package cn.com.yusys.udp.cloud.gateway.controller;

import cn.com.yusys.udp.cloud.gateway.config.UcgOpenApiConfig;
import cn.com.yusys.udp.cloud.gateway.controller.vo.GenerateParam;
import cn.com.yusys.udp.cloud.gateway.controller.vo.JwtTokenInfoVO;
import cn.com.yusys.udp.cloud.gateway.controller.vo.RefreshParam;
import cn.com.yusys.udp.cloud.gateway.depositories.UcgOpenApiDepository;
import cn.com.yusys.udp.cloud.gateway.exception.UcgException;
import cn.com.yusys.udp.cloud.gateway.util.UcgJwtUtils;
import cn.com.yusys.udp.cloud.gateway.util.UcgUtils;
import com.auth0.jwt.interfaces.Claim;
import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import reactor.core.publisher.Mono;

@RequestMapping({"/api/auth/token"})
@ResponseBody
/* loaded from: input_file:cn/com/yusys/udp/cloud/gateway/controller/UcgJwtTokenController.class */
public class UcgJwtTokenController {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private UcgOpenApiDepository openApiCache;

    @PostMapping({"/generate"})
    public Mono<JwtTokenInfoVO> generate(@RequestBody GenerateParam generateParam) {
        if (!this.openApiCache.isEnabled()) {
            return Mono.error(new UcgException(HttpStatus.NOT_ACCEPTABLE, "OpenAPI已禁用"));
        }
        String clientId = generateParam.getClientId();
        String clientSecret = generateParam.getClientSecret();
        UcgOpenApiConfig.Client client = this.openApiCache.getClients().get(clientId);
        new JwtTokenInfoVO();
        return client == null ? Mono.just(new JwtTokenInfoVO(-1, "客户端不存在")) : !UcgUtils.OPEN_API_AUTH_TYPE_JWT.equalsIgnoreCase(client.getAuthType()) ? Mono.just(new JwtTokenInfoVO(-2, "当前客户端不支持JWT验证")) : !clientSecret.equals(client.getClientSecret()) ? Mono.just(new JwtTokenInfoVO(-3, "密码错误")) : Mono.just(createTokenRt(clientId, clientSecret));
    }

    @PostMapping({"/refresh"})
    public Mono<JwtTokenInfoVO> refresh(@RequestBody RefreshParam refreshParam) {
        if (!this.openApiCache.isEnabled()) {
            return Mono.error(new UcgException(HttpStatus.NOT_ACCEPTABLE, "OpenAPI已禁用"));
        }
        String token = refreshParam.getToken();
        Claim claim = UcgJwtUtils.getClaim(token, "client_id");
        if (claim == null) {
            return Mono.just(new JwtTokenInfoVO(-1, "token格式不合法"));
        }
        String asString = claim.asString();
        if (asString == null || "".equals(asString)) {
            return Mono.just(new JwtTokenInfoVO(-1, "token格式不合法"));
        }
        UcgOpenApiConfig.Client client = this.openApiCache.getClients().get(asString);
        return client == null ? Mono.just(new JwtTokenInfoVO(-2, "客户端不存在")) : !UcgUtils.OPEN_API_AUTH_TYPE_JWT.equalsIgnoreCase(client.getAuthType()) ? Mono.just(new JwtTokenInfoVO(-3, "当前客户端不支持JWT验证")) : !UcgJwtUtils.verifyToken(client.getClientSecret(), token) ? Mono.just(new JwtTokenInfoVO(-4, "token校验失败")) : Mono.just(createTokenRt(asString, client.getClientSecret()));
    }

    private JwtTokenInfoVO createTokenRt(String str, String str2) {
        JwtTokenInfoVO jwtTokenInfoVO = new JwtTokenInfoVO();
        long currentTimeMillis = System.currentTimeMillis();
        long jwtTimeout = this.openApiCache.getJwtTimeout();
        long j = ((currentTimeMillis + jwtTimeout) / 1000) * 1000;
        HashMap hashMap = new HashMap(4);
        hashMap.put("client_id", str);
        jwtTokenInfoVO.setToken(UcgJwtUtils.createToken(str2, Long.valueOf(j), hashMap));
        jwtTokenInfoVO.setTimeout(Long.valueOf(jwtTimeout));
        jwtTokenInfoVO.setExp(Long.valueOf(j));
        return jwtTokenInfoVO;
    }
}
