package com.elitesland.commons.utils;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitesland.commons.enums.ApiCode;
import com.elitesland.workflow.exception.WorkflowException;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/elitesland/commons/utils/JwtUtils.class */
public class JwtUtils {
    private static final String AUTHORIZATION = "Authorization";
    private static final String AUTHORIZATION_PREFIX = "bearer ";
    private static final String USER_ID_V2 = "yst_ui";
    private static final String TENANT_ID_V2 = "yst_ti";

    public static PublicKey getPublicKeyV2() {
        try {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("yst-config.jks");
            try {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(resourceAsStream, "elitesland516".toCharArray());
                PublicKey publicKey = keyStore.getCertificate("yst-config").getPublicKey();
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return publicKey;
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new WorkflowException(ApiCode.UNAUTHENTICATED_EXCEPTION.getCode(), "获取公钥失败");
        }
    }

    private static String getToken() {
        String header = SpringUtils.getRequest().getHeader(AUTHORIZATION);
        if (StringUtils.isBlank(header)) {
            throw new WorkflowException(ApiCode.UNAUTHENTICATED_EXCEPTION.getCode(), "请登录");
        }
        if (!header.toLowerCase().startsWith(AUTHORIZATION_PREFIX)) {
            throw new WorkflowException(ApiCode.UNAUTHENTICATED_EXCEPTION.getCode(), "令牌格式不正确(非bearer开头)");
        }
        String substringAfter = StringUtils.substringAfter(header, " ");
        if (StringUtils.isBlank(substringAfter)) {
            throw new WorkflowException(ApiCode.UNAUTHENTICATED_EXCEPTION.getCode(), "令牌格式不正确(bearer后没内容)");
        }
        return substringAfter;
    }

    public static String getUserId() {
        Map<String, Object> decode = decode(getToken());
        if (decode.get(USER_ID_V2) == null) {
            throw new WorkflowException(ApiCode.UNAUTHENTICATED_EXCEPTION.getCode(), "令牌格式不正确,无用户ID信息");
        }
        return decode.get(USER_ID_V2).toString();
    }

    public static String getTenantId() {
        Map<String, Object> decode = decode(getToken());
        if (decode.get(TENANT_ID_V2) != null) {
            return decode.get(TENANT_ID_V2).toString();
        }
        System.out.println("没有获取请求中租户ID,默认设置为0,jwt信息:" + decode);
        return "0";
    }

    public static Map<String, Object> decode(String str) {
        if (CharSequenceUtil.isBlank(str)) {
            return Collections.emptyMap();
        }
        int length = str.split("\\.").length;
        try {
            if (length == 3) {
                return SignedJWT.parse(str).getPayload().toJSONObject();
            }
            if (length == 2) {
                return PlainJWT.parse(str).getPayload().toJSONObject();
            }
            if (length == 5) {
                return EncryptedJWT.parse(str).getPayload().toJSONObject();
            }
            throw new IllegalStateException("暂不支持的jwt格式");
        } catch (Exception e) {
            throw new IllegalArgumentException("解密jwt失败：", e);
        }
    }
}
