package org.zodiac.security.util;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.zodiac.commons.constants.CharsetConstants;
import org.zodiac.commons.util.Func;
import org.zodiac.commons.util.Strings;
import org.zodiac.commons.util.web.ServletRequests;
import org.zodiac.core.support.SpringContextHolder;
import org.zodiac.security.SecurityClientDetails;
import org.zodiac.security.SecurityClientDetailsService;
import org.zodiac.security.auth.model.SecurityToken;
import org.zodiac.security.constants.SecurityConstants;
import org.zodiac.security.jwt.config.SecurityJwtInfo;

/* loaded from: input_file:org/zodiac/security/util/SecurityUtil.class */
public class SecurityUtil {
    private static final String CLIENT_ID = "client_id";
    private static AtomicReference<SecurityClientDetailsService> clientDetailsServiceRef;
    private static AtomicReference<SecurityJwtInfo> securityJwtInfoRef;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX WARN: Multi-variable type inference failed */
    private static SecurityClientDetailsService getClientDetailsService() {
        clientDetailsServiceRef.compareAndSet(null, SpringContextHolder.getBean(SecurityClientDetailsService.class));
        return clientDetailsServiceRef.get();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static SecurityJwtInfo getJwtInfo() {
        securityJwtInfoRef.compareAndSet(null, SpringContextHolder.getBean(SecurityJwtInfo.class));
        return securityJwtInfoRef.get();
    }

    public static SecurityToken createJWT(Map<String, Object> map, String str, String str2, String str3) {
        String[] extractAndDecodeHeader = extractAndDecodeHeader();
        String str4 = extractAndDecodeHeader[0];
        String str5 = extractAndDecodeHeader[1];
        if (!validateClient(clientDetails(str4), str4, str5)) {
            throw new SecurityException("Client authentication failed, please check the header parameters");
        }
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
        long currentTimeMillis = System.currentTimeMillis();
        Date date = new Date(currentTimeMillis);
        JwtBuilder signWith = Jwts.builder().setHeaderParam("type", "JWT").setIssuer(str2).setAudience(str).signWith(new SecretKeySpec(Base64.getDecoder().decode(SecurityJwtUtil.getBase64Security()), signatureAlgorithm.getJcaName()));
        signWith.getClass();
        map.forEach(signWith::claim);
        signWith.claim("client_id", str4);
        long intValue = str3.equals("access_token") ? r0.getAccessTokenValidity().intValue() * 1000 : str3.equals("refresh_token") ? r0.getRefreshTokenValidity().intValue() * 1000 : getExpire();
        signWith.setExpiration(new Date(currentTimeMillis + intValue)).setNotBefore(date);
        SecurityToken securityToken = new SecurityToken();
        securityToken.setToken(signWith.compact());
        securityToken.setExpire((int) (intValue / 1000));
        if (getJwtInfo().isState() && "access_token".equals(str3)) {
            SecurityJwtUtil.addAccessToken(String.valueOf(map.get("tenant_id")), String.valueOf(map.get("user_id")), securityToken.getToken(), securityToken.getExpire());
        }
        return securityToken;
    }

    public static long getExpire() {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 1);
        calendar.set(11, 3);
        calendar.set(13, 0);
        calendar.set(12, 0);
        calendar.set(14, 0);
        return calendar.getTimeInMillis() - System.currentTimeMillis();
    }

    public static String[] extractAndDecodeHeader() {
        String replace = Func.toStr(((HttpServletRequest) Objects.requireNonNull(ServletRequests.getRequest())).getHeader(SecurityConstants.BASIC_HEADER_KEY)).replace(SecurityConstants.BASIC_HEADER_PREFIX_EXT, SecurityConstants.BASIC_HEADER_PREFIX);
        if (!replace.startsWith(SecurityConstants.BASIC_HEADER_PREFIX)) {
            throw new SecurityException("No client information in request header");
        }
        try {
            String str = new String(Base64.getDecoder().decode(replace.substring(6).getBytes(CharsetConstants.UTF_8)), CharsetConstants.UTF_8);
            int indexOf = str.indexOf(":");
            if (indexOf == -1) {
                throw new RuntimeException("invalid basic authentication token");
            }
            return new String[]{str.substring(0, indexOf), str.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new RuntimeException("failed to decode basic authentication token");
        }
    }

    public static String getClientIdFromHeader() {
        String[] extractAndDecodeHeader = extractAndDecodeHeader();
        if ($assertionsDisabled || extractAndDecodeHeader.length == 2) {
            return extractAndDecodeHeader[0];
        }
        throw new AssertionError();
    }

    private static SecurityClientDetails clientDetails(String str) {
        return getClientDetailsService().loadClientByClientId(str);
    }

    private static boolean validateClient(SecurityClientDetails securityClientDetails, String str, String str2) {
        return securityClientDetails != null && Strings.eqStr(str, securityClientDetails.getClientId()) && Strings.eqStr(str2, securityClientDetails.getClientSecret());
    }

    static {
        $assertionsDisabled = !SecurityUtil.class.desiredAssertionStatus();
        clientDetailsServiceRef = new AtomicReference<>();
        securityJwtInfoRef = new AtomicReference<>();
    }
}
