package org.apache.cxf.rs.security.oauth2.provider;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.class */
public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
    private long refreshTokenLifetime;
    private MessageContext messageContext;
    private long accessTokenLifetime = 3600;
    private boolean recycleRefreshTokens = true;
    private Map<String, OAuthPermission> permissionMap = new HashMap();

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenRegistration) throws OAuthServiceException {
        ServerAccessToken doCreateAccessToken = doCreateAccessToken(accessTokenRegistration);
        saveAccessToken(doCreateAccessToken);
        if (isRefreshTokenSupported(accessTokenRegistration.getApprovedScope())) {
            createNewRefreshToken(doCreateAccessToken);
        }
        return doCreateAccessToken;
    }

    protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration accessTokenRegistration) {
        ServerAccessToken createNewAccessToken = createNewAccessToken(accessTokenRegistration.getClient());
        createNewAccessToken.setAudience(accessTokenRegistration.getAudience());
        createNewAccessToken.setGrantType(accessTokenRegistration.getGrantType());
        createNewAccessToken.setScopes(convertScopeToPermissions(accessTokenRegistration.getClient(), accessTokenRegistration.getApprovedScope()));
        createNewAccessToken.setSubject(accessTokenRegistration.getSubject());
        createNewAccessToken.setClientCodeVerifier(accessTokenRegistration.getClientCodeVerifier());
        return createNewAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public void removeAccessToken(ServerAccessToken serverAccessToken) throws OAuthServiceException {
        revokeAccessToken(serverAccessToken.getTokenKey());
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken refreshAccessToken(Client client, String str, List<String> list) throws OAuthServiceException {
        RefreshToken revokeRefreshToken = this.recycleRefreshTokens ? revokeRefreshToken(str) : getRefreshToken(str);
        if (revokeRefreshToken == null || OAuthUtils.isExpired(Long.valueOf(revokeRefreshToken.getIssuedAt()), Long.valueOf(revokeRefreshToken.getExpiresIn()))) {
            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
        }
        if (this.recycleRefreshTokens) {
            revokeAccessTokens(revokeRefreshToken);
        }
        ServerAccessToken doRefreshAccessToken = doRefreshAccessToken(client, revokeRefreshToken, list);
        saveAccessToken(doRefreshAccessToken);
        if (this.recycleRefreshTokens) {
            createNewRefreshToken(doRefreshAccessToken);
        } else {
            updateRefreshToken(revokeRefreshToken, doRefreshAccessToken);
        }
        return doRefreshAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public void revokeToken(Client client, String str, String str2) throws OAuthServiceException {
        ServerAccessToken serverAccessToken = null;
        if (!"refresh_token".equals(str2)) {
            serverAccessToken = revokeAccessToken(str);
        }
        if (serverAccessToken != null) {
            handleLinkedRefreshToken(serverAccessToken);
        } else {
            if (OAuthConstants.ACCESS_TOKEN.equals(str2)) {
                return;
            }
            revokeAccessTokens(revokeRefreshToken(str));
        }
    }

    protected void handleLinkedRefreshToken(ServerAccessToken serverAccessToken) {
        RefreshToken refreshToken;
        if (serverAccessToken == null || serverAccessToken.getRefreshToken() == null || (refreshToken = getRefreshToken(serverAccessToken.getRefreshToken())) == null) {
            return;
        }
        unlinkRefreshAccessToken(refreshToken, serverAccessToken.getTokenKey());
        if (refreshToken.getAccessTokens().isEmpty()) {
            revokeRefreshToken(refreshToken.getTokenKey());
        } else {
            saveRefreshToken(null, refreshToken);
        }
    }

    protected void revokeAccessTokens(RefreshToken refreshToken) {
        if (refreshToken != null) {
            Iterator<String> it = refreshToken.getAccessTokens().iterator();
            while (it.hasNext()) {
                revokeAccessToken(it.next());
            }
        }
    }

    protected void unlinkRefreshAccessToken(RefreshToken refreshToken, String str) {
        List<String> accessTokens = refreshToken.getAccessTokens();
        for (int i = 0; i < accessTokens.size(); i++) {
            if (accessTokens.get(i).equals(str)) {
                accessTokens.remove(i);
                return;
            }
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> list) {
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        if (this.permissionMap.isEmpty()) {
            throw new OAuthServiceException("Requested scopes can not be mapped");
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            OAuthPermission oAuthPermission = this.permissionMap.get(str);
            if (oAuthPermission == null) {
                throw new OAuthServiceException("Unexpected scope: " + str);
            }
            arrayList.add(oAuthPermission);
        }
        return arrayList;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getPreauthorizedToken(Client client, List<String> list, UserSubject userSubject, String str) throws OAuthServiceException {
        return null;
    }

    protected boolean isRefreshTokenSupported(List<String> list) {
        return true;
    }

    protected ServerAccessToken createNewAccessToken(Client client) {
        return new BearerAccessToken(client, this.accessTokenLifetime);
    }

    protected RefreshToken updateRefreshToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        linkRefreshAccessTokens(refreshToken, serverAccessToken);
        saveRefreshToken(serverAccessToken, refreshToken);
        return refreshToken;
    }

    protected RefreshToken createNewRefreshToken(ServerAccessToken serverAccessToken) {
        RefreshToken doCreateNewRefreshToken = doCreateNewRefreshToken(serverAccessToken);
        saveRefreshToken(serverAccessToken, doCreateNewRefreshToken);
        return doCreateNewRefreshToken;
    }

    protected RefreshToken doCreateNewRefreshToken(ServerAccessToken serverAccessToken) {
        RefreshToken refreshToken = new RefreshToken(serverAccessToken.getClient(), this.refreshTokenLifetime);
        refreshToken.setAudience(serverAccessToken.getAudience());
        refreshToken.setGrantType(serverAccessToken.getGrantType());
        refreshToken.setScopes(serverAccessToken.getScopes());
        refreshToken.setSubject(serverAccessToken.getSubject());
        refreshToken.setClientCodeVerifier(serverAccessToken.getClientCodeVerifier());
        linkRefreshAccessTokens(refreshToken, serverAccessToken);
        return refreshToken;
    }

    private void linkRefreshAccessTokens(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        refreshToken.getAccessTokens().add(serverAccessToken.getTokenKey());
        serverAccessToken.setRefreshToken(refreshToken.getTokenKey());
    }

    protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken refreshToken, List<String> list) {
        ServerAccessToken createNewAccessToken = createNewAccessToken(client);
        createNewAccessToken.setAudience(refreshToken.getAudience());
        createNewAccessToken.setGrantType(refreshToken.getGrantType());
        createNewAccessToken.setSubject(refreshToken.getSubject());
        if (list.isEmpty()) {
            createNewAccessToken.setScopes(refreshToken.getScopes());
        } else {
            List<OAuthPermission> convertScopeToPermissions = convertScopeToPermissions(client, list);
            if (!refreshToken.getScopes().containsAll(convertScopeToPermissions)) {
                throw new OAuthServiceException("Invalid scopes");
            }
            createNewAccessToken.setScopes(convertScopeToPermissions);
        }
        return createNewAccessToken;
    }

    public void setAccessTokenLifetime(long j) {
        this.accessTokenLifetime = j;
    }

    public void setRefreshTokenLifetime(long j) {
        this.refreshTokenLifetime = j;
    }

    public void setRecycleRefreshTokens(boolean z) {
        this.recycleRefreshTokens = z;
    }

    public void init() {
    }

    public void close() {
    }

    public Map<String, OAuthPermission> getPermissionMap() {
        return this.permissionMap;
    }

    public void setPermissionMap(Map<String, OAuthPermission> map) {
        this.permissionMap = map;
    }

    public void setScopes(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.permissionMap.put(entry.getKey(), new OAuthPermission(entry.getKey(), entry.getValue()));
        }
    }

    public MessageContext getMessageContext() {
        return this.messageContext;
    }

    public void setMessageContext(MessageContext messageContext) {
        this.messageContext = messageContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeClientTokens(Client client) {
        Iterator<RefreshToken> it = getRefreshTokens(client).iterator();
        while (it.hasNext()) {
            revokeRefreshToken(it.next().getTokenKey());
        }
        Iterator<ServerAccessToken> it2 = getAccessTokens(client).iterator();
        while (it2.hasNext()) {
            revokeAccessToken(it2.next().getTokenKey());
        }
    }

    protected abstract void saveAccessToken(ServerAccessToken serverAccessToken);

    protected abstract void saveRefreshToken(ServerAccessToken serverAccessToken, RefreshToken refreshToken);

    protected abstract ServerAccessToken revokeAccessToken(String str);

    protected abstract List<ServerAccessToken> getAccessTokens(Client client);

    protected abstract List<RefreshToken> getRefreshTokens(Client client);

    protected abstract RefreshToken revokeRefreshToken(String str);

    protected abstract RefreshToken getRefreshToken(String str);
}
