package com.elitescloud.cloudt.authorization.api.provider.security.generator.token;

import com.elitescloud.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitescloud.cloudt.authorization.sdk.cas.model.OAuthToken;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.Collections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwsHeader;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/security/generator/token/JwtTokenGenerator.class */
public class JwtTokenGenerator implements TokenGenerator {
    private static final Logger a = LogManager.getLogger(JwtTokenGenerator.class);
    private static final String b = "cloudt";
    private final AuthorizationProperties c;
    private final JwtEncoder d;
    private OAuth2TokenCustomizer<JwtEncodingContext> e;

    public JwtTokenGenerator(AuthorizationProperties authorizationProperties, JwtEncoder jwtEncoder) {
        this.c = authorizationProperties;
        this.d = jwtEncoder;
    }

    @Override // com.elitescloud.cloudt.authorization.api.provider.security.generator.token.TokenGenerator
    public OAuthToken generate(Authentication authentication) {
        return a(a(authentication));
    }

    public void setTokenCustomizer(OAuth2TokenCustomizer<JwtEncodingContext> oAuth2TokenCustomizer) {
        this.e = oAuth2TokenCustomizer;
    }

    private Jwt a(Authentication authentication) {
        Duration a2;
        Instant now = Instant.now();
        JwtClaimsSet.Builder issuedAt = JwtClaimsSet.builder().issuer(b).subject(authentication.getName()).audience(Collections.singletonList(authentication.getName())).issuedAt(now);
        if ((this.c.getTokenRenewal() == null || this.c.getTokenRenewal().toSeconds() < 1) && (a2 = a()) != null) {
            issuedAt.expiresAt(now.plus((TemporalAmount) a2));
        }
        JwsHeader.Builder with = JwsHeader.with(SignatureAlgorithm.RS256);
        JwtEncodingContext build = JwtEncodingContext.with(with, issuedAt).principal(authentication).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).build();
        if (this.e != null) {
            this.e.customize(build);
        }
        return this.d.encode(JwtEncoderParameters.from(with.build(), issuedAt.build()));
    }

    private OAuthToken a(Jwt jwt) {
        OAuthToken oAuthToken = new OAuthToken();
        oAuthToken.setAccessToken(jwt.getTokenValue());
        oAuthToken.setTokenType(OAuth2AccessToken.TokenType.BEARER.getValue());
        if (jwt.getExpiresAt() == null) {
            oAuthToken.setExpiresIn(-1L);
        } else {
            oAuthToken.setExpiresIn(Long.valueOf(ChronoUnit.SECONDS.between(Instant.now(), jwt.getExpiresAt())));
        }
        oAuthToken.setScope(Collections.emptySet());
        oAuthToken.setRefreshToken((String) null);
        return oAuthToken;
    }

    private Duration a() {
        if (this.c.getTokenTtl() == null || this.c.getTokenTtl().getSeconds() <= 0) {
            return null;
        }
        return this.c.getTokenTtl();
    }
}
