package net.trajano.ms.authz.internal;

import java.time.Instant;
import java.util.Collection;
import javax.annotation.PostConstruct;
import net.trajano.ms.auth.token.IdTokenResponse;
import net.trajano.ms.auth.token.OAuthTokenResponse;
import net.trajano.ms.core.CryptoOps;
import net.trajano.ms.core.ErrorResponses;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:net/trajano/ms/authz/internal/TokenCache.class */
public class TokenCache {
    private static final Logger LOG = LoggerFactory.getLogger(TokenCache.class);

    @Value("${token.accessTokenExpiration:300}")
    private int accessTokenExpirationInSeconds;
    private Cache accessTokenToEntry;

    @Autowired
    private CacheManager cm;

    @Autowired
    private CryptoOps cryptoOps;
    private Cache refreshTokenToEntry;

    private void evictEntry(TokenCacheEntry tokenCacheEntry) {
        this.accessTokenToEntry.evict(tokenCacheEntry.getAccessToken());
        this.refreshTokenToEntry.evict(tokenCacheEntry.getRefreshToken());
    }

    public IdTokenResponse get(String str) {
        TokenCacheEntry cacheEntry = getCacheEntry(str);
        if (cacheEntry == null) {
            return null;
        }
        return new IdTokenResponse(str, cacheEntry.getJwt(), cacheEntry.getAudiences(), cacheEntry.getExpiresInSeconds());
    }

    public TokenCacheEntry getCacheEntry(String str) {
        TokenCacheEntry tokenCacheEntry = (TokenCacheEntry) this.accessTokenToEntry.get(str, TokenCacheEntry.class);
        if (tokenCacheEntry == null) {
            LOG.debug("No entry for accessToken={}", str);
            return null;
        }
        if (!tokenCacheEntry.isExpired()) {
            return tokenCacheEntry;
        }
        evictEntry(tokenCacheEntry);
        LOG.debug("Entry was expired for accessToken={}", str);
        return null;
    }

    @PostConstruct
    public void init() {
        this.accessTokenToEntry = this.cm.getCache(CacheNames.ACCESS_TOKEN_TO_ENTRY);
        this.refreshTokenToEntry = this.cm.getCache(CacheNames.REFRESH_TOKEN_TO_ENTRY);
        LOG.debug("cache manager={} accessTokenToEntry={} refreshTokenToEntry={}", new Object[]{this.cm, this.accessTokenToEntry, this.refreshTokenToEntry});
    }

    public OAuthTokenResponse refresh(String str, String str2) {
        TokenCacheEntry tokenCacheEntry = (TokenCacheEntry) this.refreshTokenToEntry.get(str, TokenCacheEntry.class);
        if (tokenCacheEntry == null) {
            throw ErrorResponses.unauthorized("unauthorized_client", "Token rejected", "Bearer");
        }
        if (tokenCacheEntry.isExpired()) {
            evictEntry(tokenCacheEntry);
            throw ErrorResponses.badRequest("invalid_request", "JWT has exceeded life time");
        }
        if (tokenCacheEntry.getAudiences().contains(str2)) {
            return updateEntry(tokenCacheEntry);
        }
        throw ErrorResponses.badRequest("invalid_request", "Client mismatch");
    }

    public void revokeRefreshToken(String str, String str2) {
        TokenCacheEntry tokenCacheEntry = (TokenCacheEntry) this.refreshTokenToEntry.get(str, TokenCacheEntry.class);
        if (tokenCacheEntry == null) {
            return;
        }
        if (!tokenCacheEntry.getAudiences().contains(str2)) {
            throw ErrorResponses.badRequest("invalid_request", "Client mismatch");
        }
        evictEntry(tokenCacheEntry);
    }

    public OAuthTokenResponse store(String str, Collection<String> collection, Instant instant) {
        String newToken = this.cryptoOps.newToken();
        String newToken2 = this.cryptoOps.newToken();
        TokenCacheEntry tokenCacheEntry = new TokenCacheEntry(newToken, newToken2, str, collection, instant);
        this.accessTokenToEntry.putIfAbsent(newToken, tokenCacheEntry);
        this.refreshTokenToEntry.putIfAbsent(newToken2, tokenCacheEntry);
        OAuthTokenResponse oAuthTokenResponse = new OAuthTokenResponse();
        oAuthTokenResponse.setAccessToken(newToken);
        oAuthTokenResponse.setTokenType("Bearer");
        oAuthTokenResponse.setExpiresIn(this.accessTokenExpirationInSeconds);
        oAuthTokenResponse.setRefreshToken(newToken2);
        return oAuthTokenResponse;
    }

    private OAuthTokenResponse updateEntry(TokenCacheEntry tokenCacheEntry) {
        evictEntry(tokenCacheEntry);
        return store(tokenCacheEntry.getJwt(), tokenCacheEntry.getAudiences(), tokenCacheEntry.getExpiresOn());
    }
}
