package com.baomidou.kisso.security;

import com.baomidou.kisso.SSOConfig;
import com.baomidou.kisso.common.RsaKeyHelper;
import com.baomidou.kisso.common.SSOConstants;
import com.baomidou.kisso.exception.KissoException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import java.security.Key;
import java.security.KeyStore;
import java.security.PublicKey;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.core.io.ClassPathResource;

/* loaded from: input_file:com/baomidou/kisso/security/JwtHelper.class */
public class JwtHelper {
    private static Key RSA_KEY;
    private static PublicKey RSA_PUBLICKEY;

    public static String getHS512SecretKey() {
        return getSecretKey(SignatureAlgorithm.HS512);
    }

    public static String getSecretKey(SignatureAlgorithm signatureAlgorithm) {
        return Base64.getEncoder().encodeToString(Keys.secretKeyFor(signatureAlgorithm).getEncoded());
    }

    public static SecretKey getSecretKey(String str, SignatureAlgorithm signatureAlgorithm) {
        return new SecretKeySpec(str.getBytes(), signatureAlgorithm.getJcaName());
    }

    public static String signCompact(JwtBuilder jwtBuilder) {
        SSOConfig sSOConfig = SSOConfig.getInstance();
        SignatureAlgorithm forName = SignatureAlgorithm.forName(sSOConfig.getSignAlgorithm());
        if (!SSOConstants.RSA.equals(forName.getFamilyName())) {
            return jwtBuilder.signWith(getSecretKey(sSOConfig.getSignKey(), forName), forName).compact();
        }
        try {
            if (null == RSA_KEY) {
                ClassPathResource classPathResource = new ClassPathResource(sSOConfig.getRsaJksStore());
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(classPathResource.getInputStream(), sSOConfig.getRsaStorepass().toCharArray());
                RSA_KEY = keyStore.getKey(sSOConfig.getRsaAlias(), sSOConfig.getRsaKeypass().toCharArray());
            }
            return jwtBuilder.signWith(RSA_KEY, forName).compact();
        } catch (Exception e) {
            throw new KissoException("signCompact error.", e);
        }
    }

    public static JwtParser verifyParser() {
        try {
            SSOConfig sSOConfig = SSOConfig.getInstance();
            SignatureAlgorithm forName = SignatureAlgorithm.forName(sSOConfig.getSignAlgorithm());
            if (!SSOConstants.RSA.equals(forName.getFamilyName())) {
                return Jwts.parserBuilder().setSigningKey(getSecretKey(sSOConfig.getSignKey(), forName)).build();
            }
            if (null == RSA_PUBLICKEY) {
                RSA_PUBLICKEY = RsaKeyHelper.getRsaPublicKey(new ClassPathResource(sSOConfig.getRsaCertStore()).getInputStream());
            }
            return Jwts.parserBuilder().setSigningKey(RSA_PUBLICKEY).build();
        } catch (Exception e) {
            throw new KissoException("verifyParser error.", e);
        }
    }
}
