package org.cloudfoundry.multiapps.controller.web.util;

import com.sap.cloudfoundry.client.facade.oauth2.OAuth2AccessTokenWithAdditionalInfo;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Instant;
import java.util.Optional;
import org.cloudfoundry.multiapps.controller.core.security.token.parsers.TokenParserChain;
import org.cloudfoundry.multiapps.controller.persistence.model.AccessToken;
import org.cloudfoundry.multiapps.controller.persistence.services.AccessTokenService;
import org.cloudfoundry.multiapps.controller.web.Constants;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.springframework.http.HttpStatus;
import org.springframework.web.server.ResponseStatusException;

/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/util/OauthTokenGenerator.class */
public class OauthTokenGenerator extends TokenGenerator {
    private final TokenParserChain tokenParserChain;
    private final TokenReuser tokenReuser;

    public OauthTokenGenerator(AccessTokenService accessTokenService, TokenParserChain tokenParserChain, TokenReuser tokenReuser) {
        super(accessTokenService);
        this.tokenParserChain = tokenParserChain;
        this.tokenReuser = tokenReuser;
    }

    @Override // org.cloudfoundry.multiapps.controller.web.util.TokenGenerator
    public OAuth2AccessTokenWithAdditionalInfo generate(String str) {
        OAuth2AccessTokenWithAdditionalInfo parse = this.tokenParserChain.parse(str);
        validateTokenExpiration(parse);
        Optional<AccessToken> tokenWithExpirationAfterOrReuseCurrent = this.tokenReuser.getTokenWithExpirationAfterOrReuseCurrent(extractUserGuid(parse), Constants.OAUTH_TOKEN_RETENTION_TIME_IN_SECONDS, parse);
        if (tokenWithExpirationAfterOrReuseCurrent.isPresent()) {
            return this.tokenParserChain.parse(new String(tokenWithExpirationAfterOrReuseCurrent.get().getValue(), StandardCharsets.UTF_8));
        }
        storeAccessToken(buildAccessToken(parse), extractUserGuid(parse));
        return parse;
    }

    private void validateTokenExpiration(OAuth2AccessTokenWithAdditionalInfo oAuth2AccessTokenWithAdditionalInfo) {
        if (oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getExpiresAt().isBefore(Instant.now())) {
            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, MessageFormat.format(Messages.THE_TOKEN_HAS_EXPIRED_ON_0, oAuth2AccessTokenWithAdditionalInfo.getOAuth2AccessToken().getExpiresAt()));
        }
    }
}
