verify(str);
            if (predicate != null && !predicate.test(verify.getClaims())) {
                return new JwtService.JwtVerifyResult();
            }
            return new JwtService.JwtVerifyResult(verify);
        } catch (Exception e) {
            if (logger.isErrorEnabled()) {
                logger.error(String.format("Verify the token[%s] fail.", str), e);
            }
            return new JwtService.JwtVerifyResult();
        }
    }
}
