package com.xdja.pki.oas.service.token.impl;

import com.xdja.pki.gmssl.core.utils.GMSSLX509Utils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLECSignUtils;
import com.xdja.pki.gmssl.x509.utils.bean.GMSSLSignatureAlgorithm;
import com.xdja.pki.oas.common.bean.Result;
import com.xdja.pki.oas.common.config.SystemProperties;
import com.xdja.pki.oas.common.enums.ErrorCode;
import com.xdja.pki.oas.common.enums.SCOPE;
import com.xdja.pki.oas.common.jwt.JwtGenerator;
import com.xdja.pki.oas.common.jwt.base64.Base64URL;
import com.xdja.pki.oas.common.utils.KeyUtil;
import com.xdja.pki.oas.dao.JwkDao;
import com.xdja.pki.oas.dao.RegisterDao;
import com.xdja.pki.oas.entity.JwkDO;
import com.xdja.pki.oas.entity.RegisterInfoDO;
import com.xdja.pki.oas.service.token.TokenService;
import com.xdja.pki.oas.vo.TokenReq;
import com.xdja.pki.oas.vo.TokenResp;
import java.time.Instant;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/classes/com/xdja/pki/oas/service/token/impl/TokenServiceImpl.class */
public class TokenServiceImpl implements TokenService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TokenServiceImpl.class);

    @Autowired
    SystemProperties systemProperties;

    @Autowired
    RegisterDao registerDao;

    @Autowired
    JwkDao jwkDao;

    @Override // com.xdja.pki.oas.service.token.TokenService
    public Result token(TokenReq tokenReq) {
        RegisterInfoDO findByClientId = this.registerDao.findByClientId(tokenReq.getClient_id());
        if (null == findByClientId) {
            log.error("未找到注册信息.");
            return Result.fail(ErrorCode.INVALID_CLIENT);
        }
        try {
            if (!GMSSLECSignUtils.verify(KeyUtil.getPublicKeyFromStr(findByClientId.getPubKey()), findByClientId.getClientName().getBytes(), Base64URL.decode(tokenReq.getSign()), (byte[]) null, GMSSLSignatureAlgorithm.SM3_WITH_SM2.getSigAlgName())) {
                log.error("身份验证失败.");
                return Result.fail(ErrorCode.INVALID_CLIENT);
            }
            if (!StringUtils.equals(tokenReq.getGrant_type(), findByClientId.getGrantTypes())) {
                log.error("grant_type验证失败,注册的为:{}, 传入的为:{}", findByClientId.getGrantTypes(), tokenReq.getGrant_type());
                return Result.fail(ErrorCode.UNSUPPORTED_GRANT_TYPE);
            }
            if (!StringUtils.equals(tokenReq.getScope(), SCOPE.APPLY.scope)) {
                log.error("scope 错误, 需要值为:{}, 传入值为:{}", SCOPE.APPLY.scope, tokenReq.getScope());
                return Result.fail(ErrorCode.INVALID_SCOPE);
            }
            String createJwtToken = createJwtToken(findByClientId.getClientName(), findByClientId.getClientId());
            if (StringUtils.isBlank(createJwtToken)) {
                log.error("生成token失败.");
                return Result.fail(ErrorCode.SERVER_INTERNAL_EXCEPTION);
            }
            TokenResp tokenResp = new TokenResp();
            tokenResp.setAccess_token(createJwtToken);
            tokenResp.setExpires_in(this.systemProperties.getExpires());
            return Result.success(tokenResp);
        } catch (Exception e) {
            return Result.fail(ErrorCode.SERVER_INTERNAL_EXCEPTION);
        }
    }

    private String createJwtToken(String str, String str2) {
        JwtGenerator jwtGenerator = new JwtGenerator();
        jwtGenerator.getClass();
        JwtGenerator.Header header = new JwtGenerator.Header("ES256", "JWT");
        Instant now = Instant.now();
        JwtGenerator jwtGenerator2 = new JwtGenerator();
        jwtGenerator2.getClass();
        JwtGenerator.Payload payload = new JwtGenerator.Payload(this.systemProperties.getIss(), str, Long.valueOf(now.toEpochMilli()), Long.valueOf(now.plusSeconds(this.systemProperties.getExpires().longValue()).toEpochMilli()), str2);
        JwkDO findByClientId = this.jwkDao.findByClientId(str2);
        if (null == findByClientId) {
            log.error("JWT 生成失败, 未找到clienId[{}] 对应的JWK", str2);
            return null;
        }
        try {
            return new JwtGenerator().buildHeader(header).buildPayload(payload).buildPrivateKey(GMSSLX509Utils.convertSM2PrivateKey(Base64URL.decode(findByClientId.getD()))).generatorJwtES256();
        } catch (Exception e) {
            log.error("JWT 生成失败, {}", (Throwable) e);
            return null;
        }
    }
}
