package org.apereo.cas.ticket.accesstoken;

import java.util.Collection;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.services.RegisteredServiceOAuthAccessTokenExpirationPolicy;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.DefaultUniqueTicketIdGenerator;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.0.jar:org/apereo/cas/ticket/accesstoken/OAuth20DefaultAccessTokenFactory.class */
public class OAuth20DefaultAccessTokenFactory implements OAuth20AccessTokenFactory {
    protected final UniqueTicketIdGenerator accessTokenIdGenerator;
    protected final ExpirationPolicyBuilder<OAuth20AccessToken> expirationPolicy;
    protected final JwtBuilder jwtBuilder;
    protected final ServicesManager servicesManager;

    public OAuth20DefaultAccessTokenFactory(ExpirationPolicyBuilder<OAuth20AccessToken> expirationPolicyBuilder, JwtBuilder jwtBuilder, ServicesManager servicesManager) {
        this(new DefaultUniqueTicketIdGenerator(), expirationPolicyBuilder, jwtBuilder, servicesManager);
    }

    @Override // org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory
    public OAuth20AccessToken create(Service service, Authentication authentication, TicketGrantingTicket ticketGrantingTicket, Collection<String> collection, String str, String str2, Map<String, Map<String, Object>> map, OAuth20ResponseTypes oAuth20ResponseTypes, OAuth20GrantTypes oAuth20GrantTypes) {
        OAuth20DefaultAccessToken oAuth20DefaultAccessToken = new OAuth20DefaultAccessToken(this.accessTokenIdGenerator.getNewTicketId(OAuth20AccessToken.PREFIX), service, authentication, determineExpirationPolicyForService(OAuth20Utils.getRegisteredOAuthServiceByClientId(this.jwtBuilder.getServicesManager(), str2)), ticketGrantingTicket, str, collection, str2, map, oAuth20ResponseTypes, oAuth20GrantTypes);
        if (ticketGrantingTicket != null) {
            ticketGrantingTicket.getDescendantTickets().add(oAuth20DefaultAccessToken.getId());
        }
        return oAuth20DefaultAccessToken;
    }

    @Override // org.apereo.cas.ticket.TicketFactory
    public Class<? extends Ticket> getTicketType() {
        return OAuth20AccessToken.class;
    }

    protected ExpirationPolicy determineExpirationPolicyForService(OAuthRegisteredService oAuthRegisteredService) {
        if (oAuthRegisteredService != null && oAuthRegisteredService.getAccessTokenExpirationPolicy() != null) {
            RegisteredServiceOAuthAccessTokenExpirationPolicy accessTokenExpirationPolicy = oAuthRegisteredService.getAccessTokenExpirationPolicy();
            String maxTimeToLive = accessTokenExpirationPolicy.getMaxTimeToLive();
            String timeToKill = accessTokenExpirationPolicy.getTimeToKill();
            if (StringUtils.isNotBlank(maxTimeToLive) && StringUtils.isNotBlank(timeToKill)) {
                return new OAuth20AccessTokenExpirationPolicy(Beans.newDuration(maxTimeToLive).getSeconds(), Beans.newDuration(timeToKill).getSeconds());
            }
        }
        return this.expirationPolicy.buildTicketExpirationPolicy();
    }

    @Generated
    public OAuth20DefaultAccessTokenFactory(UniqueTicketIdGenerator uniqueTicketIdGenerator, ExpirationPolicyBuilder<OAuth20AccessToken> expirationPolicyBuilder, JwtBuilder jwtBuilder, ServicesManager servicesManager) {
        this.accessTokenIdGenerator = uniqueTicketIdGenerator;
        this.expirationPolicy = expirationPolicyBuilder;
        this.jwtBuilder = jwtBuilder;
        this.servicesManager = servicesManager;
    }

    @Generated
    public UniqueTicketIdGenerator getAccessTokenIdGenerator() {
        return this.accessTokenIdGenerator;
    }

    @Generated
    public ExpirationPolicyBuilder<OAuth20AccessToken> getExpirationPolicy() {
        return this.expirationPolicy;
    }

    @Generated
    public JwtBuilder getJwtBuilder() {
        return this.jwtBuilder;
    }

    @Generated
    public ServicesManager getServicesManager() {
        return this.servicesManager;
    }
}
