package org.wildfly.security.http.oidc;

import java.io.IOException;
import org.wildfly.security.http.oidc.ServerRequest;
import org.wildfly.security.http.oidc.TokenValidator;

/* loaded from: input_file:org/wildfly/security/http/oidc/RefreshableOidcSecurityContext.class */
public class RefreshableOidcSecurityContext extends OidcSecurityContext {
    protected transient OidcClientConfiguration clientConfiguration;
    protected transient OidcTokenStore tokenStore;
    protected String refreshToken;

    public RefreshableOidcSecurityContext() {
    }

    public RefreshableOidcSecurityContext(OidcClientConfiguration oidcClientConfiguration, OidcTokenStore oidcTokenStore, String str, AccessToken accessToken, String str2, IDToken iDToken, String str3) {
        super(str, accessToken, str2, iDToken);
        this.clientConfiguration = oidcClientConfiguration;
        this.tokenStore = oidcTokenStore;
        this.refreshToken = str3;
    }

    @Override // org.wildfly.security.http.oidc.OidcSecurityContext
    public AccessToken getToken() {
        refreshToken(true);
        return super.getToken();
    }

    @Override // org.wildfly.security.http.oidc.OidcSecurityContext
    public String getTokenString() {
        refreshToken(true);
        return super.getTokenString();
    }

    @Override // org.wildfly.security.http.oidc.OidcSecurityContext
    public IDToken getIDToken() {
        refreshToken(true);
        return super.getIDToken();
    }

    @Override // org.wildfly.security.http.oidc.OidcSecurityContext
    public String getIDTokenString() {
        refreshToken(true);
        return super.getIDTokenString();
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public void logout(OidcClientConfiguration oidcClientConfiguration) {
        try {
            ServerRequest.invokeLogout(oidcClientConfiguration, this.refreshToken);
        } catch (Exception e) {
            ElytronMessages.log.failedToInvokeRemoteLogout(e);
        }
    }

    public boolean isActive() {
        return this.token != null && this.token.isActive() && this.clientConfiguration != null && this.token.getIssuedAt().longValue() >= ((long) this.clientConfiguration.getNotBefore());
    }

    public boolean isTokenTimeToLiveSufficient(AccessToken accessToken) {
        return accessToken != null && accessToken.getExpiration().longValue() - ((long) this.clientConfiguration.getTokenMinimumTimeToLive()) > ((long) Oidc.getCurrentTimeInSeconds());
    }

    public OidcClientConfiguration getOidcClientConfiguration() {
        return this.clientConfiguration;
    }

    public void setCurrentRequestInfo(OidcClientConfiguration oidcClientConfiguration, OidcTokenStore oidcTokenStore) {
        this.clientConfiguration = oidcClientConfiguration;
        this.tokenStore = oidcTokenStore;
    }

    public boolean refreshToken(boolean z) {
        if (z) {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.trace("checking whether to refresh.");
            }
            if (isActive() && isTokenTimeToLiveSufficient(this.token)) {
                return true;
            }
        }
        if (this.clientConfiguration == null || this.refreshToken == null) {
            return false;
        }
        if (ElytronMessages.log.isTraceEnabled()) {
            ElytronMessages.log.trace("Doing refresh");
        }
        synchronized (this) {
            if (z) {
                ElytronMessages.log.trace("Checking whether accessToken has been refreshed in another thread already.");
                if (isActive() && isTokenTimeToLiveSufficient(this.token)) {
                    return true;
                }
            }
            try {
                try {
                    ElytronMessages.log.trace("Invoking token refresh");
                    AccessAndIDTokenResponse invokeRefresh = ServerRequest.invokeRefresh(this.clientConfiguration, this.refreshToken);
                    ElytronMessages.log.trace("Received refresh response");
                    String accessToken = invokeRefresh.getAccessToken();
                    String iDToken = invokeRefresh.getIDToken();
                    Oidc.logToken("\taccess_token", accessToken);
                    Oidc.logToken("\tid_token", iDToken);
                    try {
                        TokenValidator.VerifiedTokens parseAndVerifyToken = TokenValidator.builder(this.clientConfiguration).build().parseAndVerifyToken(iDToken, accessToken);
                        IDToken idToken = parseAndVerifyToken.getIdToken();
                        AccessToken accessToken2 = parseAndVerifyToken.getAccessToken();
                        ElytronMessages.log.debug("Token Verification succeeded!");
                        if (!isTokenTimeToLiveSufficient(accessToken2)) {
                            ElytronMessages.log.failedToRefreshTokenWithALongerTTLThanMin();
                            return false;
                        }
                        if (idToken != null) {
                            this.idToken = idToken;
                            this.idTokenString = invokeRefresh.getIDToken();
                        }
                        this.token = accessToken2;
                        if (invokeRefresh.getRefreshToken() != null) {
                            ElytronMessages.log.trace("Setup new refresh accessToken to the security context");
                            this.refreshToken = invokeRefresh.getRefreshToken();
                            Oidc.logToken("\trefresh_token", this.refreshToken);
                        }
                        this.tokenString = accessToken;
                        if (this.tokenStore != null) {
                            this.tokenStore.refreshCallback(this);
                        }
                        return true;
                    } catch (OidcException e) {
                        ElytronMessages.log.failedVerificationOfToken(e.getMessage());
                        return false;
                    }
                } catch (IOException e2) {
                    ElytronMessages.log.refreshTokenFailure(e2);
                    return false;
                }
            } catch (ServerRequest.HttpFailure e3) {
                ElytronMessages.log.refreshTokenFailureStatus(e3.getStatus(), e3.getError());
                return false;
            }
        }
    }
}
