package org.springmad.security.config;

import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.jwt.crypto.sign.SignatureVerifier;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springmad.security.oauth2.OAuth2SignatureVerifierClient;

/* loaded from: input_file:org/springmad/security/config/OAuth2JwtAccessTokenConverter.class */
public class OAuth2JwtAccessTokenConverter extends JwtAccessTokenConverter {
    private final Logger log = LoggerFactory.getLogger(OAuth2JwtAccessTokenConverter.class);
    private final OAuth2Properties oAuth2Properties;
    private final OAuth2SignatureVerifierClient signatureVerifierClient;
    private long lastKeyFetchTimestamp;

    public OAuth2JwtAccessTokenConverter(OAuth2Properties oAuth2Properties, OAuth2SignatureVerifierClient oAuth2SignatureVerifierClient) {
        this.oAuth2Properties = oAuth2Properties;
        this.signatureVerifierClient = oAuth2SignatureVerifierClient;
        tryCreateSignatureVerifier();
    }

    protected Map<String, Object> decode(String str) {
        try {
            long ttl = this.oAuth2Properties.getSignatureVerification().getTtl();
            if (ttl <= 0 || System.currentTimeMillis() - this.lastKeyFetchTimestamp <= ttl) {
                return super.decode(str);
            }
            throw new InvalidTokenException("public key expired");
        } catch (InvalidTokenException e) {
            if (tryCreateSignatureVerifier()) {
                return super.decode(str);
            }
            throw e;
        }
    }

    private boolean tryCreateSignatureVerifier() {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this.lastKeyFetchTimestamp < this.oAuth2Properties.getSignatureVerification().getPublicKeyRefreshRateLimit()) {
            return false;
        }
        try {
            SignatureVerifier signatureVerifier = this.signatureVerifierClient.getSignatureVerifier();
            if (signatureVerifier == null) {
                return false;
            }
            setVerifier(signatureVerifier);
            this.lastKeyFetchTimestamp = currentTimeMillis;
            this.log.debug("Public key retrieved from OAuth2 server to create SignatureVerifier");
            return true;
        } catch (Throwable th) {
            this.log.error("could not get public key from OAuth2 server to create SignatureVerifier", th);
            return false;
        }
    }

    public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
        OAuth2Authentication extractAuthentication = super.extractAuthentication(map);
        extractAuthentication.setDetails(map);
        return extractAuthentication;
    }
}
