package com.gx.wisestone.uaa.client.lib.utils;

import com.alibaba.fastjson.JSON;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Verification;
import com.gx.wisestone.uaa.client.lib.constants.AuthConstants;
import com.gx.wisestone.uaa.client.lib.model.JwtHolder;
import com.gx.wisestone.uaa.client.lib.model.OIDCConfiguration;
import com.gx.wisestone.uaa.client.lib.model.VerificationKey;
import com.gx.wisestone.uaa.client.lib.model.VerificationKeys;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.jose4j.jwk.RsaJsonWebKey;

/* loaded from: classes30.dex */
public class UaaVerification {
    private KeyProvider keyProvider;
    public boolean issuerFilter = false;
    public boolean clientFilter = false;
    private ConcurrentHashMap<String, List<String>> accepts = new ConcurrentHashMap<>();

    /* loaded from: classes30.dex */
    public interface KeyProvider {
        void clearIssuers();

        VerificationKey getKey(String str, String str2) throws Exception;
    }

    /* loaded from: classes30.dex */
    public static class RemoteKeyProvider implements KeyProvider {
        private static final long CLEAR_TIME = 60000;
        private final ConcurrentHashMap<String, Map<String, VerificationKey>> issuers = new ConcurrentHashMap<>();
        private long lastClear = 0;

        private String getHttpJson(String str) throws Exception {
            return new OkHttpClient().newCall(new Request.Builder().url(str).build()).execute().body().string();
        }

        private VerificationKeys getKeys(String str) throws Exception {
            return (VerificationKeys) JSON.parseObject(getHttpJson(str), VerificationKeys.class);
        }

        private OIDCConfiguration getOIDCConfiguration(String str) throws Exception {
            return OIDCConfiguration.parseFromJson(getHttpJson(str + AuthConstants.OIDC_CONFIG));
        }

        @Override // com.gx.wisestone.uaa.client.lib.utils.UaaVerification.KeyProvider
        public void clearIssuers() {
            synchronized (this) {
                this.issuers.clear();
                this.lastClear = System.currentTimeMillis();
            }
        }

        @Override // com.gx.wisestone.uaa.client.lib.utils.UaaVerification.KeyProvider
        public VerificationKey getKey(String str, String str2) throws Exception {
            if (System.currentTimeMillis() > this.lastClear + 60000) {
                clearIssuers();
            }
            Map<String, VerificationKey> map = this.issuers.get(str);
            if (map == null) {
                synchronized (this) {
                    map = this.issuers.get(str);
                    if (map == null) {
                        String jwksUri = getOIDCConfiguration(str).getJwksUri();
                        if (jwksUri == null) {
                            return null;
                        }
                        VerificationKeys keys = getKeys(jwksUri);
                        if (keys == null) {
                            return null;
                        }
                        map = new HashMap();
                        if (keys.getKeys() != null) {
                            for (VerificationKey verificationKey : keys.getKeys()) {
                                map.put(verificationKey.getKid(), verificationKey);
                            }
                        }
                        this.issuers.put(str, map);
                    }
                }
            }
            return map.get(str2);
        }
    }

    public UaaVerification() {
        initDefKeyProvider();
    }

    public UaaVerification(KeyProvider keyProvider) {
        this.keyProvider = keyProvider;
        if (keyProvider == null) {
            initDefKeyProvider();
        }
    }

    private boolean filter(JwtHolder jwtHolder) {
        if (!this.issuerFilter) {
            return true;
        }
        List<String> list = this.accepts.get(jwtHolder.getIssuer());
        if (list == null) {
            return false;
        }
        if (!this.clientFilter) {
            return true;
        }
        if (list.size() <= 0) {
            return false;
        }
        for (String str : list) {
            String audience = jwtHolder.getAudience();
            if (audience != null && audience.contains(str)) {
                return true;
            }
        }
        return false;
    }

    private Algorithm getAlg(JwtHolder jwtHolder) throws Exception {
        if (jwtHolder.getKeyId() == null || jwtHolder.getKeyType() == null || jwtHolder.getAlgorithm() == null) {
            return null;
        }
        VerificationKey key = this.keyProvider.getKey(jwtHolder.getIssuer(), jwtHolder.getKeyId());
        if (key == null) {
            return null;
        }
        return Algorithm.RSA256(new RsaJsonWebKey(key.parseToParams()).getRsaPublicKey(), null);
    }

    public static void main(String[] strArr) throws Exception {
        UaaVerification uaaVerification = new UaaVerification();
        uaaVerification.clientFilter = true;
        uaaVerification.issuerFilter = true;
        uaaVerification.addFilter("http://127.0.0.1:31771/auth/sysapi", "68ce0738");
        System.out.println(uaaVerification.OIDCVerify("Bearer eyJraWQiOiIzNzg5ZWI5NCIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJuaWxpbmciLCJhdWQiOiI2OGNlMDczOCIsInVzcCI6ImRmYTI5YThlIiwiaXNzIjoiaHR0cDovLzEyNy4wLjAuMTozMTc3MS9hdXRoL3N5c2FwaSIsImV4cCI6MTU2NDM3MDkzNCwiaWF0IjoxNTY0MzY5MTM0fQ.b2XCye8lKEL9_jKQOdOSQ5yjRvxLhIW7_-d8uaw8r1dx1rm4QOD2MrzPh3mz_WiYFwq60tHFzlF-wRi5LGxyNstmr8bN1CaaytRbDtP_6BxpuUbvB_tSTelIBTY4eKs9lOICSYfNsJ2ZId43Cpox5DhUXZDkgAreylpDZfgs_qcUj1y9zxS6moPZAJZkxKdrXEwvQsuSizijtZW1cIE-evTn6M0REWAa9Jxypj6aHfvy-R5ANw7XnEb6vY71qRHMlo4Ym0lh4WkC0gizvruYHi-rXuYpw2Tn7eni-u27guAuKKFvb9lEkM03RAmUBpljM0CJWayg3D7ju0eSw2HsLw"));
    }

    public boolean OIDCVerify(JwtHolder jwtHolder) throws Exception {
        Algorithm alg;
        if (!jwtHolder.status || jwtHolder.getIssuer() == null || jwtHolder.getAudience() == null || jwtHolder.getSubject() == null || !filter(jwtHolder) || (alg = getAlg(jwtHolder)) == null) {
            return false;
        }
        Verification require = JWT.require(alg);
        require.withIssuer(jwtHolder.getIssuer());
        require.withAudience(jwtHolder.getAudience());
        require.withSubject(jwtHolder.getSubject());
        return System.currentTimeMillis() <= require.build().verify(jwtHolder.getToken()).getExpiresAt().getTime();
    }

    public boolean OIDCVerify(String str) throws Exception {
        return OIDCVerifyTokens(str);
    }

    public boolean OIDCVerifyToken(String str) throws Exception {
        return OIDCVerify(parseHolderByToken(str));
    }

    public boolean OIDCVerifyTokens(String str) throws Exception {
        return OIDCVerify(parseHolderByTokens(str));
    }

    public void addFilter(String str, String... strArr) {
        List<String> asList;
        if (str == null) {
            return;
        }
        synchronized (this) {
            if (strArr != null) {
                if (strArr.length > 0) {
                    asList = Arrays.asList(strArr);
                    this.accepts.put(str, asList);
                }
            }
            asList = Collections.EMPTY_LIST;
            this.accepts.put(str, asList);
        }
    }

    public KeyProvider getKeyProvider() {
        return this.keyProvider;
    }

    public void initDefKeyProvider() {
        this.keyProvider = new RemoteKeyProvider();
    }

    public JwtHolder parseHolderByToken(String str) {
        return AuthUtils.parseJwtHolder(str);
    }

    public JwtHolder parseHolderByTokens(String str) {
        String str2 = null;
        if (str != null && str.length() > "Bearer ".length() && "Bearer ".equalsIgnoreCase(str.substring(0, "Bearer ".length()))) {
            str2 = str.substring("Bearer ".length());
        }
        return parseHolderByToken(str2);
    }

    public void setKeyProvider(KeyProvider keyProvider) {
        if (keyProvider != null) {
            this.keyProvider = keyProvider;
        }
    }
}
