package com.mulesoft.modules.oauth2.provider.internal.token;

import com.mulesoft.modules.oauth2.provider.api.AuthorizationRequest;
import com.mulesoft.modules.oauth2.provider.api.Constants;
import com.mulesoft.modules.oauth2.provider.api.ResourceOwnerAuthentication;
import com.mulesoft.modules.oauth2.provider.api.token.AccessTokenStoreHolder;
import com.mulesoft.modules.oauth2.provider.api.token.Token;
import com.mulesoft.modules.oauth2.provider.api.token.TokenStore;
import com.mulesoft.modules.oauth2.provider.api.token.generator.RefreshTokenStrategy;
import com.mulesoft.modules.oauth2.provider.api.token.generator.TokenGeneratorStrategy;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.api.util.StringUtils;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/internal/token/TokenManager.class */
public class TokenManager {
    private final TokenStore tokenStore;
    private final TokenGeneratorStrategy tokenGeneratorStrategy;
    private final RefreshTokenStrategy refreshTokenStrategy;
    private final long tokenExpirationInterval;
    private final TimeUnit tokenExpirationIntervalTimeUnit;

    public TokenManager(TokenStore tokenStore, TokenGeneratorStrategy tokenGeneratorStrategy, RefreshTokenStrategy refreshTokenStrategy, long j, TimeUnit timeUnit) {
        Preconditions.checkArgument(tokenStore != null, "tokenStore can't be null");
        Preconditions.checkArgument(tokenGeneratorStrategy != null, "tokenGeneratorStrategy can't be null");
        Preconditions.checkArgument(timeUnit != null, "token expiration interval time unit can't be null");
        this.tokenStore = tokenStore;
        this.tokenGeneratorStrategy = tokenGeneratorStrategy;
        this.refreshTokenStrategy = refreshTokenStrategy;
        this.tokenExpirationInterval = j;
        this.tokenExpirationIntervalTimeUnit = timeUnit;
    }

    public Token grantAccessToken(Constants.RequestGrantType requestGrantType, AuthorizationRequest authorizationRequest, ResourceOwnerAuthentication resourceOwnerAuthentication) {
        Preconditions.checkArgument(authorizationRequest != null, "authorizationRequest can't be null");
        return grantAccessToken(requestGrantType, authorizationRequest, authorizationRequest.getClientId(), authorizationRequest.getScopes(), resourceOwnerAuthentication);
    }

    public Token grantAccessToken(Constants.RequestGrantType requestGrantType, String str, Set<String> set, ResourceOwnerAuthentication resourceOwnerAuthentication) {
        return grantAccessToken(requestGrantType, null, str, set, resourceOwnerAuthentication);
    }

    private Token grantAccessToken(Constants.RequestGrantType requestGrantType, AuthorizationRequest authorizationRequest, String str, Set<String> set, ResourceOwnerAuthentication resourceOwnerAuthentication) {
        Preconditions.checkArgument(requestGrantType != null, "grantType can't be null");
        Preconditions.checkArgument(!StringUtils.isEmpty(str), "clientId can't be empty");
        Preconditions.checkArgument(set != null, "scopes can't be null");
        Token build = new Token.Builder(str, this.tokenGeneratorStrategy.generateToken()).withRefreshToken(this.refreshTokenStrategy.generateRefreshToken()).withScopes(set).withExpirationInterval(this.tokenExpirationInterval, this.tokenExpirationIntervalTimeUnit).build();
        this.tokenStore.store(new AccessTokenStoreHolder(build, authorizationRequest, (resourceOwnerAuthentication != null || authorizationRequest == null) ? resourceOwnerAuthentication : authorizationRequest.getResourceOwnerAuthentication()));
        return build;
    }

    private Token refreshAccessToken(AccessTokenStoreHolder accessTokenStoreHolder) throws InvalidGrantException {
        Preconditions.checkArgument(accessTokenStoreHolder != null, "previousHolder can't be null");
        if (this.tokenStore.remove(accessTokenStoreHolder.getAccessToken().getAccessToken()) == null) {
            throw new InvalidGrantException("Invalid refresh token");
        }
        Token accessToken = accessTokenStoreHolder.getAccessToken();
        Token build = new Token.Builder(this.tokenGeneratorStrategy.generateToken(), accessToken).withRefreshToken(this.refreshTokenStrategy.exchangeRefreshToken(accessToken.getRefreshToken())).build();
        this.tokenStore.store(new AccessTokenStoreHolder(build, accessTokenStoreHolder));
        return build;
    }

    public AccessTokenStoreHolder getNonExpiredAccessTokenHolder(String str) {
        AccessTokenStoreHolder retrieveByAccessToken;
        if (org.apache.commons.lang3.StringUtils.isBlank(str) || (retrieveByAccessToken = this.tokenStore.retrieveByAccessToken(str)) == null) {
            return null;
        }
        Token accessToken = retrieveByAccessToken.getAccessToken();
        if (!isTokenExpired(str, retrieveByAccessToken)) {
            return retrieveByAccessToken;
        }
        if (accessToken.hasRefreshToken() && !isTokenExpired(accessToken.getRefreshToken())) {
            return null;
        }
        this.tokenStore.remove(retrieveByAccessToken.getAccessToken().getAccessToken());
        return null;
    }

    public Token exchangeRefreshToken(String str, String str2) throws InvalidGrantException {
        AccessTokenStoreHolder retrieveByRefreshToken = this.tokenStore.retrieveByRefreshToken(str);
        Token accessToken = retrieveByRefreshToken == null ? null : retrieveByRefreshToken.getAccessToken();
        if (accessToken != null && isTokenExpired(accessToken.getRefreshToken())) {
            this.tokenStore.removeByRefreshToken(str);
        }
        if (accessToken == null || isTokenExpired(accessToken.getRefreshToken()) || !accessToken.getClientId().equals(str2)) {
            throw new InvalidGrantException("Invalid or expired refresh token");
        }
        return refreshAccessToken(retrieveByRefreshToken);
    }

    public boolean isTokenExpired(String str) {
        return isTokenExpired(str, this.tokenStore.retrieveByAccessToken(str));
    }

    public boolean isTokenExpired(String str, AccessTokenStoreHolder accessTokenStoreHolder) {
        if (accessTokenStoreHolder == null) {
            return this.tokenStore.retrieveByRefreshToken(str) == null;
        }
        if (accessTokenStoreHolder.getAccessToken().hasRefreshToken()) {
            return isTokenExpired(accessTokenStoreHolder.getAccessToken().getRefreshToken());
        }
        return false;
    }
}
