package net.bingosoft.oss.ssoclient.spi;

import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import net.bingosoft.oss.ssoclient.SSOConfig;
import net.bingosoft.oss.ssoclient.exception.InvalidTokenException;
import net.bingosoft.oss.ssoclient.exception.TokenExpiredException;
import net.bingosoft.oss.ssoclient.internal.Base64;
import net.bingosoft.oss.ssoclient.internal.HttpClient;
import net.bingosoft.oss.ssoclient.internal.JWT;
import net.bingosoft.oss.ssoclient.internal.Strings;
import net.bingosoft.oss.ssoclient.model.Authentication;

/* loaded from: input_file:net/bingosoft/oss/ssoclient/spi/TokenProviderImpl.class */
public class TokenProviderImpl implements TokenProvider {
    private final SSOConfig config;
    private RSAPublicKey publicKey;

    public TokenProviderImpl(SSOConfig sSOConfig) {
        this.config = sSOConfig;
        refreshPublicKey();
    }

    @Override // net.bingosoft.oss.ssoclient.spi.TokenProvider
    public Authentication verifyJwtAccessToken(String str) throws InvalidTokenException {
        Map<String, Object> verity = JWT.verity(str, this.publicKey);
        if (null == verity) {
            verity = retryVerify(str);
            if (null == verity) {
                throw new InvalidTokenException("Incorrect token : " + str);
            }
        }
        Authentication authentication = new Authentication();
        authentication.setUserId((String) verity.remove("user_id"));
        authentication.setUsername((String) verity.remove("username"));
        authentication.setClientId((String) verity.remove("client_id"));
        authentication.setScope((String) verity.remove("scope"));
        String nullOrToString = Strings.nullOrToString(verity.remove("exp"));
        authentication.setExpires(nullOrToString == null ? 0L : Long.parseLong(nullOrToString));
        if (authentication.isExpired()) {
            throw new TokenExpiredException(str);
        }
        for (Map.Entry<String, Object> entry : verity.entrySet()) {
            authentication.setAttribute(entry.getKey(), entry.getValue());
        }
        return authentication;
    }

    @Override // net.bingosoft.oss.ssoclient.spi.TokenProvider
    public Authentication verifyBearerAccessToken(String str) {
        throw new UnsupportedOperationException("Not implemented");
    }

    protected Map<String, Object> retryVerify(String str) {
        refreshPublicKey();
        return JWT.verity(str, this.publicKey);
    }

    protected void refreshPublicKey() {
        this.publicKey = decodePublicKey(HttpClient.get(this.config.getPublicKeyEndpointUrl()));
    }

    private static RSAPublicKey decodePublicKey(String str) {
        try {
            return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.mimeDecode(str)));
        } catch (Exception e) {
            throw new RuntimeException("Decode public key error", e);
        }
    }
}
