package io.gardenerframework.camellia.authentication.server.administration.authorization.service.support;

import io.gardenerframework.camellia.authentication.server.administration.authorization.schema.request.RemoveUserAuthorizedAuthorizationRequest;
import io.gardenerframework.camellia.authentication.server.administration.authorization.service.UserAuthorizedOAuth2AuthorizationAdministrationService;
import io.gardenerframework.camellia.authentication.server.administration.configuration.UserAuthorizedOAuth2AuthorizationAdministrationComponent;
import io.gardenerframework.camellia.authentication.server.main.schema.UserAuthenticatedAuthentication;
import io.gardenerframework.fragrans.data.cache.client.CacheClient;
import io.gardenerframework.fragrans.data.cache.manager.BasicCacheManager;
import java.security.Principal;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.LinkedList;
import java.util.Map;
import lombok.NonNull;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.util.StringUtils;

@ConditionalOnMissingBean(value = {UserAuthorizedOAuth2AuthorizationAdministrationService.class}, ignored = {CachedUserAuthorizedOAuth2AuthorizationAdministrationService.class})
@UserAuthorizedOAuth2AuthorizationAdministrationComponent
@ConditionalOnBean({CacheClient.class})
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/administration/authorization/service/support/CachedUserAuthorizedOAuth2AuthorizationAdministrationService.class */
public class CachedUserAuthorizedOAuth2AuthorizationAdministrationService implements UserAuthorizedOAuth2AuthorizationAdministrationService, InitializingBean {
    private static final String[] NAMESPACE = {"camellia", "authentication", "server", "component", "administration", "oauth2-authorization"};
    private static final String SUFFIX = "command";
    private final CacheClient client;
    private BasicCacheManager<Date> commandCacheManager;

    @UserAuthorizedOAuth2AuthorizationAdministrationComponent
    @ConditionalOnClass({OAuth2AuthorizationService.class})
    @Aspect
    @ConditionalOnBean({CachedUserAuthorizedOAuth2AuthorizationAdministrationService.class})
    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/administration/authorization/service/support/CachedUserAuthorizedOAuth2AuthorizationAdministrationService$OAuth2AuthorizationServiceInterceptor.class */
    public static class OAuth2AuthorizationServiceInterceptor {
        private final OAuth2AuthorizationService oAuth2AuthorizationService;
        private final CachedUserAuthorizedOAuth2AuthorizationAdministrationService userAuthorizedOAuth2AuthorizationAdministrationService;

        @Around("execution(* org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService.findByToken(..))|| execution(* org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService.findById(..))")
        public Object onFind(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
            UserAuthenticatedAuthentication userAuthenticatedAuthentication;
            OAuth2Authorization oAuth2Authorization = (OAuth2Authorization) proceedingJoinPoint.proceed(proceedingJoinPoint.getArgs());
            if (oAuth2Authorization == null) {
                return null;
            }
            OAuth2Authorization.Token accessToken = oAuth2Authorization.getAccessToken();
            if (accessToken == null || accessToken.getToken() == null) {
                return oAuth2Authorization;
            }
            Instant issuedAt = accessToken.getToken().getIssuedAt();
            Map attributes = oAuth2Authorization.getAttributes();
            if (attributes != null && (userAuthenticatedAuthentication = (UserAuthenticatedAuthentication) attributes.get(Principal.class.getName())) != null) {
                String id = userAuthenticatedAuthentication.getUser().getId();
                String registeredClientId = oAuth2Authorization.getRegisteredClientId();
                Date commandExpiryTime = this.userAuthorizedOAuth2AuthorizationAdministrationService.getCommandExpiryTime(id, null, null);
                if (commandExpiryTime != null && issuedAt != null && commandExpiryTime.after(Date.from(issuedAt))) {
                    this.oAuth2AuthorizationService.remove(oAuth2Authorization);
                    return null;
                }
                Date commandExpiryTime2 = this.userAuthorizedOAuth2AuthorizationAdministrationService.getCommandExpiryTime(id, registeredClientId, null);
                if (commandExpiryTime2 == null || issuedAt == null || !commandExpiryTime2.after(Date.from(issuedAt))) {
                    return oAuth2Authorization;
                }
                this.oAuth2AuthorizationService.remove(oAuth2Authorization);
                return null;
            }
            return oAuth2Authorization;
        }

        public OAuth2AuthorizationServiceInterceptor(OAuth2AuthorizationService oAuth2AuthorizationService, CachedUserAuthorizedOAuth2AuthorizationAdministrationService cachedUserAuthorizedOAuth2AuthorizationAdministrationService) {
            this.oAuth2AuthorizationService = oAuth2AuthorizationService;
            this.userAuthorizedOAuth2AuthorizationAdministrationService = cachedUserAuthorizedOAuth2AuthorizationAdministrationService;
        }
    }

    @Override // io.gardenerframework.camellia.authentication.server.administration.authorization.service.UserAuthorizedOAuth2AuthorizationAdministrationService
    public void removeOAuth2Authorization(RemoveUserAuthorizedAuthorizationRequest removeUserAuthorizedAuthorizationRequest) throws Exception {
        this.commandCacheManager.set(NAMESPACE, buildRemoveOAuth2AuthorizationCommandId(removeUserAuthorizedAuthorizationRequest.getUserId(), removeUserAuthorizedAuthorizationRequest.getClientId(), removeUserAuthorizedAuthorizationRequest.getDeviceId()), SUFFIX, new Date(), Duration.ofHours(720L));
    }

    public void afterPropertiesSet() throws Exception {
        this.commandCacheManager = new BasicCacheManager<Date>(this.client) { // from class: io.gardenerframework.camellia.authentication.server.administration.authorization.service.support.CachedUserAuthorizedOAuth2AuthorizationAdministrationService.1
        };
    }

    private String buildRemoveOAuth2AuthorizationCommandId(@NonNull String str, @Nullable String str2, @Nullable String str3) {
        if (str == null) {
            throw new NullPointerException("userId is marked non-null but is null");
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(str);
        if (StringUtils.hasText(str2)) {
            linkedList.add(str2);
        }
        if (StringUtils.hasText(str3)) {
            linkedList.add(str3);
        }
        return String.join(".", linkedList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public Date getCommandExpiryTime(@NonNull String str, @Nullable String str2, @Nullable String str3) {
        if (str == null) {
            throw new NullPointerException("userId is marked non-null but is null");
        }
        return (Date) this.commandCacheManager.get(NAMESPACE, buildRemoveOAuth2AuthorizationCommandId(str, str2, str3), SUFFIX);
    }

    public CachedUserAuthorizedOAuth2AuthorizationAdministrationService(CacheClient cacheClient) {
        this.client = cacheClient;
    }
}
