package com.gkhy.assess.common.utils;

import cn.hutool.crypto.digest.DigestUtil;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.gkhy.assess.common.exception.ApiException;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.http.HttpServletRequest;
import java.util.Date;

/**
 * JwtToken生成的工具类
 * JWT token的格式：header.payload.signature
 * header的格式（算法、token的类型）：
 * {"alg": "HS512","typ": "JWT"}
 * payload的格式（用户名、创建时间、生成时间）：
 * {"sub":"wang","created":1489079981393,"exp":1489684781}
 * signature的生成算法：
 * HMACSHA512(base64UrlEncode(header) + "." +base64UrlEncode(payload),secret)
 */
public class JwtTokenUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenUtil.class);

    public static final String USER_LOGIN_TOKEN="Authorization";

    public static final String CLAIM_KEY_USERNAME = "sub";
    public static final String CLAIM_KEY_CREATED = "created";

    public static String SECRET="nms-secret";

    public static String tokenHead="";

    /**Token有效期为7天（Token在reids中缓存时间为两倍）*/
    public static final long EXPIRATION=(7 * 12) * 60 * 60 * 1000;  //JWT的超期限时间(60*60*24*7)

    /**
     * 校验token是否正确
     * @param token
     * @param username
     * @param secret  用户密码
     * @return
     */
    public static boolean verify(String token,String username,String secret){
        try {
            Algorithm algorithm = Algorithm.HMAC256(secret);
            JWTVerifier verifier = JWT.require(algorithm).withClaim("username", username).build();
            DecodedJWT jwt = verifier.verify(token);
            return true;
        }catch (Exception e){
            return false;
        }
    }

    /**
     * 获取token中的信息  无需secret解密也能获得
     * @param token
     * @return
     */
    public static String getUsername(String token){
        try {
            DecodedJWT jwt = JWT.decode(token);
            return jwt.getClaim("username").asString();
        }catch (JWTDecodeException e){
            return null;
        }
    }

    /**
     * 生成签名
     * @param username
     * @param secret
     * @return
     */
    public static String sign(String username,String secret){
        Date date=new Date(System.currentTimeMillis()+EXPIRATION*1000);
        Algorithm algorithm=Algorithm.HMAC256(secret);
        return JWT.create().withClaim("username",username).withExpiresAt(date).sign(algorithm);
    }

    /**
     * 根据request中的token获取用户账号
     *
     * @param request
     * @return
     * @throws ApiException
     */
    public static String getUserNameByToken(HttpServletRequest request) throws ApiException {
        String accessToken = request.getHeader(USER_LOGIN_TOKEN);
        String username = getUsername(accessToken);
        if (StringUtils.isEmpty(username)) {
            throw new ApiException("未获取到用户");
        }
        return username;
    }


    /**
     * md5加密
     * @param token
     * @return
     */
    public static String md5Encode(String token){

        return DigestUtil.md5Hex(token);
    }


    /**
     * 密码加密
     * @param username
     * @param password
     * @param salt
     * @return
     */
    public static String encryptPassword(String username,String password,String salt){
        if(salt==null){
            salt="";
        }
        return new Md5Hash(username+password+salt).toHex();
    }


}