package cn.com.pc.cloud.aaa.impl;

import cn.com.pc.cloud.aaa.GlobalTokenVerifier;
import cn.com.pc.cloud.aaa.IdpKeyStore;
import cn.com.pc.cloud.aaa.model.Token;
import java.util.Base64;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;

/* loaded from: input_file:BOOT-INF/classes/cn/com/pc/cloud/aaa/impl/GlobalTokenVerifierImpl.class */
public class GlobalTokenVerifierImpl implements GlobalTokenVerifier {
    IdpKeyStore idpKeyStore;

    /* loaded from: input_file:BOOT-INF/classes/cn/com/pc/cloud/aaa/impl/GlobalTokenVerifierImpl$TokenParseResult.class */
    static class TokenParseResult {
        Token token;
        String sign;

        public TokenParseResult(Token token, String str) {
            this.token = token;
            this.sign = str;
        }

        static TokenParseResult parse(String str) {
            int indexOf;
            if (!StringUtils.isBlank(str) && (indexOf = str.indexOf(46)) >= 1 && indexOf < str.length()) {
                return new TokenParseResult(Token.decode(str.substring(0, indexOf)), str.substring(indexOf + 1));
            }
            return null;
        }
    }

    public GlobalTokenVerifierImpl(IdpKeyStore idpKeyStore) {
        this.idpKeyStore = idpKeyStore;
    }

    @Override // cn.com.pc.cloud.aaa.GlobalTokenVerifier
    public Token verify(String str) {
        TokenParseResult parse = TokenParseResult.parse(str);
        if (parse != null && parse.token.getTtl() >= 1 && verify(parse.token, parse.sign)) {
            return parse.token;
        }
        return null;
    }

    boolean verify(Token token, String str) {
        Ed25519Signer ed25519Signer = new Ed25519Signer();
        Ed25519PublicKeyParameters ed25519PublicKeyParameters = this.idpKeyStore.get(Integer.valueOf(token.getSignVersion()));
        if (ed25519PublicKeyParameters == null) {
            return false;
        }
        ed25519Signer.init(false, ed25519PublicKeyParameters);
        byte[] binaryData = token.getBinaryData();
        ed25519Signer.update(binaryData, 0, binaryData.length);
        return ed25519Signer.verifySignature(Base64.getUrlDecoder().decode(str));
    }
}
