package pl.edu.icm.unity.oauth.as.token;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.oauth2.sdk.token.BearerTokenError;
import java.util.Date;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.oauth.as.OAuthToken;
import pl.edu.icm.unity.oauth.as.OAuthTokenRepository;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/BaseTokenResource.class */
public class BaseTokenResource extends BaseOAuthResource {
    private static final Logger log = Log.getLogger("unity.server.oauth", BaseTokenResource.class);
    private final OAuthTokenRepository tokensDAO;

    /* loaded from: input_file:pl/edu/icm/unity/oauth/as/token/BaseTokenResource$TokensPair.class */
    public static class TokensPair {
        public final Token tokenSrc;
        public final OAuthToken parsedToken;

        public TokensPair(Token token, OAuthToken oAuthToken) {
            this.tokenSrc = token;
            this.parsedToken = oAuthToken;
        }
    }

    public BaseTokenResource(OAuthTokenRepository oAuthTokenRepository) {
        this.tokensDAO = oAuthTokenRepository;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokensPair resolveBearerToken(String str) throws OAuthTokenException {
        if (str == null) {
            throw new OAuthTokenException(makeBearerError(BearerTokenError.MISSING_TOKEN, "To access this endpoint an access token must be used for authorization"));
        }
        try {
            try {
                Token readAccessToken = this.tokensDAO.readAccessToken(BearerAccessToken.parse(str).getValue());
                return new TokensPair(readAccessToken, parseInternalToken(readAccessToken));
            } catch (IllegalArgumentException e) {
                throw new OAuthTokenException(makeBearerError(BearerTokenError.INVALID_TOKEN));
            }
        } catch (ParseException e2) {
            throw new OAuthTokenException(makeBearerError(BearerTokenError.INVALID_TOKEN, "Must use Bearer access token"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extendValidityIfNeeded(Token token, OAuthToken oAuthToken) throws OAuthTokenException {
        long currentTimeMillis = System.currentTimeMillis() + (oAuthToken.getTokenValidity() * 1000);
        long time = token.getCreated().getTime() + (oAuthToken.getMaxExtendedValidity() * 1000);
        if (time < currentTimeMillis) {
            currentTimeMillis = time;
        }
        if (currentTimeMillis > token.getExpires().getTime()) {
            try {
                Date date = new Date(currentTimeMillis);
                log.debug("Extending token {} expiration from {} to {}", "..." + oAuthToken.getAccessToken().substring(6), new Date(token.getExpires().getTime()), date);
                this.tokensDAO.updateAccessTokenExpiration(token, date);
                token.setExpires(new Date(currentTimeMillis));
            } catch (IllegalArgumentException e) {
                log.warn("Can't update access token validity, this shouldn't happen", e);
                throw new OAuthTokenException(makeBearerError(BearerTokenError.INVALID_TOKEN));
            }
        }
    }
}
