package com.chinacreator.asp.comp.sys.oauth2;

import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.chinacreator.asp.comp.sys.oauth2.common.Credential;
import com.chinacreator.asp.comp.sys.oauth2.common.CredentialConfiguration;
import com.chinacreator.asp.comp.sys.oauth2.common.util.StringUtils;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.cache.UserExpandInfoCache;
import com.chinacreator.c2.sysmgr.User;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.json.JSONObject;

/* loaded from: input_file:com/chinacreator/asp/comp/sys/oauth2/JWTCredential.class */
public class JWTCredential implements Credential {
    private static JWTSignVerifier jwtSignVerifier = JWTSignVerifier.getInstance();
    private String jwtToken;
    private DecodedJWT jwt;
    private User user;
    private boolean thirdpartCall;

    public JWTCredential(String str, boolean z) throws TokenExpiredException, JWTVerificationException {
        this.jwtToken = str;
        if (jwtSignVerifier == null) {
            System.err.println("没有配置公钥，请检查web.xml配置!!!!!!!!");
            throw new JWTVerificationException("没有配置公钥，请检查web.xml配置");
        }
        this.jwt = jwtSignVerifier.verify(str);
        parseUserInfoFromJWT(this.jwt, z);
    }

    public User getUserInfoFromServer() {
        try {
            OAuthResourceResponse resource = new OAuthClient(new URLConnectionClient()).resource(new OAuthBearerClientRequest(CredentialConfiguration.getAuthorizationServerInnerUrl() + "/oauth2/user_info").setAccessToken(this.jwtToken).buildQueryMessage(), "GET", OAuthResourceResponse.class);
            User user = new User();
            if (StringUtils.isEmpty(resource.getBody())) {
                return user;
            }
            user.putAll(JSONUtils.parseJSON(resource.getBody()));
            return user;
        } catch (OAuthSystemException e) {
            return null;
        } catch (OAuthProblemException e2) {
            return null;
        }
    }

    public String getAccessToken() {
        return this.jwtToken;
    }

    public int getExpiresIn() {
        return ((int) (this.jwt.getExpiresAt().getTime() - System.currentTimeMillis())) / 1000;
    }

    public boolean isThirdPartCall() {
        return this.thirdpartCall;
    }

    private void parseUserInfoFromJWT(DecodedJWT decodedJWT, boolean z) {
        User user;
        this.user = new User();
        String clientId = CredentialConfiguration.getClientId();
        String relatedClientId = CredentialConfiguration.getRelatedClientId();
        String asString = decodedJWT.getClaim("aid").asString();
        if (StringUtils.equals(clientId, asString) || StringUtils.equals(relatedClientId, asString)) {
            this.user.put("roles", decodedJWT.getClaim("ro").asArray(String.class));
            this.user.put("orgIds", decodedJWT.getClaim("oid").asArray(String.class));
        } else if (z) {
            this.thirdpartCall = true;
        }
        if (CredentialConfiguration.isExpandCredentialFieldsEnabled() && (user = UserExpandInfoCache.getInstance().get(this.jwtToken)) != null && !user.isEmpty()) {
            this.user.putAll(user);
        }
        this.user.put("appid", asString);
        this.user.setId(decodedJWT.getClaim("uid").asString());
        this.user.put("userId", decodedJWT.getClaim("uid").asString());
        this.user.setName(decodedJWT.getClaim("ac").asString());
        this.user.setRealname(decodedJWT.getClaim("un").asString());
        try {
            this.user.put("categoryIds", decodedJWT.getClaim("cid").asArray(String.class));
            this.user.put("orgInstanceIds", decodedJWT.getClaim("orginsids").asArray(String.class));
        } catch (Exception e) {
        }
    }

    public boolean introspect() {
        if (null == this.jwtToken || this.jwtToken.trim().equals("")) {
            return false;
        }
        try {
            String body = new OAuthClient(new URLConnectionClient()).resource(new OAuthBearerClientRequest(CredentialConfiguration.getAuthorizationServerInnerUrl() + "/oauth2/introspect").setAccessToken(this.jwtToken).buildQueryMessage(), "GET", OAuthResourceResponse.class).getBody();
            if (null == body || body.trim().equals("")) {
                return false;
            }
            return new JSONObject(body).getBoolean("active");
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public User getUserInfo() {
        return this.user;
    }
}
