package com.microsoft.aad.msal4j;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.annotations.SerializedName;
import com.google.gson.internal.LinkedTreeMap;
import com.microsoft.aad.msal4j.AuthenticationResult;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.function.Predicate;
import java.util.stream.Collectors;

/* loaded from: input_file:com/microsoft/aad/msal4j/TokenCache.class */
public class TokenCache {
    public static final int MIN_ACCESS_TOKEN_EXPIRE_IN_SEC = 300;

    @SerializedName("AccessToken")
    Map<String, AccessTokenCacheEntity> accessTokens;

    @SerializedName("RefreshToken")
    Map<String, RefreshTokenCacheEntity> refreshTokens;

    @SerializedName("IdToken")
    Map<String, IdTokenCacheEntity> idTokens;

    @SerializedName("Account")
    Map<String, Account> accounts;
    private ITokenCacheAccessAspect tokenCacheAccessAspect;
    private String serializedCachedData;

    public TokenCache(ITokenCacheAccessAspect iTokenCacheAccessAspect) {
        this();
        this.tokenCacheAccessAspect = iTokenCacheAccessAspect;
    }

    public TokenCache() {
        this.accessTokens = new LinkedTreeMap();
        this.refreshTokens = new LinkedTreeMap();
        this.idTokens = new LinkedTreeMap();
        this.accounts = new LinkedTreeMap();
    }

    public void deserializeAndLoadToCache(String str) {
        if (StringHelper.isBlank(str)) {
            return;
        }
        this.serializedCachedData = str;
        TokenCache tokenCache = (TokenCache) new GsonBuilder().create().fromJson(str, TokenCache.class);
        this.accounts = tokenCache.accounts;
        this.accessTokens = tokenCache.accessTokens;
        this.refreshTokens = tokenCache.refreshTokens;
        this.idTokens = tokenCache.idTokens;
    }

    public String serialize() {
        if (StringHelper.isBlank(this.serializedCachedData)) {
            return new GsonBuilder().create().toJson(this);
        }
        Map map = (Map) new Gson().fromJson(this.serializedCachedData, Object.class);
        map.put("AccessToken", this.accessTokens);
        map.put("RefreshToken", this.refreshTokens);
        map.put("IdToken", this.idTokens);
        map.put("Account", this.accounts);
        return new GsonBuilder().create().toJson(map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveTokens(TokenRequest tokenRequest, AuthenticationResult authenticationResult, String str) {
        if (this.tokenCacheAccessAspect != null) {
            this.tokenCacheAccessAspect.beforeCacheAccess(TokenCacheAccessContext.builder().clientId(tokenRequest.getMsalRequest().application().clientId()).tokenCache(this).build());
        }
        if (!StringHelper.isBlank(authenticationResult.accessToken())) {
            AccessTokenCacheEntity createAccessTokenCacheEntity = createAccessTokenCacheEntity(tokenRequest, authenticationResult, str);
            this.accessTokens.put(createAccessTokenCacheEntity.getKey(), createAccessTokenCacheEntity);
        }
        if (!StringHelper.isBlank(authenticationResult.refreshToken())) {
            RefreshTokenCacheEntity createRefreshTokenCacheEntity = createRefreshTokenCacheEntity(tokenRequest, authenticationResult, str);
            this.refreshTokens.put(createRefreshTokenCacheEntity.getKey(), createRefreshTokenCacheEntity);
        }
        if (!StringHelper.isBlank(authenticationResult.idToken())) {
            IdTokenCacheEntity createIdTokenCacheEntity = createIdTokenCacheEntity(tokenRequest, authenticationResult, str);
            this.idTokens.put(createIdTokenCacheEntity.getKey(), createIdTokenCacheEntity);
            Account account = authenticationResult.account();
            account.environment(str);
            this.accounts.put(account.getKey(), account);
        }
        if (this.tokenCacheAccessAspect != null) {
            this.tokenCacheAccessAspect.afterCacheAccess(TokenCacheAccessContext.builder().clientId(tokenRequest.getMsalRequest().application().clientId()).tokenCache(this).isCacheChanged(true).build());
        }
    }

    static RefreshTokenCacheEntity createRefreshTokenCacheEntity(TokenRequest tokenRequest, AuthenticationResult authenticationResult, String str) {
        RefreshTokenCacheEntity refreshTokenCacheEntity = new RefreshTokenCacheEntity();
        if (authenticationResult.account() != null) {
            refreshTokenCacheEntity.homeAccountId(authenticationResult.account().homeAccountId);
        }
        refreshTokenCacheEntity.environment(str);
        refreshTokenCacheEntity.clientId(tokenRequest.getMsalRequest().application().clientId());
        refreshTokenCacheEntity.secret(authenticationResult.refreshToken());
        return refreshTokenCacheEntity;
    }

    static AccessTokenCacheEntity createAccessTokenCacheEntity(TokenRequest tokenRequest, AuthenticationResult authenticationResult, String str) {
        AccessTokenCacheEntity accessTokenCacheEntity = new AccessTokenCacheEntity();
        if (authenticationResult.account() != null) {
            accessTokenCacheEntity.homeAccountId(authenticationResult.account().homeAccountId);
        }
        accessTokenCacheEntity.environment(str);
        accessTokenCacheEntity.clientId(tokenRequest.getMsalRequest().application().clientId());
        accessTokenCacheEntity.secret(authenticationResult.accessToken());
        IdToken idTokenObject = authenticationResult.idTokenObject();
        if (idTokenObject != null) {
            accessTokenCacheEntity.realm(idTokenObject.tenantIdentifier);
        }
        accessTokenCacheEntity.target(!StringHelper.isBlank(authenticationResult.scopes()) ? authenticationResult.scopes() : tokenRequest.getMsalRequest().msalAuthorizationGrant().getScopes());
        accessTokenCacheEntity.cachedAt(Long.toString(System.currentTimeMillis() / 1000));
        accessTokenCacheEntity.expiresOn(Long.toString(authenticationResult.expiresOn()));
        if (authenticationResult.extExpiresOn() > 0) {
            accessTokenCacheEntity.extExpiresOn(Long.toString(authenticationResult.extExpiresOn()));
        }
        return accessTokenCacheEntity;
    }

    static IdTokenCacheEntity createIdTokenCacheEntity(TokenRequest tokenRequest, AuthenticationResult authenticationResult, String str) {
        IdTokenCacheEntity idTokenCacheEntity = new IdTokenCacheEntity();
        if (authenticationResult.account() != null) {
            idTokenCacheEntity.homeAccountId(authenticationResult.account().homeAccountId);
        }
        idTokenCacheEntity.environment(str);
        idTokenCacheEntity.clientId(tokenRequest.getMsalRequest().application().clientId());
        idTokenCacheEntity.secret(authenticationResult.idToken());
        IdToken idTokenObject = authenticationResult.idTokenObject();
        if (idTokenObject != null) {
            idTokenCacheEntity.setRealm(idTokenObject.tenantIdentifier);
        }
        return idTokenCacheEntity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<Account> getAccounts(String str, Set<String> set) {
        TokenCacheAccessContext tokenCacheAccessContext = null;
        if (this.tokenCacheAccessAspect != null) {
            tokenCacheAccessContext = TokenCacheAccessContext.builder().clientId(str).tokenCache(this).build();
            this.tokenCacheAccessAspect.beforeCacheAccess(tokenCacheAccessContext);
        }
        Collection<Account> collection = (Collection) this.accounts.values().stream().filter(account -> {
            return set.contains(account.environment) && this.refreshTokens.values().stream().anyMatch(refreshTokenCacheEntity -> {
                return refreshTokenCacheEntity.homeAccountId.equals(account.homeAccountId) && refreshTokenCacheEntity.environment.equals(account.environment) && refreshTokenCacheEntity.clientId.equals(str);
            });
        }).collect(Collectors.toList());
        if (this.tokenCacheAccessAspect != null) {
            this.tokenCacheAccessAspect.afterCacheAccess(tokenCacheAccessContext);
        }
        return collection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeAccount(String str, Account account, Set<String> set) {
        TokenCacheAccessContext tokenCacheAccessContext = null;
        if (this.tokenCacheAccessAspect != null) {
            tokenCacheAccessContext = TokenCacheAccessContext.builder().clientId(str).tokenCache(this).build();
            this.tokenCacheAccessAspect.beforeCacheAccess(tokenCacheAccessContext);
        }
        Predicate<? super Map.Entry<String, AccessTokenCacheEntity>> predicate = entry -> {
            return ((Credential) entry.getValue()).homeAccountId().equals(account.homeAccountId) && set.contains(((Credential) entry.getValue()).environment);
        };
        this.accessTokens.entrySet().removeIf(predicate);
        this.refreshTokens.entrySet().removeIf(predicate);
        this.idTokens.entrySet().removeIf(predicate);
        if (this.tokenCacheAccessAspect != null) {
            this.tokenCacheAccessAspect.afterCacheAccess(tokenCacheAccessContext);
        }
    }

    boolean isMatchingScopes(AccessTokenCacheEntity accessTokenCacheEntity, Set<String> set) {
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        treeSet.addAll(Arrays.asList(accessTokenCacheEntity.target().split(" ")));
        return treeSet.containsAll(set);
    }

    Optional<AccessTokenCacheEntity> getAccessTokenCacheEntity(Account account, Authority authority, Set<String> set, String str, Set<String> set2) {
        long time = new Date().getTime() / 1000;
        return this.accessTokens.values().stream().filter(accessTokenCacheEntity -> {
            return accessTokenCacheEntity.homeAccountId.equals(account.homeAccountId) && set2.contains(accessTokenCacheEntity.environment) && Long.parseLong(accessTokenCacheEntity.expiresOn()) > time + 300 && accessTokenCacheEntity.realm.equals(authority.tenant()) && accessTokenCacheEntity.clientId.equals(str) && isMatchingScopes(accessTokenCacheEntity, set);
        }).findAny();
    }

    Optional<IdTokenCacheEntity> getIdTokenCacheEntity(Account account, Authority authority, String str, Set<String> set) {
        return this.idTokens.values().stream().filter(idTokenCacheEntity -> {
            return idTokenCacheEntity.homeAccountId.equals(account.homeAccountId) && set.contains(idTokenCacheEntity.environment) && idTokenCacheEntity.realm.equals(authority.tenant()) && idTokenCacheEntity.clientId.equals(str);
        }).findAny();
    }

    Optional<RefreshTokenCacheEntity> getRefreshTokenCacheEntity(Account account, String str, Set<String> set) {
        return this.refreshTokens.values().stream().filter(refreshTokenCacheEntity -> {
            return refreshTokenCacheEntity.homeAccountId.equals(account.homeAccountId) && set.contains(refreshTokenCacheEntity.environment) && refreshTokenCacheEntity.clientId.equals(str);
        }).findAny();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult getAuthenticationResult(Account account, Authority authority, Set<String> set, String str) {
        TokenCacheAccessContext tokenCacheAccessContext = null;
        if (this.tokenCacheAccessAspect != null) {
            tokenCacheAccessContext = TokenCacheAccessContext.builder().clientId(str).tokenCache(this).account(account).build();
            this.tokenCacheAccessAspect.beforeCacheAccess(tokenCacheAccessContext);
        }
        Set<String> aliasesSet = AadInstanceDiscovery.cache.get(account.environment).getAliasesSet();
        Optional<AccessTokenCacheEntity> accessTokenCacheEntity = getAccessTokenCacheEntity(account, authority, set, str, aliasesSet);
        Optional<IdTokenCacheEntity> idTokenCacheEntity = getIdTokenCacheEntity(account, authority, str, aliasesSet);
        Optional<RefreshTokenCacheEntity> refreshTokenCacheEntity = getRefreshTokenCacheEntity(account, str, aliasesSet);
        if (this.tokenCacheAccessAspect != null) {
            this.tokenCacheAccessAspect.afterCacheAccess(tokenCacheAccessContext);
        }
        AuthenticationResult.AuthenticationResultBuilder builder = AuthenticationResult.builder();
        if (accessTokenCacheEntity.isPresent()) {
            builder.accessToken(accessTokenCacheEntity.get().secret).expiresOn(Long.parseLong(accessTokenCacheEntity.get().expiresOn()));
        }
        if (idTokenCacheEntity.isPresent()) {
            builder.idToken(idTokenCacheEntity.get().secret);
        }
        if (refreshTokenCacheEntity.isPresent()) {
            builder.refreshToken(refreshTokenCacheEntity.get().secret);
        }
        builder.account(account);
        builder.environment(authority.host());
        return builder.build();
    }
}
