package one.microproject.iamservice.core.services.impl.caches;

import io.jsonwebtoken.impl.DefaultClaims;
import java.util.Optional;
import one.microproject.iamservice.core.TokenValidator;
import one.microproject.iamservice.core.model.JWToken;
import one.microproject.iamservice.core.model.OrganizationId;
import one.microproject.iamservice.core.model.ProjectId;
import one.microproject.iamservice.core.model.User;
import one.microproject.iamservice.core.model.UserId;
import one.microproject.iamservice.core.services.caches.ModelCache;
import one.microproject.iamservice.core.services.caches.TokenCache;
import one.microproject.iamservice.core.utils.TokenUtils;

/* loaded from: input_file:one/microproject/iamservice/core/services/impl/caches/TokenCacheImpl.class */
public class TokenCacheImpl implements TokenCache {
    private final ModelCache modelCache;
    private final TokenValidator tokenValidator;
    private CacheHolder<JWToken> revokedJWTokens;

    public TokenCacheImpl(ModelCache modelCache, TokenValidator tokenValidator, CacheHolder<JWToken> cacheHolder) {
        this.revokedJWTokens = cacheHolder;
        this.tokenValidator = tokenValidator;
        this.modelCache = modelCache;
    }

    @Override // one.microproject.iamservice.core.services.caches.TokenCache
    public void addRevokedToken(JWToken jWToken) {
        this.revokedJWTokens.put(jWToken.getToken(), jWToken);
    }

    @Override // one.microproject.iamservice.core.services.caches.TokenCache
    public int purgeRevokedTokens() {
        int size = this.revokedJWTokens.size();
        this.revokedJWTokens.remove(this::isTokenInvalid);
        return size - this.revokedJWTokens.size();
    }

    @Override // one.microproject.iamservice.core.services.caches.TokenCache
    public boolean isRevoked(JWToken jWToken) {
        return this.revokedJWTokens.get(jWToken.getToken()) != null;
    }

    @Override // one.microproject.iamservice.core.services.caches.TokenCache
    public int size() {
        return this.revokedJWTokens.size();
    }

    private boolean isTokenInvalid(JWToken jWToken) {
        return !validateToken(jWToken);
    }

    private boolean validateToken(JWToken jWToken) {
        DefaultClaims extractClaims = TokenUtils.extractClaims(jWToken);
        Optional<User> user = this.modelCache.getUser(OrganizationId.from(extractClaims.getIssuer()), ProjectId.from(extractClaims.getAudience()), UserId.from(extractClaims.getSubject()));
        if (user.isPresent()) {
            return this.tokenValidator.validateToken(user.get().getCertificate().getPublicKey(), jWToken).isPresent();
        }
        return false;
    }
}
