package net.bingosoft.oss.ssoclient.internal;

import java.io.UnsupportedEncodingException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import net.bingosoft.oss.ssoclient.exception.InvalidTokenException;
import net.bingosoft.oss.ssoclient.exception.TokenExpiredException;

/* loaded from: input_file:net/bingosoft/oss/ssoclient/internal/JWT.class */
public class JWT {
    public static final String UTF_8 = "UTF-8";
    public static final String ALG_SHA256WITHRSA = "SHA256withRSA";
    public static final String ALG_HMACSHA256 = "HMACSHA256";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/bingosoft/oss/ssoclient/internal/JWT$Verifier.class */
    public interface Verifier {
        boolean verifySignature(String str, String str2, String str3) throws InvalidTokenException;
    }

    public static Map<String, Object> verify(String str, final RSAPublicKey rSAPublicKey) throws InvalidTokenException {
        return verify(str, new Verifier() { // from class: net.bingosoft.oss.ssoclient.internal.JWT.1
            @Override // net.bingosoft.oss.ssoclient.internal.JWT.Verifier
            public boolean verifySignature(String str2, String str3, String str4) {
                return JWT.verifySignature(str2, str4, rSAPublicKey);
            }
        });
    }

    public static Map<String, Object> verify(String str, final String str2) throws InvalidTokenException {
        return verify(str, new Verifier() { // from class: net.bingosoft.oss.ssoclient.internal.JWT.2
            @Override // net.bingosoft.oss.ssoclient.internal.JWT.Verifier
            public boolean verifySignature(String str3, String str4, String str5) {
                return JWT.verifySignature(str3, str2, str5);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean verifySignature(String str, String str2, RSAPublicKey rSAPublicKey) throws InvalidTokenException {
        try {
            byte[] urlDecode = Base64.urlDecode(str2);
            byte[] bytes = str.getBytes(UTF_8);
            Signature signature = Signature.getInstance(ALG_SHA256WITHRSA);
            signature.initVerify(rSAPublicKey);
            signature.update(bytes);
            return signature.verify(urlDecode);
        } catch (SignatureException e) {
            throw new InvalidTokenException("Invalid signature", e);
        } catch (Exception e2) {
            throw new RuntimeException("Verify signature error", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean verifySignature(String str, String str2, String str3) throws InvalidTokenException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(str2.getBytes(), ALG_HMACSHA256);
            Mac mac = Mac.getInstance(ALG_HMACSHA256);
            mac.init(secretKeySpec);
            return Strings.equals(base64UrlEncode(mac.doFinal(str.getBytes())), str3);
        } catch (Exception e) {
            throw new RuntimeException("Verify signature error", e);
        }
    }

    private static String base64UrlEncode(byte[] bArr) {
        StringBuilder sb = new StringBuilder(Base64.urlEncode(bArr));
        while (sb.charAt(sb.length() - 1) == '=') {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    private static Map<String, Object> verify(String str, Verifier verifier) throws InvalidTokenException, TokenExpiredException {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new InvalidTokenException("Invalid jwt: length of parts expect 3 but actual " + split.length + ", token:" + str);
        }
        String str2 = split[0] + "." + split[1];
        String str3 = split[1];
        if (!verifier.verifySignature(str2, str3, split[2])) {
            return null;
        }
        try {
            Map<String, Object> decodeToMap = JSON.decodeToMap(new String(Base64.urlDecode(str3), UTF_8));
            if (null != decodeToMap.get("exp")) {
                try {
                    if (System.currentTimeMillis() / 1000 >= Long.valueOf(Long.parseLong(decodeToMap.get("exp").toString())).longValue()) {
                        throw new TokenExpiredException("jwt is expired!");
                    }
                } catch (NumberFormatException e) {
                    e.printStackTrace();
                }
            }
            return decodeToMap;
        } catch (UnsupportedEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }
}
