package top.cxjfun.common.web.security.service.impl;

import cn.hutool.core.date.DateTime;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.exceptions.ValidateException;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.jwt.JWT;
import cn.hutool.jwt.JWTPayload;
import cn.hutool.jwt.JWTValidator;
import cn.hutool.jwt.signers.JWTSigner;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
import top.cxjfun.common.datasource.nosql.db.RedisNosqlServiceImpl;
import top.cxjfun.common.web.security.WebSecurityProperties;
import top.cxjfun.common.web.security.entity.UserTokenCacheInfo;
import top.cxjfun.common.web.security.jwt.JWTSmSignerUtil;
import top.cxjfun.common.web.security.service.UserTokenCacheInfoService;

/* loaded from: input_file:top/cxjfun/common/web/security/service/impl/UserTokenCacheInfoServiceImpl.class */
public class UserTokenCacheInfoServiceImpl extends RedisNosqlServiceImpl<UserTokenCacheInfo> implements UserTokenCacheInfoService {

    @Autowired
    private WebSecurityProperties webSecurityProperties;
    private static final String CACHE_ID_KEY = "cache_id";

    @Override // top.cxjfun.common.web.security.service.UserTokenCacheInfoService
    public UserTokenCacheInfo validateToken(String str) {
        JWT of = JWT.of(str);
        JWTValidator.of(of).validateAlgorithm(getSigner());
        return validateExpires(of.getPayload());
    }

    private JWTSigner getSigner() {
        return JWTSmSignerUtil.sm4(this.webSecurityProperties.getTokenSignerKey().getBytes(StandardCharsets.UTF_8));
    }

    private UserTokenCacheInfo validateExpires(JWTPayload jWTPayload) {
        Object claim = jWTPayload.getClaim(CACHE_ID_KEY);
        if (ObjectUtil.isEmpty(claim)) {
            throw new ValidateException("The {} payload is must be", new Object[]{CACHE_ID_KEY});
        }
        Date date = DateUtil.date();
        Date date2 = jWTPayload.getClaimsJson().getDate("nbf");
        if (ObjectUtil.isNotEmpty(date2) && date2.after(date)) {
            throw new ValidateException("'{}':[{}] is after now:[{}]", new Object[]{"nbf", DateUtil.date(date2), DateUtil.date(date)});
        }
        UserTokenCacheInfo userTokenCacheInfo = (UserTokenCacheInfo) findById(claim);
        if (ObjectUtil.isEmpty(userTokenCacheInfo)) {
            throw new ValidateException("Token info is empty");
        }
        Date expiresTime = userTokenCacheInfo.getExpiresTime();
        if (expiresTime.before(date)) {
            throw new ValidateException("'{}':[{}] is before now:[{}]", new Object[]{"exp", DateUtil.date(expiresTime), DateUtil.date(date)});
        }
        return userTokenCacheInfo;
    }

    @Override // top.cxjfun.common.web.security.service.UserTokenCacheInfoService
    public void refreshTokenExpires(UserTokenCacheInfo userTokenCacheInfo) {
        userTokenCacheInfo.setExpiresTime(DateUtil.offsetMillisecond(userTokenCacheInfo.getExpiresTime(), this.webSecurityProperties.getTokenExpires()));
        update(userTokenCacheInfo);
    }

    @Override // top.cxjfun.common.web.security.service.UserTokenCacheInfoService
    public String generateToken(UserTokenCacheInfo userTokenCacheInfo) {
        Assert.notNull(userTokenCacheInfo, "userCacheInfo is null");
        DateTime date = DateUtil.date();
        userTokenCacheInfo.setExpiresTime(DateUtil.offsetMillisecond(date, this.webSecurityProperties.getTokenExpires()));
        if (ObjectUtil.isEmpty(userTokenCacheInfo.getId())) {
            save(userTokenCacheInfo);
        }
        return JWT.create().setSigner(getSigner()).setNotBefore(DateUtil.offsetMillisecond(date, this.webSecurityProperties.getTokenNotBefore())).setIssuedAt(DateUtil.date()).setPayload(CACHE_ID_KEY, userTokenCacheInfo.getId()).sign();
    }
}
