package leap.oauth2.rs.auth;

import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.core.cache.Cache;
import leap.core.cache.CacheManager;
import leap.core.ioc.PostCreateBean;
import leap.lang.Result;
import leap.lang.Strings;
import leap.lang.expirable.TimeExpirableMs;
import leap.lang.expirable.TimeExpirableSeconds;
import leap.lang.logging.Log;
import leap.lang.logging.LogFactory;
import leap.oauth2.rs.OAuth2ResServerConfig;
import leap.oauth2.rs.token.ResAccessToken;
import leap.oauth2.rs.token.ResAccessTokenDetails;
import leap.oauth2.rs.token.ResTokenManager;
import leap.oauth2.webapp.user.UserDetailsLookup;
import leap.web.security.user.UserDetails;

/* loaded from: input_file:leap/oauth2/rs/auth/DefaultResCredentialsAuthenticator.class */
public class DefaultResCredentialsAuthenticator implements ResCredentialsAuthenticator, PostCreateBean {
    private static final Log log = LogFactory.get(DefaultResCredentialsAuthenticator.class);

    @Inject
    protected BeanFactory factory;

    @Inject
    protected OAuth2ResServerConfig config;

    @Inject
    protected ResTokenManager tokenManager;

    @Inject
    protected UserDetailsLookup userDetailsLookup;

    @Inject
    protected CacheManager cacheManager;
    protected Cache<String, CachedAuthentication> authcCache;
    protected int cacheSize = 2048;
    protected int cacheExpiresInMs = 120000;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:leap/oauth2/rs/auth/DefaultResCredentialsAuthenticator$CachedAuthentication.class */
    public static final class CachedAuthentication {
        public final ResAccessTokenDetails tokenDetails;
        public final ResAuthentication authentication;
        private final TimeExpirableMs expirable;

        public CachedAuthentication(ResAccessTokenDetails resAccessTokenDetails, ResAuthentication resAuthentication, int i) {
            this.tokenDetails = resAccessTokenDetails;
            this.authentication = resAuthentication;
            this.expirable = new TimeExpirableMs(i);
        }

        public boolean isTokenExpired() {
            return this.tokenDetails.isExpired();
        }

        public boolean isCacheExpired() {
            return this.expirable.isExpired();
        }
    }

    @Override // leap.oauth2.rs.auth.ResCredentialsAuthenticator
    public Result<ResAuthentication> authenticate(ResAccessToken resAccessToken) {
        CachedAuthentication cachedAuthentication = getCachedAuthentication(resAccessToken);
        if (null != cachedAuthentication) {
            if (cachedAuthentication.isTokenExpired()) {
                log.debug("Access token '{}' was expired", new Object[]{resAccessToken.getToken()});
                removeCachedAuthentication(resAccessToken, cachedAuthentication);
                return Result.empty();
            }
            if (!cachedAuthentication.isCacheExpired()) {
                log.debug("Returns the cached authentication of access token : {}", new Object[]{resAccessToken.getToken()});
                return Result.of(cachedAuthentication.authentication);
            }
            log.debug("Cached authentication expired, remove it from cache only");
            removeCachedAuthentication(resAccessToken, cachedAuthentication);
        }
        Result<ResAccessTokenDetails> loadAccessTokenDetails = this.tokenManager.loadAccessTokenDetails(resAccessToken);
        if (!loadAccessTokenDetails.isPresent()) {
            log.debug("Access token '{}' not found", new Object[]{resAccessToken.getToken()});
            return Result.empty();
        }
        ResAccessTokenDetails resAccessTokenDetails = (ResAccessTokenDetails) loadAccessTokenDetails.get();
        if (resAccessTokenDetails.isExpired()) {
            log.debug("Access token '{}' was expired", new Object[]{resAccessToken.getToken()});
            this.tokenManager.removeAccessToken(resAccessToken);
            return Result.empty();
        }
        String clientId = resAccessTokenDetails.getClientId();
        String userId = resAccessTokenDetails.getUserId();
        UserDetails userDetails = null;
        ResClientPrincipal resClientPrincipal = null;
        if (!Strings.isEmpty(userId)) {
            userDetails = this.userDetailsLookup.lookupUserDetails(resAccessToken, userId);
            if (null == userDetails) {
                log.debug("User info not exists in remote authz server, user id -> {}, access token -> {}", new Object[]{userId, resAccessToken.getToken()});
                return Result.empty();
            }
        }
        if (!Strings.isEmpty(clientId)) {
            resClientPrincipal = new ResClientPrincipal(clientId);
        }
        SimpleResAuthentication simpleResAuthentication = new SimpleResAuthentication(resAccessToken, userDetails, resClientPrincipal);
        if (null != resAccessTokenDetails.getScope()) {
            simpleResAuthentication.setPermissions(Strings.split(resAccessTokenDetails.getScope(), ","));
        }
        cacheAuthentication(resAccessToken, resAccessTokenDetails, simpleResAuthentication);
        return Result.of(simpleResAuthentication);
    }

    public int getCacheSize() {
        return this.cacheSize;
    }

    public void setCacheSize(int i) {
        this.cacheSize = i;
    }

    public int getCacheExpiresInMs() {
        return this.cacheExpiresInMs;
    }

    public void setCacheExpiresInMs(int i) {
        this.cacheExpiresInMs = i;
    }

    public void postCreate(BeanFactory beanFactory) throws Throwable {
        this.authcCache = this.cacheManager.createSimpleLRUCache(this.cacheSize);
    }

    protected CachedAuthentication getCachedAuthentication(ResAccessToken resAccessToken) {
        return (CachedAuthentication) this.authcCache.get(resAccessToken.getToken());
    }

    protected void cacheAuthentication(ResAccessToken resAccessToken, ResAccessTokenDetails resAccessTokenDetails, ResAuthentication resAuthentication) {
        int i = this.cacheExpiresInMs;
        if (resAccessTokenDetails instanceof TimeExpirableSeconds) {
            i = ((TimeExpirableSeconds) resAccessTokenDetails).getExpiresInFormNow() * 1000;
        }
        this.authcCache.put(resAccessToken.getToken(), new CachedAuthentication(resAccessTokenDetails, resAuthentication, i));
    }

    protected void removeCachedAuthentication(ResAccessToken resAccessToken, CachedAuthentication cachedAuthentication) {
        this.authcCache.remove(resAccessToken.getToken());
    }
}
