package com.central.oauth2.common.store;

import cn.hutool.core.util.StrUtil;
import com.central.common.constant.SecurityConstants;
import com.central.oauth2.common.converter.CustomUserAuthenticationConverter;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Base64;
import java.util.Map;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/bm-auth-client-spring-boot-starter-3.6.0.jar:com/central/oauth2/common/store/ResJwtTokenStore.class */
public class ResJwtTokenStore {

    @Autowired
    private ResourceServerProperties resource;

    @Bean
    public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
        return new JwtTokenStore(jwtAccessTokenConverter);
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setVerifierKey(getPubKey());
        ((DefaultAccessTokenConverter) jwtAccessTokenConverter.getAccessTokenConverter()).setUserTokenConverter(new CustomUserAuthenticationConverter());
        return jwtAccessTokenConverter;
    }

    private String getPubKey() {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ClassPathResource(SecurityConstants.RSA_PUBLIC_KEY).getInputStream()));
            Throwable th = null;
            try {
                try {
                    String str = (String) bufferedReader.lines().collect(Collectors.joining("\n"));
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    return str;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            return getKeyFromAuthorizationServer();
        }
    }

    private String getKeyFromAuthorizationServer() {
        if (!StrUtil.isNotEmpty(this.resource.getJwt().getKeyUri())) {
            return null;
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        String clientId = this.resource.getClientId();
        String clientSecret = this.resource.getClientSecret();
        if (clientId != null && clientSecret != null) {
            httpHeaders.add("Authorization", ServerHttpBasicAuthenticationConverter.BASIC + new String(Base64.getEncoder().encode((clientId + ":" + clientSecret).getBytes())));
        }
        return (String) ((Map) new RestTemplate().exchange(this.resource.getJwt().getKeyUri(), HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), Map.class, new Object[0]).getBody()).get("value");
    }
}
