package org.apache.cxf.rs.security.oauth2.provider;

import java.net.URI;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.cache.Cache;
import javax.cache.CacheManager;
import javax.cache.Caching;
import javax.cache.configuration.MutableConfiguration;
import javax.cache.spi.CachingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils;

/* loaded from: input_file:lib/cxf-shade-9.1.0.jar:org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.class */
public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider {
    public static final String CLIENT_CACHE_KEY = "cxf.oauth2.client.cache";
    public static final String ACCESS_TOKEN_CACHE_KEY = "cxf.oauth2.accesstoken.cache";
    public static final String REFRESH_TOKEN_CACHE_KEY = "cxf.oauth2.refreshtoken.cache";
    public static final String DEFAULT_CONFIG_URL = "cxf-oauth2-ehcache3.xml";
    protected final CacheManager cacheManager;
    private final Cache<String, Client> clientCache;
    private Cache<String, ServerAccessToken> accessTokenCache;
    private Cache<String, String> jwtAccessTokenCache;
    private final Cache<String, RefreshToken> refreshTokenCache;
    private boolean storeJwtTokenKeyOnly;
    private JoseJwtConsumer jwtTokenConsumer;

    public JCacheOAuthDataProvider() {
        this(false);
    }

    public JCacheOAuthDataProvider(boolean z) {
        this(DEFAULT_CONFIG_URL, BusFactory.getThreadDefaultBus(true), z);
    }

    public JCacheOAuthDataProvider(String str, Bus bus) {
        this(str, bus, false);
    }

    public JCacheOAuthDataProvider(String str, Bus bus, boolean z) {
        this(str, bus, CLIENT_CACHE_KEY, ACCESS_TOKEN_CACHE_KEY, REFRESH_TOKEN_CACHE_KEY, z);
    }

    public JCacheOAuthDataProvider(String str, Bus bus, String str2, String str3, String str4) {
        this(str, bus, str2, str3, str4, false);
    }

    public JCacheOAuthDataProvider(String str, Bus bus, String str2, String str3, String str4, boolean z) {
        this.cacheManager = createCacheManager(str, bus);
        this.clientCache = createCache(this.cacheManager, str2, String.class, Client.class);
        this.storeJwtTokenKeyOnly = z;
        if (z) {
            this.jwtAccessTokenCache = createCache(this.cacheManager, str3, String.class, String.class);
        } else {
            this.accessTokenCache = createCache(this.cacheManager, str3, String.class, ServerAccessToken.class);
        }
        this.refreshTokenCache = createCache(this.cacheManager, str4, String.class, RefreshToken.class);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public Client doGetClient(String str) throws OAuthServiceException {
        return (Client) this.clientCache.get(str);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public void setClient(Client client) {
        this.clientCache.put(client.getClientId(), client);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public void doRemoveClient(Client client) {
        this.clientCache.remove(client.getClientId());
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public List<Client> getClients(UserSubject userSubject) {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.clientCache.iterator();
        while (it.hasNext()) {
            Client client = (Client) ((Cache.Entry) it.next()).getValue();
            if (isClientMatched(client, userSubject)) {
                arrayList.add(client);
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject userSubject) {
        return (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) ? getJwtAccessTokens(client, userSubject) : getTokens(this.accessTokenCache, client, userSubject);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<RefreshToken> getRefreshTokens(Client client, UserSubject userSubject) {
        return getTokens(this.refreshTokenCache, client, userSubject);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getAccessToken(String str) throws OAuthServiceException {
        return (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) ? getJwtAccessToken(str) : getToken(this.accessTokenCache, str);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeAccessToken(ServerAccessToken serverAccessToken) {
        if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
            this.jwtAccessTokenCache.remove(serverAccessToken.getTokenKey());
        } else {
            this.accessTokenCache.remove(serverAccessToken.getTokenKey());
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected RefreshToken getRefreshToken(String str) {
        return (RefreshToken) getToken(this.refreshTokenCache, str);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeRefreshToken(RefreshToken refreshToken) {
        this.refreshTokenCache.remove(refreshToken.getTokenKey());
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveAccessToken(ServerAccessToken serverAccessToken) {
        if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
            this.jwtAccessTokenCache.put(serverAccessToken.getTokenKey(), serverAccessToken.getTokenKey());
        } else {
            this.accessTokenCache.put(serverAccessToken.getTokenKey(), serverAccessToken);
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveRefreshToken(RefreshToken refreshToken) {
        this.refreshTokenCache.put(refreshToken.getTokenKey(), refreshToken);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public void linkRefreshTokenToAccessToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        super.linkRefreshTokenToAccessToken(refreshToken, serverAccessToken);
        if (isStoreJwtTokenKeyOnly()) {
            return;
        }
        this.accessTokenCache.replace(serverAccessToken.getTokenKey(), serverAccessToken);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public void close() {
        this.clientCache.close();
        this.refreshTokenCache.close();
        if (this.accessTokenCache != null) {
            this.accessTokenCache.close();
        } else {
            this.jwtAccessTokenCache.close();
        }
        this.cacheManager.close();
    }

    protected static <V extends ServerAccessToken> V getToken(Cache<String, V> cache, String str) {
        ServerAccessToken serverAccessToken = (ServerAccessToken) cache.get(str);
        if (serverAccessToken != null && isExpired(serverAccessToken)) {
            cache.remove(str);
            serverAccessToken = null;
        }
        return (V) serverAccessToken;
    }

    protected ServerAccessToken getJwtAccessToken(String str) {
        String str2 = (String) this.jwtAccessTokenCache.get(str);
        ServerAccessToken serverAccessToken = null;
        if (str2 != null) {
            serverAccessToken = JwtTokenUtils.createAccessTokenFromJwt(this.jwtTokenConsumer == null ? new JoseJwtConsumer() : this.jwtTokenConsumer, str2, this, super.getJwtAccessTokenClaimMap());
            if (isExpired(serverAccessToken)) {
                this.jwtAccessTokenCache.remove(str);
                serverAccessToken = null;
            }
        }
        return serverAccessToken;
    }

    protected static <K, V extends ServerAccessToken> List<V> getTokens(Cache<K, V> cache, Client client, UserSubject userSubject) {
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        Iterator it = cache.iterator();
        while (it.hasNext()) {
            Cache.Entry entry = (Cache.Entry) it.next();
            ServerAccessToken serverAccessToken = (ServerAccessToken) entry.getValue();
            if (isExpired(serverAccessToken)) {
                hashSet.add(entry.getKey());
            } else if (isTokenMatched(serverAccessToken, client, userSubject)) {
                arrayList.add(serverAccessToken);
            }
        }
        cache.removeAll(hashSet);
        return arrayList;
    }

    protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject userSubject) {
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        Iterator it = this.jwtAccessTokenCache.iterator();
        while (it.hasNext()) {
            Cache.Entry entry = (Cache.Entry) it.next();
            ServerAccessToken createAccessTokenFromJwt = JwtTokenUtils.createAccessTokenFromJwt(this.jwtTokenConsumer == null ? new JoseJwtConsumer() : this.jwtTokenConsumer, (String) entry.getValue(), this, super.getJwtAccessTokenClaimMap());
            if (isExpired(createAccessTokenFromJwt)) {
                hashSet.add(entry.getKey());
            } else if (isTokenMatched(createAccessTokenFromJwt, client, userSubject)) {
                arrayList.add(createAccessTokenFromJwt);
            }
        }
        this.jwtAccessTokenCache.removeAll(hashSet);
        return arrayList;
    }

    protected static boolean isExpired(ServerAccessToken serverAccessToken) {
        return System.currentTimeMillis() < serverAccessToken.getIssuedAt() + serverAccessToken.getExpiresIn();
    }

    protected static CacheManager createCacheManager(String str, Bus bus) {
        URI defaultURI;
        if (bus == null) {
            bus = BusFactory.getThreadDefaultBus(true);
        }
        CachingProvider cachingProvider = Caching.getCachingProvider();
        try {
            defaultURI = ResourceUtils.getClasspathResourceURL(str, JCacheOAuthDataProvider.class, bus).toURI();
        } catch (Exception e) {
            defaultURI = cachingProvider.getDefaultURI();
        }
        return cachingProvider.getCacheManager(defaultURI, Thread.currentThread().getContextClassLoader());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static <K, V> Cache<K, V> createCache(CacheManager cacheManager, String str, Class<K> cls, Class<V> cls2) {
        Cache<K, V> cache = cacheManager.getCache(str, cls, cls2);
        if (cache == null) {
            cache = cacheManager.createCache(str, new MutableConfiguration().setTypes(cls, cls2).setStoreByValue(true).setStatisticsEnabled(false));
        }
        return cache;
    }

    public boolean isStoreJwtTokenKeyOnly() {
        return this.storeJwtTokenKeyOnly;
    }

    public void setJwtTokenConsumer(JoseJwtConsumer joseJwtConsumer) {
        this.jwtTokenConsumer = joseJwtConsumer;
    }
}
