package org.keycloak.authorization.client.util;

import java.util.concurrent.Callable;
import org.jboss.logging.Logger;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.authorization.client.representation.ServerConfiguration;
import org.keycloak.common.util.Time;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authorization/client/util/TokenCallable.class */
public class TokenCallable implements Callable<String> {
    private static Logger log = Logger.getLogger(TokenCallable.class);
    private final String userName;
    private final String password;
    private final Http http;
    private final Configuration configuration;
    private final ServerConfiguration serverConfiguration;
    private AccessTokenResponse clientToken;

    public TokenCallable(String str, String str2, Http http, Configuration configuration, ServerConfiguration serverConfiguration) {
        this.userName = str;
        this.password = str2;
        this.http = http;
        this.configuration = configuration;
        this.serverConfiguration = serverConfiguration;
    }

    public TokenCallable(Http http, Configuration configuration, ServerConfiguration serverConfiguration) {
        this(null, null, http, configuration, serverConfiguration);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public String call() {
        if (this.clientToken != null) {
            try {
                RefreshToken refreshToken = (RefreshToken) JsonSerialization.readValue(new JWSInput(this.clientToken.getRefreshToken()).getContent(), RefreshToken.class);
                if (!refreshToken.isActive() || !isTokenTimeToLiveSufficient(refreshToken)) {
                    log.debug("Refresh token is expired.");
                    if (this.userName == null || this.password == null) {
                        this.clientToken = obtainAccessToken();
                    } else {
                        this.clientToken = obtainAccessToken(this.userName, this.password);
                    }
                }
            } catch (Exception e) {
                this.clientToken = null;
                throw new RuntimeException(e);
            }
        } else if (this.userName == null || this.password == null) {
            this.clientToken = obtainAccessToken();
        } else {
            this.clientToken = obtainAccessToken(this.userName, this.password);
        }
        String token = this.clientToken.getToken();
        try {
            AccessToken accessToken = (AccessToken) JsonSerialization.readValue(new JWSInput(token).getContent(), AccessToken.class);
            if (accessToken.isActive() && isTokenTimeToLiveSufficient(accessToken)) {
                return token;
            }
            log.debug("Access token is expired.");
            this.clientToken = (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().client().form().param("grant_type", "refresh_token").param("refresh_token", this.clientToken.getRefreshToken()).response().json(AccessTokenResponse.class).execute();
            return this.clientToken.getToken();
        } catch (Exception e2) {
            this.clientToken = null;
            throw new RuntimeException(e2);
        }
    }

    public boolean isTokenTimeToLiveSufficient(AccessToken accessToken) {
        return accessToken != null && accessToken.getExpiration() - getConfiguration().getTokenMinimumTimeToLive() > Time.currentTime();
    }

    AccessTokenResponse obtainAccessToken() {
        return (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().client().response().json(AccessTokenResponse.class).execute();
    }

    AccessTokenResponse obtainAccessToken(String str, String str2) {
        return (AccessTokenResponse) this.http.post(this.serverConfiguration.getTokenEndpoint()).authentication().oauth2ResourceOwnerPassword(str, str2).response().json(AccessTokenResponse.class).execute();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Http getHttp() {
        return this.http;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRetry() {
        return true;
    }

    Configuration getConfiguration() {
        return this.configuration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerConfiguration getServerConfiguration() {
        return this.serverConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearToken() {
        this.clientToken = null;
    }
}
