package org.keycloak.authorization.client.util;

import java.util.concurrent.Callable;
import org.jboss.logging.Logger;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.ServerConfiguration;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/client/util/TokenCallable.class */
public class TokenCallable implements Callable<String> {
    private static Logger log = Logger.getLogger(TokenCallable.class);
    private final String userName;
    private final String password;
    private final String scope;
    private final Http http;
    private final Configuration configuration;
    private final ServerConfiguration serverConfiguration;
    private AccessTokenResponse tokenResponse;

    public TokenCallable(String str, String str2, String str3, Http http, Configuration configuration, ServerConfiguration serverConfiguration) {
        this.userName = str;
        this.password = str2;
        this.scope = str3;
        this.http = http;
        this.configuration = configuration;
        this.serverConfiguration = serverConfiguration;
    }

    public TokenCallable(String str, String str2, Http http, Configuration configuration, ServerConfiguration serverConfiguration) {
        this(str, str2, null, http, configuration, serverConfiguration);
    }

    public TokenCallable(Http http, Configuration configuration, ServerConfiguration serverConfiguration) {
        this(null, null, http, configuration, serverConfiguration);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public String call() {
        if (this.tokenResponse == null) {
            this.tokenResponse = obtainTokens();
        }
        try {
            String token = this.tokenResponse.getToken();
            AccessToken accessToken = (AccessToken) JsonSerialization.readValue(new JWSInput(token).getContent(), AccessToken.class);
            if (accessToken.isActive() && isTokenTimeToLiveSufficient(accessToken)) {
                return token;
            }
            log.debug("Access token is expired.");
            this.tokenResponse = tryRefreshToken();
            return this.tokenResponse.getToken();
        } catch (Exception e) {
            clearTokens();
            throw new RuntimeException("Failed to parse access token", e);
        }
    }

    private AccessTokenResponse tryRefreshToken() {
        String refreshToken = this.tokenResponse.getRefreshToken();
        if (refreshToken == null) {
            log.debug("Refresh token not found, obtaining new tokens");
            return obtainTokens();
        }
        try {
            RefreshToken refreshToken2 = (RefreshToken) JsonSerialization.readValue(new JWSInput(refreshToken).getContent(), RefreshToken.class);
            if (refreshToken2.isActive() && isTokenTimeToLiveSufficient(refreshToken2)) {
                return refreshToken(refreshToken);
            }
            log.debug("Refresh token is expired.");
            return obtainTokens();
        } catch (Exception e) {
            clearTokens();
            throw new RuntimeException("Failed to parse refresh token", e);
        }
    }

    public boolean isTokenTimeToLiveSufficient(AccessToken accessToken) {
        return accessToken != null && accessToken.getExpiration() - getConfiguration().getTokenMinimumTimeToLive() > Time.currentTime();
    }

    AccessTokenResponse clientCredentialsGrant() {
        return (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().client().response().json(AccessTokenResponse.class).execute();
    }

    AccessTokenResponse resourceOwnerPasswordGrant(String str, String str2) {
        return resourceOwnerPasswordGrant(str, str2, null);
    }

    AccessTokenResponse resourceOwnerPasswordGrant(String str, String str2, String str3) {
        return (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().oauth2ResourceOwnerPassword(str, str2, str3).response().json(AccessTokenResponse.class).execute();
    }

    private AccessTokenResponse refreshToken(String str) {
        log.debug("Refreshing tokens");
        return (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().client().form().param("grant_type", "refresh_token").param("refresh_token", str).response().json(AccessTokenResponse.class).execute();
    }

    private AccessTokenResponse obtainTokens() {
        return (this.userName == null || this.password == null) ? clientCredentialsGrant() : this.scope != null ? resourceOwnerPasswordGrant(this.userName, this.password, this.scope) : resourceOwnerPasswordGrant(this.userName, this.password);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Http getHttp() {
        return this.http;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRetry() {
        return true;
    }

    Configuration getConfiguration() {
        return this.configuration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerConfiguration getServerConfiguration() {
        return this.serverConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearTokens() {
        this.tokenResponse = null;
    }
}
