package org.apache.sling.auth.oauth_client.impl;

import java.util.Optional;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.oauth_client.ClientConnection;
import org.apache.sling.auth.oauth_client.OAuthTokenAccess;
import org.apache.sling.auth.oauth_client.OAuthTokenResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/TokenAccessImpl.class */
public class TokenAccessImpl implements OAuthTokenAccess {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private OAuthTokenStore tokenStore;
    private OAuthTokenRefresher tokenRefresher;

    @Activate
    public TokenAccessImpl(@Reference OAuthTokenStore oAuthTokenStore, @Reference OAuthTokenRefresher oAuthTokenRefresher) {
        this.tokenStore = oAuthTokenStore;
        this.tokenRefresher = oAuthTokenRefresher;
    }

    @Override // org.apache.sling.auth.oauth_client.OAuthTokenAccess
    public OAuthTokenResponse getAccessToken(ClientConnection clientConnection, SlingHttpServletRequest slingHttpServletRequest, String str) {
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        OAuthToken accessToken = this.tokenStore.getAccessToken(clientConnection, resourceResolver);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Accessing token for connection {} and user {}", clientConnection.name(), slingHttpServletRequest.getUserPrincipal());
        }
        if (accessToken.getState() == TokenState.VALID) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Returning valid access token for connection {} and user {}", clientConnection.name(), slingHttpServletRequest.getUserPrincipal());
            }
            return new OAuthTokenResponse(Optional.of(accessToken.getValue()), clientConnection, slingHttpServletRequest, str);
        }
        if (accessToken.getState() == TokenState.EXPIRED) {
            OAuthToken refreshToken = this.tokenStore.getRefreshToken(clientConnection, resourceResolver);
            if (refreshToken.getState() == TokenState.VALID) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Refreshing expired access token for connection {} and user {}", clientConnection.name(), slingHttpServletRequest.getUserPrincipal());
                }
                OAuthTokens refreshTokens = this.tokenRefresher.refreshTokens(clientConnection, refreshToken.getValue());
                this.tokenStore.persistTokens(clientConnection, resourceResolver, refreshTokens);
                return new OAuthTokenResponse(Optional.of(refreshTokens.accessToken()), clientConnection, slingHttpServletRequest, str);
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("No valid access token found for connection {} and user {}", clientConnection.name(), slingHttpServletRequest.getUserPrincipal());
        }
        return new OAuthTokenResponse(Optional.empty(), clientConnection, slingHttpServletRequest, str);
    }

    @Override // org.apache.sling.auth.oauth_client.OAuthTokenAccess
    public OAuthTokenResponse clearAccessToken(ClientConnection clientConnection, SlingHttpServletRequest slingHttpServletRequest, String str) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Clearing access token for connection {} and user {}", clientConnection.name(), slingHttpServletRequest.getUserPrincipal());
        }
        this.tokenStore.clearAccessToken(clientConnection, slingHttpServletRequest.getResourceResolver());
        return new OAuthTokenResponse(Optional.empty(), clientConnection, slingHttpServletRequest, str);
    }

    @Override // org.apache.sling.auth.oauth_client.OAuthTokenAccess
    public void clearAccessToken(ClientConnection clientConnection, ResourceResolver resourceResolver) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Clearing access token for connection {} and user {}", clientConnection.name(), resourceResolver.getUserID());
        }
        this.tokenStore.clearAccessToken(clientConnection, resourceResolver);
    }
}
