package org.forgerock.oauth2.core;

import org.forgerock.oauth2.core.exceptions.InvalidGrantException;
import org.forgerock.oauth2.core.exceptions.NotFoundException;
import org.forgerock.oauth2.core.exceptions.ServerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/oauth2/core/AccessTokenVerifier.class */
public abstract class AccessTokenVerifier {
    public static final String HEADER = "header";
    public static final String REALM_AGNOSTIC_HEADER = "realm-agnostic-header";
    public static final String FORM_BODY = "form-body";
    public static final String REALM_AGNOSTIC_FORM_BODY = "realm-agnostic-form-body";
    public static final String QUERY_PARAM = "query-param";
    public static final String REALM_AGNOSTIC_QUERY_PARAM = "realm-agnostic-query-param";
    protected final Logger logger = LoggerFactory.getLogger("OAuth2Provider");
    private static final TokenState INVALID_TOKEN = new TokenState(null);
    private final TokenStore tokenStore;

    /* loaded from: input_file:org/forgerock/oauth2/core/AccessTokenVerifier$TokenState.class */
    public static class TokenState {
        private final String tokenId;

        protected TokenState(String str) {
            this.tokenId = str;
        }

        public boolean isValid() {
            return this.tokenId != null;
        }

        public String getTokenId() {
            return this.tokenId;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessTokenVerifier(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public TokenState verify(OAuth2Request oAuth2Request) {
        String obtainTokenId = obtainTokenId(oAuth2Request);
        if (obtainTokenId == null) {
            this.logger.debug("Request does not contain token id.");
            return INVALID_TOKEN;
        }
        try {
            AccessToken readAccessToken = this.tokenStore.readAccessToken(oAuth2Request, obtainTokenId);
            if (readAccessToken != null) {
                return readAccessToken.isExpired() ? INVALID_TOKEN : new TokenState(obtainTokenId);
            }
        } catch (InvalidGrantException e) {
            this.logger.debug(e.getMessage());
        } catch (NotFoundException e2) {
            this.logger.debug(e2.getMessage());
        } catch (ServerException e3) {
            this.logger.debug(e3.getMessage());
        }
        return INVALID_TOKEN;
    }

    protected abstract String obtainTokenId(OAuth2Request oAuth2Request);
}
