package com.elitesland.yst.core.security.jwt;

import cn.hutool.crypto.SecureUtil;
import cn.hutool.json.JSONUtil;
import com.elitesland.yst.common.exception.BadJwtTokenException;
import com.elitesland.yst.common.util.RedisUtils;
import com.elitesland.yst.common.util.UUIDUtil;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import java.text.ParseException;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/elitesland/yst/core/security/jwt/TokenProvider.class */
public class TokenProvider {
    private static final Logger log = LoggerFactory.getLogger(TokenProvider.class);
    private JwtProperties jwtProperties;
    private RedisUtils redisUtils;

    @Autowired
    public void setJwtProperties(JwtProperties jwtProperties) {
        this.jwtProperties = jwtProperties;
    }

    @Autowired
    public void setRedisUtils(RedisUtils redisUtils) {
        this.redisUtils = redisUtils;
    }

    public String createToken(Authentication authentication) throws JOSEException {
        GeneralUserDetails generalUserDetails = (GeneralUserDetails) authentication.getPrincipal();
        generalUserDetails.setLoginExpiredAt(LocalDateTime.now().plus(this.jwtProperties.getValidThru().intValue(), (TemporalUnit) ChronoUnit.SECONDS));
        JWSObject jWSObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.HS256).type(JOSEObjectType.JWT).build(), new Payload(JSONUtil.toJsonStr(StdPayload.builder().aud(this.jwtProperties.getAud()).iss(this.jwtProperties.getIss()).sub(this.jwtProperties.getSub()).iat(this.jwtProperties.getIat()).jti(UUIDUtil.getUUID()).exp(generalUserDetails.getLoginExpiredAt().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"))).username(generalUserDetails.getUsername()).userId(generalUserDetails.getUser().getId()).authorities(generalUserDetails.getRoleCodes()).build())));
        jWSObject.sign(new MACSigner(SecureUtil.md5(this.jwtProperties.getSecret())));
        generalUserDetails.setToken(jWSObject.serialize());
        return generalUserDetails.getToken();
    }

    public Authentication retrieveAuthentication(String str, GeneralUserDetails generalUserDetails) throws ParseException, JOSEException {
        JWSObject parse = JWSObject.parse(str);
        if (!parse.verify(new MACVerifier(SecureUtil.md5(this.jwtProperties.getSecret())))) {
            throw new BadJwtTokenException("令牌签名不合法！");
        }
        StdPayload stdPayload = (StdPayload) JSONUtil.toBean(parse.getPayload().toString(), StdPayload.class);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(generalUserDetails, str, (List) stdPayload.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        usernamePasswordAuthenticationToken.setDetails(stdPayload);
        return usernamePasswordAuthenticationToken;
    }

    public void checkRenewal(String str) {
        long expire = this.redisUtils.getExpire(this.jwtProperties.getOnlineKey() + str);
        if (Duration.between(LocalDateTime.now(), LocalDateTime.now().plus(expire, (TemporalUnit) ChronoUnit.SECONDS)).getSeconds() <= this.jwtProperties.getRenewalInterval().intValue()) {
            this.redisUtils.expire(this.jwtProperties.getOnlineKey() + str, expire + this.jwtProperties.getValidThru().intValue(), TimeUnit.SECONDS);
        }
    }
}
