package leap.oauth2.server.token;

import java.util.HashMap;
import leap.core.BeanFactory;
import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.beans.DynaBean;
import leap.oauth2.server.OAuth2AuthzServerConfig;
import leap.oauth2.server.authc.AuthzAuthentication;
import leap.oauth2.server.client.AuthzClient;

/* loaded from: input_file:leap/oauth2/server/token/DefaultAuthzTokenManager.class */
public class DefaultAuthzTokenManager implements AuthzTokenManager {

    @Inject
    protected OAuth2AuthzServerConfig config;

    @Inject
    protected AuthzAccessTokenGenerator defaultAccessTokenGenerator;

    @Inject
    protected AuthzRefreshTokenGenerator defaultRefreshTokenGenerator;

    @Inject
    protected BeanFactory factory;

    @Inject
    protected CreateAccessTokenProcessor[] processors;

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public AuthzAccessToken createAccessToken(AuthzAuthentication authzAuthentication) {
        AuthzClient clientDetails = authzAuthentication.getClientDetails();
        DynaBean userDetails = authzAuthentication.getUserDetails();
        AuthzAccessTokenGenerator accessTokenGenerator = getAccessTokenGenerator(authzAuthentication);
        boolean z = false;
        SimpleAuthzAccessToken simpleAuthzAccessToken = new SimpleAuthzAccessToken();
        SimpleAuthzRefreshToken simpleAuthzRefreshToken = new SimpleAuthzRefreshToken();
        if ((userDetails instanceof DynaBean) && userDetails.getProperties() != null) {
            if (simpleAuthzAccessToken.getExtendedParameters() == null) {
                simpleAuthzAccessToken.setExtendedParameters(new HashMap());
            }
            simpleAuthzAccessToken.getExtendedParameters().putAll(userDetails.getProperties());
        }
        simpleAuthzAccessToken.setToken(accessTokenGenerator.generateAccessToken(authzAuthentication));
        if (isAllowRefreshToken(clientDetails)) {
            z = true;
            simpleAuthzRefreshToken.setToken(getRefreshTokenGenerator(authzAuthentication).generateRefreshToken(authzAuthentication));
            simpleAuthzRefreshToken.setExpiresIn(getRefreshTokenExpires(clientDetails));
        }
        simpleAuthzAccessToken.setRefreshToken(simpleAuthzRefreshToken.getToken());
        simpleAuthzAccessToken.setExpiresIn(getAccessTokenExpires(clientDetails));
        simpleAuthzAccessToken.setCreated(System.currentTimeMillis());
        simpleAuthzRefreshToken.setCreated(simpleAuthzAccessToken.getCreated());
        if (null != clientDetails) {
            simpleAuthzAccessToken.setClientId(clientDetails.getId());
            simpleAuthzRefreshToken.setClientId(clientDetails.getId());
            if (clientDetails.isAuthenticated()) {
                simpleAuthzAccessToken.setAuthenticated(Boolean.valueOf(clientDetails.isAuthenticated()));
            }
        }
        if (null != userDetails) {
            simpleAuthzAccessToken.setUserId(userDetails.getId().toString());
            simpleAuthzRefreshToken.setUserId(simpleAuthzAccessToken.getUserId());
            simpleAuthzAccessToken.setUsername(userDetails.getLoginName());
        }
        String str = null;
        if (clientDetails != null) {
            if (this.config.isRequestLevelScopeEnabled()) {
                str = mergeScope(clientDetails, authzAuthentication);
            } else if (clientDetails.isAuthenticated()) {
                str = clientDetails.getGrantedScope();
            }
        }
        simpleAuthzAccessToken.setScope(str);
        simpleAuthzRefreshToken.setScope(str);
        simpleAuthzAccessToken.setAuthenticated(Boolean.valueOf(authzAuthentication.getClientDetails().isAuthenticated()));
        if (this.processors != null && this.processors.length > 0) {
            for (CreateAccessTokenProcessor createAccessTokenProcessor : this.processors) {
                createAccessTokenProcessor.process(clientDetails, authzAuthentication, simpleAuthzAccessToken, simpleAuthzRefreshToken);
            }
        }
        this.config.getTokenStore().saveAccessToken(simpleAuthzAccessToken);
        if (z) {
            this.config.getTokenStore().saveRefreshToken(simpleAuthzRefreshToken);
        }
        return simpleAuthzAccessToken;
    }

    protected String mergeScope(AuthzClient authzClient, AuthzAuthentication authzAuthentication) {
        if (!authzClient.isAuthenticated()) {
            return authzAuthentication.getScope();
        }
        if (Strings.isEmpty(authzClient.getGrantedScope()) && Strings.isEmpty(authzAuthentication.getScope())) {
            return null;
        }
        return Strings.isEmpty(authzClient.getGrantedScope()) ? authzAuthentication.getScope() : Strings.isEmpty(authzAuthentication.getScope()) ? authzClient.getGrantedScope() : authzClient.getGrantedScope() + "," + authzAuthentication.getScope();
    }

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public AuthzAccessToken createAccessToken(AuthzAuthentication authzAuthentication, AuthzRefreshToken authzRefreshToken) {
        AuthzAccessToken createAccessToken = createAccessToken(authzAuthentication);
        removeRefreshToken(authzRefreshToken);
        return createAccessToken;
    }

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public AuthzAccessToken loadAccessToken(String str) {
        return this.config.getTokenStore().loadAccessToken(str);
    }

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public AuthzRefreshToken loadRefreshToken(String str) {
        return this.config.getTokenStore().loadRefreshToken(str);
    }

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public void removeAccessToken(AuthzAccessToken authzAccessToken) {
        removeAccessTokenOnly(authzAccessToken.getToken());
    }

    @Override // leap.oauth2.server.token.AuthzTokenManager
    public void removeRefreshToken(AuthzRefreshToken authzRefreshToken) {
        removeRefreshTokenOnly(authzRefreshToken.getToken());
    }

    protected void removeAccessTokenOnly(String str) {
        this.config.getTokenStore().removeAccessToken(str);
    }

    protected void removeRefreshTokenOnly(String str) {
        this.config.getTokenStore().removeRefreshToken(str);
    }

    protected int getAccessTokenExpires(AuthzClient authzClient) {
        int defaultAccessTokenExpires = this.config.getDefaultAccessTokenExpires();
        if (null != authzClient && authzClient.getAccessTokenExpires() != null) {
            defaultAccessTokenExpires = authzClient.getAccessTokenExpires().intValue();
        }
        return defaultAccessTokenExpires;
    }

    protected int getRefreshTokenExpires(AuthzClient authzClient) {
        int defaultRefreshTokenExpires = this.config.getDefaultRefreshTokenExpires();
        if (null != authzClient && authzClient.getRefreshTokenExpires() != null) {
            defaultRefreshTokenExpires = authzClient.getRefreshTokenExpires().intValue();
        }
        return defaultRefreshTokenExpires;
    }

    protected boolean isAllowRefreshToken(AuthzClient authzClient) {
        return null == authzClient || authzClient.isAllowRefreshToken();
    }

    protected AuthzAccessTokenGenerator getAccessTokenGenerator(AuthzAuthentication authzAuthentication) {
        return this.defaultAccessTokenGenerator;
    }

    protected AuthzRefreshTokenGenerator getRefreshTokenGenerator(AuthzAuthentication authzAuthentication) {
        return this.defaultRefreshTokenGenerator;
    }
}
