package leap.core.security.token.jwt;

import java.util.Map;
import leap.core.security.token.TokenExpiredException;
import leap.core.security.token.TokenVerifyException;
import leap.lang.Args;
import leap.lang.Strings;
import leap.lang.json.JSON;
import leap.lang.json.JsonValue;

/* loaded from: input_file:leap/core/security/token/jwt/AbstractJwtVerifier.class */
public abstract class AbstractJwtVerifier implements JwtVerifier {
    @Override // leap.core.security.token.TokenVerifier
    public Map<String, Object> verify(String str) throws TokenVerifyException {
        String str2;
        String str3;
        String str4;
        Args.notEmpty(str, "token");
        String[] split = Strings.split(str, '.');
        if (split.length < 2 || split.length > 3) {
            throw new TokenVerifyException(TokenVerifyException.ErrorCode.INVALID_TOKEN, "Invalid jwt token, wrong number of parts: " + split.length);
        }
        if (split.length == 2) {
            str2 = split[0];
            str3 = split[0];
            str4 = split[1];
        } else {
            str2 = split[0] + "." + split[1];
            str3 = split[1];
            str4 = split[2];
        }
        if (str3.isEmpty() || str4.isEmpty()) {
            throw new TokenVerifyException(TokenVerifyException.ErrorCode.INVALID_TOKEN, "Invalid jwt token, both payload and signature parts must not be empty");
        }
        return verify(str2, str3, str4);
    }

    protected Map<String, Object> verify(String str, String str2, String str3) {
        if (!verifySignature(str, str3)) {
            throw new TokenVerifyException(TokenVerifyException.ErrorCode.INVALID_SIGNATURE, "Signature verification failed");
        }
        try {
            JsonValue parse = JSON.parse(JWT.base64UrlDeocodeToString(str2));
            if (!parse.isMap()) {
                throw new TokenVerifyException(TokenVerifyException.ErrorCode.INVALID_PAYLOAD, "The payload must be json object '{..}'");
            }
            Map<String, Object> asMap = parse.asMap();
            verifyExpiration(asMap);
            return asMap;
        } catch (Exception e) {
            throw new TokenVerifyException(TokenVerifyException.ErrorCode.INVALID_PAYLOAD, "Parse payload as json object failed, " + e.getMessage());
        }
    }

    protected void verifyExpiration(Map<String, Object> map) {
        Object obj = map.get(JWT.CLAIM_EXPIRATION_TIME);
        if (null == obj || !(obj instanceof Number)) {
            return;
        }
        long longValue = ((Number) obj).longValue();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (longValue <= 0 || currentTimeMillis >= longValue) {
            throw new TokenExpiredException("Token expired");
        }
    }

    protected abstract boolean verifySignature(String str, String str2);
}
