package com.day.cq.mailer.oauth.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.day.cq.mailer.MailingException;
import com.day.cq.mailer.oauth.OAuthCodeService;
import com.day.cq.mailer.oauth.OAuthTokenStoreService;
import com.day.cq.mailer.oauth.OauthConfigurationProvider;
import com.day.cq.mailer.oauth.commons.OAuthUtil;
import javax.jcr.RepositoryException;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.PersistenceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(label = "CQ Mailer OAuthCode Service")
/* loaded from: input_file:com/day/cq/mailer/oauth/impl/OAuthCodeServiceImpl.class */
public class OAuthCodeServiceImpl implements OAuthCodeService {

    @Reference
    private OauthConfigurationProvider oauthConfigurationProvider;

    @Reference
    private CryptoSupport crypto;

    @Reference
    private OAuthTokenStoreService oauthTokenStoreService;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private volatile String encryptedAccessToken = null;
    private Long tokenExpiryTime = null;
    private boolean isFirstTimeAfterRestart = true;

    @Override // com.day.cq.mailer.oauth.OAuthCodeService
    public synchronized String getAccessTokenUsingRefreshToken() throws RepositoryException, LoginException {
        try {
            this.encryptedAccessToken = null;
            if (this.isFirstTimeAfterRestart) {
                configure(this.oauthConfigurationProvider.getRefreshToken());
                this.isFirstTimeAfterRestart = false;
            }
            String decryptedToken = OAuthUtil.getDecryptedToken(this.oauthTokenStoreService.getRefreshToken(), this.crypto);
            if (StringUtils.isBlank(decryptedToken)) {
                this.log.debug("1st time,no JCR is set,use OSGI config refresh token.");
                decryptedToken = this.oauthConfigurationProvider.getRefreshToken();
                this.oauthTokenStoreService.configure(decryptedToken);
            }
            OAuthJSONAccessTokenResponse oAuthJSONAccessTokenResponse = (OAuthJSONAccessTokenResponse) new OAuthClient(new URLConnectionClient()).accessToken(OAuthClientRequest.tokenLocation(this.oauthConfigurationProvider.getRefreshUrl()).setGrantType(GrantType.REFRESH_TOKEN).setClientId(this.oauthConfigurationProvider.getClientID()).setRefreshToken(decryptedToken).setClientSecret(this.oauthConfigurationProvider.getClientSecret()).setRedirectURI(this.oauthConfigurationProvider.getRedirectUrl()).setScope(this.oauthConfigurationProvider.getScopes()).buildBodyMessage(), "POST", OAuthJSONAccessTokenResponse.class);
            this.log.trace("received accessToken {} and refreshToken {} using refresh Request", oAuthJSONAccessTokenResponse.getAccessToken(), oAuthJSONAccessTokenResponse.getRefreshToken());
            this.encryptedAccessToken = OAuthUtil.getEncryptedToken(oAuthJSONAccessTokenResponse.getAccessToken(), this.crypto);
            setExpiryTime(oAuthJSONAccessTokenResponse.getExpiresIn());
            this.oauthTokenStoreService.updateToken(getRefreshTokenFromOAuthResponse(oAuthJSONAccessTokenResponse, decryptedToken));
            return this.encryptedAccessToken;
        } catch (Exception e) {
            this.log.error("error occurred while fetching accessToken using RefreshToken ", e);
            throw new MailingException("error occurred while fetching accessToken using RefreshToken " + e.getMessage());
        } catch (PersistenceException e2) {
            this.log.error("error occurred while persisting access/refresh Token", e2);
            throw new MailingException("error occurred while persisting access/refresh token " + e2.getMessage());
        }
    }

    @Override // com.day.cq.mailer.oauth.OAuthCodeService
    public String getAccessToken() {
        if (StringUtils.isBlank(this.encryptedAccessToken) || isTokenExpired()) {
            try {
                this.log.debug("access token is blank,fetching using refresh token");
                this.encryptedAccessToken = getAccessTokenUsingRefreshToken();
            } catch (Exception e) {
                this.log.error("error occurred while fetching accessToken using refreshToken", e);
                throw new MailingException("error occurred while fetching accessToken using refreshToken " + e.getMessage());
            }
        }
        return this.encryptedAccessToken;
    }

    private boolean isTokenExpired() {
        if (this.tokenExpiryTime == null || Long.compare(this.tokenExpiryTime.longValue(), System.currentTimeMillis()) <= 0) {
            this.log.debug("access Token is expired");
            return true;
        }
        this.log.debug("access Token is not expired");
        return false;
    }

    private String getRefreshTokenFromOAuthResponse(OAuthJSONAccessTokenResponse oAuthJSONAccessTokenResponse, String str) {
        String refreshToken = oAuthJSONAccessTokenResponse.getRefreshToken();
        return StringUtils.isBlank(refreshToken) ? str : refreshToken;
    }

    @Override // com.day.cq.mailer.oauth.OAuthCodeService
    public synchronized void configure(String str) {
        try {
            if (StringUtils.isNotBlank(str)) {
                this.log.debug("updating jcrOSGIConfigRefresh token with value from OSGI config refresh token");
                if (this.oauthTokenStoreService.configure(str)) {
                    this.log.debug("updated jcrOSGIConfigRefresh token with value from OSGI config refresh token");
                    this.encryptedAccessToken = null;
                }
            } else {
                this.log.debug("provided OSGI refreshToken is blank,not updating it.");
            }
        } catch (Exception e) {
            this.log.error("error occurred while updating jcr OSGI refresh token.", e);
        }
    }

    @Override // com.day.cq.mailer.oauth.OAuthCodeService
    public synchronized void updateToken(String str) {
        try {
            this.log.debug("updating jcrActiveRefresh token received via API");
            this.oauthTokenStoreService.configure(this.oauthConfigurationProvider.getRefreshToken());
            this.oauthTokenStoreService.updateToken(OAuthUtil.getDecryptedToken(StringUtils.trim(str), this.crypto));
            this.encryptedAccessToken = null;
        } catch (Exception e) {
            this.log.error("error occurred while saving jcr active Refresh Token received via API", e);
            throw new MailingException("error occurred while saving jcr active Refresh Token " + e.getMessage());
        }
    }

    private void setExpiryTime(Long l) {
        if (l != null) {
            this.tokenExpiryTime = Long.valueOf(System.currentTimeMillis() + (l.longValue() * 1000));
        } else {
            this.tokenExpiryTime = null;
        }
    }

    protected void bindOauthConfigurationProvider(OauthConfigurationProvider oauthConfigurationProvider) {
        this.oauthConfigurationProvider = oauthConfigurationProvider;
    }

    protected void unbindOauthConfigurationProvider(OauthConfigurationProvider oauthConfigurationProvider) {
        if (this.oauthConfigurationProvider == oauthConfigurationProvider) {
            this.oauthConfigurationProvider = null;
        }
    }

    protected void bindCrypto(CryptoSupport cryptoSupport) {
        this.crypto = cryptoSupport;
    }

    protected void unbindCrypto(CryptoSupport cryptoSupport) {
        if (this.crypto == cryptoSupport) {
            this.crypto = null;
        }
    }

    protected void bindOauthTokenStoreService(OAuthTokenStoreService oAuthTokenStoreService) {
        this.oauthTokenStoreService = oAuthTokenStoreService;
    }

    protected void unbindOauthTokenStoreService(OAuthTokenStoreService oAuthTokenStoreService) {
        if (this.oauthTokenStoreService == oAuthTokenStoreService) {
            this.oauthTokenStoreService = null;
        }
    }
}
