package com.supermap.services.security;

import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ResourceManager;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.jose4j.lang.JoseException;
import org.slf4j.cal10n.LocLogger;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/JwtUtil.class */
public class JwtUtil {
    private static ResourceManager a = new ResourceManager((Class<? extends Enum<?>>) SecurityManageResource.class);
    private static LocLogger b = LogUtil.getLocLogger(LdapHelper.class, a);
    private static Map<String, JsonWebKey> c = new HashMap();

    private JwtUtil() {
    }

    public static JsonWebSignature getJsonWebSignature(String str) {
        JsonWebSignature jsonWebSignature = null;
        try {
            jsonWebSignature = (JsonWebSignature) JsonWebSignature.fromCompactSerialization(str);
        } catch (JoseException e) {
            b.debug("This is not a JWT format token");
        }
        return jsonWebSignature;
    }

    public static JwtClaims verifyToken(KeycloakConfig keycloakConfig, JsonWebSignature jsonWebSignature, String str) {
        RsaJsonWebKey a2;
        JwtClaims jwtClaims = null;
        if (keycloakConfig != null && jsonWebSignature != null && StringUtils.isNotEmpty(str) && (a2 = a(keycloakConfig, jsonWebSignature)) != null) {
            PublicKey publicKey = a2.getPublicKey();
            String header = jsonWebSignature.getHeader("alg");
            if (publicKey != null) {
                try {
                    jwtClaims = new JwtConsumerBuilder().setSkipDefaultAudienceValidation().setAllowedClockSkewInSeconds(keycloakConfig.getMaxClockSkew()).setRequireSubject().setExpectedIssuer(keycloakConfig.getBaseUri() + "/realms/" + keycloakConfig.getRealm()).setVerificationKey(publicKey).setJweAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{header})).setRequireExpirationTime().build().processToClaims(str);
                } catch (InvalidJwtException e) {
                    b.debug("Invalid JWT!", e);
                    if (e.hasExpired()) {
                        try {
                            b.warn("JWT expired at " + e.getJwtContext().getJwtClaims().getExpirationTime());
                        } catch (MalformedClaimException e2) {
                            b.debug(e2.getMessage(), e2);
                        }
                    }
                }
            }
        }
        return jwtClaims;
    }

    private static JsonWebKey a(KeycloakConfig keycloakConfig, JsonWebSignature jsonWebSignature) {
        String header = jsonWebSignature.getHeader("kid");
        JsonWebKey jsonWebKey = c.get(header);
        if (jsonWebKey == null) {
            String str = keycloakConfig.getBaseUri() + "/realms/" + keycloakConfig.getRealm() + "/protocol/openid-connect/certs";
            String header2 = jsonWebSignature.getHeader("kty");
            String header3 = jsonWebSignature.getHeader("alg");
            String header4 = jsonWebSignature.getHeader("use");
            try {
                String iOUtils = IOUtils.toString(new URI(str), "utf-8");
                if (StringUtils.isNotEmpty(iOUtils)) {
                    JsonWebKey findJsonWebKey = new JsonWebKeySet(iOUtils).findJsonWebKey(header, header2, header4, header3);
                    c.put(header, findJsonWebKey);
                    jsonWebKey = findJsonWebKey;
                }
            } catch (IOException e) {
                b.warn(e.getMessage(), e);
            } catch (URISyntaxException e2) {
                b.warn(e2.getMessage(), e2);
            } catch (JoseException e3) {
                b.warn(e3.getMessage(), e3);
            }
        }
        return jsonWebKey;
    }
}
