package software.xdev.sse.oauth2.rememberme;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.SecureRandom;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.temporal.TemporalAmount;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Random;
import java.util.function.UnaryOperator;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
import org.springframework.security.config.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ConcurrentReferenceHashMap;
import software.xdev.sse.oauth2.checkauth.OAuth2AuthChecker;
import software.xdev.sse.oauth2.filter.handler.OAuth2RefreshHandler;
import software.xdev.sse.oauth2.rememberme.EnsureNonConcurrentExec;
import software.xdev.sse.oauth2.rememberme.clientstorage.RememberMeClientStorageProcessor;
import software.xdev.sse.oauth2.rememberme.clientstorage.RememberMeClientStorageProcessorProvider;
import software.xdev.sse.oauth2.rememberme.config.OAuth2CookieRememberMeServicesConfig;
import software.xdev.sse.oauth2.rememberme.crypt.RememberMeSymCryptManager;
import software.xdev.sse.oauth2.rememberme.crypt.RememberMeSymCryptorProvider;
import software.xdev.sse.oauth2.rememberme.metrics.AutoLoginMetrics;
import software.xdev.sse.oauth2.rememberme.secrets.AuthRememberMeSecret;
import software.xdev.sse.oauth2.rememberme.secrets.AuthRememberMeSecretService;
import software.xdev.sse.oauth2.rememberme.serializer.OAuth2CookieRememberMeAuthSerializer;
import software.xdev.sse.oauth2.util.FastCookieFinder;
import software.xdev.sse.oauth2.util.OAuth2AuthenticationTokenUtil;
import software.xdev.sse.web.cookie.CookieSecureService;

/* loaded from: input_file:software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices.class */
public class OAuth2CookieRememberMeServices implements RememberMeServices, OAuth2RefreshHandler {
    private static final Logger LOG = LoggerFactory.getLogger(OAuth2CookieRememberMeServices.class);
    protected static final int DEFAULT_ID_COOKIE_VALUE_LENGTH = 32;
    protected static final int DEFAULT_COOKIE_VALUE_MAX_SIZE = 3950;
    protected final AutoLoginMetrics autoLoginMetrics;
    protected final OAuth2CookieRememberMeServicesConfig config;
    protected final RememberMeSymCryptManager cryptManager;
    protected final RememberMeClientStorageProcessorProvider clientStorageProcessorProvider;
    protected final AuthRememberMeSecretService authRememberMeSecretService;
    protected final OAuth2CookieRememberMeAuthSerializer payloadCookieAuthSerializer;
    protected final OAuth2AuthorizedClientService clientService;
    protected final ClientRegistrationRepository clientRegistrationRepository;
    protected final OAuth2AuthChecker oAuth2AuthChecker;
    protected final CookieSecureService cookieSecureService;
    protected final boolean enabled;
    protected RequestMatcher ignoreRequestMatcher = httpServletRequest -> {
        return false;
    };
    protected UnaryOperator<OAuth2User> enrichUserOnLoad = UnaryOperator.identity();
    protected final EnsureNonConcurrentExec<String, OAuth2AuthenticationToken> autoLoginEnsureNonConcurrentExec = new EnsureNonConcurrentExec<>(runtimeException -> {
        return new EnsureNonConcurrentExec.SavedResult(null);
    });
    protected final Map<Authentication, CookieSaveAction> pendingCookieSaves = new ConcurrentReferenceHashMap();
    protected final Random random = new SecureRandom();

    /* loaded from: input_file:software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$AutoLoginException.class */
    public static class AutoLoginException extends RuntimeException {
        public AutoLoginException(Runnable runnable, String str) {
            super(str);
            if (runnable != null) {
                runnable.run();
            }
        }

        public AutoLoginException(Runnable runnable, String str, Exception exc) {
            super(str, exc);
            if (runnable != null) {
                runnable.run();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction.class */
    public static final class CookieSaveAction extends Record {
        private final Cookie id;
        private final Cookie payload;
        private final boolean tryDeleteExisting;

        protected CookieSaveAction(Cookie cookie, Cookie cookie2, boolean z) {
            this.id = cookie;
            this.payload = cookie2;
            this.tryDeleteExisting = z;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CookieSaveAction.class), CookieSaveAction.class, "id;payload;tryDeleteExisting", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->id:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->payload:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->tryDeleteExisting:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CookieSaveAction.class), CookieSaveAction.class, "id;payload;tryDeleteExisting", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->id:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->payload:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->tryDeleteExisting:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CookieSaveAction.class, Object.class), CookieSaveAction.class, "id;payload;tryDeleteExisting", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->id:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->payload:Ljakarta/servlet/http/Cookie;", "FIELD:Lsoftware/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$CookieSaveAction;->tryDeleteExisting:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Cookie id() {
            return this.id;
        }

        public Cookie payload() {
            return this.payload;
        }

        public boolean tryDeleteExisting() {
            return this.tryDeleteExisting;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$OAuth2CookieRememberMeAuthenticationProvider.class */
    public static class OAuth2CookieRememberMeAuthenticationProvider extends RememberMeAuthenticationProvider {
        public OAuth2CookieRememberMeAuthenticationProvider() {
            super("X");
        }

        public Authentication authenticate(Authentication authentication) {
            return authentication;
        }

        public boolean supports(Class<?> cls) {
            return RestoredOAuth2AuthenticationToken.class.isAssignableFrom(cls);
        }

        public void afterPropertiesSet() {
        }

        public void setMessageSource(MessageSource messageSource) {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:software/xdev/sse/oauth2/rememberme/OAuth2CookieRememberMeServices$RestoredOAuth2AuthenticationToken.class */
    public static class RestoredOAuth2AuthenticationToken extends OAuth2AuthenticationToken {
        public RestoredOAuth2AuthenticationToken(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
            super(oAuth2AuthenticationToken.getPrincipal(), oAuth2AuthenticationToken.getAuthorities(), oAuth2AuthenticationToken.getAuthorizedClientRegistrationId());
            setDetails(oAuth2AuthenticationToken.getDetails());
        }

        public RestoredOAuth2AuthenticationToken(OAuth2AuthenticationToken oAuth2AuthenticationToken, OAuth2User oAuth2User) {
            super(oAuth2User, oAuth2User.getAuthorities(), oAuth2AuthenticationToken.getAuthorizedClientRegistrationId());
            setDetails(oAuth2AuthenticationToken.getDetails());
        }
    }

    public OAuth2CookieRememberMeServices(OAuth2CookieRememberMeServicesConfig oAuth2CookieRememberMeServicesConfig, AutoLoginMetrics autoLoginMetrics, RememberMeSymCryptManager rememberMeSymCryptManager, RememberMeClientStorageProcessorProvider rememberMeClientStorageProcessorProvider, AuthRememberMeSecretService authRememberMeSecretService, OAuth2CookieRememberMeAuthSerializer oAuth2CookieRememberMeAuthSerializer, OAuth2AuthorizedClientService oAuth2AuthorizedClientService, ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthChecker oAuth2AuthChecker, CookieSecureService cookieSecureService) {
        this.config = oAuth2CookieRememberMeServicesConfig;
        this.autoLoginMetrics = autoLoginMetrics;
        this.clientStorageProcessorProvider = rememberMeClientStorageProcessorProvider;
        this.authRememberMeSecretService = authRememberMeSecretService;
        this.payloadCookieAuthSerializer = oAuth2CookieRememberMeAuthSerializer;
        this.clientService = oAuth2AuthorizedClientService;
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.oAuth2AuthChecker = oAuth2AuthChecker;
        this.cookieSecureService = cookieSecureService;
        this.cryptManager = this.config.isEnabled() ? rememberMeSymCryptManager : null;
        this.enabled = oAuth2CookieRememberMeServicesConfig.isEnabled() && this.cryptManager != null;
        LOG.info("Instantiated with {}", this.config);
        if (this.enabled) {
            return;
        }
        LOG.info("OAuth2CookieRememberMeServices are disabled; Reason: {}", !oAuth2CookieRememberMeServicesConfig.isEnabled() ? oAuth2CookieRememberMeServicesConfig.disabledReason() : "No cryptManager");
    }

    public OAuth2CookieRememberMeServices setIgnoreRequestMatcher(RequestMatcher requestMatcher) {
        this.ignoreRequestMatcher = (RequestMatcher) Objects.requireNonNull(requestMatcher);
        return this;
    }

    public OAuth2CookieRememberMeServices setEnrichUserOnLoad(UnaryOperator<OAuth2User> unaryOperator) {
        this.enrichUserOnLoad = (UnaryOperator) Objects.requireNonNull(unaryOperator);
        return this;
    }

    public Authentication autoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.ignoreRequestMatcher.matches(httpServletRequest)) {
            this.autoLoginMetrics.ignored();
            return null;
        }
        Optional findCookie = FastCookieFinder.findCookie(httpServletRequest, this.config.getIdCookieName());
        Optional findCookie2 = FastCookieFinder.findCookie(httpServletRequest, this.config.getPayloadCookieName());
        if (findCookie.isEmpty() || findCookie2.isEmpty()) {
            findCookie.ifPresentOrElse(cookie -> {
                deleteCookie(cookie, httpServletResponse);
            }, () -> {
                findCookie2.ifPresent(cookie2 -> {
                    deleteCookie(cookie2, httpServletResponse);
                });
            });
            this.autoLoginMetrics.incompleteCookies();
            return null;
        }
        Cookie cookie2 = (Cookie) findCookie.get();
        Cookie cookie3 = (Cookie) findCookie2.get();
        try {
            return autoLoginWithCookiesLock(httpServletRequest, httpServletResponse, cookie2, cookie3);
        } catch (Exception e) {
            if (e instanceof AutoLoginException) {
                LOG.debug("Failed to restore auth from cookie", e);
            } else {
                LOG.warn("Unexpected error while restoring auth from cookie", e);
                this.autoLoginMetrics.unexpectedError();
            }
            deleteCookie(cookie2, httpServletResponse);
            deleteCookie(cookie3, httpServletResponse);
            return null;
        }
    }

    protected OAuth2AuthenticationToken autoLoginWithCookiesLock(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Cookie cookie, Cookie cookie2) {
        return this.autoLoginEnsureNonConcurrentExec.execute(decodeIdCookie(cookie).orElseThrow(() -> {
            AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
            Objects.requireNonNull(autoLoginMetrics);
            return new AutoLoginException(autoLoginMetrics::idCookieDecodeFailed, "Failed to decode id cookie");
        }), str -> {
            return autoLoginWithCookies(httpServletRequest, httpServletResponse, str, cookie2);
        });
    }

    protected OAuth2AuthenticationToken autoLoginWithCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Cookie cookie) {
        AuthRememberMeSecret orElseThrow = this.authRememberMeSecretService.findByIdentifier(str, LocalDateTime.now(ZoneOffset.UTC).minus((TemporalAmount) this.config.getExpiration())).orElseThrow(() -> {
            AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
            Objects.requireNonNull(autoLoginMetrics);
            return new AutoLoginException(autoLoginMetrics::persistedSecretNotFound, "Unable to find persisted secret");
        });
        try {
            OAuth2CookieRememberMeAuthSerializer.OAuth2AuthContainer deserialize = this.payloadCookieAuthSerializer.deserialize(createCookieValueProcessor(orElseThrow, this.cryptManager.forDecryption(orElseThrow.cryptoAlgorithm()).orElseThrow(() -> {
                AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
                Objects.requireNonNull(autoLoginMetrics);
                return new AutoLoginException(autoLoginMetrics::decryptionAlgorithmNotFound, "Unable to find decryption algorithm '" + orElseThrow.cryptoAlgorithm() + "'");
            })).readValue(cookie.getValue()), str2 -> {
                ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(str2);
                if (findByRegistrationId != null) {
                    return findByRegistrationId;
                }
                AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
                Objects.requireNonNull(autoLoginMetrics);
                throw new AutoLoginException(autoLoginMetrics::payloadClientRegIdMismatch, "Unknown clientRegistrationId '" + str2 + "'");
            });
            try {
                OAuth2AuthenticationToken autoLoginAfterCookieDecode = autoLoginAfterCookieDecode(httpServletRequest, httpServletResponse, new RestoredOAuth2AuthenticationToken(deserialize.token()), deserialize.client(), orElseThrow);
                this.authRememberMeSecretService.delete(orElseThrow.identifier());
                return autoLoginAfterCookieDecode;
            } catch (Throwable th) {
                this.authRememberMeSecretService.delete(orElseThrow.identifier());
                throw th;
            }
        } catch (AutoLoginException e) {
            throw e;
        } catch (Exception e2) {
            AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
            Objects.requireNonNull(autoLoginMetrics);
            throw new AutoLoginException(autoLoginMetrics::payloadDeserializeFailed, "Unable to deserialize", e2);
        }
    }

    protected OAuth2AuthenticationToken autoLoginAfterCookieDecode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RestoredOAuth2AuthenticationToken restoredOAuth2AuthenticationToken, OAuth2AuthorizedClient oAuth2AuthorizedClient, AuthRememberMeSecret authRememberMeSecret) {
        validateDecodedData(restoredOAuth2AuthenticationToken, oAuth2AuthorizedClient, authRememberMeSecret);
        OAuth2AuthChecker.AccessTokenRefreshAuthCheckResult check = this.oAuth2AuthChecker.check(restoredOAuth2AuthenticationToken, (str, str2) -> {
            return oAuth2AuthorizedClient;
        });
        this.autoLoginMetrics.authCheckMetricsIncrement(check.outcome());
        if (check.outcome() == OAuth2AuthChecker.AuthCheckOutcome.DE_AUTH) {
            throw new AutoLoginException(null, "AuthCheckResult DE-AUTH");
        }
        try {
            RestoredOAuth2AuthenticationToken restoredOAuth2AuthenticationToken2 = new RestoredOAuth2AuthenticationToken(restoredOAuth2AuthenticationToken, (OAuth2User) this.enrichUserOnLoad.apply(restoredOAuth2AuthenticationToken.getPrincipal()));
            LOG.debug("Restored auth[principal='{}'] from cookie; Re-Encrypting...", restoredOAuth2AuthenticationToken2.getName());
            OAuth2AuthorizedClient newClient = check instanceof OAuth2AuthChecker.AccessTokenRefreshAuthCheckResult ? check.newClient() : oAuth2AuthorizedClient;
            this.clientService.saveAuthorizedClient(newClient, restoredOAuth2AuthenticationToken2);
            saveAuthToCookie(httpServletRequest, httpServletResponse, restoredOAuth2AuthenticationToken2, newClient, false);
            return restoredOAuth2AuthenticationToken2;
        } catch (OAuth2AuthenticationException e) {
            throw new AutoLoginException(null, "Failed to enrich user", e);
        }
    }

    protected void validateDecodedData(OAuth2AuthenticationToken oAuth2AuthenticationToken, OAuth2AuthorizedClient oAuth2AuthorizedClient, AuthRememberMeSecret authRememberMeSecret) {
        String emailAttribute = OAuth2AuthenticationTokenUtil.getEmailAttribute(oAuth2AuthenticationToken);
        if (!authRememberMeSecret.userEmailAddress().equals(emailAttribute)) {
            AutoLoginMetrics autoLoginMetrics = this.autoLoginMetrics;
            Objects.requireNonNull(autoLoginMetrics);
            throw new AutoLoginException(autoLoginMetrics::payloadEmailMismatch, "Expected email['" + authRememberMeSecret.userEmailAddress() + "'] doesn't match found one['" + emailAttribute + "']");
        }
        if (!isOAuth2TokenUsable(oAuth2AuthorizedClient.getAccessToken(), true)) {
            AutoLoginMetrics autoLoginMetrics2 = this.autoLoginMetrics;
            Objects.requireNonNull(autoLoginMetrics2);
            throw new AutoLoginException(autoLoginMetrics2::payloadAccessTokenInvalid, "AccessToken[" + ((String) Optional.ofNullable(oAuth2AuthorizedClient.getAccessToken()).map(oAuth2AccessToken -> {
                return "expiredAt=" + String.valueOf(oAuth2AccessToken.getExpiresAt());
            }).orElse(null)) + "] is not use able");
        }
        if (isOAuth2TokenUsable(oAuth2AuthorizedClient.getRefreshToken(), false)) {
            return;
        }
        AutoLoginMetrics autoLoginMetrics3 = this.autoLoginMetrics;
        Objects.requireNonNull(autoLoginMetrics3);
        throw new AutoLoginException(autoLoginMetrics3::payloadRefreshTokenInvalid, "RefreshToken[" + ((String) Optional.ofNullable(oAuth2AuthorizedClient.getRefreshToken()).map(oAuth2RefreshToken -> {
            return "expiredAt=" + String.valueOf(oAuth2RefreshToken.getExpiresAt());
        }).orElse(null)) + "] is not usable");
    }

    protected boolean isOAuth2TokenUsable(AbstractOAuth2Token abstractOAuth2Token, boolean z) {
        if (z && abstractOAuth2Token == null) {
            return false;
        }
        Instant expiresAt = abstractOAuth2Token.getExpiresAt();
        return expiresAt == null || expiresAt.plus((TemporalAmount) this.config.getExpiration()).isAfter(Instant.now());
    }

    public void loginFail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        FastCookieFinder.findCookie(httpServletRequest, this.config.getIdCookieName()).ifPresent(cookie -> {
            Optional<String> decodeIdCookie = decodeIdCookie(cookie);
            AuthRememberMeSecretService authRememberMeSecretService = this.authRememberMeSecretService;
            Objects.requireNonNull(authRememberMeSecretService);
            decodeIdCookie.ifPresent(authRememberMeSecretService::delete);
            deleteCookie(cookie, httpServletResponse);
            FastCookieFinder.findCookie(httpServletRequest, this.config.getPayloadCookieName()).ifPresent(cookie -> {
                deleteCookie(cookie, httpServletResponse);
            });
        });
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        this.pendingCookieSaves.remove(authentication);
        loginFail(httpServletRequest, httpServletResponse);
    }

    public void loginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        saveAuthToCookie(httpServletRequest, httpServletResponse, authentication, null, true);
    }

    public void saveAuthToCookie(ServletRequest servletRequest, ServletResponse servletResponse, Authentication authentication, OAuth2AuthorizedClient oAuth2AuthorizedClient, boolean z) {
        if (this.enabled) {
            if (!(authentication instanceof OAuth2AuthenticationToken)) {
                LOG.debug("Unable to save - Invalid auth");
                return;
            }
            Authentication authentication2 = (OAuth2AuthenticationToken) authentication;
            OAuth2AuthorizedClient oAuth2AuthorizedClient2 = (OAuth2AuthorizedClient) Optional.ofNullable(oAuth2AuthorizedClient).orElseGet(() -> {
                return this.clientService.loadAuthorizedClient(authentication2.getAuthorizedClientRegistrationId(), authentication2.getPrincipal().getName());
            });
            if (oAuth2AuthorizedClient2 == null) {
                LOG.debug("Unable to save - No client");
                return;
            }
            if (oAuth2AuthorizedClient2.getRefreshToken() == null) {
                LOG.warn("Save warning - No refresh token[clientId='{}',id='{}']", authentication2.getAuthorizedClientRegistrationId(), authentication2.getName());
            }
            String emailAttribute = OAuth2AuthenticationTokenUtil.getEmailAttribute(authentication2);
            if (emailAttribute == null) {
                LOG.warn("Unable to save - No email");
                return;
            }
            RememberMeSymCryptorProvider forEncryption = this.cryptManager.forEncryption();
            AuthRememberMeSecret createNew = this.authRememberMeSecretService.createNew(RandomStringUtils.random(idCookieValueLength(), 0, 0, true, true, (char[]) null, this.random), this.cryptManager.standardEncryptionProviderIdentifier(), forEncryption.createSecretKeyFrom(this.random), emailAttribute);
            this.authRememberMeSecretService.insert(createNew);
            CookieSaveAction cookieSaveAction = new CookieSaveAction(buildCookie(this.config.getIdCookieName(), createNew.identifier()), buildCookie(this.config.getPayloadCookieName(), createCookieValueProcessor(createNew, forEncryption).writeValue(this.payloadCookieAuthSerializer.serialize(authentication2, oAuth2AuthorizedClient2))), z);
            int length = cookieSaveAction.payload().getValue().length();
            if (length > cookieValueMaxSize()) {
                LOG.warn("Payload Cookie[length={},clientRegId='{}',id='{}'] likely too large for saving", new Object[]{Integer.valueOf(length), authentication2.getAuthorizedClientRegistrationId(), authentication2.getName()});
            }
            this.pendingCookieSaves.put(authentication2, cookieSaveAction);
            tryWritePendingCookieSave(servletRequest, servletResponse, authentication2);
        }
    }

    protected Cookie buildCookie(String str, String str2) {
        Cookie cookie = new Cookie(str, str2);
        cookie.setHttpOnly(true);
        cookie.setSecure(this.cookieSecureService.isSecure());
        cookie.setMaxAge((int) this.config.getExpiration().toSeconds());
        cookie.setPath("/");
        return cookie;
    }

    public void tryWritePendingCookieSave(ServletRequest servletRequest, ServletResponse servletResponse, OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        if (this.pendingCookieSaves.containsKey(oAuth2AuthenticationToken) && (servletRequest instanceof HttpServletRequest)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (httpServletRequest.getHeader("Cookie") == null || !(servletResponse instanceof HttpServletResponse)) {
                return;
            }
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            Optional.ofNullable(this.pendingCookieSaves.remove(oAuth2AuthenticationToken)).ifPresent(cookieSaveAction -> {
                executeCookieSaveAction(httpServletRequest, httpServletResponse, cookieSaveAction);
            });
        }
    }

    protected void executeCookieSaveAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CookieSaveAction cookieSaveAction) {
        if (cookieSaveAction.tryDeleteExisting()) {
            Optional filter = FastCookieFinder.findCookie(httpServletRequest, this.config.getIdCookieName()).flatMap(this::decodeIdCookie).filter(str -> {
                return !cookieSaveAction.id().getValue().equals(str);
            });
            AuthRememberMeSecretService authRememberMeSecretService = this.authRememberMeSecretService;
            Objects.requireNonNull(authRememberMeSecretService);
            filter.ifPresent(authRememberMeSecretService::delete);
        }
        httpServletResponse.addCookie(cookieSaveAction.id());
        httpServletResponse.addCookie(cookieSaveAction.payload());
        LOG.debug("Saving cookie for auth[identifier='{}']", cookieSaveAction.id().getValue());
    }

    protected Optional<String> decodeIdCookie(Cookie cookie) {
        return Optional.ofNullable(cookie.getValue()).filter(str -> {
            return str.length() == idCookieValueLength();
        }).filter((v0) -> {
            return StringUtils.isAlphanumeric(v0);
        });
    }

    protected RememberMeClientStorageProcessor createCookieValueProcessor(AuthRememberMeSecret authRememberMeSecret, RememberMeSymCryptorProvider rememberMeSymCryptorProvider) {
        return this.clientStorageProcessorProvider.create(rememberMeSymCryptorProvider.create(authRememberMeSecret.secret()));
    }

    protected void deleteCookie(Cookie cookie, HttpServletResponse httpServletResponse) {
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
        LOG.debug("Expiring Cookie[name='{}']", cookie.getName());
    }

    public int idCookieValueLength() {
        return DEFAULT_ID_COOKIE_VALUE_LENGTH;
    }

    public int cookieValueMaxSize() {
        return DEFAULT_COOKIE_VALUE_MAX_SIZE;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    public void install(HttpSecurity httpSecurity) throws Exception {
        if (this.enabled) {
            httpSecurity.rememberMe(rememberMeConfigurer -> {
                rememberMeConfigurer.rememberMeServices(this).addObjectPostProcessor(new ObjectPostProcessor<RememberMeAuthenticationProvider>() { // from class: software.xdev.sse.oauth2.rememberme.OAuth2CookieRememberMeServices.1
                    public <O extends RememberMeAuthenticationProvider> O postProcess(O o) {
                        return new OAuth2CookieRememberMeAuthenticationProvider();
                    }
                });
            });
            LOG.debug("Installed into configurer");
        }
    }
}
