package org.apache.knox.gateway.services.token.impl;

import java.time.Instant;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.security.token.TokenStateService;
import org.apache.knox.gateway.services.security.token.TokenUtils;
import org.apache.knox.gateway.services.security.token.UnknownTokenException;
import org.apache.knox.gateway.services.security.token.impl.JWT;
import org.apache.knox.gateway.services.security.token.impl.JWTToken;

/* loaded from: input_file:org/apache/knox/gateway/services/token/impl/DefaultTokenStateService.class */
public class DefaultTokenStateService implements TokenStateService {
    protected static final long DEFAULT_RENEWAL_INTERVAL = 86400000;
    protected static final int MAX_RENEWALS = 7;
    protected static final long DEFAULT_MAX_LIFETIME = 604800000;
    protected static final TokenStateServiceMessages log = (TokenStateServiceMessages) MessagesFactory.get(TokenStateServiceMessages.class);
    private long tokenEvictionInterval;
    private long tokenEvictionGracePeriod;
    protected boolean permissiveValidationEnabled;
    private final Map<String, Long> tokenExpirations = new HashMap();
    private final Map<String, Long> maxTokenLifetimes = new HashMap();
    private final ScheduledExecutorService evictionScheduler = Executors.newScheduledThreadPool(1);

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        this.tokenEvictionInterval = gatewayConfig.getKnoxTokenEvictionInterval();
        this.tokenEvictionGracePeriod = gatewayConfig.getKnoxTokenEvictionGracePeriod();
        this.permissiveValidationEnabled = gatewayConfig.isKnoxTokenPermissiveValidationEnabled();
    }

    public void start() throws ServiceLifecycleException {
        if (this.tokenEvictionInterval > 0) {
            this.evictionScheduler.scheduleAtFixedRate(() -> {
                evictExpiredTokens();
            }, this.tokenEvictionInterval, this.tokenEvictionInterval, TimeUnit.SECONDS);
        }
    }

    public void stop() throws ServiceLifecycleException {
        this.evictionScheduler.shutdown();
    }

    public long getDefaultRenewInterval() {
        return DEFAULT_RENEWAL_INTERVAL;
    }

    public long getDefaultMaxLifetimeDuration() {
        return DEFAULT_MAX_LIFETIME;
    }

    public void addToken(JWTToken jWTToken, long j) {
        if (jWTToken == null) {
            throw new IllegalArgumentException("Token cannot be null.");
        }
        addToken(TokenUtils.getTokenId(jWTToken), j, jWTToken.getExpiresDate().getTime());
    }

    public void addToken(String str, long j, long j2) {
        addToken(str, j, j2, getDefaultMaxLifetimeDuration());
    }

    public void addToken(String str, long j, long j2, long j3) {
        if (!isValidIdentifier(str)) {
            throw new IllegalArgumentException("Token identifier cannot be null.");
        }
        synchronized (this.tokenExpirations) {
            this.tokenExpirations.put(str, Long.valueOf(j2));
        }
        setMaxLifetime(str, j, j3);
        log.addedToken(str, getTimestampDisplay(j2));
    }

    public long getTokenExpiration(JWT jwt) throws UnknownTokenException {
        String expires;
        long j = -1;
        try {
            j = getTokenExpiration(TokenUtils.getTokenId(jwt));
        } catch (UnknownTokenException e) {
            if (this.permissiveValidationEnabled && (expires = jwt.getExpires()) != null) {
                log.permissiveTokenHandling(TokenUtils.getTokenId(jwt), e.getMessage());
                j = Long.parseLong(expires);
            }
            if (j == -1) {
                throw e;
            }
        }
        return j;
    }

    public long getTokenExpiration(String str) throws UnknownTokenException {
        long longValue;
        validateToken(str);
        synchronized (this.tokenExpirations) {
            longValue = this.tokenExpirations.get(str).longValue();
        }
        return longValue;
    }

    public long renewToken(JWTToken jWTToken) throws UnknownTokenException {
        return renewToken(jWTToken, DEFAULT_RENEWAL_INTERVAL);
    }

    public long renewToken(JWTToken jWTToken, long j) throws UnknownTokenException {
        if (jWTToken == null) {
            throw new IllegalArgumentException("Token cannot be null.");
        }
        return renewToken(TokenUtils.getTokenId(jWTToken), j);
    }

    public long renewToken(String str) throws UnknownTokenException {
        return renewToken(str, DEFAULT_RENEWAL_INTERVAL);
    }

    public long renewToken(String str, long j) throws UnknownTokenException {
        validateToken(str);
        if (!hasRemainingRenewals(str, j)) {
            log.renewalLimitExceeded(str);
            throw new IllegalArgumentException("The renewal limit for the token has been exceeded");
        }
        long currentTimeMillis = System.currentTimeMillis() + j;
        updateExpiration(str, currentTimeMillis);
        log.renewedToken(str, getTimestampDisplay(currentTimeMillis));
        return currentTimeMillis;
    }

    public void revokeToken(JWTToken jWTToken) throws UnknownTokenException {
        if (jWTToken == null) {
            throw new IllegalArgumentException("Token cannot be null.");
        }
        revokeToken(TokenUtils.getTokenId(jWTToken));
    }

    public void revokeToken(String str) throws UnknownTokenException {
        removeToken(str);
        log.revokedToken(str);
    }

    public boolean isExpired(JWTToken jWTToken) throws UnknownTokenException {
        return getTokenExpiration((JWT) jWTToken) <= System.currentTimeMillis();
    }

    protected void setMaxLifetime(String str, long j, long j2) {
        synchronized (this.maxTokenLifetimes) {
            this.maxTokenLifetimes.put(str, Long.valueOf(j + j2));
        }
    }

    protected boolean isUnknown(String str) {
        boolean z;
        synchronized (this.tokenExpirations) {
            z = !this.tokenExpirations.containsKey(str);
        }
        return z;
    }

    protected void updateExpiration(String str, long j) {
        synchronized (this.tokenExpirations) {
            this.tokenExpirations.replace(str, Long.valueOf(j));
        }
    }

    protected void removeToken(String str) throws UnknownTokenException {
        validateToken(str);
        synchronized (this.tokenExpirations) {
            this.tokenExpirations.remove(str);
        }
        synchronized (this.maxTokenLifetimes) {
            this.maxTokenLifetimes.remove(str);
        }
        log.removedTokenState(str);
    }

    protected boolean hasRemainingRenewals(String str, long j) {
        return (System.currentTimeMillis() + 30000) + j < getMaxLifetime(str);
    }

    protected long getMaxLifetime(String str) {
        long longValue;
        synchronized (this.maxTokenLifetimes) {
            longValue = this.maxTokenLifetimes.getOrDefault(str, 0L).longValue();
        }
        return longValue;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidIdentifier(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateToken(String str) throws IllegalArgumentException, UnknownTokenException {
        if (!isValidIdentifier(str)) {
            throw new IllegalArgumentException("Token identifier cannot be null.");
        }
        if (isUnknown(str)) {
            log.unknownToken(str);
            throw new UnknownTokenException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTimestampDisplay(long j) {
        return Instant.ofEpochMilli(j).toString();
    }

    protected void evictExpiredTokens() {
        for (String str : getTokens()) {
            try {
                if (needsEviction(str)) {
                    log.evictToken(str);
                    removeToken(str);
                }
            } catch (Exception e) {
                log.failedExpiredTokenEviction(str, e);
            }
        }
    }

    protected boolean needsEviction(String str) throws UnknownTokenException {
        long maxLifetime = getMaxLifetime(str);
        if (maxLifetime <= 0) {
            throw new UnknownTokenException(str);
        }
        return maxLifetime + TimeUnit.SECONDS.toMillis(this.tokenEvictionGracePeriod) <= System.currentTimeMillis();
    }

    protected List<String> getTokens() {
        return (List) this.tokenExpirations.keySet().stream().collect(Collectors.toList());
    }
}
