package org.apache.pulsar.broker.authentication.oidc;

import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.CompletableFuture;
import javax.naming.AuthenticationException;
import javax.net.ssl.SSLSession;
import org.apache.pulsar.broker.authentication.AuthenticationDataCommand;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationState;
import org.apache.pulsar.common.api.AuthData;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/oidc/AuthenticationStateOpenID.class */
class AuthenticationStateOpenID implements AuthenticationState {
    private final AuthenticationProviderOpenID provider;
    private AuthenticationDataSource authenticationDataSource;
    private volatile String role;
    private final SocketAddress remoteAddress;
    private final SSLSession sslSession;
    private volatile long expiration;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationStateOpenID(AuthenticationProviderOpenID authenticationProviderOpenID, SocketAddress socketAddress, SSLSession sSLSession) {
        this.provider = authenticationProviderOpenID;
        this.remoteAddress = socketAddress;
        this.sslSession = sSLSession;
    }

    public String getAuthRole() throws AuthenticationException {
        if (this.role == null) {
            throw new AuthenticationException("Authentication has not completed");
        }
        return this.role;
    }

    @Deprecated
    public AuthData authenticate(AuthData authData) throws AuthenticationException {
        throw new AuthenticationException("Not supported");
    }

    public CompletableFuture<AuthData> authenticateAsync(AuthData authData) {
        this.authenticationDataSource = new AuthenticationDataCommand(new String(authData.getBytes(), StandardCharsets.UTF_8), this.remoteAddress, this.sslSession);
        return this.provider.authenticateTokenAsync(this.authenticationDataSource).thenApply(decodedJWT -> {
            this.role = this.provider.getRole(decodedJWT);
            this.expiration = decodedJWT.getExpiresAt().getTime();
            return null;
        });
    }

    public AuthenticationDataSource getAuthDataSource() {
        return this.authenticationDataSource;
    }

    public boolean isComplete() {
        return this.role != null;
    }

    public boolean isExpired() {
        return System.currentTimeMillis() > this.expiration;
    }
}
