package com.appiancorp.oauth.inbound.token.refresh;

import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.oauth.inbound.OAuthTokenResponseGenerator;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenCheck;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenFamilyManager;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenSet;
import com.appiancorp.oauth.inbound.exceptions.OAuthException;
import com.appiancorp.oauth.inbound.token.OAuthTokenRequestHandlerStrategy;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/token/refresh/RefreshTokenRequestHandlerStrategy.class */
public class RefreshTokenRequestHandlerStrategy implements OAuthTokenRequestHandlerStrategy {
    private static final Logger LOG = LoggerFactory.getLogger(RefreshTokenRequestHandlerStrategy.class);
    private final FeatureToggleClient featureToggleClient;
    private final TokenFamilyManager<JWTClaimsSet> tokenFamilyManager;
    private final TokenCheck<JWTClaimsSet> refreshTokenCheck;
    private final OAuthTokenResponseGenerator oAuthTokenResponseGenerator;

    public RefreshTokenRequestHandlerStrategy(FeatureToggleClient featureToggleClient, TokenFamilyManager<JWTClaimsSet> tokenFamilyManager, TokenCheck<JWTClaimsSet> tokenCheck, OAuthTokenResponseGenerator oAuthTokenResponseGenerator) {
        this.featureToggleClient = featureToggleClient;
        this.tokenFamilyManager = tokenFamilyManager;
        this.refreshTokenCheck = tokenCheck;
        this.oAuthTokenResponseGenerator = oAuthTokenResponseGenerator;
    }

    @Override // com.appiancorp.oauth.inbound.token.OAuthTokenRequestHandlerStrategy
    public boolean supports(GrantType grantType) {
        if (this.featureToggleClient.isFeatureEnabled("ae.iam.common-auth-for-process-mining")) {
            return GrantType.REFRESH_TOKEN.equals(grantType);
        }
        LOG.warn("Ignoring refresh token grant processing since feature toggle {} is disabled.", "ae.iam.common-auth-for-process-mining");
        return false;
    }

    @Override // com.appiancorp.oauth.inbound.token.OAuthTokenRequestHandlerStrategy
    public boolean supports(TokenRequest tokenRequest) throws OAuthException {
        return supports(tokenRequest.getAuthorizationGrant().getType());
    }

    @Override // com.appiancorp.oauth.inbound.token.OAuthTokenRequestHandlerStrategy
    public void handle(HTTPRequest hTTPRequest, TokenRequest tokenRequest, HttpServletResponse httpServletResponse) throws Exception {
        TokenSet generateNewTokenSetUsingRefreshToken = this.tokenFamilyManager.generateNewTokenSetUsingRefreshToken(tokenRequest.getAuthorizationGrant().getRefreshToken().getValue(), this.refreshTokenCheck);
        if (!generateNewTokenSetUsingRefreshToken.getAccessToken().isPresent()) {
            throw new IllegalStateException("Unexpected error, access token was not set by refresh token grant handler.");
        }
        if (!generateNewTokenSetUsingRefreshToken.getRefreshToken().isPresent()) {
            LOG.warn("Refresh token was not generated when access token was refreshed.");
        }
        this.oAuthTokenResponseGenerator.applyTokenToResponse(generateNewTokenSetUsingRefreshToken, httpServletResponse);
    }
}
