package net.n2oapp.security.admin.auth.server;

import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.jwt.crypto.sign.RsaSigner;
import org.springframework.security.jwt.crypto.sign.Signer;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.util.JsonParser;
import org.springframework.security.oauth2.common.util.JsonParserFactory;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:net/n2oapp/security/admin/auth/server/AccessTokenEnhancer.class */
public class AccessTokenEnhancer extends JwtAccessTokenConverter {
    private JsonParser objectMapper = JsonParserFactory.create();
    private Signer signer;
    private String kid;

    protected String encode(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        if (this.kid == null) {
            return super.encode(oAuth2AccessToken, oAuth2Authentication);
        }
        try {
            return JwtHelper.encode(this.objectMapper.formatMap(getAccessTokenConverter().convertAccessToken(oAuth2AccessToken, oAuth2Authentication)), this.signer, Map.of("kid", this.kid)).getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot convert access token to JSON", e);
        }
    }

    public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        if (oAuth2AccessToken.getRefreshToken() != null) {
            try {
                Map decode = super.decode(oAuth2AccessToken.getRefreshToken().getValue());
                PreAuthenticatedAuthenticationToken userAuthentication = oAuth2Authentication.getUserAuthentication();
                Object details = userAuthentication.getDetails();
                if (details == null) {
                    details = new HashMap();
                }
                if (details instanceof Map) {
                    Map map = (Map) details;
                    map.put(UserTokenConverter.SID, decode.get(UserTokenConverter.SID));
                    userAuthentication.setDetails(map);
                }
            } catch (InvalidTokenException e) {
            }
        }
        return super.enhance(oAuth2AccessToken, oAuth2Authentication);
    }

    public void setKeyPair(KeyPair keyPair) {
        this.signer = new RsaSigner((RSAPrivateKey) keyPair.getPrivate());
        super.setKeyPair(keyPair);
    }

    public void setKid(String str) {
        this.kid = str;
    }
}
