package com.alibaba.nacos.plugin.auth.impl;

import com.alibaba.nacos.auth.config.AuthConfigs;
import com.alibaba.nacos.plugin.auth.impl.constant.AuthConstants;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DecodingException;
import io.jsonwebtoken.security.Keys;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import javax.annotation.PostConstruct;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/alibaba/nacos/plugin/auth/impl/JwtTokenManager.class */
public class JwtTokenManager {
    private static final String AUTHORITIES_KEY = "auth";
    private final AuthConfigs authConfigs;
    private String secretKey;
    private byte[] secretKeyBytes;
    private long tokenValidityInSeconds;
    private JwtParser jwtParser;

    public JwtTokenManager(AuthConfigs authConfigs) {
        this.authConfigs = authConfigs;
    }

    @PostConstruct
    public void initProperties() {
        Properties authPluginProperties = this.authConfigs.getAuthPluginProperties(AuthConstants.AUTH_PLUGIN_TYPE);
        this.tokenValidityInSeconds = Long.parseLong(authPluginProperties.getProperty(AuthConstants.TOKEN_EXPIRE_SECONDS, AuthConstants.DEFAULT_TOKEN_EXPIRE_SECONDS));
        this.secretKey = authPluginProperties.getProperty(AuthConstants.TOKEN_SECRET_KEY, AuthConstants.DEFAULT_TOKEN_SECRET_KEY);
    }

    public String createToken(Authentication authentication) {
        return createToken(authentication.getName());
    }

    public String createToken(String str) {
        return Jwts.builder().setClaims(Jwts.claims().setSubject(str)).setExpiration(new Date(System.currentTimeMillis() + (getTokenValidityInSeconds() * 1000))).signWith(Keys.hmacShaKeyFor(getSecretKeyBytes()), SignatureAlgorithm.HS256).compact();
    }

    public Authentication getAuthentication(String str) {
        if (this.jwtParser == null) {
            this.jwtParser = Jwts.parserBuilder().setSigningKey(getSecretKeyBytes()).build();
        }
        Claims claims = (Claims) this.jwtParser.parseClaimsJws(str).getBody();
        List commaSeparatedStringToAuthorityList = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get(AUTHORITIES_KEY));
        return new UsernamePasswordAuthenticationToken(new User(claims.getSubject(), AuthConstants.DEFAULT_TOKEN_SECRET_KEY, commaSeparatedStringToAuthorityList), AuthConstants.DEFAULT_TOKEN_SECRET_KEY, commaSeparatedStringToAuthorityList);
    }

    public void validateToken(String str) {
        if (this.jwtParser == null) {
            this.jwtParser = Jwts.parserBuilder().setSigningKey(getSecretKeyBytes()).build();
        }
        this.jwtParser.parseClaimsJws(str);
    }

    public byte[] getSecretKeyBytes() {
        if (this.secretKeyBytes == null) {
            try {
                this.secretKeyBytes = (byte[]) Decoders.BASE64.decode(this.secretKey);
            } catch (DecodingException e) {
                this.secretKeyBytes = this.secretKey.getBytes(StandardCharsets.UTF_8);
            }
        }
        return this.secretKeyBytes;
    }

    public long getTokenValidityInSeconds() {
        return this.tokenValidityInSeconds;
    }
}
