package org.keycloak.protocol.oidc;

import org.jboss.logging.Logger;
import org.keycloak.OAuthErrorException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.util.UserSessionUtil;

/* loaded from: input_file:org/keycloak/protocol/oidc/RefreshTokenIntrospectionProvider.class */
public class RefreshTokenIntrospectionProvider extends AccessTokenIntrospectionProvider<RefreshToken> {
    private static final Logger logger = Logger.getLogger(RefreshTokenIntrospectionProvider.class);

    public RefreshTokenIntrospectionProvider(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    protected Class<RefreshToken> getTokenClass() {
        return RefreshToken.class;
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    protected UserSessionUtil.UserSessionValidationResult verifyUserSession() {
        return UserSessionUtil.findValidSessionForRefreshToken(this.session, this.realm, this.token, this.client, userSessionModel -> {
        });
    }

    @Override // org.keycloak.protocol.oidc.AccessTokenIntrospectionProvider
    protected boolean verifyTokenReuse() {
        String type = this.token.getType();
        if (!this.realm.isRevokeRefreshToken()) {
            return true;
        }
        if ((!type.equals("Refresh") && !type.equals("Offline")) || validateTokenReuse()) {
            return true;
        }
        logger.debugf("Introspection access token for %s client: failed to validate Token reuse for introspection", this.token.getIssuedFor());
        this.eventBuilder.detail("reason", "Realm revoke refresh token, token type is " + type + " and token is not eligible for introspection");
        this.eventBuilder.error("invalid_token");
        return false;
    }

    private boolean validateTokenReuse() {
        try {
            this.tokenManager.validateTokenReuse(this.session, this.realm, this.token, this.userSession.getAuthenticatedClientSessionByClient(this.client.getId()), false);
            return true;
        } catch (OAuthErrorException e) {
            logger.debug("validateTokenReuseForIntrospection is false", e);
            return false;
        }
    }
}
