package it.geosolutions.geostore.services.rest.security;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.RemovalCause;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Configuration;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils;
import it.geosolutions.geostore.services.rest.security.oauth2.TokenDetails;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.apache.log4j.Logger;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.http.HttpEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:it/geosolutions/geostore/services/rest/security/TokenAuthenticationCache.class */
public class TokenAuthenticationCache implements ApplicationContextAware {
    private ApplicationContext context;
    private static final Logger LOGGER = Logger.getLogger(TokenAuthenticationCache.class);
    private int cacheSize = 1000;
    private int cacheExpirationMinutes = 8;
    private Cache<String, Authentication> cache = CacheBuilder.newBuilder().maximumSize(this.cacheSize).expireAfterWrite(this.cacheExpirationMinutes, TimeUnit.HOURS).removalListener(removalNotification -> {
        if (removalNotification.getCause().equals(RemovalCause.EXPIRED)) {
            revokeAuthIfRefreshExpired((Authentication) removalNotification.getValue());
        }
    }).build();

    protected void revokeAuthIfRefreshExpired(Authentication authentication) {
        OAuth2Configuration.Endpoint buildRevokeEndpoint;
        TokenDetails tokenDetails = OAuth2Utils.getTokenDetails(authentication);
        if (tokenDetails == null || tokenDetails.getAccessToken() == null) {
            return;
        }
        ExpiringOAuth2RefreshToken refreshToken = tokenDetails.getAccessToken().getRefreshToken();
        if (refreshToken instanceof ExpiringOAuth2RefreshToken) {
            ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken = refreshToken;
            OAuth2Configuration oAuth2Configuration = (OAuth2Configuration) this.context.getBean(tokenDetails.getProvider());
            if (!expiringOAuth2RefreshToken.getExpiration().after(new Date()) || (buildRevokeEndpoint = oAuth2Configuration.buildRevokeEndpoint(expiringOAuth2RefreshToken.getValue())) == null) {
                return;
            }
            ResponseEntity exchange = new RestTemplate().exchange(buildRevokeEndpoint.getUrl(), buildRevokeEndpoint.getMethod(), (HttpEntity) null, String.class, new Object[0]);
            if (exchange.getStatusCode().value() != 200) {
                LOGGER.error("Error while revoking authorization. Error is: " + ((String) exchange.getBody()));
            }
        }
    }

    public Authentication get(String str) {
        return (Authentication) this.cache.asMap().get(str);
    }

    public Authentication putCacheEntry(String str, Authentication authentication) {
        TokenDetails tokenDetails = OAuth2Utils.getTokenDetails(get(str));
        if (tokenDetails != null) {
            TokenDetails tokenDetails2 = OAuth2Utils.getTokenDetails(authentication);
            OAuth2AccessToken accessToken = tokenDetails2.getAccessToken();
            OAuth2AccessToken accessToken2 = tokenDetails.getAccessToken();
            if (accessToken.getRefreshToken() == null && accessToken2 != null) {
                DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(accessToken.getValue());
                defaultOAuth2AccessToken.setRefreshToken(accessToken2.getRefreshToken());
                tokenDetails2.setAccessToken(defaultOAuth2AccessToken);
            }
        }
        this.cache.put(str, authentication);
        return authentication;
    }

    public void removeEntry(String str) {
        this.cache.invalidate(str);
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }
}
