package org.springframework.security.oauth2.provider.token;

import java.security.SecureRandom;
import java.util.Date;
import java.util.Random;
import java.util.UUID;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.common.exceptions.ExpiredTokenException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.ClientAuthenticationToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;

/* loaded from: input_file:org/springframework/security/oauth2/provider/token/RandomValueOAuth2ProviderTokenServices.class */
public abstract class RandomValueOAuth2ProviderTokenServices implements OAuth2ProviderTokenServices, InitializingBean {
    private Random random;
    private int refreshTokenValiditySeconds = 2592000;
    private int accessTokenValiditySeconds = 43200;
    private boolean supportRefreshToken = false;
    private boolean reuseRefreshToken = true;
    private int tokenSecretLengthBytes = 80;

    public void afterPropertiesSet() throws Exception {
        if (this.random == null) {
            this.random = new SecureRandom();
        }
    }

    protected abstract OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken);

    protected abstract void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication);

    protected abstract OAuth2AccessToken readAccessToken(String str);

    protected abstract void removeAccessToken(String str);

    protected abstract OAuth2Authentication readAuthentication(ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken);

    protected abstract void storeRefreshToken(ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken, OAuth2Authentication oAuth2Authentication);

    protected abstract ExpiringOAuth2RefreshToken readRefreshToken(String str);

    protected abstract void removeRefreshToken(String str);

    protected abstract void removeAccessTokenUsingRefreshToken(String str);

    @Override // org.springframework.security.oauth2.provider.token.OAuth2ProviderTokenServices
    public OAuth2AccessToken createAccessToken(OAuth2Authentication oAuth2Authentication) throws AuthenticationException {
        ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken = null;
        if (isSupportRefreshToken()) {
            expiringOAuth2RefreshToken = createRefreshToken(oAuth2Authentication);
        }
        return createAccessToken(oAuth2Authentication, expiringOAuth2RefreshToken);
    }

    @Override // org.springframework.security.oauth2.provider.token.OAuth2ProviderTokenServices
    public OAuth2AccessToken refreshAccessToken(String str) throws AuthenticationException {
        if (!isSupportRefreshToken()) {
            throw new InvalidTokenException("Invalid refresh token: " + str);
        }
        removeAccessTokenUsingRefreshToken(str);
        ExpiringOAuth2RefreshToken readRefreshToken = readRefreshToken(str);
        if (readRefreshToken == null) {
            throw new InvalidTokenException("Invalid refresh token: " + str);
        }
        if (isExpired(readRefreshToken)) {
            removeRefreshToken(str);
            throw new ExpiredTokenException("Expired refresh token: " + readRefreshToken);
        }
        OAuth2Authentication readAuthentication = readAuthentication(readRefreshToken);
        if (!isReuseRefreshToken()) {
            removeRefreshToken(str);
            readRefreshToken = createRefreshToken(readAuthentication);
        }
        return createAccessToken(readAuthentication, readRefreshToken);
    }

    protected boolean isExpired(ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken) {
        return expiringOAuth2RefreshToken.getExpiration() == null || System.currentTimeMillis() > expiringOAuth2RefreshToken.getExpiration().getTime();
    }

    private boolean isExpired(OAuth2AccessToken oAuth2AccessToken) {
        return oAuth2AccessToken.getExpiration() == null || System.currentTimeMillis() > oAuth2AccessToken.getExpiration().getTime();
    }

    @Override // org.springframework.security.oauth2.provider.token.OAuth2ProviderTokenServices
    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException {
        OAuth2AccessToken readAccessToken = readAccessToken(str);
        if (readAccessToken == null) {
            throw new InvalidTokenException("Invalid access token: " + str);
        }
        if (!isExpired(readAccessToken)) {
            return readAuthentication(readAccessToken);
        }
        removeAccessToken(str);
        throw new ExpiredTokenException("Expired access token: " + str);
    }

    protected ExpiringOAuth2RefreshToken createRefreshToken(OAuth2Authentication oAuth2Authentication) {
        ExpiringOAuth2RefreshToken expiringOAuth2RefreshToken = new ExpiringOAuth2RefreshToken();
        expiringOAuth2RefreshToken.setValue(UUID.randomUUID().toString());
        expiringOAuth2RefreshToken.setExpiration(new Date(System.currentTimeMillis() + (getRefreshTokenValiditySeconds() * 1000)));
        storeRefreshToken(expiringOAuth2RefreshToken, oAuth2Authentication);
        return expiringOAuth2RefreshToken;
    }

    protected OAuth2AccessToken createAccessToken(OAuth2Authentication oAuth2Authentication, OAuth2RefreshToken oAuth2RefreshToken) {
        OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken();
        oAuth2AccessToken.setValue(UUID.randomUUID().toString());
        oAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + (getAccessTokenValiditySeconds() * 1000)));
        oAuth2AccessToken.setRefreshToken(oAuth2RefreshToken);
        if (oAuth2Authentication.getClientAuthentication() instanceof ClientAuthenticationToken) {
            oAuth2AccessToken.setScope(oAuth2Authentication.getClientAuthentication().getScope());
        }
        storeAccessToken(oAuth2AccessToken, oAuth2Authentication);
        return oAuth2AccessToken;
    }

    public int getTokenSecretLengthBytes() {
        return this.tokenSecretLengthBytes;
    }

    public void setTokenSecretLengthBytes(int i) {
        this.tokenSecretLengthBytes = i;
    }

    public Random getRandom() {
        return this.random;
    }

    public void setRandom(Random random) {
        this.random = random;
    }

    public int getRefreshTokenValiditySeconds() {
        return this.refreshTokenValiditySeconds;
    }

    public void setRefreshTokenValiditySeconds(int i) {
        this.refreshTokenValiditySeconds = i;
    }

    public int getAccessTokenValiditySeconds() {
        return this.accessTokenValiditySeconds;
    }

    public void setAccessTokenValiditySeconds(int i) {
        this.accessTokenValiditySeconds = i;
    }

    public boolean isSupportRefreshToken() {
        return this.supportRefreshToken;
    }

    public void setSupportRefreshToken(boolean z) {
        this.supportRefreshToken = z;
    }

    public boolean isReuseRefreshToken() {
        return this.reuseRefreshToken;
    }

    public void setReuseRefreshToken(boolean z) {
        this.reuseRefreshToken = z;
    }
}
