package com.kcloud.ms.authentication.config;

import java.util.Date;
import java.util.UUID;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;

/* loaded from: input_file:com/kcloud/ms/authentication/config/BkTokenServices.class */
public class BkTokenServices extends DefaultTokenServices {
    private TokenStore tokenStore;
    private TokenEnhancer accessTokenEnhancer;

    public OAuth2AccessToken createAccessToken(OAuth2Authentication oAuth2Authentication) throws AuthenticationException {
        this.tokenStore.findTokensByClientIdAndUserName(oAuth2Authentication.getOAuth2Request().getClientId(), oAuth2Authentication.getName()).forEach(oAuth2AccessToken -> {
            if (oAuth2AccessToken.getRefreshToken() != null) {
                this.tokenStore.removeRefreshToken(oAuth2AccessToken.getRefreshToken());
            }
            this.tokenStore.removeAccessToken(oAuth2AccessToken);
        });
        OAuth2RefreshToken oAuth2RefreshToken = null;
        if (0 == 0) {
            oAuth2RefreshToken = createRefreshToken(oAuth2Authentication);
        } else if ((oAuth2RefreshToken instanceof ExpiringOAuth2RefreshToken) && System.currentTimeMillis() > ((ExpiringOAuth2RefreshToken) null).getExpiration().getTime()) {
            oAuth2RefreshToken = createRefreshToken(oAuth2Authentication);
        }
        OAuth2AccessToken createAccessToken = createAccessToken(oAuth2Authentication, oAuth2RefreshToken);
        this.tokenStore.storeAccessToken(createAccessToken, oAuth2Authentication);
        OAuth2RefreshToken refreshToken = createAccessToken.getRefreshToken();
        if (refreshToken != null) {
            this.tokenStore.storeRefreshToken(refreshToken, oAuth2Authentication);
        }
        return createAccessToken;
    }

    public void setTokenStore(TokenStore tokenStore) {
        super.setTokenStore(tokenStore);
        this.tokenStore = tokenStore;
    }

    public void setTokenEnhancer(TokenEnhancer tokenEnhancer) {
        super.setTokenEnhancer(tokenEnhancer);
        this.accessTokenEnhancer = tokenEnhancer;
    }

    private OAuth2RefreshToken createRefreshToken(OAuth2Authentication oAuth2Authentication) {
        if (!isSupportRefreshToken(oAuth2Authentication.getOAuth2Request())) {
            return null;
        }
        int refreshTokenValiditySeconds = getRefreshTokenValiditySeconds(oAuth2Authentication.getOAuth2Request());
        String uuid = UUID.randomUUID().toString();
        return refreshTokenValiditySeconds > 0 ? new DefaultExpiringOAuth2RefreshToken(uuid, new Date(System.currentTimeMillis() + (refreshTokenValiditySeconds * 1000))) : new DefaultOAuth2RefreshToken(uuid);
    }

    private OAuth2AccessToken createAccessToken(OAuth2Authentication oAuth2Authentication, OAuth2RefreshToken oAuth2RefreshToken) {
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(UUID.randomUUID().toString());
        int accessTokenValiditySeconds = getAccessTokenValiditySeconds(oAuth2Authentication.getOAuth2Request());
        if (accessTokenValiditySeconds > 0) {
            defaultOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + (accessTokenValiditySeconds * 1000)));
        }
        defaultOAuth2AccessToken.setRefreshToken(oAuth2RefreshToken);
        defaultOAuth2AccessToken.setScope(oAuth2Authentication.getOAuth2Request().getScope());
        return this.accessTokenEnhancer != null ? this.accessTokenEnhancer.enhance(defaultOAuth2AccessToken, oAuth2Authentication) : defaultOAuth2AccessToken;
    }
}
