package pl.edu.icm.unity.oauth.as.token.access;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.nimbusds.oauth2.sdk.client.ClientType;
import com.nimbusds.oauth2.sdk.token.RefreshToken;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.token.SecuredTokensManagement;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.oauth.as.OAuthASProperties;
import pl.edu.icm.unity.oauth.as.OAuthSystemScopeProvider;
import pl.edu.icm.unity.oauth.as.OAuthToken;
import pl.edu.icm.unity.oauth.as.token.BaseOAuthResource;
import pl.edu.icm.unity.store.api.TokenDAO;
import pl.edu.icm.unity.types.basic.EntityParam;

@Component
/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/access/OAuthRefreshTokenRepository.class */
public class OAuthRefreshTokenRepository {
    private static final Logger log = Log.getLogger("unity.server.oauth", OAuthRefreshTokenRepository.class);
    public static final String INTERNAL_REFRESH_TOKEN = "oauth2Refresh";
    static final String INTERNAL_USED_REFRESH_TOKEN = "usedOauth2Refresh";
    private final TokensManagement tokensMan;
    private final SecuredTokensManagement securedTokensManagement;

    @Autowired
    public OAuthRefreshTokenRepository(TokensManagement tokensManagement, SecuredTokensManagement securedTokensManagement) {
        this.tokensMan = tokensManagement;
        this.securedTokensManagement = securedTokensManagement;
    }

    public List<Token> getAllRefreshTokens() throws EngineException {
        return this.securedTokensManagement.getAllTokens(INTERNAL_REFRESH_TOKEN);
    }

    public List<Token> getOwnedRefreshTokens() throws EngineException {
        return this.securedTokensManagement.getOwnedTokens(INTERNAL_REFRESH_TOKEN);
    }

    public Token readRefreshToken(String str) {
        return this.tokensMan.getTokenById(INTERNAL_REFRESH_TOKEN, str);
    }

    public Optional<RefreshToken> createRefreshToken(OAuthASProperties oAuthASProperties, Date date, OAuthToken oAuthToken, Long l) throws EngineException, JsonProcessingException {
        return createRefreshToken(oAuthASProperties, date, oAuthToken, l, null);
    }

    private Optional<RefreshToken> createRefreshToken(OAuthASProperties oAuthASProperties, Date date, OAuthToken oAuthToken, Long l, String str) throws EngineException, JsonProcessingException {
        if (oAuthToken.getClientType().equals(ClientType.PUBLIC) && !oAuthASProperties.getBooleanValue(OAuthASProperties.ENABLE_REFRESH_TOKENS_FOR_PUBLIC_CLIENTS_WITH_ROTATION).booleanValue()) {
            return Optional.empty();
        }
        RefreshToken checkPolicyAndGetRefreshToken = checkPolicyAndGetRefreshToken(oAuthASProperties, Arrays.asList(oAuthToken.getEffectiveScope()).contains(OAuthSystemScopeProvider.OFFLINE_ACCESS_SCOPE));
        if (checkPolicyAndGetRefreshToken != null) {
            oAuthToken.setRefreshToken(checkPolicyAndGetRefreshToken.getValue());
            if (str == null) {
                oAuthToken.setFirstRefreshRollingToken(checkPolicyAndGetRefreshToken.getValue());
            } else {
                oAuthToken.setFirstRefreshRollingToken(str);
            }
            Date refreshTokenExpiration = getRefreshTokenExpiration(oAuthASProperties, date);
            log.info("Issuing new refresh token {}, valid until {}", BaseOAuthResource.tokenToLog(checkPolicyAndGetRefreshToken.getValue()), refreshTokenExpiration);
            this.tokensMan.addToken(INTERNAL_REFRESH_TOKEN, checkPolicyAndGetRefreshToken.getValue(), new EntityParam(l), oAuthToken.getSerialized(), date, refreshTokenExpiration);
        }
        return Optional.ofNullable(checkPolicyAndGetRefreshToken);
    }

    public Optional<RefreshToken> rotateRefreshTokenIfNeeded(OAuthASProperties oAuthASProperties, Date date, OAuthToken oAuthToken, OAuthToken oAuthToken2, Long l) throws EngineException, JsonProcessingException {
        if (!oAuthASProperties.getBooleanValue(OAuthASProperties.ENABLE_REFRESH_TOKENS_FOR_PUBLIC_CLIENTS_WITH_ROTATION).booleanValue() || !oAuthToken.getClientType().equals(ClientType.PUBLIC)) {
            return Optional.empty();
        }
        log.debug("Rotation refresh token {}", oAuthToken2.getRefreshToken());
        this.tokensMan.removeToken(INTERNAL_REFRESH_TOKEN, oAuthToken2.getRefreshToken());
        this.tokensMan.addToken(INTERNAL_USED_REFRESH_TOKEN, oAuthToken2.getRefreshToken(), new EntityParam(l), oAuthToken2.getSerialized(), date, (Date) null);
        return createRefreshToken(oAuthASProperties, date, oAuthToken, l, oAuthToken2.getFirstRefreshRollingToken());
    }

    private Date getRefreshTokenExpiration(OAuthASProperties oAuthASProperties, Date date) {
        int refreshTokenValidity = oAuthASProperties.getRefreshTokenValidity();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        if (refreshTokenValidity == 0) {
            return null;
        }
        if (refreshTokenValidity > 0) {
            calendar.add(13, refreshTokenValidity);
        }
        return calendar.getTime();
    }

    private RefreshToken checkPolicyAndGetRefreshToken(OAuthASProperties oAuthASProperties, boolean z) {
        RefreshToken refreshToken = null;
        if (oAuthASProperties.getRefreshTokenIssuePolicy().equals(OAuthASProperties.RefreshTokenIssuePolicy.ALWAYS) || (oAuthASProperties.getRefreshTokenIssuePolicy().equals(OAuthASProperties.RefreshTokenIssuePolicy.OFFLINE_SCOPE_BASED) && z)) {
            refreshToken = new RefreshToken();
        }
        return refreshToken;
    }

    static Date getAccessTokenExpiration(OAuthASProperties oAuthASProperties, Date date) {
        return new Date(date.getTime() + (oAuthASProperties.getAccessTokenValidity() * 1000));
    }

    public void removeRefreshToken(String str, OAuthToken oAuthToken, long j) {
        this.tokensMan.removeToken(INTERNAL_REFRESH_TOKEN, str);
        try {
            clearHistoryForClient(oAuthToken.getFirstRefreshRollingToken(), oAuthToken.getClientId(), j);
        } catch (EngineException e) {
            log.error("Can not remove refresh token history", e);
        }
    }

    public static boolean isRefreshToken(Token token) {
        return token.getType().equals(INTERNAL_REFRESH_TOKEN);
    }

    public void removeWithAuthorization(String str) throws EngineException {
        this.securedTokensManagement.removeToken(INTERNAL_REFRESH_TOKEN, str);
    }

    public void clearHistoryForClient(String str, long j, long j2) throws EngineException {
        for (Token token : this.tokensMan.getOwnedTokens(INTERNAL_USED_REFRESH_TOKEN, new EntityParam(Long.valueOf(j2)))) {
            OAuthToken instanceFromJson = OAuthToken.getInstanceFromJson(token.getContents());
            if (instanceFromJson.getClientId() == j && instanceFromJson.getFirstRefreshRollingToken().equals(str)) {
                this.tokensMan.removeToken(token.getType(), token.getValue());
            }
        }
    }

    public Optional<Token> getUsedRefreshToken(String str) {
        try {
            return Optional.of(this.tokensMan.getTokenById(INTERNAL_USED_REFRESH_TOKEN, str));
        } catch (TokenDAO.TokenNotFoundException e) {
            return Optional.empty();
        }
    }
}
