package cn.gtmap.gtc.sso.config.token;

import cn.gtmap.gtc.sso.domain.dto.AuthUserDetails;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.TokenStore;

/* loaded from: input_file:BOOT-INF/classes/cn/gtmap/gtc/sso/config/token/RedisTemplateTokenStore.class */
public class RedisTemplateTokenStore implements TokenStore {
    private static final String ACCESS = "access:";
    private static final String AUTH_TO_ACCESS = "auth_to_access:";
    private static final String AUTH = "auth:";
    private static final String REFRESH_AUTH = "refresh_auth:";
    private static final String ACCESS_TO_REFRESH = "access_to_refresh:";
    private static final String REFRESH = "refresh:";
    private static final String REFRESH_TO_ACCESS = "refresh_to_access:";
    private static final String CLIENT_ID_TO_ACCESS = "client_id_to_access:";
    private static final String UNAME_TO_ACCESS = "uname_to_access:";
    private static final String TOKEN = "token:";
    private RedisTemplate<String, Object> redisTemplate;
    private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();

    public RedisTemplate<String, Object> getRedisTemplate() {
        return this.redisTemplate;
    }

    public void setRedisTemplate(RedisTemplate<String, Object> redisTemplate) {
        this.redisTemplate = redisTemplate;
    }

    public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
        this.authenticationKeyGenerator = authenticationKeyGenerator;
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2AccessToken getAccessToken(OAuth2Authentication oAuth2Authentication) {
        String extractKey = this.authenticationKeyGenerator.extractKey(oAuth2Authentication);
        OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) this.redisTemplate.opsForValue().get(AUTH_TO_ACCESS + extractKey);
        if (oAuth2AccessToken != null && !extractKey.equals(this.authenticationKeyGenerator.extractKey(readAuthentication(oAuth2AccessToken.getValue())))) {
            storeAccessToken(oAuth2AccessToken, oAuth2Authentication);
        }
        return oAuth2AccessToken;
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        return readAuthentication(oAuth2AccessToken.getValue());
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthentication(String str) {
        return (OAuth2Authentication) this.redisTemplate.opsForValue().get(AUTH + str);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        return readAuthenticationForRefreshToken(oAuth2RefreshToken.getValue());
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(String str) {
        return (OAuth2Authentication) this.redisTemplate.opsForValue().get(REFRESH_AUTH + str);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        Date expiration;
        OAuth2AccessToken accessToken = getAccessToken(oAuth2Authentication);
        this.redisTemplate.opsForValue().set(ACCESS + oAuth2AccessToken.getValue(), oAuth2AccessToken);
        this.redisTemplate.opsForValue().set(AUTH + oAuth2AccessToken.getValue(), oAuth2Authentication);
        this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + this.authenticationKeyGenerator.extractKey(oAuth2Authentication), oAuth2AccessToken);
        HashMap hashMap = new HashMap();
        hashMap.put("clientId", oAuth2Authentication.getOAuth2Request().getClientId());
        if (oAuth2Authentication.getUserAuthentication() instanceof UsernamePasswordAuthenticationToken) {
            AuthUserDetails authUserDetails = (AuthUserDetails) ((UsernamePasswordAuthenticationToken) oAuth2Authentication.getUserAuthentication()).getPrincipal();
            hashMap.put("username", authUserDetails.getUsername());
            hashMap.put("authorities", authUserDetails.getAuthorities());
        }
        if (!hashMap.isEmpty()) {
            this.redisTemplate.opsForValue().set(TOKEN + oAuth2AccessToken.getValue(), hashMap);
        }
        if (!oAuth2Authentication.isClientOnly()) {
            if (accessToken == null) {
                this.redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(oAuth2Authentication), oAuth2AccessToken);
            } else if (accessToken.isExpired()) {
                this.redisTemplate.opsForList().rightPush(UNAME_TO_ACCESS + getApprovalKey(oAuth2Authentication), oAuth2AccessToken);
            } else {
                this.redisTemplate.expire(UNAME_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2AccessToken.getExpiresIn(), TimeUnit.SECONDS);
            }
        }
        if (accessToken == null) {
            this.redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2AccessToken);
        } else if (accessToken.isExpired()) {
            this.redisTemplate.opsForList().rightPush(CLIENT_ID_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2AccessToken);
        } else {
            this.redisTemplate.expire(CLIENT_ID_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2AccessToken.getExpiresIn(), TimeUnit.SECONDS);
        }
        if (oAuth2AccessToken.getExpiration() != null) {
            int expiresIn = oAuth2AccessToken.getExpiresIn();
            this.redisTemplate.expire(ACCESS + oAuth2AccessToken.getValue(), expiresIn, TimeUnit.SECONDS);
            this.redisTemplate.expire(AUTH + oAuth2AccessToken.getValue(), expiresIn, TimeUnit.SECONDS);
            this.redisTemplate.expire(TOKEN + oAuth2AccessToken.getValue(), expiresIn, TimeUnit.SECONDS);
            this.redisTemplate.expire(AUTH_TO_ACCESS + this.authenticationKeyGenerator.extractKey(oAuth2Authentication), expiresIn, TimeUnit.SECONDS);
            this.redisTemplate.expire(CLIENT_ID_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), expiresIn, TimeUnit.SECONDS);
            this.redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(oAuth2Authentication), expiresIn, TimeUnit.SECONDS);
        }
        OAuth2RefreshToken refreshToken = oAuth2AccessToken.getRefreshToken();
        if (oAuth2AccessToken.getRefreshToken() == null || oAuth2AccessToken.getRefreshToken().getValue() == null) {
            return;
        }
        this.redisTemplate.opsForValue().set(REFRESH_TO_ACCESS + oAuth2AccessToken.getRefreshToken().getValue(), oAuth2AccessToken.getValue());
        this.redisTemplate.opsForValue().set(ACCESS_TO_REFRESH + oAuth2AccessToken.getValue(), oAuth2AccessToken.getRefreshToken().getValue());
        if (!(refreshToken instanceof ExpiringOAuth2RefreshToken) || (expiration = ((ExpiringOAuth2RefreshToken) refreshToken).getExpiration()) == null) {
            return;
        }
        int intValue = Long.valueOf((expiration.getTime() - System.currentTimeMillis()) / 1000).intValue();
        this.redisTemplate.expire(REFRESH_TO_ACCESS + oAuth2AccessToken.getRefreshToken().getValue(), intValue, TimeUnit.SECONDS);
        this.redisTemplate.expire(ACCESS_TO_REFRESH + oAuth2AccessToken.getValue(), intValue, TimeUnit.SECONDS);
    }

    private String getApprovalKey(OAuth2Authentication oAuth2Authentication) {
        return getApprovalKey(oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2Authentication.getUserAuthentication() == null ? "" : oAuth2Authentication.getUserAuthentication().getName());
    }

    private String getApprovalKey(String str, String str2) {
        return str + (str2 == null ? "" : ":" + str2);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        removeAccessToken(oAuth2AccessToken.getValue());
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2AccessToken readAccessToken(String str) {
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) this.redisTemplate.opsForValue().get(AUTH + str);
        OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) this.redisTemplate.opsForValue().get(ACCESS + str);
        if (oAuth2Authentication != null) {
            String extractKey = this.authenticationKeyGenerator.extractKey(oAuth2Authentication);
            if (oAuth2AccessToken != null && oAuth2AccessToken.getExpiresIn() < 180 && (oAuth2AccessToken instanceof DefaultOAuth2AccessToken)) {
                DefaultOAuth2AccessToken defaultOAuth2AccessToken = (DefaultOAuth2AccessToken) oAuth2AccessToken;
                defaultOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + 1800000));
                int expiresIn = defaultOAuth2AccessToken.getExpiresIn();
                this.redisTemplate.opsForValue().set(AUTH_TO_ACCESS + extractKey, defaultOAuth2AccessToken, expiresIn, TimeUnit.SECONDS);
                this.redisTemplate.opsForValue().set(ACCESS + defaultOAuth2AccessToken.getValue(), defaultOAuth2AccessToken, expiresIn, TimeUnit.SECONDS);
                this.redisTemplate.expire(AUTH + defaultOAuth2AccessToken.getValue(), expiresIn, TimeUnit.SECONDS);
                this.redisTemplate.expire(TOKEN + defaultOAuth2AccessToken.getValue(), expiresIn, TimeUnit.SECONDS);
                this.redisTemplate.expire(CLIENT_ID_TO_ACCESS + oAuth2Authentication.getOAuth2Request().getClientId(), expiresIn, TimeUnit.SECONDS);
                this.redisTemplate.expire(UNAME_TO_ACCESS + getApprovalKey(oAuth2Authentication), expiresIn, TimeUnit.SECONDS);
            }
        }
        return oAuth2AccessToken;
    }

    public void removeAccessToken(String str) {
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) this.redisTemplate.opsForValue().get(AUTH + str);
        this.redisTemplate.delete((RedisTemplate<String, Object>) (AUTH + str));
        this.redisTemplate.delete((RedisTemplate<String, Object>) (ACCESS + str));
        this.redisTemplate.delete((RedisTemplate<String, Object>) (TOKEN + str));
        this.redisTemplate.delete((RedisTemplate<String, Object>) (ACCESS_TO_REFRESH + str));
        if (oAuth2Authentication != null) {
            this.redisTemplate.delete((RedisTemplate<String, Object>) (AUTH_TO_ACCESS + this.authenticationKeyGenerator.extractKey(oAuth2Authentication)));
            String clientId = oAuth2Authentication.getOAuth2Request().getClientId();
            this.redisTemplate.opsForList().leftPop(UNAME_TO_ACCESS + getApprovalKey(clientId, oAuth2Authentication.getName()));
            this.redisTemplate.opsForList().leftPop(CLIENT_ID_TO_ACCESS + clientId);
            this.redisTemplate.delete((RedisTemplate<String, Object>) (AUTH_TO_ACCESS + this.authenticationKeyGenerator.extractKey(oAuth2Authentication)));
        }
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void storeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken, OAuth2Authentication oAuth2Authentication) {
        this.redisTemplate.opsForValue().set(REFRESH + oAuth2RefreshToken.getValue(), oAuth2RefreshToken);
        this.redisTemplate.opsForValue().set(REFRESH_AUTH + oAuth2RefreshToken.getValue(), oAuth2Authentication);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2RefreshToken readRefreshToken(String str) {
        return (OAuth2RefreshToken) this.redisTemplate.opsForValue().get(REFRESH + str);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeRefreshToken(oAuth2RefreshToken.getValue());
    }

    public void removeRefreshToken(String str) {
        this.redisTemplate.delete((RedisTemplate<String, Object>) (REFRESH + str));
        this.redisTemplate.delete((RedisTemplate<String, Object>) (REFRESH_AUTH + str));
        this.redisTemplate.delete((RedisTemplate<String, Object>) (REFRESH_TO_ACCESS + str));
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeAccessTokenUsingRefreshToken(oAuth2RefreshToken.getValue());
    }

    private void removeAccessTokenUsingRefreshToken(String str) {
        if (((String) this.redisTemplate.opsForValue().get(REFRESH_TO_ACCESS + str)) != null) {
            this.redisTemplate.delete((RedisTemplate<String, Object>) (REFRESH_TO_ACCESS + str));
        }
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String str, String str2) {
        List<Object> range = this.redisTemplate.opsForList().range(UNAME_TO_ACCESS + getApprovalKey(str, str2), 0L, -1L);
        if (range == null || range.size() == 0) {
            return Collections.emptySet();
        }
        ArrayList arrayList = new ArrayList(range.size());
        Iterator<Object> it = range.iterator();
        while (it.hasNext()) {
            arrayList.add((OAuth2AccessToken) it.next());
        }
        return Collections.unmodifiableCollection(arrayList);
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public Collection<OAuth2AccessToken> findTokensByClientId(String str) {
        List<Object> range = this.redisTemplate.opsForList().range(CLIENT_ID_TO_ACCESS + str, 0L, -1L);
        if (range == null || range.size() == 0) {
            return Collections.emptySet();
        }
        ArrayList arrayList = new ArrayList(range.size());
        Iterator<Object> it = range.iterator();
        while (it.hasNext()) {
            arrayList.add((OAuth2AccessToken) it.next());
        }
        return Collections.unmodifiableCollection(arrayList);
    }
}
