package com.predic8.membrane.core.interceptor.oauth2client.rf.token;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AnswerParameters;
import com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService;
import com.predic8.membrane.core.interceptor.oauth2client.OAuth2Resource2Interceptor;
import com.predic8.membrane.core.interceptor.oauth2client.rf.OAuth2TokenResponseBody;
import com.predic8.membrane.core.interceptor.session.Session;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/predic8/membrane/core/interceptor/oauth2client/rf/token/AccessTokenRefresher.class */
public class AccessTokenRefresher {
    private static final Logger log = LoggerFactory.getLogger(AccessTokenRefresher.class);
    private final Cache<String, Object> synchronizers = CacheBuilder.newBuilder().expireAfterAccess(1, TimeUnit.MINUTES).build();
    private AuthorizationService auth;
    private boolean onlyRefreshToken;

    public void init(AuthorizationService authorizationService, boolean z) {
        this.auth = authorizationService;
        this.onlyRefreshToken = z;
    }

    public void refreshIfNeeded(Session session, Exchange exchange) {
        String str = (String) exchange.getPropertyOrNull(OAuth2Resource2Interceptor.WANTED_SCOPE, String.class);
        if (refreshingOfAccessTokenIsNeeded(session, str)) {
            synchronized (getTokenSynchronizer(session)) {
                try {
                    exchange.setProperty(Exchange.OAUTH2, refreshAccessToken(session, str));
                } catch (Exception e) {
                    log.warn("Failed to refresh access token, clearing session and restarting OAuth2 flow.", e);
                    session.clearAuthentication();
                }
            }
        }
    }

    private OAuth2AnswerParameters refreshAccessToken(Session session, String str) throws Exception {
        OAuth2AnswerParameters oAuth2AnswerParameters = session.getOAuth2AnswerParameters();
        OAuth2TokenResponseBody refreshTokenRequest = this.auth.refreshTokenRequest(session, str, oAuth2AnswerParameters.getRefreshToken());
        if (!this.onlyRefreshToken && refreshTokenRequest.isMissingOneToken()) {
            throw new RuntimeException("Statuscode was ok but no access_token and refresh_token was received: " + String.valueOf(refreshTokenRequest));
        }
        if (refreshTokenRequest.getAccessToken() != null) {
            session.setAccessToken(str, refreshTokenRequest.getAccessToken());
        }
        oAuth2AnswerParameters.readFrom(refreshTokenRequest);
        session.setOAuth2Answer(str, oAuth2AnswerParameters.serialize());
        return oAuth2AnswerParameters;
    }

    private boolean refreshingOfAccessTokenIsNeeded(Session session, String str) {
        if (session.getOAuth2Answer(str) == null) {
            return (str == null || session.getOAuth2Answer() == null) ? false : true;
        }
        if (session.getAccessToken(str) == null && str != null) {
            return true;
        }
        OAuth2AnswerParameters oAuth2AnswerParameters = session.getOAuth2AnswerParameters(str);
        String expiration = oAuth2AnswerParameters.getExpiration();
        if (isNullOrEmpty(session.getOAuth2AnswerParameters().getRefreshToken(), expiration)) {
            return false;
        }
        return LocalDateTime.now().isAfter(getExpirationTime(expiration, oAuth2AnswerParameters.getReceivedAt()));
    }

    @NotNull
    private static LocalDateTime getExpirationTime(String str, LocalDateTime localDateTime) {
        return localDateTime.plusSeconds(Long.parseLong(str)).minusSeconds(5L);
    }

    private boolean isNullOrEmpty(String... strArr) {
        return Arrays.stream(strArr).anyMatch(str -> {
            return str == null || str.isEmpty();
        });
    }

    private Object getTokenSynchronizer(Session session) {
        String refreshToken = session.getOAuth2AnswerParameters().getRefreshToken();
        try {
            return refreshToken == null ? new Object() : this.synchronizers.get(refreshToken, Object::new);
        } catch (ExecutionException e) {
            throw new RuntimeException(e);
        }
    }
}
