package org.springframework.security.authentication.ott;

import java.time.Clock;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.springframework.lang.NonNull;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-core-6.4.5.jar:org/springframework/security/authentication/ott/InMemoryOneTimeTokenService.class */
public final class InMemoryOneTimeTokenService implements OneTimeTokenService {
    private final Map<String, OneTimeToken> oneTimeTokenByToken = new ConcurrentHashMap();
    private Clock clock = Clock.systemUTC();

    @Override // org.springframework.security.authentication.ott.OneTimeTokenService
    @NonNull
    public OneTimeToken generate(GenerateOneTimeTokenRequest generateOneTimeTokenRequest) {
        String uuid = UUID.randomUUID().toString();
        DefaultOneTimeToken defaultOneTimeToken = new DefaultOneTimeToken(uuid, generateOneTimeTokenRequest.getUsername(), this.clock.instant().plusSeconds(300L));
        this.oneTimeTokenByToken.put(uuid, defaultOneTimeToken);
        cleanExpiredTokensIfNeeded();
        return defaultOneTimeToken;
    }

    @Override // org.springframework.security.authentication.ott.OneTimeTokenService
    public OneTimeToken consume(OneTimeTokenAuthenticationToken oneTimeTokenAuthenticationToken) {
        OneTimeToken remove = this.oneTimeTokenByToken.remove(oneTimeTokenAuthenticationToken.getTokenValue());
        if (remove == null || isExpired(remove)) {
            return null;
        }
        return remove;
    }

    private void cleanExpiredTokensIfNeeded() {
        if (this.oneTimeTokenByToken.size() < 100) {
            return;
        }
        for (Map.Entry<String, OneTimeToken> entry : this.oneTimeTokenByToken.entrySet()) {
            if (isExpired(entry.getValue())) {
                this.oneTimeTokenByToken.remove(entry.getKey());
            }
        }
    }

    private boolean isExpired(OneTimeToken oneTimeToken) {
        return this.clock.instant().isAfter(oneTimeToken.getExpiresAt());
    }

    public void setClock(Clock clock) {
        Assert.notNull(clock, "clock cannot be null");
        this.clock = clock;
    }
}
