package io.gardenerframework.camellia.authentication.server.main.spring.oauth2;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.fasterxml.jackson.datatype.jsr310.deser.LocalDateTimeDeserializer;
import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.configuration.OAuth2AuthorizationConsentOption;
import io.gardenerframework.fragrans.data.cache.client.RedisCacheClient;
import io.gardenerframework.fragrans.data.cache.lock.CacheLock;
import io.gardenerframework.fragrans.data.cache.lock.context.LockContext;
import io.gardenerframework.fragrans.data.cache.lock.context.ServletRequestLockContextHolder;
import io.gardenerframework.fragrans.data.cache.serialize.JdkSerializer;
import io.gardenerframework.fragrans.data.cache.serialize.LongSerializer;
import io.gardenerframework.fragrans.data.cache.serialize.StringSerializer;
import io.gardenerframework.fragrans.log.GenericLoggerStaticAccessor;
import io.gardenerframework.fragrans.log.common.schema.state.Done;
import io.gardenerframework.fragrans.log.common.schema.verb.Delete;
import io.gardenerframework.fragrans.log.common.schema.verb.Read;
import io.gardenerframework.fragrans.log.common.schema.verb.Start;
import io.gardenerframework.fragrans.log.common.schema.verb.Update;
import io.gardenerframework.fragrans.log.schema.content.GenericOperationLogContent;
import io.gardenerframework.fragrans.log.schema.details.Detail;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/oauth2/CachedOAuth2AuthorizationService.class */
public class CachedOAuth2AuthorizationService implements OAuth2AuthorizationService {
    private static final Logger log = LoggerFactory.getLogger(CachedOAuth2AuthorizationService.class);
    private static final String NAMESPACE_HEADER = "camellia:authentication:server:engine:token:";
    private final RedisCacheClient cacheClient;
    private final OAuth2AuthorizationConsentOption options;
    private final StringSerializer scriptKeySerializer = new StringSerializer();
    private final JdkSerializer<OAuth2Authorization> valueSerializer = new JdkSerializer<>();
    private final CacheLock cacheLock;
    private String queryScript;
    private String updateScript;
    private String deleteScript;

    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/oauth2/CachedOAuth2AuthorizationService$OAuth2AuthorizationDetail.class */
    private class OAuth2AuthorizationDetail implements Detail {
        private String authorization;

        public OAuth2AuthorizationDetail(OAuth2Authorization oAuth2Authorization) {
            try {
                ObjectMapper objectMapper = new ObjectMapper();
                JavaTimeModule javaTimeModule = new JavaTimeModule();
                javaTimeModule.addDeserializer(LocalDateTime.class, new LocalDateTimeDeserializer(DateTimeFormatter.ISO_DATE_TIME));
                objectMapper.registerModule(javaTimeModule);
                objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
                this.authorization = objectMapper.writeValueAsString(oAuth2Authorization);
            } catch (JsonProcessingException e) {
            }
        }

        public String getAuthorization() {
            return this.authorization;
        }

        public void setAuthorization(String str) {
            this.authorization = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof OAuth2AuthorizationDetail)) {
                return false;
            }
            OAuth2AuthorizationDetail oAuth2AuthorizationDetail = (OAuth2AuthorizationDetail) obj;
            if (!oAuth2AuthorizationDetail.canEqual(this)) {
                return false;
            }
            String authorization = getAuthorization();
            String authorization2 = oAuth2AuthorizationDetail.getAuthorization();
            return authorization == null ? authorization2 == null : authorization.equals(authorization2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof OAuth2AuthorizationDetail;
        }

        public int hashCode() {
            String authorization = getAuthorization();
            return (1 * 59) + (authorization == null ? 43 : authorization.hashCode());
        }

        public String toString() {
            return "CachedOAuth2AuthorizationService.OAuth2AuthorizationDetail(authorization=" + getAuthorization() + ")";
        }

        public OAuth2AuthorizationDetail() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/oauth2/CachedOAuth2AuthorizationService$TokenEssentials.class */
    public static class TokenEssentials {
        private String value;
        private long ttl;

        public String getValue() {
            return this.value;
        }

        public long getTtl() {
            return this.ttl;
        }

        public void setValue(String str) {
            this.value = str;
        }

        public void setTtl(long j) {
            this.ttl = j;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TokenEssentials)) {
                return false;
            }
            TokenEssentials tokenEssentials = (TokenEssentials) obj;
            if (!tokenEssentials.canEqual(this) || getTtl() != tokenEssentials.getTtl()) {
                return false;
            }
            String value = getValue();
            String value2 = tokenEssentials.getValue();
            return value == null ? value2 == null : value.equals(value2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof TokenEssentials;
        }

        public int hashCode() {
            long ttl = getTtl();
            int i = (1 * 59) + ((int) ((ttl >>> 32) ^ ttl));
            String value = getValue();
            return (i * 59) + (value == null ? 43 : value.hashCode());
        }

        public String toString() {
            return "CachedOAuth2AuthorizationService.TokenEssentials(value=" + getValue() + ", ttl=" + getTtl() + ")";
        }

        public TokenEssentials(String str, long j) {
            this.value = "";
            this.ttl = 0L;
            this.value = str;
            this.ttl = j;
        }

        public TokenEssentials() {
            this.value = "";
            this.ttl = 0L;
        }
    }

    public CachedOAuth2AuthorizationService(RedisCacheClient redisCacheClient, OAuth2AuthorizationConsentOption oAuth2AuthorizationConsentOption) throws IOException {
        Assert.isTrue(redisCacheClient.supportLuaScript(), "client must be RedisCacheClient and support lua script");
        this.cacheClient = redisCacheClient;
        this.cacheLock = new CacheLock(this.cacheClient, new ServletRequestLockContextHolder());
        loadQueryScript();
        loadUpdateScript();
        loadDeleteScript();
        this.options = oAuth2AuthorizationConsentOption;
    }

    private String loadScriptFile(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ClassPathResource(str).getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return sb.toString();
                }
                sb.append(readLine);
                sb.append("\n");
            }
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    private void loadQueryScript() throws IOException {
        if (this.queryScript == null || !this.cacheClient.scriptExists(this.queryScript)) {
            this.queryScript = this.cacheClient.loadLuaScriptFile("authentication-server-engine/scripts/oauth2-authorization-service/read-by-index.lua");
        }
    }

    private void loadUpdateScript() throws IOException {
        if (this.updateScript == null || !this.cacheClient.scriptExists(this.updateScript)) {
            this.updateScript = this.cacheClient.loadLuaScriptFile("authentication-server-engine/scripts/oauth2-authorization-service/update.lua");
        }
    }

    private void loadDeleteScript() throws IOException {
        if (this.deleteScript == null || !this.cacheClient.scriptExists(this.deleteScript)) {
            this.deleteScript = this.cacheClient.loadLuaScriptFile("authentication-server-engine/scripts/oauth2-authorization-service/remove.lua");
        }
    }

    private String composeTokenKey(String str, String str2) {
        return !StringUtils.hasText(str) ? "" : String.format("camellia:authentication:server:engine:token:{%s}.%s", str, str2);
    }

    private String composeIdKey(String str) {
        return NAMESPACE_HEADER + String.format("{%s}.object", str);
    }

    private String composeLockKey(String str) {
        return NAMESPACE_HEADER + String.format("{%s}.lock", str);
    }

    private long calculateTtl(Instant instant, Instant instant2) {
        if (instant2 == null) {
            return 0L;
        }
        return Duration.between(instant, instant2).getSeconds();
    }

    private String extractTokenValue(OAuth2Authorization.Token<?> token) {
        return token == null ? "" : token.getToken().getTokenValue();
    }

    private long extractTokenTtl(OAuth2Authorization.Token<?> token) {
        if (token == null) {
            return 0L;
        }
        return calculateTtl(token.getToken().getIssuedAt(), token.getToken().getExpiresAt());
    }

    private Map<String, TokenEssentials> buildIndex(@Nullable OAuth2Authorization oAuth2Authorization) {
        HashMap hashMap = new HashMap(5);
        if (oAuth2Authorization == null) {
            hashMap.put("state", new TokenEssentials());
            hashMap.put("code", new TokenEssentials());
            hashMap.put(OAuth2TokenType.ACCESS_TOKEN.getValue(), new TokenEssentials());
            hashMap.put("id_token", new TokenEssentials());
            hashMap.put(OAuth2TokenType.REFRESH_TOKEN.getValue(), new TokenEssentials());
        } else {
            hashMap.put("state", new TokenEssentials(oAuth2Authorization.getAttribute("state") == null ? "" : (String) oAuth2Authorization.getAttribute("state"), oAuth2Authorization.getAttribute("state") == null ? 0L : this.options.getConsentStateTtl()));
            hashMap.put("code", new TokenEssentials(extractTokenValue(oAuth2Authorization.getToken(OAuth2AuthorizationCode.class)), extractTokenTtl(oAuth2Authorization.getToken(OAuth2AuthorizationCode.class))));
            hashMap.put(OAuth2TokenType.ACCESS_TOKEN.getValue(), new TokenEssentials(extractTokenValue(oAuth2Authorization.getAccessToken()), extractTokenTtl(oAuth2Authorization.getAccessToken())));
            hashMap.put("id_token", new TokenEssentials(extractTokenValue(oAuth2Authorization.getToken(OidcIdToken.class)), extractTokenTtl(oAuth2Authorization.getToken(OidcIdToken.class))));
            hashMap.put(OAuth2TokenType.REFRESH_TOKEN.getValue(), new TokenEssentials(extractTokenValue(oAuth2Authorization.getRefreshToken()), extractTokenTtl(oAuth2Authorization.getRefreshToken())));
        }
        return hashMap;
    }

    private long calculateMaxTtl(Map<String, TokenEssentials> map) {
        long j = 0;
        for (TokenEssentials tokenEssentials : map.values()) {
            if (tokenEssentials.getTtl() > j) {
                j = tokenEssentials.getTtl();
            }
        }
        return j;
    }

    /* JADX WARN: Type inference failed for: r3v6, types: [byte[], byte[][]] */
    public void save(OAuth2Authorization oAuth2Authorization) {
        GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(OAuth2Authorization.class).operation(new Update()).state(new Start()).detail(new OAuth2AuthorizationDetail(oAuth2Authorization)).build(), (Throwable) null);
        Duration ofSeconds = Duration.ofSeconds(20L);
        LockContext lock = this.cacheLock.lock(composeLockKey(oAuth2Authorization.getId()), ofSeconds);
        Instant now = Instant.now();
        try {
            Map<String, TokenEssentials> buildIndex = buildIndex(findById(oAuth2Authorization.getId()));
            Map<String, TokenEssentials> buildIndex2 = buildIndex(oAuth2Authorization);
            this.cacheClient.executeScript(this.updateScript, 11, (byte[][]) new byte[]{this.scriptKeySerializer.serialize(composeIdKey(oAuth2Authorization.getId())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("state").getValue(), "state")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("code").getValue(), "code")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get(OAuth2TokenType.ACCESS_TOKEN.getValue()).getValue(), OAuth2TokenType.ACCESS_TOKEN.getValue())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("id_token").getValue(), "id_token")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get(OAuth2TokenType.REFRESH_TOKEN.getValue()).getValue(), OAuth2TokenType.REFRESH_TOKEN.getValue())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex2.get("state").getValue(), "state")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex2.get("code").getValue(), "code")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex2.get(OAuth2TokenType.ACCESS_TOKEN.getValue()).getValue(), OAuth2TokenType.ACCESS_TOKEN.getValue())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex2.get("id_token").getValue(), "id_token")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex2.get(OAuth2TokenType.REFRESH_TOKEN.getValue()).getValue(), OAuth2TokenType.REFRESH_TOKEN.getValue())), this.valueSerializer.serialize(oAuth2Authorization), new LongSerializer().serialize(Long.valueOf(this.options.getConsentStateTtl())), new LongSerializer().serialize(Long.valueOf(calculateMaxTtl(buildIndex2)))});
            GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(OAuth2Authorization.class).operation(new Update()).state(new Done()).detail(new OAuth2AuthorizationDetail(oAuth2Authorization)).build(), (Throwable) null);
            if (Duration.between(now, Instant.now()).getSeconds() <= ofSeconds.getSeconds()) {
                this.cacheLock.releaseLock(composeLockKey(oAuth2Authorization.getId()), lock);
            }
        } catch (Throwable th) {
            if (Duration.between(now, Instant.now()).getSeconds() <= ofSeconds.getSeconds()) {
                this.cacheLock.releaseLock(composeLockKey(oAuth2Authorization.getId()), lock);
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r3v6, types: [byte[], byte[][]] */
    public void remove(OAuth2Authorization oAuth2Authorization) {
        GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(OAuth2Authorization.class).operation(new Delete()).state(new Start()).detail(new OAuth2AuthorizationDetail(oAuth2Authorization)).build(), (Throwable) null);
        Map<String, TokenEssentials> buildIndex = buildIndex(findById(oAuth2Authorization.getId()));
        this.cacheClient.executeScript(this.deleteScript, 6, (byte[][]) new byte[]{this.scriptKeySerializer.serialize(composeIdKey(oAuth2Authorization.getId())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("state").getValue(), "state")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("code").getValue(), "code")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get(OAuth2TokenType.ACCESS_TOKEN.getValue()).getValue(), OAuth2TokenType.ACCESS_TOKEN.getValue())), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get("id_token").getValue(), "id_token")), this.scriptKeySerializer.serialize(composeTokenKey(buildIndex.get(OAuth2TokenType.REFRESH_TOKEN.getValue()).getValue(), OAuth2TokenType.REFRESH_TOKEN.getValue()))});
        GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(OAuth2Authorization.class).operation(new Delete()).state(new Done()).detail(new OAuth2AuthorizationDetail(oAuth2Authorization)).build(), (Throwable) null);
    }

    public OAuth2Authorization findById(String str) {
        return (OAuth2Authorization) this.valueSerializer.deserialize(this.cacheClient.get(composeIdKey(str)));
    }

    /* JADX WARN: Type inference failed for: r4v4, types: [byte[], byte[][]] */
    public OAuth2Authorization findByToken(String str, final OAuth2TokenType oAuth2TokenType) {
        HashSet hashSet = new HashSet(4);
        GenericLoggerStaticAccessor.operationLogger().debug(log, GenericOperationLogContent.builder().what(OAuth2Authorization.class).operation(new Read()).state(new Start()).detail(new Detail() { // from class: io.gardenerframework.camellia.authentication.server.main.spring.oauth2.CachedOAuth2AuthorizationService.1
            private final String type;

            {
                this.type = oAuth2TokenType == null ? null : oAuth2TokenType.getValue();
            }
        }).build(), (Throwable) null);
        if (oAuth2TokenType == null) {
            hashSet.addAll(Arrays.asList("state", "code", OAuth2TokenType.ACCESS_TOKEN.getValue(), "id_token", OAuth2TokenType.REFRESH_TOKEN.getValue()));
        } else {
            hashSet.add(oAuth2TokenType.getValue());
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            OAuth2Authorization oAuth2Authorization = (OAuth2Authorization) this.valueSerializer.deserialize(this.cacheClient.executeScript(this.queryScript, 1, (byte[][]) new byte[]{this.scriptKeySerializer.serialize(composeTokenKey(str, (String) it.next()))}));
            if (oAuth2Authorization != null) {
                return oAuth2Authorization;
            }
        }
        return null;
    }
}
