package leap.oauth2.webapp.authc;

import java.util.Map;
import leap.core.AppConfigException;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.cache.Cache;
import leap.core.cache.CacheManager;
import leap.core.ioc.PostCreateBean;
import leap.core.security.UserPrincipal;
import leap.lang.Strings;
import leap.lang.expirable.TimeExpirableMs;
import leap.lang.expirable.TimeExpirableSeconds;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.webapp.OAuth2Config;
import leap.oauth2.webapp.client.OAuth2Client;
import leap.oauth2.webapp.token.Token;
import leap.oauth2.webapp.token.TokenInfo;
import leap.oauth2.webapp.token.TokenInfoLookup;
import leap.oauth2.webapp.token.TokenVerifier;
import leap.oauth2.webapp.user.UserInfoLookup;

/* loaded from: input_file:leap/oauth2/webapp/authc/DefaultOAuth2Authenticator.class */
public class DefaultOAuth2Authenticator implements OAuth2Authenticator, PostCreateBean {
    private static final Log log = LogFactory.get(DefaultOAuth2Authenticator.class);

    @Inject
    protected OAuth2Config config;

    @Inject
    protected TokenInfoLookup tokenInfoLookup;

    @Inject
    protected UserInfoLookup userInfoLookup;

    @Inject
    protected CacheManager cacheManager;
    protected Map<String, TokenVerifier> typedAccessTokenVerifiers;
    protected Cache<String, CachedAuthentication> cache;
    protected int cacheSize = 2048;
    protected int cacheExpiresInMs = 120000;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:leap/oauth2/webapp/authc/DefaultOAuth2Authenticator$CachedAuthentication.class */
    public static final class CachedAuthentication {
        public final TokenInfo tokenInfo;
        public final OAuth2Authentication authentication;
        private final TimeExpirableMs expirable;

        public CachedAuthentication(TokenInfo tokenInfo, OAuth2Authentication oAuth2Authentication, int i) {
            this.tokenInfo = tokenInfo;
            this.authentication = oAuth2Authentication;
            this.expirable = new TimeExpirableMs(i);
        }

        public boolean isTokenExpired() {
            return this.tokenInfo.isExpired();
        }

        public boolean isCacheExpired() {
            return this.expirable.isExpired();
        }
    }

    public void setCacheSize(int i) {
        this.cacheSize = i;
    }

    public void setCacheExpiresInMs(int i) {
        this.cacheExpiresInMs = i;
    }

    public void postCreate(BeanFactory beanFactory) throws Throwable {
        this.cache = this.cacheManager.createSimpleLRUCache(this.cacheSize);
        this.typedAccessTokenVerifiers = beanFactory.getNamedBeans(TokenVerifier.class);
    }

    @Override // leap.oauth2.webapp.authc.OAuth2Authenticator
    public OAuth2Authentication authenticate(Token token) {
        TokenInfo lookupByAccessToken;
        CachedAuthentication cachedAuthentication = getCachedAuthentication(token);
        if (null != cachedAuthentication) {
            if (cachedAuthentication.isTokenExpired()) {
                log.debug("Access token '{}' was expired", new Object[]{token.getToken()});
                removeCachedAuthentication(token, cachedAuthentication);
                return null;
            }
            if (!cachedAuthentication.isCacheExpired()) {
                log.debug("Returns the cached authentication of access token : {}", new Object[]{token.getToken()});
                return cachedAuthentication.authentication;
            }
            log.debug("Cached authentication expired, remove it from cache only");
            removeCachedAuthentication(token, cachedAuthentication);
        }
        if (Strings.isEmpty(token.getType())) {
            lookupByAccessToken = this.tokenInfoLookup.lookupByAccessToken(token.getToken());
        } else {
            TokenVerifier tokenVerifier = this.typedAccessTokenVerifiers.get(token.getType());
            if (null == tokenVerifier) {
                throw new AppConfigException("Cannot handle access token type '" + token.getType() + "'");
            }
            lookupByAccessToken = tokenVerifier.verifyToken(token);
        }
        if (null == lookupByAccessToken) {
            log.info("Access token '{}' not found", new Object[]{token.getToken()});
            return null;
        }
        if (lookupByAccessToken.isExpired()) {
            log.info("Access token '{}' was expired", new Object[]{token.getToken()});
            return null;
        }
        String clientId = lookupByAccessToken.getClientId();
        String userId = lookupByAccessToken.getUserId();
        UserPrincipal userInfo = lookupByAccessToken.getUserInfo();
        OAuth2Client oAuth2Client = null;
        if (null == userInfo && !Strings.isEmpty(userId)) {
            userInfo = this.userInfoLookup.lookupUserInfo(token.getToken(), userId);
            if (null == userInfo) {
                log.warn("User info not exists in oauth2 server, user id -> {}, access token -> {}", new Object[]{userId, token.getToken()});
                return null;
            }
        }
        if (!Strings.isEmpty(clientId)) {
            oAuth2Client = new OAuth2Client(clientId, lookupByAccessToken.getClaims());
        }
        SimpleOAuth2Authentication simpleOAuth2Authentication = new SimpleOAuth2Authentication(token, userInfo, oAuth2Client);
        if (null != lookupByAccessToken.getScope()) {
            simpleOAuth2Authentication.setPermissions(Strings.split(lookupByAccessToken.getScope(), new char[]{',', ' '}));
        }
        cacheAuthentication(token, lookupByAccessToken, simpleOAuth2Authentication);
        return simpleOAuth2Authentication;
    }

    protected CachedAuthentication getCachedAuthentication(Token token) {
        return (CachedAuthentication) this.cache.get(token.getToken());
    }

    protected void cacheAuthentication(Token token, TokenInfo tokenInfo, OAuth2Authentication oAuth2Authentication) {
        int i = this.cacheExpiresInMs;
        if (tokenInfo instanceof TimeExpirableSeconds) {
            i = ((TimeExpirableSeconds) tokenInfo).getExpiresInFormNow() * 1000;
        }
        this.cache.put(token.getToken(), new CachedAuthentication(tokenInfo, oAuth2Authentication, i));
    }

    protected void removeCachedAuthentication(Token token, CachedAuthentication cachedAuthentication) {
        this.cache.remove(token.getToken());
    }
}
