package com.ibm.ws.security.openidconnect.client.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.clients.common.OidcClientConfig;
import com.ibm.ws.webcontainer.security.ProviderAuthenticationResult;
import java.util.Hashtable;
import java.util.Map;
import javax.security.auth.Subject;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/openidconnect/client/internal/AccessTokenCacheHelper.class */
public class AccessTokenCacheHelper {
    private static final TraceComponent tc = Tr.register(AccessTokenCacheHelper.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.client.internal.resources.OidcClientMessages");
    static final long serialVersionUID = -7828145001940865695L;

    public ProviderAuthenticationResult getCachedTokenAuthenticationResult(OidcClientConfig oidcClientConfig, String str) {
        ProviderAuthenticationResult providerAuthenticationResult;
        if (!oidcClientConfig.getAccessTokenCacheEnabled() || !oidcClientConfig.getTokenReuse() || (providerAuthenticationResult = (ProviderAuthenticationResult) oidcClientConfig.getCache().get(str)) == null || isTokenInCachedResultExpired(providerAuthenticationResult, oidcClientConfig)) {
            return null;
        }
        return new ProviderAuthenticationResult(providerAuthenticationResult.getStatus(), providerAuthenticationResult.getHttpStatusCode(), providerAuthenticationResult.getUserName(), recreateSubject(providerAuthenticationResult.getSubject()), providerAuthenticationResult.getCustomProperties(), providerAuthenticationResult.getRedirectUrl());
    }

    public void cacheTokenAuthenticationResult(OidcClientConfig oidcClientConfig, String str, ProviderAuthenticationResult providerAuthenticationResult) {
        if (oidcClientConfig.getAccessTokenCacheEnabled()) {
            oidcClientConfig.getCache().put(str, providerAuthenticationResult);
        }
    }

    boolean isTokenInCachedResultExpired(ProviderAuthenticationResult providerAuthenticationResult, OidcClientConfig oidcClientConfig) {
        Hashtable<String, Object> customProperties = providerAuthenticationResult.getCustomProperties();
        if (customProperties == null || customProperties.isEmpty()) {
            if (!tc.isDebugEnabled()) {
                return true;
            }
            Tr.debug(tc, "Custom properties were null or empty", new Object[0]);
            return true;
        }
        long tokenExpirationFromCustomProperties = getTokenExpirationFromCustomProperties(customProperties);
        long clockSkewInSeconds = oidcClientConfig.getClockSkewInSeconds();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Current system time: " + currentTimeMillis + ", token expiration time: " + tokenExpirationFromCustomProperties + ", clockSkew: " + clockSkewInSeconds, new Object[0]);
        }
        return currentTimeMillis > tokenExpirationFromCustomProperties + clockSkewInSeconds;
    }

    @FFDCIgnore({Exception.class})
    long getTokenExpirationFromCustomProperties(Hashtable<String, Object> hashtable) {
        if (hashtable == null || hashtable.isEmpty() || !hashtable.containsKey("access_token_info")) {
            return 0L;
        }
        try {
            Map map = (Map) hashtable.get("access_token_info");
            if (map != null && map.containsKey("exp")) {
                return ((Long) map.get("exp")).longValue();
            }
            return 0L;
        } catch (Exception e) {
            if (!tc.isDebugEnabled()) {
                return 0L;
            }
            Tr.debug(tc, "Failed to obtain expiration time from customer properties: " + e, new Object[0]);
            return 0L;
        }
    }

    Subject recreateSubject(Subject subject) {
        Subject subject2 = new Subject();
        if (subject != null) {
            subject2.getPrincipals().addAll(subject.getPrincipals());
            subject2.getPublicCredentials().addAll(subject.getPublicCredentials());
            subject2.getPrivateCredentials().addAll(subject.getPrivateCredentials());
        }
        return subject2;
    }
}
