package com.ibm.ws.security.jwt.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.structures.CacheEntry;
import com.ibm.ws.security.common.structures.SingleTableCache;
import com.ibm.ws.security.jwt.config.JwtConsumerConfig;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.JwtContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/jwt/internal/JwtCache.class */
public class JwtCache extends SingleTableCache {
    private static final TraceComponent tc = Tr.register(JwtCache.class, "JWTBUILDER", "com.ibm.ws.security.jwt.internal.resources.JWTMessages");
    static final int DEFAULT_ENTRY_LIMIT = 500;
    private final JwtConsumerConfig config;
    static final long serialVersionUID = -7986219924430484784L;

    public JwtCache(long j, JwtConsumerConfig jwtConsumerConfig) {
        super(DEFAULT_ENTRY_LIMIT, j);
        this.config = jwtConsumerConfig;
    }

    public synchronized Object get(@Sensitive String str) {
        JwtContext jwtContext = (JwtContext) super.get(str);
        if (jwtContext == null || isJwtExpired(jwtContext)) {
            return null;
        }
        return jwtContext;
    }

    protected synchronized void evictStaleEntries() {
        super.evictStaleEntries();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry : this.lookupTable.entrySet()) {
            String str = (String) entry.getKey();
            JwtContext jwtContext = (JwtContext) ((CacheEntry) entry.getValue()).getValue();
            if (jwtContext == null || isJwtExpired(jwtContext)) {
                arrayList.add(str);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            this.lookupTable.remove((String) it.next());
        }
    }

    @FFDCIgnore({MalformedClaimException.class})
    public boolean isJwtExpired(JwtContext jwtContext) {
        JwtClaims jwtClaims = jwtContext.getJwtClaims();
        if (jwtClaims == null) {
            return true;
        }
        try {
            NumericDate expirationTime = jwtClaims.getExpirationTime();
            if (expirationTime == null) {
                return true;
            }
            return System.currentTimeMillis() > expirationTime.getValueInMillis() + this.config.getClockSkew();
        } catch (MalformedClaimException e) {
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Caught exception getting expiration time for JWT: " + e, new Object[0]);
            return true;
        }
    }
}
