package com.elitesland.cloudt.authorization.api.provider.security.handler;

import com.elitesland.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitesland.cloudt.authorization.api.client.config.security.handler.DefaultAuthenticationSuccessHandler;
import com.elitesland.cloudt.authorization.api.client.config.support.AuthenticationCache;
import com.elitesland.cloudt.authorization.api.client.model.OAuthToken;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.NonNull;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwsHeader;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;

/* loaded from: input_file:com/elitesland/cloudt/authorization/api/provider/security/handler/JwtAuthenticationSuccessHandler.class */
public class JwtAuthenticationSuccessHandler extends DefaultAuthenticationSuccessHandler {
    private static final String ISSUER_DEFAULT = "cloudt";
    private final JwtEncoder jwtEncoder;
    private OAuth2TokenCustomizer<JwtEncodingContext> tokenCustomizer;

    public JwtAuthenticationSuccessHandler(AuthorizationProperties authorizationProperties, AuthenticationCache authenticationCache, @NonNull JwtEncoder jwtEncoder) {
        super(authorizationProperties, authenticationCache);
        this.jwtEncoder = jwtEncoder;
    }

    protected Object convertResponseResult(HttpServletRequest httpServletRequest, Authentication authentication) {
        return convertToken(generateJwt(authentication));
    }

    protected String generateCacheKey(HttpServletRequest httpServletRequest, Object obj, Authentication authentication) {
        return ((OAuthToken) obj).getAccessToken();
    }

    private Jwt generateJwt(Authentication authentication) {
        Instant now = Instant.now();
        JwtClaimsSet.Builder expiresAt = JwtClaimsSet.builder().issuer(ISSUER_DEFAULT).subject(authentication.getName()).audience(Collections.singletonList(authentication.getName())).issuedAt(now).expiresAt(now.plus(30L, (TemporalUnit) ChronoUnit.MINUTES));
        JwsHeader.Builder with = JwsHeader.with(SignatureAlgorithm.RS256);
        JwtEncodingContext build = JwtEncodingContext.with(with, expiresAt).principal(authentication).tokenType(OAuth2TokenType.ACCESS_TOKEN).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).build();
        if (this.tokenCustomizer != null) {
            this.tokenCustomizer.customize(build);
        }
        return this.jwtEncoder.encode(JwtEncoderParameters.from(with.build(), expiresAt.build()));
    }

    public void setTokenCustomizer(OAuth2TokenCustomizer<JwtEncodingContext> oAuth2TokenCustomizer) {
        this.tokenCustomizer = oAuth2TokenCustomizer;
    }

    private OAuthToken convertToken(Jwt jwt) {
        OAuthToken oAuthToken = new OAuthToken();
        oAuthToken.setAccessToken(jwt.getTokenValue());
        oAuthToken.setTokenType(OAuth2AccessToken.TokenType.BEARER.getValue());
        oAuthToken.setExpiresIn(Long.valueOf(ChronoUnit.SECONDS.between(Instant.now(), jwt.getExpiresAt())));
        oAuthToken.setScope(Collections.emptySet());
        oAuthToken.setRefreshToken((String) null);
        return oAuthToken;
    }
}
