package org.cloudfoundry.multiapps.controller.core.security.token;

import com.sap.cloudfoundry.client.facade.oauth2.OAuth2AccessTokenWithAdditionalInfo;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import javax.inject.Inject;
import javax.inject.Named;
import org.cloudfoundry.multiapps.controller.core.Messages;
import org.cloudfoundry.multiapps.controller.core.security.token.parsers.TokenParserChain;
import org.cloudfoundry.multiapps.controller.persistence.OrderDirection;
import org.cloudfoundry.multiapps.controller.persistence.model.AccessToken;
import org.cloudfoundry.multiapps.controller.persistence.services.AccessTokenService;
import org.springframework.util.ConcurrentReferenceHashMap;

@Named
/* loaded from: input_file:WEB-INF/lib/multiapps-controller-core-1.124.1.jar:org/cloudfoundry/multiapps/controller/core/security/token/TokenService.class */
public class TokenService {
    private final AccessTokenService accessTokenService;
    private final TokenParserChain tokenParserChain;
    private final Map<String, OAuth2AccessTokenWithAdditionalInfo> cachedOauth2AccessTokens = new ConcurrentReferenceHashMap();

    @Inject
    public TokenService(AccessTokenService accessTokenService, TokenParserChain tokenParserChain) {
        this.accessTokenService = accessTokenService;
        this.tokenParserChain = tokenParserChain;
    }

    public OAuth2AccessTokenWithAdditionalInfo getToken(String str) {
        OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo = this.cachedOauth2AccessTokens.get(str);
        if (shouldUseCachedToken(oAuth2AccessTokenWithAdditionalInfo)) {
            return oAuth2AccessTokenWithAdditionalInfo;
        }
        List<AccessToken> sortedAccessTokensByUsername = getSortedAccessTokensByUsername(str);
        if (sortedAccessTokensByUsername.isEmpty()) {
            throw new IllegalStateException(MessageFormat.format(Messages.NO_VALID_TOKEN_FOUND, str));
        }
        OAuth2AccessTokenWithAdditionalInfo latestToken = getLatestToken(sortedAccessTokensByUsername);
        this.cachedOauth2AccessTokens.put(str, latestToken);
        deleteTokens(sortedAccessTokensByUsername.subList(1, sortedAccessTokensByUsername.size()));
        return latestToken;
    }

    private boolean shouldUseCachedToken(OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo) {
        return (oAuth2AccessTokenWithAdditionalInfo == null || oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getExpiresAt().isBefore(Instant.now().plus(120L, (TemporalUnit) ChronoUnit.SECONDS))) ? false : true;
    }

    private List<AccessToken> getSortedAccessTokensByUsername(String str) {
        return this.accessTokenService.createQuery().username(str).orderByExpiresAt(OrderDirection.DESCENDING).list();
    }

    private OAuth2AccessTokenWithAdditionalInfo getLatestToken(List<AccessToken> list) {
        return this.tokenParserChain.parse(new String(list.get(0).getValue(), StandardCharsets.UTF_8));
    }

    private void deleteTokens(List<AccessToken> list) {
        if (list.isEmpty()) {
            return;
        }
        Executors.newSingleThreadExecutor().submit(() -> {
            list.forEach(this::deleteToken);
        });
    }

    private void deleteToken(AccessToken accessToken) {
        this.accessTokenService.createQuery().id(Long.valueOf(accessToken.getId())).delete();
    }
}
