package org.genesys.blocks.oauth.service;

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.oauth.model.AccessToken;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.model.OAuthRole;
import org.genesys.blocks.oauth.model.QOAuthClient;
import org.genesys.blocks.oauth.model.RefreshToken;
import org.genesys.blocks.oauth.persistence.AccessTokenRepository;
import org.genesys.blocks.oauth.persistence.OAuthClientRepository;
import org.genesys.blocks.oauth.persistence.RefreshTokenRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Sort;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.common.util.SerializationUtils;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@Service
/* loaded from: input_file:org/genesys/blocks/oauth/service/OAuthServiceImpl.class */
public class OAuthServiceImpl implements OAuthClientDetailsService, OAuthTokenStoreService {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthServiceImpl.class);

    @Value("${host.name}")
    private String hostname;

    @Autowired
    private OAuthClientRepository oauthClientRepository;

    @Autowired
    private RefreshTokenRepository refreshTokenRepository;

    @Autowired
    private AccessTokenRepository accessTokenRepository;

    @Autowired
    public PasswordEncoder passwordEncoder;
    private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();

    public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
        this.authenticationKeyGenerator = authenticationKeyGenerator;
    }

    @Cacheable(cacheNames = {"oauthclient"}, key = "#clientId", unless = "#result == null")
    public ClientDetails loadClientByClientId(String str) throws ClientRegistrationException {
        OAuthClient findByClientId = this.oauthClientRepository.findByClientId(str);
        if (findByClientId == null) {
            throw new NoSuchClientException(str);
        }
        return lazyLoad(findByClientId);
    }

    private OAuthClient lazyLoad(OAuthClient oAuthClient) {
        if (oAuthClient != null) {
            oAuthClient.getRoles().size();
            oAuthClient.getRoles().add(OAuthRole.EVERYONE);
        }
        return oAuthClient;
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        String str = null;
        if (oAuth2AccessToken.getRefreshToken() != null) {
            str = oAuth2AccessToken.getRefreshToken().getValue();
        }
        if (readAccessToken(oAuth2AccessToken.getValue()) != null) {
            removeAccessToken(oAuth2AccessToken.getValue());
        }
        this.accessTokenRepository.deleteByAuthenticationId(this.authenticationKeyGenerator.extractKey(oAuth2Authentication));
        AccessToken accessToken = new AccessToken();
        accessToken.setTokenId(extractTokenKey(oAuth2AccessToken.getValue()));
        accessToken.setToken(serializeAccessToken(oAuth2AccessToken));
        accessToken.setAuthenticationId(this.authenticationKeyGenerator.extractKey(oAuth2Authentication));
        accessToken.setUsername(oAuth2Authentication.isClientOnly() ? null : oAuth2Authentication.getName());
        accessToken.setClientId(oAuth2Authentication.getOAuth2Request().getClientId());
        accessToken.setAuthentication(serializeAuthentication(oAuth2Authentication));
        accessToken.setRefreshToken(extractTokenKey(str));
        accessToken.setExpiration(oAuth2AccessToken.getExpiration());
        this.accessTokenRepository.save(accessToken);
    }

    @Cacheable(cacheNames = {"oauthaccesstoken"}, key = "#tokenValue", unless = "#result == null")
    public OAuth2AccessToken readAccessToken(String str) {
        OAuth2AccessToken oAuth2AccessToken = null;
        LOG.trace("Reading access token value={} key={}", str, extractTokenKey(str));
        AccessToken accessToken = (AccessToken) this.accessTokenRepository.findOne(extractTokenKey(str));
        if (accessToken != null) {
            oAuth2AccessToken = deserializeAccessToken(accessToken.getToken());
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for token " + str);
        }
        return oAuth2AccessToken;
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        removeAccessToken(oAuth2AccessToken.getValue());
    }

    @Override // org.genesys.blocks.oauth.service.OAuthTokenStoreService
    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeAccessToken(String str) {
        this.accessTokenRepository.delete(extractTokenKey(str));
    }

    @Cacheable(cacheNames = {"oauthaccesstokenauth"}, key = "#token.value", unless = "#result == null")
    public OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        return readAuthentication(oAuth2AccessToken.getValue());
    }

    @Cacheable(cacheNames = {"oauthaccesstokenauth"}, key = "#tokenValue", unless = "#result == null")
    public OAuth2Authentication readAuthentication(String str) {
        OAuth2Authentication oAuth2Authentication = null;
        LOG.trace("TokenValue={} key={}", str, extractTokenKey(str));
        AccessToken accessToken = (AccessToken) this.accessTokenRepository.findOne(extractTokenKey(str));
        if (accessToken != null) {
            oAuth2Authentication = deserializeAuthentication(accessToken.getAuthentication());
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for token " + str);
        }
        return oAuth2Authentication;
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void storeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken, OAuth2Authentication oAuth2Authentication) {
        RefreshToken refreshToken = new RefreshToken();
        refreshToken.setClientId(oAuth2Authentication.getOAuth2Request().getClientId());
        refreshToken.setTokenId(extractTokenKey(oAuth2RefreshToken.getValue()));
        refreshToken.setToken(serializeRefreshToken(oAuth2RefreshToken));
        refreshToken.setAuthentication(serializeAuthentication(oAuth2Authentication));
        refreshToken.setUsername(oAuth2Authentication.isClientOnly() ? null : oAuth2Authentication.getUserAuthentication().getName());
        if (oAuth2RefreshToken instanceof DefaultExpiringOAuth2RefreshToken) {
            refreshToken.setExpiration(((DefaultExpiringOAuth2RefreshToken) oAuth2RefreshToken).getExpiration());
        }
        this.refreshTokenRepository.save(refreshToken);
    }

    public OAuth2RefreshToken readRefreshToken(String str) {
        OAuth2RefreshToken oAuth2RefreshToken = null;
        RefreshToken refreshToken = (RefreshToken) this.refreshTokenRepository.findOne(extractTokenKey(str));
        if (refreshToken != null) {
            oAuth2RefreshToken = deserializeRefreshToken(refreshToken.getToken());
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find refresh token for token " + str);
        }
        return oAuth2RefreshToken;
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeRefreshToken(oAuth2RefreshToken.getValue());
    }

    @Override // org.genesys.blocks.oauth.service.OAuthTokenStoreService
    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeRefreshToken(String str) {
        this.refreshTokenRepository.delete(extractTokenKey(str));
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        return readAuthenticationForRefreshToken(oAuth2RefreshToken.getValue());
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(String str) {
        OAuth2Authentication oAuth2Authentication = null;
        RefreshToken refreshToken = (RefreshToken) this.refreshTokenRepository.findOne(extractTokenKey(str));
        if (refreshToken != null) {
            oAuth2Authentication = deserializeAuthentication(refreshToken.getAuthentication());
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for token " + str);
        }
        return oAuth2Authentication;
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeAccessTokenUsingRefreshToken(oAuth2RefreshToken.getValue());
    }

    @Transactional
    @CacheEvict(cacheNames = {"oauthaccesstoken", "oauthaccesstokenauth"}, allEntries = true)
    public void removeAccessTokenUsingRefreshToken(String str) {
        this.accessTokenRepository.deleteByRefreshToken(extractTokenKey(str));
    }

    public OAuth2AccessToken getAccessToken(OAuth2Authentication oAuth2Authentication) {
        OAuth2AccessToken oAuth2AccessToken = null;
        String extractKey = this.authenticationKeyGenerator.extractKey(oAuth2Authentication);
        LOG.trace("auth={} key={}", oAuth2Authentication, extractKey);
        AccessToken findByAuthenticationId = this.accessTokenRepository.findByAuthenticationId(extractKey);
        if (findByAuthenticationId != null) {
            oAuth2AccessToken = deserializeAccessToken(findByAuthenticationId.getToken());
            OAuth2Authentication readAuthentication = readAuthentication(oAuth2AccessToken.getValue());
            if (oAuth2AccessToken != null && readAuthentication != null && !extractKey.equals(this.authenticationKeyGenerator.extractKey(readAuthentication))) {
                removeAccessToken(oAuth2AccessToken.getValue());
                storeAccessToken(oAuth2AccessToken, oAuth2Authentication);
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("Failed to find access token for authentication={}", oAuth2Authentication);
        }
        return oAuth2AccessToken;
    }

    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String str, String str2) {
        return (Collection) this.accessTokenRepository.findByClientIdAndUsername(str, str2).stream().filter(accessToken -> {
            return accessToken != null;
        }).map(accessToken2 -> {
            return deserializeAccessToken(accessToken2.getToken());
        }).collect(Collectors.toList());
    }

    public Collection<OAuth2AccessToken> findTokensByClientId(String str) {
        return (Collection) this.accessTokenRepository.findByClientId(str).stream().filter(accessToken -> {
            return accessToken != null;
        }).map(accessToken2 -> {
            return deserializeAccessToken(accessToken2.getToken());
        }).collect(Collectors.toList());
    }

    protected String extractTokenKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            try {
                return String.format("%032x", new BigInteger(1, MessageDigest.getInstance("MD5").digest(str.getBytes("UTF-8"))));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
        }
    }

    protected byte[] serializeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        try {
            return SerializationUtils.serialize(oAuth2AccessToken);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    protected byte[] serializeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        try {
            return SerializationUtils.serialize(oAuth2RefreshToken);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    protected byte[] serializeAuthentication(OAuth2Authentication oAuth2Authentication) {
        try {
            return SerializationUtils.serialize(oAuth2Authentication);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    protected OAuth2AccessToken deserializeAccessToken(byte[] bArr) {
        try {
            return (OAuth2AccessToken) SerializationUtils.deserialize(bArr);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    protected OAuth2RefreshToken deserializeRefreshToken(byte[] bArr) {
        try {
            return (OAuth2RefreshToken) SerializationUtils.deserialize(bArr);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    protected OAuth2Authentication deserializeAuthentication(byte[] bArr) {
        try {
            return (OAuth2Authentication) SerializationUtils.deserialize(bArr);
        } catch (Throwable th) {
            LOG.warn(th.getMessage() + ". Returning null.");
            return null;
        }
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public List<OAuthClient> listClientDetails() {
        return this.oauthClientRepository.findAll(new Sort(new String[]{"clientId"}));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthTokenStoreService
    public List<AccessToken> findAccessTokensByClientId(String str) {
        return this.accessTokenRepository.findByClientId(str);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthTokenStoreService
    public List<RefreshToken> findRefreshTokensByClientId(String str) {
        return this.refreshTokenRepository.findByClientId(str);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthTokenStoreService
    public List<AccessToken> findTokensByUserUuid(String str) {
        return this.accessTokenRepository.findByUsername(str);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public OAuthClient getClient(String str) {
        OAuthClient findByClientId = this.oauthClientRepository.findByClientId(str);
        if (findByClientId != null) {
            findByClientId.getRoles().size();
        }
        return findByClientId;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    public OAuthClient removeClient(OAuthClient oAuthClient) {
        this.oauthClientRepository.delete(oAuthClient);
        return oAuthClient;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    public OAuthClient addClient(String str, String str2, String str3, Integer num, Integer num2) {
        String str4 = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + this.hostname;
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(32);
        OAuthClient oAuthClient = new OAuthClient();
        oAuthClient.setTitle(str);
        oAuthClient.setDescription(str2);
        oAuthClient.setRedirect((String) StringUtils.defaultIfBlank(str3, (CharSequence) null));
        oAuthClient.setAccessTokenValidity(num);
        oAuthClient.setRefreshTokenValidity(num2);
        oAuthClient.setClientId(str4);
        oAuthClient.setClientSecret(this.passwordEncoder.encode(randomAlphanumeric));
        oAuthClient.getScope().add("read");
        oAuthClient.getScope().add("write");
        oAuthClient.getAuthorizedGrantTypes().add("authorization_code");
        oAuthClient.getAuthorizedGrantTypes().add("refresh_token");
        oAuthClient.getRoles().add(OAuthRole.CLIENT);
        return (OAuthClient) this.oauthClientRepository.save(oAuthClient);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    public OAuthClient addClient(OAuthClient oAuthClient) {
        String str = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + this.hostname;
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(32);
        OAuthClient oAuthClient2 = new OAuthClient();
        oAuthClient2.apply(oAuthClient);
        oAuthClient2.setClientId(str);
        oAuthClient2.setClientSecret(this.passwordEncoder.encode(randomAlphanumeric));
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(oAuthClient2));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    public OAuthClient updateClient(long j, int i, OAuthClient oAuthClient) {
        OAuthClient findByIdAndVersion = this.oauthClientRepository.findByIdAndVersion(j, i);
        findByIdAndVersion.apply(oAuthClient);
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(findByIdAndVersion));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public List<OAuthClient> autocompleteClients(String str, int i) {
        if (StringUtils.isBlank(str) || str.length() < 1) {
            return Collections.emptyList();
        }
        LOG.debug("Autocomplete for={}", str);
        return this.oauthClientRepository.findAll(QOAuthClient.oAuthClient.title.startsWithIgnoreCase(str).or(QOAuthClient.oAuthClient.clientId.startsWithIgnoreCase(str)).or(QOAuthClient.oAuthClient.description.contains(str)), new PageRequest(0, Math.min(100, i), new Sort(new String[]{"title"}))).getContent();
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#oauthClient, 'ADMINISTRATION')")
    public final String resetSecret(OAuthClient oAuthClient) {
        String randomAlphanumeric;
        String encode;
        OAuthClient oAuthClient2 = (OAuthClient) this.oauthClientRepository.findOne(oAuthClient.getId());
        String clientSecret = oAuthClient2.getClientSecret();
        do {
            randomAlphanumeric = RandomStringUtils.randomAlphanumeric(32);
            encode = this.passwordEncoder.encode(randomAlphanumeric);
            if (clientSecret == null) {
                break;
            }
        } while (clientSecret.equals(encode));
        oAuthClient2.setClientSecret(encode);
        return randomAlphanumeric;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#oauthClient, 'ADMINISTRATION')")
    public final OAuthClient removeSecret(OAuthClient oAuthClient) {
        OAuthClient oAuthClient2 = (OAuthClient) this.oauthClientRepository.findOne(oAuthClient.getId());
        if (oAuthClient2.getAuthorizedGrantTypes().contains("client_credentials")) {
            throw new RuntimeException("OAuth Client with client_credentials grant must have a secret");
        }
        oAuthClient2.setClientSecret(null);
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(oAuthClient2));
    }
}
