package leap.core.security.token;

import leap.core.AppConfig;
import leap.core.el.ElConfig;
import leap.lang.Args;
import leap.lang.Strings;
import leap.lang.codec.Base64;
import leap.lang.codec.MD5;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;

/* loaded from: input_file:leap/core/security/token/SimpleTokenEncoder.class */
public class SimpleTokenEncoder implements TokenEncoder {
    private static final Log log = LogFactory.get(SimpleTokenEncoder.class);
    protected String secret;
    protected int expiresInSeconds;

    public SimpleTokenEncoder() {
    }

    public SimpleTokenEncoder(String str, int i) {
        Args.notEmpty(str, AppConfig.PROPERTY_SECRET);
        this.secret = str;
        this.expiresInSeconds = i;
    }

    public String getSecret() {
        return this.secret;
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public int getExpiresInSeconds() {
        return this.expiresInSeconds;
    }

    public void setExpiresInSeconds(int i) {
        this.expiresInSeconds = i;
    }

    @Override // leap.core.security.token.TokenEncoder
    public String encodeToken(String str) {
        return doEncodeToken(str, String.valueOf(this.expiresInSeconds > 0 ? System.currentTimeMillis() + (this.expiresInSeconds * 1000) : 0L));
    }

    @Override // leap.core.security.token.TokenEncoder
    public boolean verifyToken(String str) throws TokenExpiredException {
        for (int i = 0; i < str.length() % 4; i++) {
            str = str + "=";
        }
        if (!Base64.isBase64(str)) {
            log.debug("The encoded token '{}' is not a valid base64 string", new Object[]{str});
            return false;
        }
        String[] split = Strings.split(Base64.decode(str), ':');
        if (split.length != 3) {
            log.debug("The encoded token '{}' is invalid", new Object[]{str});
            return false;
        }
        String str2 = split[0];
        String str3 = split[1];
        String str4 = split[2];
        try {
            verifyTokenExpired(str3);
            return verifyTokenSignature(str2, str3, str4);
        } catch (Throwable th) {
            log.info("Error verifying the encoded token '{}', {}", new Object[]{str, th.getMessage(), th});
            return false;
        }
    }

    protected void verifyTokenExpired(String str) throws TokenExpiredException {
        long parseLong = Long.parseLong(str);
        long currentTimeMillis = System.currentTimeMillis();
        if (parseLong > 0 && currentTimeMillis - parseLong > 0) {
            throw new TokenExpiredException("Token expired, expration time '" + parseLong + "', current time '" + currentTimeMillis + "'");
        }
    }

    protected boolean verifyTokenSignature(String str, String str2, String str3) {
        return sign(str, str2).equals(str3);
    }

    protected String doEncodeToken(String str, String str2) {
        Args.assertFalse(str.contains(ElConfig.FUNCTION_NAME_SEPERATOR), "The token must not contains character ':'");
        StringBuilder sb = new StringBuilder(Base64.encode(str + ElConfig.FUNCTION_NAME_SEPERATOR + str2 + ElConfig.FUNCTION_NAME_SEPERATOR + sign(str, str2)));
        while (sb.charAt(sb.length() - 1) == '=') {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    protected String sign(String str, String str2) {
        return MD5.hex(Strings.getBytesUtf8(str + ElConfig.FUNCTION_NAME_SEPERATOR + str2 + ElConfig.FUNCTION_NAME_SEPERATOR + this.secret));
    }
}
