package com.elitesland.security;

import cn.hutool.core.date.DateField;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.ObjectUtil;
import com.elitesland.core.base.ApiCode;
import com.elitesland.core.exception.BusinessException;
import com.elitesland.core.util.RedisUtils;
import com.elitesland.org.service.EmployeeService;
import com.elitesland.security.config.bean.JwtProperties;
import com.elitesland.security.service.entity.JwtUserDto;
import com.elitesland.system.entity.SysUserDTO;
import com.elitesland.system.service.SysUserService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.crypto.SecretKey;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/elitesland/security/TokenProvider.class */
public class TokenProvider implements InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(TokenProvider.class);
    private final JwtProperties properties;
    private final RedisUtils redisUtils;
    public static final String AUTHORITIES_KEY = "auth";
    public static final String USER_ID = "userid";
    private JwtParser jwtParser;
    private JwtBuilder jwtBuilder;
    private final SysUserService sysUserService;
    private final EmployeeService employeeService;

    public TokenProvider(JwtProperties jwtProperties, RedisUtils redisUtils, SysUserService sysUserService, EmployeeService employeeService) {
        this.properties = jwtProperties;
        this.redisUtils = redisUtils;
        this.sysUserService = sysUserService;
        this.employeeService = employeeService;
    }

    public void afterPropertiesSet() {
        SecretKey hmacShaKeyFor = Keys.hmacShaKeyFor((byte[]) Decoders.BASE64.decode(this.properties.getBase64Secret()));
        this.jwtParser = Jwts.parserBuilder().setSigningKey(hmacShaKeyFor).build();
        this.jwtBuilder = Jwts.builder().signWith(hmacShaKeyFor, SignatureAlgorithm.HS512);
    }

    public String createToken(Authentication authentication) {
        return this.jwtBuilder.setId(IdUtil.simpleUUID()).setIssuer(this.properties.getIssuer()).setAudience(this.properties.getAudience()).claim(AUTHORITIES_KEY, (String) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(","))).claim(USER_ID, ((JwtUserDto) authentication.getPrincipal()).getUser().getId()).setSubject(authentication.getName()).compact();
    }

    public String createToken(SysUserDTO sysUserDTO) {
        return this.jwtBuilder.setId(IdUtil.simpleUUID()).setIssuer(this.properties.getIssuer()).setAudience(this.properties.getAudience()).claim(AUTHORITIES_KEY, sysUserDTO.getRoles().stream().map((v0) -> {
            return v0.getCode();
        }).collect(Collectors.joining(","))).claim(USER_ID, sysUserDTO.getId()).setSubject(sysUserDTO.getUsername()).compact();
    }

    public Authentication getAuthentication(String str) {
        Claims claims = getClaims(str);
        Object obj = claims.get(AUTHORITIES_KEY);
        Object obj2 = claims.get(USER_ID);
        Optional<SysUserDTO> byId = this.sysUserService.getById(Long.valueOf(obj2.toString()));
        if (byId.isEmpty()) {
            throw new BusinessException(ApiCode.NO_USER_FOUND_EXCEPTION, "用户：" + obj2 + ", 未找到");
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(new JwtUserDto(byId.get(), this.employeeService.oneBySysUserName(byId.get().getUsername()), new ArrayList(), new ArrayList(), AuthorityUtils.createAuthorityList((String[]) byId.get().getRoles().stream().map((v0) -> {
            return v0.getCode();
        }).toArray(i -> {
            return new String[i];
        }))), str, ObjectUtil.isNotEmpty(obj) ? (Collection) Arrays.stream(obj.toString().split(",")).map(SimpleGrantedAuthority::new).collect(Collectors.toList()) : Collections.emptyList());
        usernamePasswordAuthenticationToken.setDetails(obj2);
        return usernamePasswordAuthenticationToken;
    }

    public Claims getClaims(String str) {
        return (Claims) this.jwtParser.parseClaimsJws(str).getBody();
    }

    public void checkRenewal(String str) {
        long expire = this.redisUtils.getExpire(this.properties.getOnlineKey() + str) * 1000;
        if (DateUtil.offset(new Date(), DateField.MILLISECOND, (int) expire).getTime() - System.currentTimeMillis() <= this.properties.getDetect().longValue()) {
            this.redisUtils.expire(this.properties.getOnlineKey() + str, expire + this.properties.getRenew().longValue(), TimeUnit.MILLISECONDS);
        }
    }

    public String getToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.properties.getHeader());
        if (header == null || !header.startsWith(this.properties.getTokenStartWith())) {
            return null;
        }
        return header.substring(7);
    }
}
