package com.zbkj.common.utils;

import cn.hutool.core.util.ObjectUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwk.Jwk;
import com.zbkj.common.constants.Constants;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.security.PublicKey;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/zbkj/common/utils/AppleUtil.class */
public class AppleUtil {
    private static final Logger logger = LoggerFactory.getLogger(AppleUtil.class);

    private static JSONArray getAuthKeys() {
        JSONObject jSONObject = (JSONObject) new RestTemplate().getForObject("https://appleid.apple.com/auth/keys", JSONObject.class, new Object[0]);
        if (ObjectUtil.isNull(jSONObject)) {
            logger.error("获取苹果的公钥失败");
        }
        return jSONObject.getJSONArray("keys");
    }

    public static Boolean verify(String str) throws Exception {
        JSONArray authKeys = getAuthKeys();
        if (authKeys == null) {
            return false;
        }
        if (verifyExc(str, JSONObject.parseObject(authKeys.getString(0))).booleanValue()) {
            return true;
        }
        return verifyExc(str, JSONObject.parseObject(authKeys.getString(1)));
    }

    public static Boolean verifyExc(String str, JSONObject jSONObject) throws Exception {
        PublicKey publicKey = Jwk.fromValues(jSONObject).getPublicKey();
        String str2 = "";
        String str3 = "";
        if (str.split("\\.").length > 1) {
            String str4 = new String(Base64.decodeBase64(str.split("\\.")[1]));
            str2 = JSONObject.parseObject(str4).get("aud").toString();
            str3 = JSONObject.parseObject(str4).get(Constants.OPERATION_TYPE_SUBTRACT).toString();
        }
        JwtParser signingKey = Jwts.parser().setSigningKey(publicKey);
        signingKey.requireIssuer("https://appleid.apple.com");
        signingKey.requireAudience(str2);
        signingKey.requireSubject(str3);
        try {
            Jws parseClaimsJws = signingKey.parseClaimsJws(str);
            if (parseClaimsJws == null || !((Claims) parseClaimsJws.getBody()).containsKey("auth_time")) {
                return false;
            }
            System.out.println(parseClaimsJws);
            return true;
        } catch (Exception e) {
            logger.error("apple identityToken illegal", e);
            return false;
        } catch (ExpiredJwtException e2) {
            logger.error("apple identityToken expired", e2);
            return false;
        }
    }

    public static JSONObject parserIdentityToken(String str) {
        String str2 = new String(Base64.decodeBase64(str.split("\\.")[1]));
        return JSON.parseObject(str2.substring(0, str2.indexOf("}") + 1));
    }
}
