package org.keycloak.admin.client.token;

import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Form;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Config;
import org.keycloak.admin.client.resource.BasicAuthFilter;
import org.keycloak.common.util.Time;
import org.keycloak.representations.AccessTokenResponse;

/* loaded from: input_file:BOOT-INF/lib/keycloak-admin-client-4.6.0.Final.jar:org/keycloak/admin/client/token/TokenManager.class */
public class TokenManager {
    private static final long DEFAULT_MIN_VALIDITY = 30;
    private AccessTokenResponse currentToken;
    private long expirationTime;
    private long minTokenValidity = DEFAULT_MIN_VALIDITY;
    private final Config config;
    private final TokenService tokenService;
    private final String accessTokenGrantType;

    public TokenManager(Config config, ResteasyClient resteasyClient) {
        this.config = config;
        ResteasyWebTarget target = resteasyClient.target(config.getServerUrl());
        if (!config.isPublicClient()) {
            target.register2((Object) new BasicAuthFilter(config.getClientId(), config.getClientSecret()));
        }
        this.tokenService = (TokenService) target.proxy(TokenService.class);
        this.accessTokenGrantType = config.getGrantType();
        if (OAuth2Constants.CLIENT_CREDENTIALS.equals(this.accessTokenGrantType) && config.isPublicClient()) {
            throw new IllegalArgumentException("Can't use grant_type=client_credentials with public client");
        }
    }

    public String getAccessTokenString() {
        return getAccessToken().getToken();
    }

    public synchronized AccessTokenResponse getAccessToken() {
        if (this.currentToken == null) {
            grantToken();
        } else if (tokenExpired()) {
            refreshToken();
        }
        return this.currentToken;
    }

    public AccessTokenResponse grantToken() {
        Form param = new Form().param(OAuth2Constants.GRANT_TYPE, this.accessTokenGrantType);
        if ("password".equals(this.accessTokenGrantType)) {
            param.param("username", this.config.getUsername()).param("password", this.config.getPassword());
        }
        if (this.config.isPublicClient()) {
            param.param(OAuth2Constants.CLIENT_ID, this.config.getClientId());
        }
        int currentTime = Time.currentTime();
        synchronized (this) {
            this.currentToken = this.tokenService.grantToken(this.config.getRealm(), param.asMap());
            this.expirationTime = currentTime + this.currentToken.getExpiresIn();
        }
        return this.currentToken;
    }

    public synchronized AccessTokenResponse refreshToken() {
        Form param = new Form().param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN).param(OAuth2Constants.REFRESH_TOKEN, this.currentToken.getRefreshToken());
        if (this.config.isPublicClient()) {
            param.param(OAuth2Constants.CLIENT_ID, this.config.getClientId());
        }
        try {
            int currentTime = Time.currentTime();
            this.currentToken = this.tokenService.refreshToken(this.config.getRealm(), param.asMap());
            this.expirationTime = currentTime + this.currentToken.getExpiresIn();
            return this.currentToken;
        } catch (BadRequestException e) {
            return grantToken();
        }
    }

    public synchronized void setMinTokenValidity(long j) {
        this.minTokenValidity = j;
    }

    private synchronized boolean tokenExpired() {
        return ((long) Time.currentTime()) + this.minTokenValidity >= this.expirationTime;
    }

    public synchronized void invalidate(String str) {
        if (this.currentToken != null && str.equals(this.currentToken.getToken())) {
            this.expirationTime = -1L;
        }
    }
}
