package cn.insmart.iam.gateway.service.impl;

import cn.insmart.fx.common.exception.business.impl.IllegalTokenException;
import cn.insmart.fx.common.lang.util.Message;
import cn.insmart.iam.gateway.entity.JsonWebKey;
import cn.insmart.iam.gateway.service.JsonWebKeyService;
import cn.insmart.iam.gateway.util.RsaUtils;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.security.jwt.crypto.sign.RsaVerifier;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;

@Service
/* loaded from: input_file:cn/insmart/iam/gateway/service/impl/JsonWebKeyServiceImpl.class */
public class JsonWebKeyServiceImpl implements JsonWebKeyService {
    private static final Logger log = LoggerFactory.getLogger(JsonWebKeyServiceImpl.class);

    @Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}")
    private String jwkSetUri;
    private final Map<String, RsaVerifier> verifiers = new ConcurrentHashMap();

    @Override // cn.insmart.iam.gateway.service.JsonWebKeyService
    public Mono<RsaVerifier> getVerifierById(String str) {
        return getVerifierLoadIfNecessary(str);
    }

    protected Mono<RsaVerifier> getVerifierLoadIfNecessary(String str) {
        return this.verifiers.containsKey(str) ? Mono.just(this.verifiers.get(str)) : loadVerifier(str).switchIfEmpty(Mono.error(new IllegalTokenException(Message.of("key id {} not exist!", new Object[]{str}))));
    }

    protected Mono<RsaVerifier> loadVerifier(String str) {
        log.info("start load jwk set");
        Assert.hasText(this.jwkSetUri, "jwkSetUri must be set!");
        log.info("load key from {}", this.jwkSetUri);
        return WebClient.builder().clientConnector(new ReactorClientHttpConnector(HttpClient.newConnection().compress(true))).build().get().uri(this.jwkSetUri, new Object[0]).retrieve().bodyToMono(String.class).map(str2 -> {
            log.info("load key body {}", str2);
            List parseArray = JSONArray.parseArray(JSONObject.parseObject(str2).getString("keys"), JsonWebKey.class);
            Assert.isTrue(!parseArray.isEmpty(), "token keys is empty");
            parseArray.forEach(jsonWebKey -> {
                try {
                    this.verifiers.put(jsonWebKey.getKid(), RsaUtils.createRsaVerifier(jsonWebKey));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                    throw new IllegalTokenException(e.getMessage());
                }
            });
            log.info("load token key size {}", Integer.valueOf(this.verifiers.size()));
            return this.verifiers.get(str);
        });
    }
}
