package io.gardenerframework.camellia.authentication.server.main.spring.oauth2;

import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.main.schema.request.OAuth2TokenParameter;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Objects;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/oauth2/EnhancedOAuth2TokenCustomizer.class */
public class EnhancedOAuth2TokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
    public void customize(JwtEncodingContext jwtEncodingContext) {
        OAuth2TokenType tokenType = jwtEncodingContext.getTokenType();
        if (tokenType != null) {
            overwriteJwtEncodedTokenTtl(tokenType, jwtEncodingContext.getClaims(), jwtEncodingContext.getRegisteredClient());
        }
    }

    private void overwriteJwtEncodedTokenTtl(OAuth2TokenType oAuth2TokenType, JwtClaimsSet.Builder builder, RegisteredClient registeredClient) {
        Long tokenTtl;
        OAuth2TokenParameter oAuth2TokenParameter = (OAuth2TokenParameter) ((RequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getAttribute(OAuth2TokenParameter.class.getName(), 0);
        if (oAuth2TokenParameter == null || (tokenTtl = oAuth2TokenParameter.getTokenTtl()) == null) {
            return;
        }
        Duration accessTokenTimeToLive = registeredClient.getTokenSettings().getAccessTokenTimeToLive();
        if (OAuth2TokenType.REFRESH_TOKEN.equals(oAuth2TokenType)) {
            accessTokenTimeToLive = registeredClient.getTokenSettings().getRefreshTokenTimeToLive();
        }
        if (tokenTtl.longValue() <= accessTokenTimeToLive.getSeconds()) {
            Instant now = Instant.now();
            builder.issuedAt(now);
            builder.expiresAt(now.plus((TemporalAmount) Duration.ofSeconds(tokenTtl.longValue())));
        }
    }

    public OAuth2RefreshToken customizeRefreshToken(@Nullable OAuth2RefreshToken oAuth2RefreshToken) {
        if (oAuth2RefreshToken == null) {
            return null;
        }
        return overwriteRefreshTokenTtl(oAuth2RefreshToken);
    }

    private OAuth2RefreshToken overwriteRefreshTokenTtl(OAuth2RefreshToken oAuth2RefreshToken) {
        OAuth2TokenParameter oAuth2TokenParameter = (OAuth2TokenParameter) ((RequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getAttribute(OAuth2TokenParameter.class.getName(), 0);
        if (oAuth2TokenParameter == null || oAuth2TokenParameter.getTokenTtl() == null) {
            return oAuth2RefreshToken;
        }
        Instant now = Instant.now();
        Instant issuedAt = oAuth2RefreshToken.getIssuedAt();
        if (issuedAt == null) {
            issuedAt = now;
        }
        Instant expiresAt = oAuth2RefreshToken.getExpiresAt();
        if ((expiresAt == null ? Duration.ofSeconds(oAuth2TokenParameter.getTokenTtl().longValue()) : Duration.between(issuedAt, expiresAt)).getSeconds() > oAuth2TokenParameter.getTokenTtl().longValue()) {
            oAuth2RefreshToken = new OAuth2RefreshToken(oAuth2RefreshToken.getTokenValue(), issuedAt, issuedAt.plus((TemporalAmount) Duration.ofSeconds(oAuth2TokenParameter.getTokenTtl().longValue())));
        }
        return oAuth2RefreshToken;
    }
}
