package com.digiwin.gateway.token;

import com.digiwin.app.resource.DWApplicationMessageResourceBundleUtils;
import com.digiwin.app.service.DWServiceContext;
import com.digiwin.gateway.token.exception.DWTokenExpiredException;
import com.digiwin.gateway.token.exception.DWTokenSignatureException;
import com.digiwin.gateway.token.exception.DWTokenVerifyFailedException;
import com.digiwin.iam.HttpResponseModel;
import com.digiwin.iam.UserTokenService;
import com.digiwin.service.permission.consts.ConstDef;
import com.digiwin.utils.DWTenantUtils;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import java.security.Key;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;

/* loaded from: input_file:BOOT-INF/lib/dwapiplatform-tokenservice-5.2.0.1135.jar:com/digiwin/gateway/token/TokenService.class */
public final class TokenService {

    @Autowired
    @Qualifier("dwUserTokenService")
    UserTokenService userTokenService;
    public static final long EFFECTIVE_TIME = 86400000;
    private static Log log = LogFactory.getLog((Class<?>) TokenService.class);
    private static final SignatureAlgorithm SIGNATURE_ALGORITHM = SignatureAlgorithm.HS512;
    private static final String PRIVATE_KEY = "%^*(LongAndHardToGuessValueWithSpecialCharacters@%&$";
    private static final byte[] API_BYTES_KEY = DatatypeConverter.parseBase64Binary(PRIVATE_KEY);
    private static final Key SIGNING_KEY = new SecretKeySpec(API_BYTES_KEY, SIGNATURE_ALGORITHM.getJcaName());

    public Map<String, Object> getProfile() {
        Map<String, Object> profile = DWServiceContext.getContext().getProfile();
        return profile == null ? Collections.emptyMap() : profile;
    }

    public String generateToken(JwtTokenBean<?> jwtTokenBean) {
        if (jwtTokenBean == null) {
            throw new IllegalArgumentException("TokenBean is null!");
        }
        String issuer = jwtTokenBean.getIssuer();
        String subject = jwtTokenBean.getSubject();
        String audience = jwtTokenBean.getAudience();
        Date expiration = jwtTokenBean.getExpiration();
        Date notBefore = jwtTokenBean.getNotBefore();
        Date issuedAt = jwtTokenBean.getIssuedAt();
        return Jwts.builder().setIssuer(issuer).setSubject(subject).setAudience(audience).setExpiration(expiration).setNotBefore(notBefore).setIssuedAt(issuedAt).setId(jwtTokenBean.getPrimerKey()).signWith(SignatureAlgorithm.HS512, SIGNING_KEY).compact();
    }

    public void verifyToken(String str) throws DWTokenSignatureException, DWTokenExpiredException {
        try {
            String subject = Jwts.parser().setSigningKey(SIGNING_KEY).parseClaimsJws(str).getBody().getSubject();
            Map<String, Object> emptyMap = Collections.emptyMap();
            if (subject != null && subject.length() != 0) {
                emptyMap = new JSONObject(subject.replace("\\\"", "\"").replace("\"{", "{").replace("}\"", "}")).getJSONObject(DefaultBeanDefinitionDocumentReader.PROFILE_ATTRIBUTE).toMap();
            }
            DWServiceContext.getContext().setToken(str);
            DWServiceContext.getContext().setProfile(emptyMap);
        } catch (ExpiredJwtException e) {
            throw new DWTokenExpiredException();
        } catch (MalformedJwtException | SignatureException e2) {
            throw new DWTokenSignatureException();
        }
    }

    public String verifyAndExchangeIamToken(String str) throws Exception {
        verifyIamToken(str);
        String str2 = str;
        Map<String, Object> profile = DWServiceContext.getContext().getProfile();
        if (profile != null) {
            String str3 = (String) profile.get(ConstDef.ProfileKeyDef.USER_ID);
            String str4 = (String) profile.get("tenantId");
            if (str4 != null && !"integration".equals(str3)) {
                try {
                    HttpResponseModel exchangeToken = this.userTokenService.exchangeToken(str, str4);
                    if (exchangeToken != null) {
                        if (exchangeToken.getHttpStatusCode() == 200) {
                            String responseBody = exchangeToken.getResponseBody();
                            JSONObject jSONObject = new JSONObject(responseBody);
                            if (jSONObject.has("token")) {
                                str2 = (String) jSONObject.get("token");
                                DWServiceContext.getContext().setToken(str2);
                            } else {
                                log.error("get integration token failed! body=" + responseBody);
                            }
                        } else {
                            log.error("get integration token failed! status is not 200, body=" + exchangeToken.getResponseBody());
                        }
                    }
                } catch (Exception e) {
                    log.error("exchange integration token failed!", e);
                }
            }
        }
        return str2;
    }

    public void verifyIamToken(String str) throws Exception {
        Collections.emptyMap();
        HttpResponseModel verifyToken = this.userTokenService.verifyToken(str);
        if (verifyToken == null) {
            throw new DWTokenVerifyFailedException("10901", DWApplicationMessageResourceBundleUtils.getApplicationResourceBundle("10901", "10901", new Object[0]));
        }
        Map<String, Object> iamResult = getIamResult(verifyToken);
        if (iamResult.containsKey("success") && ((Boolean) iamResult.get("success")).booleanValue()) {
            Map<String, Object> map = (Map) iamResult.get("datas");
            DWServiceContext.getContext().setToken(str);
            DWServiceContext.getContext().setProfile(map);
        } else {
            StringBuilder sb = new StringBuilder();
            sb.append("status:").append(verifyToken.getHttpStatusCode());
            sb.append(", response:").append(verifyToken.getResponseBody());
            throw new DWTokenVerifyFailedException("10902", DWApplicationMessageResourceBundleUtils.getApplicationResourceBundle("10902", "10902", Integer.valueOf(verifyToken.getHttpStatusCode()), verifyToken.getResponseBody()));
        }
    }

    private Map<String, Object> getIamResult(HttpResponseModel httpResponseModel) throws Exception {
        int httpStatusCode = httpResponseModel.getHttpStatusCode();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        if (httpStatusCode == 200) {
            JSONObject jSONObject = new JSONObject(httpResponseModel.getResponseBody());
            String str = (String) jSONObject.get("id");
            String str2 = (String) jSONObject.get("name");
            if (DWTenantUtils.isTenantenabled() || DWTenantUtils.isNoneTenantEnvRequiresTenantProfile()) {
                if (jSONObject.has("tenantId")) {
                    hashMap.put("tenantId", (String) jSONObject.get("tenantId"));
                }
                if (jSONObject.has(ConstDef.ProfileKeyDef.TENANT_NAME)) {
                    hashMap.put(ConstDef.ProfileKeyDef.TENANT_NAME, (String) jSONObject.get(ConstDef.ProfileKeyDef.TENANT_NAME));
                }
            }
            if ((DWTenantUtils.isTenantenabled() || DWTenantUtils.isNoneTenantEnvRequiresTenantProfile() || DWTenantUtils.isNoneTenantEnvRequiresTenantSid()) && jSONObject.has(ConstDef.ProfileKeyDef.TENANT_SID)) {
                hashMap.put(ConstDef.ProfileKeyDef.TENANT_SID, Long.valueOf(((Number) jSONObject.get(ConstDef.ProfileKeyDef.TENANT_SID)).longValue()));
            }
            Number number = (Number) jSONObject.get("sid");
            if (number != null) {
                hashMap.put(ConstDef.ProfileKeyDef.USER_SID, Long.valueOf(number.longValue()));
            }
            hashMap.put(ConstDef.ProfileKeyDef.USER_ID, str);
            hashMap.put(ConstDef.ProfileKeyDef.USER_NAME, str2);
            hashMap2.put("datas", hashMap);
            hashMap2.put("success", true);
        } else {
            hashMap.put("iamHttpStatusCode", Integer.valueOf(httpStatusCode));
            hashMap.put("message", httpResponseModel.getResponseBody());
            hashMap2.put("datas", hashMap);
            hashMap2.put("success", false);
            hashMap2.put("description", "調用IAM 服務失敗錯誤");
        }
        return hashMap2;
    }
}
