package io.corbel.iam.service;

import io.corbel.iam.auth.AuthorizationRequestContext;
import io.corbel.iam.model.User;
import io.corbel.iam.repository.UserRepository;
import io.corbel.lib.token.TokenInfo;
import io.corbel.lib.token.exception.TokenVerificationException;
import io.corbel.lib.token.factory.TokenFactory;
import io.corbel.lib.token.model.TokenType;
import io.corbel.lib.token.parser.TokenParser;
import io.corbel.lib.token.repository.OneTimeAccessTokenRepository;
import java.text.MessageFormat;
import java.util.Optional;

/* loaded from: input_file:io/corbel/iam/service/DefaultRefreshTokenService.class */
public class DefaultRefreshTokenService implements RefreshTokenService {
    private static final String ACCESS_TOKEN_TAG_TEMPLATE = "access_token:{0}";
    private static final String USER_TAG_TEMPLATE = "user:{0}";
    private final TokenParser tokenParser;
    private final UserRepository userRepository;
    private final TokenFactory refreshTokenFactory;
    private final long refreshTokenDurationInSeconds;
    private final OneTimeAccessTokenRepository oneTimeAccessTokenRepository;

    public DefaultRefreshTokenService(TokenParser tokenParser, UserRepository userRepository, TokenFactory tokenFactory, long j, OneTimeAccessTokenRepository oneTimeAccessTokenRepository) {
        this.tokenParser = tokenParser;
        this.userRepository = userRepository;
        this.refreshTokenFactory = tokenFactory;
        this.refreshTokenDurationInSeconds = j;
        this.oneTimeAccessTokenRepository = oneTimeAccessTokenRepository;
    }

    @Override // io.corbel.iam.service.RefreshTokenService
    public String createRefreshToken(AuthorizationRequestContext authorizationRequestContext, String str) {
        String str2 = null;
        if (authorizationRequestContext.hasPrincipal()) {
            str2 = this.refreshTokenFactory.createToken(TokenInfo.newBuilder().setType(TokenType.REFRESH).setState(Long.toString(System.currentTimeMillis())).setClientId(authorizationRequestContext.getIssuerClientId()).setOneUseToken(true).setUserId(authorizationRequestContext.getPrincipal().getId()).setGroups(authorizationRequestContext.getPrincipal().getGroups()).build(), this.refreshTokenDurationInSeconds, new String[]{userTag(authorizationRequestContext), accessTokenTag(str)}).getAccessToken();
        }
        return str2;
    }

    @Override // io.corbel.iam.service.RefreshTokenService
    public User getUserFromRefreshToken(String str) throws TokenVerificationException {
        return (User) this.userRepository.findOne(this.tokenParser.parseAndVerify(str).getInfo().getUserId());
    }

    @Override // io.corbel.iam.service.RefreshTokenService
    public void invalidateRefreshToken(String str, Optional<String> optional) {
        if (optional.isPresent()) {
            this.oneTimeAccessTokenRepository.deleteByTags(new String[]{userTag(str), accessTokenTag(optional.get())});
        } else {
            this.oneTimeAccessTokenRepository.deleteByTags(new String[]{userTag(str)});
        }
    }

    private String accessTokenTag(String str) {
        return MessageFormat.format(ACCESS_TOKEN_TAG_TEMPLATE, str);
    }

    private String userTag(AuthorizationRequestContext authorizationRequestContext) {
        return userTag(authorizationRequestContext.getPrincipal().getId());
    }

    private String userTag(String str) {
        return MessageFormat.format(USER_TAG_TEMPLATE, str);
    }
}
