package com.qianwen.core.secure.utils; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import java.security.Key; import java.util.Base64; import java.util.Calendar; import java.util.Date; import java.util.Map; import java.util.Objects; import javax.crypto.spec.SecretKeySpec; import javax.servlet.http.HttpServletRequest; import com.qianwen.core.jwt.JwtUtil; import com.qianwen.core.jwt.props.JwtProperties; import com.qianwen.core.secure.TokenInfo; import com.qianwen.core.secure.constant.SecureConstant; import com.qianwen.core.secure.exception.SecureException; import com.qianwen.core.secure.provider.IClientDetails; import com.qianwen.core.secure.provider.IClientDetailsService; import com.qianwen.core.tool.utils.Charsets; import com.qianwen.core.tool.utils.Func; import com.qianwen.core.tool.utils.SpringUtil; import com.qianwen.core.tool.utils.StringUtil; import com.qianwen.core.tool.utils.WebUtil; /* loaded from: blade-core-secure-9.3.0.0-SNAPSHOT.jar:org/springblade/core/secure/utils/SecureUtil.class */ public class SecureUtil extends AuthUtil { private static final String CLIENT_ID = "client_id"; private static IClientDetailsService clientDetailsService; private static JwtProperties jwtProperties; static final /* synthetic */ boolean $assertionsDisabled; static { $assertionsDisabled = !SecureUtil.class.desiredAssertionStatus(); } private static IClientDetailsService getClientDetailsService() { if (clientDetailsService == null) { clientDetailsService = (IClientDetailsService) SpringUtil.getBean(IClientDetailsService.class); } return clientDetailsService; } private static JwtProperties getJwtProperties() { if (jwtProperties == null) { jwtProperties = (JwtProperties) SpringUtil.getBean(JwtProperties.class); } return jwtProperties; } public static TokenInfo createJWT(Map user, String audience, String issuer, String tokenType) { long expireMillis; String[] tokens = extractAndDecodeHeader(); String clientId = tokens[0]; String clientSecret = tokens[1]; IClientDetails clientDetails = clientDetails(clientId); if (!validateClient(clientDetails, clientId, clientSecret)) { throw new SecureException("客户端认证失败, 请检查请求头 [Authorization] 信息"); } SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); byte[] apiKeySecretBytes = Base64.getDecoder().decode(JwtUtil.getBase64Security()); Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT").setIssuer(issuer).setAudience(audience).signWith(signingKey); user.forEach(builder::claim); builder.claim(CLIENT_ID, clientId); if (tokenType.equals("access_token")) { expireMillis = clientDetails.getAccessTokenValidity().intValue() * 1000; } else if (tokenType.equals("refresh_token")) { expireMillis = clientDetails.getRefreshTokenValidity().intValue() * 1000; } else { expireMillis = getExpire(); } long expMillis = nowMillis + expireMillis; Date exp = new Date(expMillis); builder.setExpiration(exp).setNotBefore(now); TokenInfo tokenInfo = new TokenInfo(); tokenInfo.setToken(builder.compact()); tokenInfo.setExpire((int) (expireMillis / 1000)); if (getJwtProperties().getState().booleanValue() && "access_token".equals(tokenType)) { String tenantId = String.valueOf(user.get("tenant_id")); String userId = String.valueOf(user.get("user_id")); JwtUtil.addAccessToken(tenantId, userId, tokenInfo.getToken(), tokenInfo.getExpire()); } if (getJwtProperties().getState().booleanValue() && getJwtProperties().getSingle().booleanValue() && "refresh_token".equals(tokenType)) { String tenantId2 = String.valueOf(user.get("tenant_id")); String userId2 = String.valueOf(user.get("user_id")); JwtUtil.addRefreshToken(tenantId2, userId2, tokenInfo.getToken(), tokenInfo.getExpire()); } return tokenInfo; } public static TokenInfo createJWT(Map user, String audience, String issuer, String tokenType, String clientId, String clientSecret) { long expireMillis; IClientDetails clientDetails = clientDetails(clientId); if (!validateClient(clientDetails, clientId, clientSecret)) { throw new SecureException("client authentication failed, please check the header parameters"); } SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; long nowMillis = System.currentTimeMillis(); Date now = new Date(nowMillis); byte[] apiKeySecretBytes = Base64.getDecoder().decode(JwtUtil.getBase64Security()); Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT").setIssuer(issuer).setAudience(audience).signWith(signingKey); user.forEach(builder::claim); builder.claim(CLIENT_ID, clientId); if (tokenType.equals("access_token")) { expireMillis = clientDetails.getAccessTokenValidity().intValue() * 1000; } else if (tokenType.equals("refresh_token")) { expireMillis = clientDetails.getRefreshTokenValidity().intValue() * 1000; } else { expireMillis = getExpire(); } long expMillis = nowMillis + expireMillis; Date exp = new Date(expMillis); builder.setExpiration(exp).setNotBefore(now); TokenInfo tokenInfo = new TokenInfo(); tokenInfo.setToken(builder.compact()); tokenInfo.setExpire((int) (expireMillis / 1000)); if (getJwtProperties().getState().booleanValue() && "access_token".equals(tokenType)) { String tenantId = String.valueOf(user.get("tenant_id")); String userId = String.valueOf(user.get("user_id")); JwtUtil.addAccessToken(tenantId, userId, tokenInfo.getToken(), tokenInfo.getExpire()); } return tokenInfo; } public static long getExpire() { Calendar cal = Calendar.getInstance(); cal.add(6, 1); cal.set(11, 3); cal.set(13, 0); cal.set(12, 0); cal.set(14, 0); return cal.getTimeInMillis() - System.currentTimeMillis(); } public static String[] extractAndDecodeHeader() { try { byte[] decoded; String header = ((HttpServletRequest) Objects.requireNonNull(WebUtil.getRequest())) .getHeader("Authorization"); header = Func.toStr(header).replace("Basic%20", "Basic "); if (!header.startsWith(SecureConstant.BASIC_HEADER_PREFIX)) throw new SecureException("未获取到请求头[Authorization]的信息"); byte[] base64Token = header.substring(6).getBytes(Charsets.UTF_8_NAME); try { decoded = Base64.getDecoder().decode(base64Token); } catch (IllegalArgumentException var7) { throw new RuntimeException("客户端令牌解析失败"); } String token = new String(decoded, Charsets.UTF_8_NAME); int index = token.indexOf(":"); if (index == -1) throw new RuntimeException("客户端令牌不合法"); return new String[] { token.substring(0, index), token.substring(index + 1) }; } catch (Throwable ex) { throw new RuntimeException("客户端令牌解析失败", ex); } } public static String getClientIdFromHeader() { String[] tokens = extractAndDecodeHeader(); if ($assertionsDisabled || tokens.length == 2) { return tokens[0]; } throw new AssertionError(); } private static IClientDetails clientDetails(String clientId) { return getClientDetailsService().loadClientByClientId(clientId); } private static boolean validateClient(IClientDetails clientDetails, String clientId, String clientSecret) { return clientDetails != null && StringUtil.equals(clientId, clientDetails.getClientId()) && StringUtil.equals(clientSecret, clientDetails.getClientSecret()); } }