package org.apereo.cas.support.oauth.web.mgmt;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import java.util.Collection;
import java.util.Comparator;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.actuate.endpoint.annotation.DeleteOperation;
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
import org.springframework.boot.actuate.endpoint.annotation.Selector;

@Endpoint(id = "oauthTokens", enableByDefault = false)
/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.10.jar:org/apereo/cas/support/oauth/web/mgmt/OAuth20TokenManagementEndpoint.class */
public class OAuth20TokenManagementEndpoint extends BaseCasActuatorEndpoint {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) OAuth20TokenManagementEndpoint.class);
    private final TicketRegistry ticketRegistry;
    private final JwtBuilder accessTokenJwtBuilder;

    public OAuth20TokenManagementEndpoint(CasConfigurationProperties casConfigurationProperties, TicketRegistry ticketRegistry, JwtBuilder jwtBuilder) {
        super(casConfigurationProperties);
        this.ticketRegistry = ticketRegistry;
        this.accessTokenJwtBuilder = jwtBuilder;
    }

    @ReadOperation
    @Operation(summary = "Get access and/or refresh tokens")
    public Collection<Ticket> getTokens() {
        return (Collection) this.ticketRegistry.getTickets(ticket -> {
            return ((ticket instanceof OAuth20AccessToken) || (ticket instanceof OAuth20RefreshToken)) && !ticket.isExpired();
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getId();
        })).collect(Collectors.toList());
    }

    @ReadOperation
    @Operation(summary = "Get single token by id", parameters = {@Parameter(name = "token", required = true)})
    public Ticket getToken(@Selector String str) {
        try {
            return this.ticketRegistry.getTicket(extractAccessTokenFrom(str), Ticket.class);
        } catch (Exception e) {
            LOGGER.debug("Ticket [{}] is has expired or cannot be found", str);
            return null;
        }
    }

    @DeleteOperation
    @Operation(summary = "Delete token by id", parameters = {@Parameter(name = "ticketId", required = true)})
    public void deleteToken(@Selector String str) throws Exception {
        Ticket token = getToken(str);
        if (token != null) {
            this.ticketRegistry.deleteTicket(token.getId());
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder$OAuth20JwtAccessTokenEncoderBuilder] */
    private String extractAccessTokenFrom(String str) {
        return OAuth20JwtAccessTokenEncoder.builder().accessTokenJwtBuilder(this.accessTokenJwtBuilder).build().decode(str);
    }
}
