package com.fuhouyu.framework.security.token;

import com.fuhouyu.framework.cache.service.CacheService;
import com.fuhouyu.framework.common.utils.LoggerUtil;
import com.fuhouyu.framework.security.serializer.KryoSerializer;
import com.fuhouyu.framework.security.serializer.SerializationStrategy;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import lombok.Generated;
import lombok.NonNull;
import org.apache.hc.client5.http.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/fuhouyu/framework/security/token/TokenStoreCache.class */
public class TokenStoreCache implements TokenStore {
    private static final String SEPARATE = ":";
    private static final String AUTH = "auth:";
    private static final String AUTH_TO_ACCESS = "auth_to_access:";
    private static final String ACCESS = "access:";
    private static final String REFRESH_AUTH = "refresh_auth:";
    private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
    private static final String REFRESH = "refresh:";
    private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
    private final AuthenticationKeyGenerator authenticationKeyGenerator;
    private final String prefix;
    private final ZoneId zoneId;
    private final SerializationStrategy serializationStrategy;
    private final CacheService<String, Object> cacheService;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenStoreCache.class);
    private static final BytesKeyGenerator DEFAULT_TOKEN_GENERATOR = KeyGenerators.secureRandom(20);
    private static final long TOKEN_EXPIRE_SECONDS = Duration.ofHours(1).getSeconds();
    private static final long REFRESH_TOKEN_EXPIRE_SECONDS = Duration.ofDays(1).getSeconds();

    public TokenStoreCache(String str, CacheService<String, Object> cacheService) {
        this(str, ZoneId.of("Asia/Shanghai"), cacheService);
    }

    public TokenStoreCache(ZoneId zoneId, CacheService<String, Object> cacheService) {
        this("", zoneId, cacheService);
    }

    public TokenStoreCache(CacheService<String, Object> cacheService) {
        this("", ZoneId.of("Asia/Shanghai"), cacheService);
    }

    public TokenStoreCache(String str, ZoneId zoneId, CacheService<String, Object> cacheService) {
        this.authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
        this.serializationStrategy = new KryoSerializer();
        this.cacheService = cacheService;
        this.prefix = str;
        this.zoneId = zoneId;
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2AccessToken createAccessToken(Authentication authentication, long j) {
        String encodeBase64String = Base64.encodeBase64String(DEFAULT_TOKEN_GENERATOR.generateKey());
        Instant instant = Instant.now().atZone(this.zoneId).toInstant();
        return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, encodeBase64String, instant, instant.plusSeconds(j));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2Token createToken(Authentication authentication) {
        return createToken(authentication, TOKEN_EXPIRE_SECONDS, REFRESH_TOKEN_EXPIRE_SECONDS);
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2Token createToken(Authentication authentication, long j, long j2) {
        OAuth2Token tokenEntity = getTokenEntity(authentication);
        Instant instant = Instant.now().atZone(this.zoneId).toInstant();
        if (!Objects.nonNull(tokenEntity)) {
            OAuth2AccessToken createAccessToken = createAccessToken(authentication, j);
            OAuth2RefreshToken createRefreshToken = createRefreshToken(j2);
            storeRefreshToken(createRefreshToken, authentication);
            OAuth2Token oAuth2Token = new OAuth2Token(createAccessToken, createRefreshToken);
            storeAuth2Token(oAuth2Token, authentication);
            return oAuth2Token;
        }
        OAuth2AccessToken accessToken = tokenEntity.getAccessToken();
        OAuth2RefreshToken refreshToken = tokenEntity.getRefreshToken();
        if (Objects.isNull(accessToken) || Objects.isNull(accessToken.getExpiresAt()) || instant.isAfter(accessToken.getExpiresAt())) {
            if (refreshToken != null) {
                removeRefreshToken(refreshToken);
                refreshToken = null;
            }
            removeAccessToken(accessToken);
        }
        if (refreshToken == null) {
            OAuth2RefreshToken createRefreshToken2 = createRefreshToken(j2);
            storeRefreshToken(createRefreshToken2, authentication);
            tokenEntity.setRefreshToken(createRefreshToken2);
            storeAuth2Token(tokenEntity, authentication);
        }
        return tokenEntity;
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2RefreshToken createRefreshToken(long j) {
        String encodeBase64String = Base64.encodeBase64String(DEFAULT_TOKEN_GENERATOR.generateKey());
        Instant instant = Instant.now().atZone(this.zoneId).toInstant();
        return new OAuth2RefreshToken(encodeBase64String, instant, instant.plusSeconds(j));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        return readAuthentication(oAuth2AccessToken.getTokenValue());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public Authentication readAuthentication(String str) {
        return (Authentication) this.serializationStrategy.deserialize(this.cacheService.get(serializeKey("auth:" + str)));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void storeAuth2Token(OAuth2Token oAuth2Token, Authentication authentication) {
        byte[] serialize = serialize(oAuth2Token);
        byte[] serialize2 = serialize(authentication);
        OAuth2AccessToken accessToken = oAuth2Token.getAccessToken();
        long expireTimeSeconds = expireTimeSeconds(accessToken.getExpiresAt());
        this.cacheService.set(serializeKey("access:" + accessToken.getTokenValue()), serialize, expireTimeSeconds, TimeUnit.SECONDS);
        this.cacheService.set(serializeKey("auth:" + accessToken.getTokenValue()), serialize2, expireTimeSeconds, TimeUnit.SECONDS);
        this.cacheService.set(serializeKey("auth_to_access:" + this.authenticationKeyGenerator.extractKey(authentication)), serialize, expireTimeSeconds, TimeUnit.SECONDS);
        OAuth2RefreshToken refreshToken = oAuth2Token.getRefreshToken();
        if (Objects.nonNull(refreshToken) && Objects.nonNull(refreshToken.getTokenValue())) {
            this.cacheService.set(serializeKey("refresh_to_access:" + refreshToken.getTokenValue()), serialize(accessToken.getTokenValue()), expireTimeSeconds, TimeUnit.SECONDS);
            storeRefreshToken(refreshToken, authentication);
        }
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2Token readAuth2Token(String str) {
        return (OAuth2Token) this.serializationStrategy.deserialize(this.cacheService.get(serializeKey("access:" + str)));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAuth2Token(@NonNull OAuth2Token oAuth2Token) {
        if (oAuth2Token == null) {
            throw new NullPointerException("auth2Token is marked non-null but is null");
        }
        removeAccessToken(oAuth2Token.getAccessToken());
        removeRefreshToken(oAuth2Token.getRefreshToken());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAuth2Token(String str) {
        removeAuth2Token(readAuth2Token(str));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        if (Objects.isNull(oAuth2AccessToken)) {
            return;
        }
        removeAccessToken(oAuth2AccessToken.getTokenValue());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAccessToken(String str) {
        Authentication readAuthentication = readAuthentication(str);
        if (Objects.nonNull(readAuthentication)) {
            this.cacheService.delete(serializeKey("auth_to_access:" + this.authenticationKeyGenerator.extractKey(readAuthentication)));
        }
        this.cacheService.delete(serializeKey("auth:" + str));
        this.cacheService.delete(serializeKey("access:" + str));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void storeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken, Authentication authentication) {
        byte[] serializeKey = serializeKey("refresh:" + oAuth2RefreshToken.getTokenValue());
        byte[] serializeKey2 = serializeKey("refresh_auth:" + oAuth2RefreshToken.getTokenValue());
        long expireTimeSeconds = expireTimeSeconds(oAuth2RefreshToken.getExpiresAt());
        this.cacheService.set(serializeKey, serialize(oAuth2RefreshToken), expireTimeSeconds, TimeUnit.SECONDS);
        this.cacheService.set(serializeKey2, serialize(authentication), expireTimeSeconds, TimeUnit.SECONDS);
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2RefreshToken readRefreshToken(String str) {
        return (OAuth2RefreshToken) this.serializationStrategy.deserialize(this.cacheService.get(serializeKey("refresh:" + str)));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        if (Objects.isNull(oAuth2RefreshToken)) {
            return;
        }
        removeRefreshToken(oAuth2RefreshToken.getTokenValue());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeRefreshToken(String str) {
        byte[] serializeKey = serializeKey("refresh:" + str);
        byte[] serializeKey2 = serializeKey("refresh_auth:" + str);
        byte[] serializeKey3 = serializeKey("refresh_to_access:" + str);
        this.cacheService.delete(serializeKey);
        this.cacheService.delete(serializeKey2);
        byte[] bArr = this.cacheService.get(serializeKey3);
        if (Objects.isNull(bArr)) {
            return;
        }
        byte[] serializeKey4 = serializeKey("access_to_refresh:" + this.serializationStrategy.deserializeString(bArr));
        this.cacheService.delete(serializeKey3);
        this.cacheService.delete(serializeKey4);
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeAccessTokenUsingRefreshToken(oAuth2RefreshToken.getTokenValue());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public void removeAccessTokenUsingRefreshToken(String str) {
        byte[] bArr = this.cacheService.get(serializeKey("refresh_to_access:" + str));
        if (Objects.isNull(bArr)) {
            return;
        }
        removeAccessToken(this.serializationStrategy.deserializeString(bArr).trim());
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        if (!Objects.isNull(oAuth2RefreshToken)) {
            return readAuthenticationForRefreshToken(oAuth2RefreshToken.getTokenValue());
        }
        LoggerUtil.warn(log, "刷新令牌为空，无法读取authentication", new Object[0]);
        return null;
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public Authentication readAuthenticationForRefreshToken(String str) {
        return (Authentication) this.serializationStrategy.deserialize(this.cacheService.get(serializeKey("refresh_auth:" + str)));
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public OAuth2Token getTokenEntity(Authentication authentication) {
        String extractKey = this.authenticationKeyGenerator.extractKey(authentication);
        OAuth2Token oAuth2Token = (OAuth2Token) this.serializationStrategy.deserialize(this.cacheService.get(serializeKey("auth_to_access:" + extractKey)));
        if (Objects.isNull(oAuth2Token)) {
            return null;
        }
        Authentication readAuthentication = readAuthentication(oAuth2Token.getAccessToken().getTokenValue());
        if (readAuthentication == null || !extractKey.equals(this.authenticationKeyGenerator.extractKey(readAuthentication))) {
            storeAuth2Token(oAuth2Token, authentication);
        }
        return oAuth2Token;
    }

    @Override // com.fuhouyu.framework.security.token.TokenStore
    public Set<String> getTokens() {
        Set keys = this.cacheService.keys(serializeKey("auth:*"));
        return CollectionUtils.isEmpty(keys) ? Collections.emptySet() : (Set) keys.stream().map(bArr -> {
            String str = new String(bArr, StandardCharsets.UTF_8);
            return str.substring(str.lastIndexOf(SEPARATE) + 1);
        }).collect(Collectors.toSet());
    }

    private byte[] serialize(Object obj) {
        return this.serializationStrategy.serialize(obj);
    }

    private byte[] serializeKey(String str) {
        return (this.prefix + str).getBytes(StandardCharsets.UTF_8);
    }

    private long expireTimeSeconds(Instant instant) {
        if (Objects.isNull(instant)) {
            return -1L;
        }
        return instant.getEpochSecond() - Instant.now().atZone(this.zoneId).toInstant().getEpochSecond();
    }
}
