package org.hawaiiframework.security.oauth2.provider.token;

import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.hawaiiframework.cache.Cache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

/* loaded from: input_file:org/hawaiiframework/security/oauth2/provider/token/HawaiiTokenServices.class */
public class HawaiiTokenServices implements ResourceServerTokenServices {
    private static final Logger LOGGER = LoggerFactory.getLogger(HawaiiTokenServices.class);
    private final DefaultTokenServices defaultTokenServices;
    private final UserInfoTokenServices userInfoTokenServices;
    private final Cache<Authentication> cache;

    public HawaiiTokenServices(DefaultTokenServices defaultTokenServices, UserInfoTokenServices userInfoTokenServices, Cache<Authentication> cache) {
        this.defaultTokenServices = defaultTokenServices;
        this.userInfoTokenServices = userInfoTokenServices;
        this.cache = cache;
    }

    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        OAuth2Request extractOAuth2Request = extractOAuth2Request(this.defaultTokenServices.loadAuthentication(str));
        String jti = getJti(readAccessToken(str));
        Authentication authentication = (Authentication) this.cache.get(jti);
        if (authentication == null) {
            LOGGER.info("UserAuthentication not found in cache, retrieving it from SSO");
            authentication = extractUserAuthentication(this.userInfoTokenServices.loadAuthentication(str));
            this.cache.put(jti, authentication, Duration.of(r0.getExpiresIn(), ChronoUnit.SECONDS));
        } else {
            LOGGER.info("UserAuthentication found in cache");
        }
        return new OAuth2Authentication(extractOAuth2Request, authentication);
    }

    private OAuth2Request extractOAuth2Request(OAuth2Authentication oAuth2Authentication) {
        return oAuth2Authentication.getOAuth2Request();
    }

    private Authentication extractUserAuthentication(OAuth2Authentication oAuth2Authentication) {
        return oAuth2Authentication.getUserAuthentication();
    }

    public OAuth2AccessToken readAccessToken(String str) {
        return this.defaultTokenServices.readAccessToken(str);
    }

    private String getJti(OAuth2AccessToken oAuth2AccessToken) {
        return getJti(oAuth2AccessToken.getAdditionalInformation());
    }

    private String getJti(Map<String, Object> map) {
        String str = (String) map.get("jti");
        if (StringUtils.isBlank(str)) {
            throw new InvalidTokenException("Access token has no jti");
        }
        return str;
    }
}
