package org.apache.cxf.rs.security.oauth2.provider;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.class */
public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
    private long accessTokenLifetime = 3600;
    private long refreshTokenLifetime = 360000;

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenRegistration) throws OAuthServiceException {
        ServerAccessToken doCreateAccessToken = doCreateAccessToken(accessTokenRegistration);
        saveAccessToken(doCreateAccessToken);
        return doCreateAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken refreshAccessToken(Client client, String str, List<String> list) throws OAuthServiceException {
        ServerAccessToken doRefreshAccessToken = doRefreshAccessToken(client, revokeRefreshToken(client, str), list);
        saveAccessToken(doRefreshAccessToken);
        return doRefreshAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public void revokeToken(Client client, String str, String str2) throws OAuthServiceException {
        RefreshToken revokeRefreshToken;
        if (revokeAccessToken(str) || (revokeRefreshToken = revokeRefreshToken(client, str)) == null) {
            return;
        }
        Iterator<String> it = revokeRefreshToken.getAccessTokens().iterator();
        while (it.hasNext()) {
            revokeAccessToken(it.next());
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> list) {
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        throw new OAuthServiceException("Requested scopes can not be mapped to the permissions");
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getPreauthorizedToken(Client client, List<String> list, UserSubject userSubject, String str) throws OAuthServiceException {
        return null;
    }

    protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration accessTokenRegistration) {
        ServerAccessToken createNewAccessToken = createNewAccessToken(accessTokenRegistration.getClient());
        createNewAccessToken.setAudience(accessTokenRegistration.getAudience());
        createNewAccessToken.setGrantType(accessTokenRegistration.getGrantType());
        List<String> approvedScope = accessTokenRegistration.getApprovedScope();
        if (approvedScope.isEmpty()) {
            approvedScope = accessTokenRegistration.getRequestedScope();
        }
        createNewAccessToken.setScopes(convertScopeToPermissions(accessTokenRegistration.getClient(), approvedScope));
        createNewAccessToken.setSubject(accessTokenRegistration.getSubject());
        createNewRefreshToken(createNewAccessToken);
        return createNewAccessToken;
    }

    protected ServerAccessToken createNewAccessToken(Client client) {
        return new BearerAccessToken(client, this.accessTokenLifetime);
    }

    protected RefreshToken createNewRefreshToken(ServerAccessToken serverAccessToken) {
        RefreshToken refreshToken = new RefreshToken(serverAccessToken.getClient(), this.refreshTokenLifetime);
        refreshToken.setAudience(serverAccessToken.getAudience());
        refreshToken.setGrantType(serverAccessToken.getGrantType());
        refreshToken.setScopes(serverAccessToken.getScopes());
        refreshToken.getAccessTokens().add(serverAccessToken.getTokenKey());
        serverAccessToken.setRefreshToken(refreshToken.getTokenKey());
        saveRefreshToken(serverAccessToken, refreshToken);
        return refreshToken;
    }

    protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken refreshToken, List<String> list) {
        ServerAccessToken createNewAccessToken = createNewAccessToken(client);
        createNewAccessToken.setAudience(refreshToken.getAudience());
        createNewAccessToken.setGrantType(refreshToken.getGrantType());
        List<OAuthPermission> convertScopeToPermissions = convertScopeToPermissions(client, list);
        if (convertScopeToPermissions.isEmpty()) {
            createNewAccessToken.setScopes(refreshToken.getScopes());
        } else {
            if (!refreshToken.getScopes().containsAll(convertScopeToPermissions)) {
                throw new OAuthServiceException("Invalid scopes");
            }
            createNewAccessToken.setScopes(convertScopeToPermissions);
        }
        createNewRefreshToken(createNewAccessToken);
        return createNewAccessToken;
    }

    public void setAccessTokenLifetime(long j) {
        this.accessTokenLifetime = j;
    }

    public void setRefreshTokenLifetime(long j) {
        this.refreshTokenLifetime = j;
    }

    protected abstract void saveAccessToken(ServerAccessToken serverAccessToken);

    protected abstract void saveRefreshToken(ServerAccessToken serverAccessToken, RefreshToken refreshToken);

    protected abstract boolean revokeAccessToken(String str);

    protected abstract RefreshToken revokeRefreshToken(Client client, String str);
}
