package com.diboot.iam.util;

import com.diboot.core.cache.BaseCacheManager;
import com.diboot.core.config.BaseConfig;
import com.diboot.core.util.ContextHolder;
import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.iam.config.Cons;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/diboot/iam/util/TokenUtils.class */
public class TokenUtils {
    private static final Logger log = LoggerFactory.getLogger(TokenUtils.class);
    private static final String AUTH_HEADER = getConfigValue("diboot.iam.token-header-key", "Authorization");
    public static final int EXPIRES_IN_MINUTES = getConfigIntValue("diboot.iam.token-expires-minutes", 60);
    private static final int EXPIRES_MINUTES_INDEX = 4;
    private static final int ISSUED_AT_INDEX = 5;
    private static BaseCacheManager iamCacheManager;

    public static String getRequestToken(HttpServletRequest httpServletRequest) {
        String[] parameterValues;
        String header = httpServletRequest.getHeader(AUTH_HEADER);
        if (header == null && (parameterValues = httpServletRequest.getParameterValues(AUTH_HEADER)) != null && parameterValues.length > 0) {
            header = URLDecoder.decode(parameterValues[0], StandardCharsets.UTF_8);
        }
        if (header != null) {
            if (header.startsWith("Bearer")) {
                header = header.substring("Bearer".length());
            }
            header = header.trim();
        }
        if (V.isEmpty(header)) {
            log.warn("请求未指定token: {}", header);
            return null;
        }
        if (isActiveAccessToken(header)) {
            return header;
        }
        return null;
    }

    public static String generateToken() {
        return S.newUuid();
    }

    public static synchronized String responseNewTokenIfRequired(ServletResponse servletResponse, String str, String str2) {
        if (!isCloseToExpired(str2)) {
            return null;
        }
        String refreshToken = getRefreshToken(str, str2);
        ((HttpServletResponse) servletResponse).setHeader(AUTH_HEADER, refreshToken);
        log.debug("写回刷新token :{}", refreshToken);
        return refreshToken;
    }

    public static void cacheAccessToken(String str, String str2) {
        getIamCacheManager().putCacheObj(Cons.CACHE_TOKEN_USERINFO, str, str2);
    }

    public static void removeAccessTokens(String str) {
        getIamCacheManager().removeCacheObj(Cons.CACHE_TOKEN_USERINFO, str);
    }

    public static String getCachedUserInfoStr(String str) {
        String cacheString = getIamCacheManager().getCacheString(Cons.CACHE_TOKEN_USERINFO, str);
        if (cacheString == null) {
            log.debug("token {} 缓存信息不存在，已过期或无效", str);
        }
        return cacheString;
    }

    public static boolean isActiveAccessToken(String str) {
        String cachedUserInfoStr = getCachedUserInfoStr(str);
        if (V.isEmpty(cachedUserInfoStr)) {
            log.warn("无效的token: {}", str);
            return false;
        }
        if (!isExpired(cachedUserInfoStr)) {
            return true;
        }
        log.warn("token已过期: {}，用户: {} 需重新登录后方可操作", str, cachedUserInfoStr);
        IamSecurityUtils.logoutByToken(str);
        return false;
    }

    public static synchronized String getRefreshToken(String str, String str2) {
        String cacheString = getIamCacheManager().getCacheString(Cons.CACHE_TOKEN_REFRESH, str);
        if (cacheString == null) {
            cacheString = generateToken();
            cacheRefreshToken(cacheString, str2);
            getIamCacheManager().putCacheObj(Cons.CACHE_TOKEN_REFRESH, str, cacheString);
            log.debug("生成 token: {} 的 refresh-token: {}", str, cacheString);
        } else {
            log.debug("从缓存中获取 token: {} 的 refresh-token: {}", str, cacheString);
        }
        return cacheString;
    }

    public static synchronized void cacheRefreshToken(String str, String str2) {
        cacheAccessToken(str, S.substringBeforeLast(str2, ",") + "," + System.currentTimeMillis());
    }

    public static boolean isExpired(String str) {
        if (V.isEmpty(str)) {
            return false;
        }
        String[] split = S.split(str);
        return System.currentTimeMillis() > Long.parseLong(split[ISSUED_AT_INDEX]) + (((long) Integer.parseInt(split[EXPIRES_MINUTES_INDEX])) * 60000);
    }

    public static boolean isCloseToExpired(String str) {
        if (V.isEmpty(str)) {
            return false;
        }
        String[] split = S.split(str);
        int parseInt = Integer.parseInt(split[EXPIRES_MINUTES_INDEX]);
        long currentTimeMillis = System.currentTimeMillis();
        long parseLong = Long.parseLong(split[ISSUED_AT_INDEX]);
        long j = (parseLong + (parseInt * 60000)) - currentTimeMillis;
        return j > 0 && ((double) (currentTimeMillis - parseLong)) / ((double) j) > 3.0d;
    }

    private static BaseCacheManager getIamCacheManager() {
        if (iamCacheManager == null) {
            iamCacheManager = (BaseCacheManager) ContextHolder.getBean("iamCacheManager");
        }
        return iamCacheManager;
    }

    private static String getConfigValue(String str, String str2) {
        String property = BaseConfig.getProperty(str);
        return property != null ? property : str2;
    }

    private static int getConfigIntValue(String str, int i) {
        String property = BaseConfig.getProperty(str);
        return property != null ? Integer.parseInt(property) : i;
    }
}
