package com.bokesoft.distro.tech.commons.basis.auth;

import com.bokesoft.distro.tech.commons.basis.auth.crossauth.CrossAuthData;
import com.bokesoft.distro.tech.commons.basis.auth.crossauth.CrossAuthTokenSetting;
import com.bokesoft.distro.tech.commons.basis.auth.crossauth.ICrossAuthTokenSettingProvider;
import com.bokesoft.yes.common.encrypt.RSA;
import com.bokesoft.yes.common.util.Base64;
import com.bokesoft.yigo.common.dependency.DependencySortCore;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/bokesoft/distro/tech/commons/basis/auth/CrossAuthUtil.class */
public class CrossAuthUtil {
    private static Logger logger = LoggerFactory.getLogger(CrossAuthUtil.class);
    public static final String AUTH_WILDCARD = "x-bk-cross-auth";
    private static List<ICrossAuthTokenSettingProvider> providers;

    public static void setup(List<ICrossAuthTokenSettingProvider> list) {
        providers = DependencySortCore.sort(list);
    }

    public static String build(String str, CrossAuthData crossAuthData) {
        try {
            return new String(Base64.encode(new RSA().encryptByPublic(new ObjectMapper().writeValueAsString(crossAuthData).getBytes(), str)));
        } catch (Exception e) {
            return (String) ExceptionUtils.rethrow(e);
        }
    }

    public static boolean doCheck(String str, String str2) {
        CrossAuthData decrypt = decrypt(str, str2);
        CrossAuthTokenSetting matchReleatdTokenSetting = matchReleatdTokenSetting(decrypt);
        if (null != matchReleatdTokenSetting) {
            return checkTokenData(decrypt, matchReleatdTokenSetting);
        }
        logger.warn("未匹配到合适 callid = {} 的 Token 验证配置,无法验证有效性", decrypt.getCallerId());
        return false;
    }

    protected static CrossAuthData decrypt(String str, String str2) {
        try {
            return (CrossAuthData) new ObjectMapper().readValue(new String(new RSA().decryptByPrivate(Base64.decode(str2.getBytes()), str)), CrossAuthData.class);
        } catch (Throwable th) {
            logger.error("无法解析CrossAuth加密信息", th);
            return (CrossAuthData) ExceptionUtils.rethrow(th);
        }
    }

    protected static boolean checkTokenData(CrossAuthData crossAuthData, CrossAuthTokenSetting crossAuthTokenSetting) {
        if (System.currentTimeMillis() >= crossAuthData.getApplyTime() + crossAuthTokenSetting.getMaxTimeDriftMs() || System.currentTimeMillis() <= crossAuthData.getApplyTime() - crossAuthTokenSetting.getMaxTimeDriftMs()) {
            return false;
        }
        return crossAuthData.getToken().equals(crossAuthTokenSetting.getToken());
    }

    private static CrossAuthTokenSetting matchReleatdTokenSetting(CrossAuthData crossAuthData) {
        Iterator<ICrossAuthTokenSettingProvider> it = providers.iterator();
        while (it.hasNext()) {
            CrossAuthTokenSetting authTokenSetting = it.next().getAuthTokenSetting(crossAuthData.getCallerId());
            if (null != authTokenSetting) {
                return authTokenSetting;
            }
        }
        return null;
    }
}
