package com.dtyunxi.yundt.cube.center.identity.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.dtyunxi.yundt.cube.center.identity.api.vo.IosVerifyVo;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/dtyunxi/yundt/cube/center/identity/util/IosUtil.class */
public class IosUtil {
    private static final String APPLE_OFFICIAL = "https://appleid.apple.com";
    private static final String AUTH_DOMAIN = "https://appleid.apple.com/auth/keys";
    private static final String AUTH_TIME_STR = "auth_time";
    private static final Logger logger = LoggerFactory.getLogger(IosUtil.class);
    private static JSONArray keysJsonArray = null;

    private static PublicKey getPublicKey(String str) {
        try {
            if (keysJsonArray == null || keysJsonArray.size() == 0) {
                updateAppleKeys();
            }
            String str2 = "";
            String str3 = "";
            for (int i = 0; i < keysJsonArray.size(); i++) {
                JSONObject jSONObject = keysJsonArray.getJSONObject(i);
                if (jSONObject.getString("kid").equals(str)) {
                    str2 = jSONObject.getString("n");
                    str3 = jSONObject.getString("e");
                }
            }
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(str2)), new BigInteger(1, Base64.decodeBase64(str3))));
        } catch (Exception e) {
            logger.info("获取公钥异常:{}", e.toString());
            e.printStackTrace();
            return null;
        }
    }

    private static void updateAppleKeys() {
        String str = (String) new RestTemplate().getForObject(AUTH_DOMAIN, String.class, new Object[0]);
        logger.info("苹果获取到的Token:{}", str);
        if (StringUtils.isEmpty(str)) {
            return;
        }
        keysJsonArray = JSONObject.parseObject(str).getJSONArray("keys");
    }

    public static IosVerifyVo verify(String str) {
        IosVerifyVo iosVerifyVo = new IosVerifyVo();
        try {
            String[] split = str.split("\\.");
            logger.info("打印所传JWT:{}", JSON.toJSONString(str));
            JSONObject parseObject = JSONObject.parseObject(new String(Base64.decodeBase64(split[0]), AlipayOauthUtil.CHARSET));
            JSONObject parseObject2 = JSONObject.parseObject(new String(Base64.decodeBase64(split[1]), AlipayOauthUtil.CHARSET));
            String str2 = (String) parseObject2.get("aud");
            String str3 = (String) parseObject2.get("sub");
            boolean verify = verify(str, str2, str3, (String) parseObject.get("kid"));
            iosVerifyVo.setUserId(str3);
            iosVerifyVo.setResult(verify);
        } catch (Exception e) {
            logger.info("jwt验证失败:{}", e.getMessage());
            if (e instanceof SignatureException) {
                updateAppleKeys();
            }
            e.printStackTrace();
        } catch (ExpiredJwtException e2) {
            logger.info("jwt验证失败--过时:{}", e2.getMessage());
        }
        return iosVerifyVo;
    }

    private static boolean verify(String str, String str2, String str3, String str4) {
        JwtParser signingKey = Jwts.parser().setSigningKey(getPublicKey(str4));
        signingKey.requireIssuer(APPLE_OFFICIAL);
        signingKey.requireAudience(str2);
        signingKey.requireSubject(str3);
        Jws parseClaimsJws = signingKey.parseClaimsJws(str);
        return null != parseClaimsJws && ((Claims) parseClaimsJws.getBody()).containsKey(AUTH_TIME_STR);
    }
}
