package org.cloudfoundry.multiapps.controller.web.security;

import java.text.MessageFormat;
import javax.inject.Inject;
import javax.inject.Named;
import org.cloudfoundry.multiapps.controller.client.util.TokenProperties;
import org.cloudfoundry.multiapps.controller.core.auditlogging.AuditLoggingProvider;
import org.cloudfoundry.multiapps.controller.core.security.token.parsers.TokenParserChain;
import org.cloudfoundry.multiapps.controller.core.util.ApplicationConfiguration;
import org.cloudfoundry.multiapps.controller.core.util.SSLUtil;
import org.cloudfoundry.multiapps.controller.core.util.SecurityUtil;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Named
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/security/CustomTokenServices.class */
public class CustomTokenServices implements ResourceServerTokenServices {
    private static final Logger LOGGER = LoggerFactory.getLogger(CustomTokenServices.class);
    private final TokenStore tokenStore;
    private final TokenParserChain tokenParserChain;

    @Inject
    public CustomTokenServices(TokenStore tokenStore, ApplicationConfiguration applicationConfiguration, TokenParserChain tokenParserChain) {
        this.tokenStore = tokenStore;
        this.tokenParserChain = tokenParserChain;
        if (applicationConfiguration.shouldSkipSslValidation().booleanValue()) {
            SSLUtil.disableSSLValidation();
        }
    }

    public OAuth2Authentication loadAuthentication(String str) {
        OAuth2AccessToken readAccessToken = readAccessToken(str);
        if (readAccessToken == null) {
            logToAuditLogAndThrow("Invalid access token");
        }
        if (readAccessToken.isExpired() && readAccessToken.getRefreshToken() == null) {
            this.tokenStore.removeAccessToken(readAccessToken);
            logToAuditLogAndThrow(MessageFormat.format("The access token has expired on {0}", readAccessToken.getExpiration()));
        }
        OAuth2Authentication readAuthentication = this.tokenStore.readAuthentication(readAccessToken);
        if (readAuthentication == null) {
            TokenProperties fromToken = TokenProperties.fromToken(readAccessToken);
            readAuthentication = SecurityUtil.createAuthentication(fromToken.getClientId(), readAccessToken.getScope(), SecurityUtil.getTokenUserInfo(readAccessToken));
            try {
                LOGGER.info(MessageFormat.format(Messages.STORING_TOKEN_FOR_USER_0_WITH_EXPIRATION_TIME_1, fromToken.getUserName(), Integer.valueOf(readAccessToken.getExpiresIn())));
                this.tokenStore.storeAccessToken(readAccessToken, readAuthentication);
            } catch (DataIntegrityViolationException e) {
                LOGGER.debug(Messages.ERROR_STORING_TOKEN_DUE_TO_INTEGRITY_VIOLATION, e);
            }
        }
        return readAuthentication;
    }

    public OAuth2AccessToken readAccessToken(String str) {
        OAuth2AccessToken readAccessToken = this.tokenStore.readAccessToken(str);
        if (readAccessToken != null) {
            LOGGER.debug("Stored token value: " + readAccessToken.getValue());
            LOGGER.debug("Stored token type: " + readAccessToken.getTokenType());
            LOGGER.debug("Stored token expires in: " + readAccessToken.getExpiresIn());
        } else {
            readAccessToken = this.tokenParserChain.parse(str);
        }
        return readAccessToken;
    }

    private void logToAuditLogAndThrow(String str) {
        AuditLoggingProvider.getFacade().logSecurityIncident(str);
        throw new InvalidTokenException(str);
    }
}
