package cz.integsoft.mule.security.internal.component;

import cz.integsoft.mule.security.api.SecurityErrorCode;
import cz.integsoft.mule.security.api.TokenCacheManager;
import cz.integsoft.mule.security.api.UserSource;
import cz.integsoft.mule.security.api.error.SecurityModuleError;
import cz.integsoft.mule.security.api.exception.GenericSecurityException;
import cz.integsoft.mule.security.internal.vo.TokenHolder;
import java.text.MessageFormat;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReentrantLock;
import java.util.function.Function;
import org.keycloak.common.util.Time;
import org.keycloak.representations.AccessTokenResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.Cache;

/* loaded from: input_file:cz/integsoft/mule/security/internal/component/InfinispanTokenCacheManager.class */
public class InfinispanTokenCacheManager implements TokenCacheManager {
    private static final Logger a = LoggerFactory.getLogger(InfinispanTokenCacheManager.class);
    private static final int ap = 5;
    private final Map<String, Cache> aq = new ConcurrentHashMap();
    private final ReentrantLock ar = new ReentrantLock(true);

    public InfinispanTokenCacheManager() {
        a.info("Constructing SSO token cache manager");
    }

    @Override // cz.integsoft.mule.security.api.TokenCacheManager
    public boolean store(String str, String str2, AccessTokenResponse accessTokenResponse, UserSource userSource, String str3) throws GenericSecurityException {
        Objects.requireNonNull(str, "The cache key must not be null");
        Objects.requireNonNull(str2, "The Authorization header value must not be null");
        Objects.requireNonNull(userSource, "The user source must not be null");
        Objects.requireNonNull(str3, "The realm must not be null");
        Cache cache = this.aq.get(str);
        if (cache == null) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_CACHE_001, "Failed to find cache under key " + str);
        }
        cache.put(a(str2, userSource, str3), new TokenHolder(accessTokenResponse));
        return true;
    }

    @Override // cz.integsoft.mule.security.api.TokenCacheManager
    public AccessTokenResponse get(String str, String str2, UserSource userSource, String str3, Function<String, AccessTokenResponse> function) throws GenericSecurityException {
        Objects.requireNonNull(str, "The cache key must not be null");
        Objects.requireNonNull(str2, "The Authorization header value must not be null");
        Objects.requireNonNull(userSource, "The user source must not be null");
        Objects.requireNonNull(str3, "The realm must not be null");
        Cache cache = this.aq.get(str);
        if (cache == null) {
            throw new GenericSecurityException(SecurityModuleError.GENERIC_SECURITY, SecurityErrorCode.SEC_CACHE_001, "Failed to find cache under key " + str);
        }
        TokenHolder tokenHolder = (TokenHolder) cache.get(a(str2, userSource, str3), TokenHolder.class);
        if (tokenHolder == null) {
            return null;
        }
        if (a(tokenHolder)) {
            a.debug("Access token is still valid, so returning it");
            return tokenHolder.getAccessTokenResponse();
        }
        a.debug("Access token is not valid, will try refresh...");
        if (!b(tokenHolder)) {
            a.debug("Also refresh token is not valid...");
            cache.evict(tokenHolder);
            return null;
        }
        AccessTokenResponse apply = function.apply(tokenHolder.getAccessTokenResponse().getRefreshToken());
        a.debug("Refreshed access token");
        cache.put(a(str2, userSource, str3), new TokenHolder(apply));
        return apply;
    }

    @Override // cz.integsoft.mule.security.api.TokenCacheManager
    public boolean register(String str, Cache cache) {
        Objects.requireNonNull(str, "The cache key must not be null");
        Objects.requireNonNull(cache, "The cache must not be null");
        try {
            this.ar.lock();
            if (this.aq.containsKey(str)) {
                return false;
            }
            this.aq.put(str, cache);
            this.ar.unlock();
            return true;
        } finally {
            this.ar.unlock();
        }
    }

    private String a(String str, UserSource userSource, String str2) {
        return MessageFormat.format("ssokey-{0}-{1}-{2}", str2, userSource.name(), str);
    }

    private boolean a(TokenHolder tokenHolder) {
        if (tokenHolder.getAccessToken() == null || !tokenHolder.getAccessToken().isActive()) {
            return false;
        }
        if (a.isDebugEnabled()) {
            a.debug("Access token expiration is {} and current time is {}", Integer.valueOf(tokenHolder.getAccessToken().getExpiration()), Integer.valueOf(Time.currentTime() + ap));
        }
        return (Time.currentTime() + ap) - tokenHolder.getAccessToken().getExpiration() < 0;
    }

    private boolean b(TokenHolder tokenHolder) {
        if (tokenHolder.getRefreshToken() == null || !tokenHolder.getRefreshToken().isActive()) {
            return false;
        }
        if (a.isDebugEnabled()) {
            a.debug("Refresh token expiration is {} and current time is {}", Integer.valueOf(tokenHolder.getRefreshToken().getExpiration()), Integer.valueOf(Time.currentTime() + ap));
        }
        return (Time.currentTime() + ap) - tokenHolder.getRefreshToken().getExpiration() < 0;
    }
}
