package com.appleframework.security.auth.token;

import com.appleframework.security.core.auth.Authentication;
import com.appleframework.security.core.client.ClientDetails;
import com.appleframework.security.core.client.ClientDetailsService;
import com.appleframework.security.core.exception.AuthenticationException;
import com.appleframework.security.core.exception.ClientRegistrationException;
import com.appleframework.security.core.exception.InvalidGrantException;
import com.appleframework.security.core.exception.InvalidTokenException;
import com.appleframework.security.core.token.AccessToken;
import com.appleframework.security.core.token.DefaultAccessToken;
import com.appleframework.security.core.token.DefaultExpiringRefreshToken;
import com.appleframework.security.core.token.ExpiringRefreshToken;
import com.appleframework.security.core.token.RefreshToken;
import com.appleframework.security.core.token.TokenServices;
import java.util.Date;
import java.util.UUID;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/appleframework/security/auth/token/DefaultTokenServices.class */
public class DefaultTokenServices implements TokenServices {
    private int refreshTokenValiditySeconds = 2592000;
    private int accessTokenValiditySeconds = 43200;
    private boolean supportRefreshToken = false;
    private boolean reuseRefreshToken = true;
    private TokenStore tokenStore;
    private ClientDetailsService clientDetailsService;
    private TokenEnhancer accessTokenEnhancer;

    public AccessToken createAccessToken(Authentication authentication) throws AuthenticationException {
        AccessToken accessToken = this.tokenStore.getAccessToken(authentication);
        RefreshToken refreshToken = null;
        if (accessToken != null) {
            if (!accessToken.isExpired()) {
                this.tokenStore.storeAccessToken(accessToken, authentication);
                return accessToken;
            }
            if (accessToken.getRefreshToken() != null) {
                refreshToken = accessToken.getRefreshToken();
                this.tokenStore.removeRefreshToken(refreshToken);
            }
            this.tokenStore.removeAccessToken(accessToken);
        }
        if (refreshToken == null) {
            refreshToken = createRefreshToken(authentication);
        } else if (refreshToken instanceof ExpiringRefreshToken) {
            if (System.currentTimeMillis() > ((ExpiringRefreshToken) refreshToken).getExpiration().getTime()) {
                refreshToken = createRefreshToken(authentication);
            }
        }
        AccessToken createAccessToken = createAccessToken(authentication, refreshToken);
        this.tokenStore.storeAccessToken(createAccessToken, authentication);
        RefreshToken refreshToken2 = createAccessToken.getRefreshToken();
        if (refreshToken2 != null) {
            this.tokenStore.storeRefreshToken(refreshToken2, authentication);
        }
        return createAccessToken;
    }

    private AccessToken createAccessToken(Authentication authentication, RefreshToken refreshToken) {
        AccessToken defaultAccessToken = new DefaultAccessToken(UUID.randomUUID().toString());
        int accessTokenValiditySeconds = getAccessTokenValiditySeconds(authentication);
        if (accessTokenValiditySeconds > 0) {
            defaultAccessToken.setExpiration(new Date(System.currentTimeMillis() + (accessTokenValiditySeconds * 1000)));
        }
        defaultAccessToken.setExpiration(new Date(System.currentTimeMillis() + (this.accessTokenValiditySeconds * 1000)));
        defaultAccessToken.setRefreshToken(refreshToken);
        return this.accessTokenEnhancer != null ? this.accessTokenEnhancer.enhance(defaultAccessToken, authentication) : defaultAccessToken;
    }

    private ExpiringRefreshToken createRefreshToken(Authentication authentication) {
        return new DefaultExpiringRefreshToken(UUID.randomUUID().toString(), new Date(System.currentTimeMillis() + (getRefreshTokenValiditySeconds(authentication) * 1000)));
    }

    protected int getAccessTokenValiditySeconds(Authentication authentication) {
        Integer accessTokenValiditySeconds = authentication.getClientDetails().getAccessTokenValiditySeconds();
        return accessTokenValiditySeconds != null ? accessTokenValiditySeconds.intValue() : this.accessTokenValiditySeconds;
    }

    protected int getRefreshTokenValiditySeconds(Authentication authentication) {
        Integer refreshTokenValiditySeconds = authentication.getClientDetails().getRefreshTokenValiditySeconds();
        return refreshTokenValiditySeconds != null ? refreshTokenValiditySeconds.intValue() : this.refreshTokenValiditySeconds;
    }

    public AccessToken refreshAccessToken(ClientDetails clientDetails, String str) throws AuthenticationException {
        if (!this.supportRefreshToken) {
            throw new InvalidGrantException("Invalid refresh token: " + str);
        }
        RefreshToken readRefreshToken = this.tokenStore.readRefreshToken(str);
        if (readRefreshToken == null) {
            throw new InvalidGrantException("Invalid refresh token: " + str);
        }
        Authentication readAuthenticationForRefreshToken = this.tokenStore.readAuthenticationForRefreshToken(readRefreshToken);
        String clientId = readAuthenticationForRefreshToken.getClientDetails().getClientId();
        if (clientId == null || !clientId.equals(clientDetails.getClientId())) {
            throw new InvalidGrantException("Wrong client for this refresh token: " + str);
        }
        this.tokenStore.removeAccessTokenUsingRefreshToken(readRefreshToken);
        if (isExpired(readRefreshToken)) {
            this.tokenStore.removeRefreshToken(readRefreshToken);
            throw new InvalidTokenException("Invalid refresh token (expired): " + readRefreshToken);
        }
        if (!this.reuseRefreshToken) {
            this.tokenStore.removeRefreshToken(readRefreshToken);
            readRefreshToken = createRefreshToken(readAuthenticationForRefreshToken);
        }
        AccessToken createAccessToken = createAccessToken(readAuthenticationForRefreshToken, readRefreshToken);
        this.tokenStore.storeAccessToken(createAccessToken, readAuthenticationForRefreshToken);
        if (!this.reuseRefreshToken) {
            this.tokenStore.storeRefreshToken(readRefreshToken, readAuthenticationForRefreshToken);
        }
        return createAccessToken;
    }

    public AccessToken getAccessToken(String str) {
        return this.tokenStore.readAccessToken(str);
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        AccessToken readAccessToken = this.tokenStore.readAccessToken(str);
        if (readAccessToken == null) {
            throw new InvalidTokenException("Invalid access token: " + str);
        }
        if (readAccessToken.isExpired()) {
            this.tokenStore.removeAccessToken(readAccessToken);
            throw new InvalidTokenException("Access token expired: " + str);
        }
        Authentication readAuthentication = this.tokenStore.readAuthentication(readAccessToken);
        if (this.clientDetailsService != null) {
            String clientId = readAuthentication.getClientDetails().getClientId();
            try {
                this.clientDetailsService.loadClientByClientId(clientId);
            } catch (ClientRegistrationException e) {
                throw new InvalidTokenException("Client not valid: " + clientId, e);
            }
        }
        return readAuthentication;
    }

    public void setSupportRefreshToken(boolean z) {
        this.supportRefreshToken = z;
    }

    public void setReuseRefreshToken(boolean z) {
        this.reuseRefreshToken = z;
    }

    protected boolean isExpired(RefreshToken refreshToken) {
        if (!(refreshToken instanceof ExpiringRefreshToken)) {
            return false;
        }
        ExpiringRefreshToken expiringRefreshToken = (ExpiringRefreshToken) refreshToken;
        return expiringRefreshToken.getExpiration() == null || System.currentTimeMillis() > expiringRefreshToken.getExpiration().getTime();
    }
}
