package com.predic8.membrane.core.interceptor.oauth2client.rf.token;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AnswerParameters;
import com.predic8.membrane.core.interceptor.oauth2.authorizationservice.AuthorizationService;
import com.predic8.membrane.core.interceptor.oauth2client.OAuth2Resource2Interceptor;
import com.predic8.membrane.core.interceptor.oauth2client.rf.JsonUtils;
import com.predic8.membrane.core.interceptor.session.Session;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.0.jar:com/predic8/membrane/core/interceptor/oauth2client/rf/token/AccessTokenRefresher.class */
public class AccessTokenRefresher {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AccessTokenRefresher.class);
    private final Cache<String, Object> synchronizers = CacheBuilder.newBuilder().expireAfterAccess(1, TimeUnit.MINUTES).build();
    private AuthorizationService auth;
    private TokenResponseHandler tokenResponseHandler;
    private boolean onlyRefreshToken;

    public void init(AuthorizationService authorizationService, boolean z) {
        this.auth = authorizationService;
        this.onlyRefreshToken = z;
        this.tokenResponseHandler = new TokenResponseHandler();
        this.tokenResponseHandler.init(authorizationService);
    }

    public void refreshIfNeeded(Session session, Exchange exchange) {
        String str = (String) exchange.getProperty(OAuth2Resource2Interceptor.WANTED_SCOPE);
        if (refreshingOfAccessTokenIsNeeded(session, str)) {
            synchronized (getTokenSynchronizer(session)) {
                try {
                    exchange.setProperty(Exchange.OAUTH2, refreshAccessToken(session, str));
                } catch (Exception e) {
                    log.warn("Failed to refresh access token, clearing session and restarting OAuth2 flow.", (Throwable) e);
                    session.clearAuthentication();
                }
            }
        }
    }

    private OAuth2AnswerParameters refreshAccessToken(Session session, String str) throws Exception {
        OAuth2AnswerParameters oAuth2AnswerParameters = session.getOAuth2AnswerParameters();
        Response refreshTokenRequest = this.auth.refreshTokenRequest(session, oAuth2AnswerParameters, str);
        if (!refreshTokenRequest.isOk()) {
            refreshTokenRequest.getBody().read();
            throw new RuntimeException("Statuscode from authorization server for refresh token request: " + refreshTokenRequest.getStatusCode());
        }
        if (!JsonUtils.isJson(refreshTokenRequest)) {
            throw new RuntimeException("Refresh Token response is no JSON.");
        }
        Map<String, Object> map = (Map) new ObjectMapper().readValue(refreshTokenRequest.getBodyAsStreamDecoded(), new TypeReference<Map<String, Object>>() { // from class: com.predic8.membrane.core.interceptor.oauth2client.rf.token.AccessTokenRefresher.1
        });
        if (!this.onlyRefreshToken && isMissingOneToken(map)) {
            refreshTokenRequest.getBody().read();
            throw new RuntimeException("Statuscode was ok but no access_token and refresh_token was received: " + refreshTokenRequest.getStatusCode());
        }
        this.tokenResponseHandler.handleTokenResponse(session, str, map, oAuth2AnswerParameters);
        session.setOAuth2Answer(str, oAuth2AnswerParameters.serialize());
        return oAuth2AnswerParameters;
    }

    private boolean refreshingOfAccessTokenIsNeeded(Session session, String str) {
        if (session.getOAuth2Answer(str) == null) {
            return (str == null || session.getOAuth2Answer() == null) ? false : true;
        }
        if (session.getAccessToken(str) == null && str != null) {
            return true;
        }
        OAuth2AnswerParameters oAuth2AnswerParameters = session.getOAuth2AnswerParameters(str);
        OAuth2AnswerParameters oAuth2AnswerParameters2 = session.getOAuth2AnswerParameters();
        String expiration = oAuth2AnswerParameters.getExpiration();
        if (isNullOrEmpty(oAuth2AnswerParameters2.getRefreshToken(), expiration)) {
            return false;
        }
        return LocalDateTime.now().isAfter(oAuth2AnswerParameters.getReceivedAt().plusSeconds(Long.parseLong(expiration)).minusSeconds(5L));
    }

    private boolean isNullOrEmpty(String... strArr) {
        return Arrays.stream(strArr).anyMatch(str -> {
            return str == null || str.isEmpty();
        });
    }

    private boolean isMissingOneToken(Map<String, Object> map) {
        return map.get("access_token") == null || map.get("refresh_token") == null;
    }

    private Object getTokenSynchronizer(Session session) {
        String refreshToken = session.getOAuth2AnswerParameters().getRefreshToken();
        try {
            return refreshToken == null ? new Object() : this.synchronizers.get(refreshToken, Object::new);
        } catch (ExecutionException e) {
            throw new RuntimeException(e);
        }
    }
}
