package net.trajano.ms.example.authz;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import javax.annotation.PostConstruct;
import net.trajano.ms.common.oauth.IdTokenResponse;
import net.trajano.ms.common.oauth.OAuthTokenResponse;
import net.trajano.ms.vertx.beans.JwksProvider;
import net.trajano.ms.vertx.beans.TokenGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheConfig;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;

@CacheConfig(cacheNames = {TokenCache.ACCESS_TOKEN_TO_CLAIMS, TokenCache.REFRESH_TOKEN_TO_ACCESS_TOKEN, TokenCache.REFRESH_TOKEN_TO_CLAIMS})
@Configuration
@Component
/* loaded from: input_file:net/trajano/ms/example/authz/TokenCache.class */
public class TokenCache {
    static final String ACCESS_TOKEN_TO_CLAIMS = "accessTokenToClaims";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TokenCache.class);
    static final String REFRESH_TOKEN_TO_ACCESS_TOKEN = "refreshTokenToAccessToken";
    static final String REFRESH_TOKEN_TO_CLAIMS = "refreshTokenToClaims";

    @Value("${token.accessTokenExpiration:300}")
    private int accessTokenExpirationInSeconds;
    private Cache accessTokenToClaims;

    @Autowired
    private CacheManager cm;

    @Autowired
    private JwksProvider jwksProvider;
    private Cache refreshTokenToAccessToken;
    private Cache refreshTokenToClaims;

    @Autowired
    private TokenGenerator tokenGenerator;

    public IdTokenResponse get(String str, String str2) {
        JWTClaimsSet jWTClaimsSet = (JWTClaimsSet) this.accessTokenToClaims.get(str, JWTClaimsSet.class);
        if (jWTClaimsSet == null) {
            throw OAuthTokenResponse.unauthorized("token_rejected", "Token rejected", "Bearer");
        }
        if (jWTClaimsSet.getExpirationTime().before(Date.from(Instant.now()))) {
            this.accessTokenToClaims.evict(str);
            throw OAuthTokenResponse.badRequest("invalid_request", "JWT has exceeded life time");
        }
        try {
            String serialize = this.jwksProvider.sign(jWTClaimsSet).serialize();
            IdTokenResponse idTokenResponse = new IdTokenResponse();
            idTokenResponse.setAccessToken(str);
            idTokenResponse.setTokenType("Bearer");
            if (jWTClaimsSet.getExpirationTime() != null) {
                idTokenResponse.setExpiresIn((int) Duration.between(Instant.now(), jWTClaimsSet.getExpirationTime().toInstant()).getSeconds());
            }
            idTokenResponse.setIdToken(serialize);
            return idTokenResponse;
        } catch (JOSEException e) {
            throw OAuthTokenResponse.internalServerError(e);
        }
    }

    @PostConstruct
    public void init() {
        LOG.debug("cache manager={}", this.cm);
        this.accessTokenToClaims = this.cm.getCache(ACCESS_TOKEN_TO_CLAIMS);
        this.refreshTokenToAccessToken = this.cm.getCache(REFRESH_TOKEN_TO_ACCESS_TOKEN);
        this.refreshTokenToClaims = this.cm.getCache(REFRESH_TOKEN_TO_CLAIMS);
    }

    public OAuthTokenResponse refresh(String str, String str2) {
        JWTClaimsSet jWTClaimsSet = (JWTClaimsSet) this.refreshTokenToClaims.get(str, JWTClaimsSet.class);
        if (jWTClaimsSet == null) {
            throw OAuthTokenResponse.badRequest("invalid_request", "Refresh token is not valid");
        }
        if (!jWTClaimsSet.getAudience().contains(str2)) {
            throw OAuthTokenResponse.badRequest("invalid_request", "Client ID does not match");
        }
        if (jWTClaimsSet.getExpirationTime().before(Date.from(Instant.now()))) {
            this.refreshTokenToClaims.evict(str);
            throw OAuthTokenResponse.badRequest("invalid_request", "JWT has exceeded life time");
        }
        this.refreshTokenToClaims.evict(str);
        String str3 = (String) this.refreshTokenToAccessToken.get(str, String.class);
        if (str3 != null) {
            this.accessTokenToClaims.evict(str3);
            this.refreshTokenToAccessToken.evict(str);
        }
        String newToken = this.tokenGenerator.newToken();
        String newToken2 = this.tokenGenerator.newToken();
        OAuthTokenResponse oAuthTokenResponse = new OAuthTokenResponse();
        oAuthTokenResponse.setAccessToken(newToken);
        oAuthTokenResponse.setTokenType("Bearer");
        oAuthTokenResponse.setExpiresIn(this.accessTokenExpirationInSeconds);
        oAuthTokenResponse.setRefreshToken(newToken2);
        this.accessTokenToClaims.putIfAbsent(newToken, jWTClaimsSet);
        this.refreshTokenToClaims.putIfAbsent(newToken2, jWTClaimsSet);
        this.refreshTokenToAccessToken.putIfAbsent(newToken2, newToken);
        return oAuthTokenResponse;
    }

    public OAuthTokenResponse store(JWTClaimsSet jWTClaimsSet) {
        String newToken = this.tokenGenerator.newToken();
        String newToken2 = this.tokenGenerator.newToken();
        OAuthTokenResponse oAuthTokenResponse = new OAuthTokenResponse();
        oAuthTokenResponse.setAccessToken(newToken);
        oAuthTokenResponse.setTokenType("Bearer");
        oAuthTokenResponse.setExpiresIn(this.accessTokenExpirationInSeconds);
        oAuthTokenResponse.setRefreshToken(newToken2);
        this.accessTokenToClaims.putIfAbsent(newToken, jWTClaimsSet);
        this.refreshTokenToClaims.putIfAbsent(newToken2, jWTClaimsSet);
        this.refreshTokenToAccessToken.putIfAbsent(newToken2, newToken);
        return oAuthTokenResponse;
    }
}
