package org.mule.modules.oauth2.provider.token;

import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.joda.time.ReadableDuration;
import org.mule.api.security.Authentication;
import org.mule.modules.oauth2.provider.AuthorizationRequest;
import org.mule.modules.oauth2.provider.Constants;
import org.mule.modules.oauth2.provider.Utils;

/* loaded from: input_file:mule/lib/mule/mule-module-security-oauth2-provider-1.5.0.jar:org/mule/modules/oauth2/provider/token/TokenManager.class */
public class TokenManager {
    private final TokenStore tokenStore;
    private final ReadableDuration tokenTtl;

    public TokenManager(TokenStore tokenStore, ReadableDuration readableDuration) {
        Validate.notNull(tokenStore, "tokenStore can't be null");
        Validate.notNull(readableDuration, "tokenTtl can't be null");
        this.tokenStore = tokenStore;
        this.tokenTtl = readableDuration;
    }

    public Token grantAccessToken(Constants.RequestGrantType requestGrantType, boolean z, AuthorizationRequest authorizationRequest, Authentication authentication) {
        Validate.notNull(authorizationRequest, "authorizationRequest can't be null");
        return grantAccessToken(requestGrantType, z, authorizationRequest, authorizationRequest.getClientId(), authorizationRequest.getScopes(), authentication);
    }

    public Token grantAccessToken(Constants.RequestGrantType requestGrantType, boolean z, String str, List<String> list, Authentication authentication) {
        return grantAccessToken(requestGrantType, z, null, str, list, authentication);
    }

    private Token grantAccessToken(Constants.RequestGrantType requestGrantType, boolean z, AuthorizationRequest authorizationRequest, String str, List<String> list, Authentication authentication) {
        Validate.notNull(requestGrantType, "grantType can't be null");
        Validate.notEmpty(str, "clientId can't be empty");
        Validate.notNull(list, "scopes can't be null");
        Token token = new Token(str, Utils.generateUniqueId(), z ? Utils.generateUniqueId() : null, this.tokenTtl);
        token.getScopes().addAll(list);
        this.tokenStore.store(new AccessTokenStoreHolder(token, authorizationRequest, (authentication != null || authorizationRequest == null) ? authentication : authorizationRequest.getResourceOwnerAuthentication()));
        return token;
    }

    private Token refreshAccessToken(AccessTokenStoreHolder accessTokenStoreHolder) {
        Validate.notNull(accessTokenStoreHolder, "previousHolder can't be null");
        this.tokenStore.remove(accessTokenStoreHolder.getAccessToken().getAccessToken());
        Token token = new Token(Utils.generateUniqueId(), Utils.generateUniqueId(), this.tokenTtl, accessTokenStoreHolder.getAccessToken());
        this.tokenStore.store(new AccessTokenStoreHolder(token, accessTokenStoreHolder));
        return token;
    }

    public AccessTokenStoreHolder getNonExpiredAccessTokenHolder(String str) {
        AccessTokenStoreHolder retrieveByAccessToken;
        if (StringUtils.isBlank(str) || (retrieveByAccessToken = this.tokenStore.retrieveByAccessToken(str)) == null) {
            return null;
        }
        Token accessToken = retrieveByAccessToken.getAccessToken();
        if (!accessToken.isExpired()) {
            return retrieveByAccessToken;
        }
        if (accessToken.hasRefreshToken()) {
            return null;
        }
        this.tokenStore.remove(retrieveByAccessToken.getAccessToken().getAccessToken());
        return null;
    }

    public Token exchangeRefreshToken(String str, String str2) throws InvalidGrantException {
        AccessTokenStoreHolder retrieveByRefreshToken = this.tokenStore.retrieveByRefreshToken(str);
        Token accessToken = retrieveByRefreshToken == null ? null : retrieveByRefreshToken.getAccessToken();
        if (retrieveByRefreshToken == null || accessToken == null || !accessToken.getClientId().equals(str2)) {
            throw new InvalidGrantException("Invalid refresh token");
        }
        return refreshAccessToken(retrieveByRefreshToken);
    }
}
