package leap.oauth2.rs.token;

import java.security.interfaces.RSAPublicKey;
import java.util.Map;
import java.util.Objects;
import leap.core.annotation.Inject;
import leap.core.security.token.TokenVerifyException;
import leap.core.security.token.jwt.JwtVerifier;
import leap.lang.Result;
import leap.oauth2.OAuth2Params;
import leap.oauth2.rs.OAuth2ResServerConfig;
import leap.web.security.SecurityConfig;
import leap.web.security.user.UserDetails;

/* loaded from: input_file:leap/oauth2/rs/token/JwtBearerResAccessTokenStore.class */
public class JwtBearerResAccessTokenStore implements ResBearerAccessTokenStore {
    protected RSAPublicKey publicKey;

    @Inject
    protected SecurityConfig sc;

    @Inject
    protected OAuth2ResServerConfig rsc;

    @Override // leap.oauth2.rs.token.ResAccessTokenStore
    public Result<ResAccessTokenDetails> loadAccessTokenDetails(ResAccessToken resAccessToken) {
        JwtVerifier jwtVerifier = this.rsc.getJwtVerifier();
        if (jwtVerifier == null) {
            throw new TokenVerifyException(TokenVerifyException.ErrorCode.VERIFY_FAILED, "the jwt verifier must be specified!");
        }
        Map verify = jwtVerifier.verify(resAccessToken.getToken());
        SimpleResAccessTokenDetails simpleResAccessTokenDetails = new SimpleResAccessTokenDetails();
        Object remove = verify.remove("user_id");
        UserDetails loadUserDetailsById = remove != null ? this.sc.getUserStore().loadUserDetailsById(remove) : this.sc.getUserStore().loadUserDetailsByLoginName(Objects.toString(verify.remove(OAuth2Params.USERNAME)));
        if (loadUserDetailsById == null) {
            return Result.EMPTY;
        }
        simpleResAccessTokenDetails.setUserId(loadUserDetailsById == null ? null : loadUserDetailsById.getIdAsString());
        simpleResAccessTokenDetails.setScope((String) verify.remove(OAuth2Params.SCOPE));
        simpleResAccessTokenDetails.setClientId((String) verify.remove(OAuth2Params.CLIENT_ID));
        simpleResAccessTokenDetails.setCreated(System.currentTimeMillis());
        try {
            Object obj = verify.get("expires_in");
            if (obj == null) {
                throw new IllegalStateException("'expires_in' not found in jwt token");
            }
            simpleResAccessTokenDetails.setExpiresIn((obj instanceof Integer ? ((Integer) obj).intValue() : Integer.parseInt(obj.toString())) * 1000);
            return Result.of(simpleResAccessTokenDetails);
        } catch (NumberFormatException e) {
            throw new IllegalStateException("Invalid expires_in : " + e.getMessage(), e);
        }
    }

    @Override // leap.oauth2.rs.token.ResAccessTokenStore
    public void removeAccessToken(ResAccessToken resAccessToken) {
    }

    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(RSAPublicKey rSAPublicKey) {
        this.publicKey = rSAPublicKey;
    }
}
