package bap.pp.strongbox.security.oauth2.service;

import bap.core.config.util.spring.SpringContextHolder;
import bap.core.dao.BaseDao;
import bap.pp.strongbox.security.config.CustomerSecurityUser;
import bap.pp.strongbox.security.oauth2.domain.AccessToken;
import bap.pp.strongbox.security.oauth2.domain.RefreshToken;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.common.util.SerializationUtils;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:bap/pp/strongbox/security/oauth2/service/CustomTokenStore.class */
public class CustomTokenStore implements TokenStore {
    private static final Log LOG = LogFactory.getLog(CustomTokenStore.class);
    private static final String DEFAULT_ACCESS_TOKEN_SELECT_STATEMENT = "from AccessToken where tokenId = ?";
    private static final String DEFAULT_ACCESS_TOKEN_FROM_AUTHENTICATION_SELECT_STATEMENT = "from AccessToken where authenticationId = ? order by createTime desc";
    private static final String DEFAULT_ACCESS_TOKENS_FROM_USERNAME_AND_CLIENT_SELECT_STATEMENT = "from AccessToken where userName = ? and clientId = ?";
    private static final String DEFAULT_ACCESS_TOKENS_FROM_USERNAME_SELECT_STATEMENT = "from AccessToken where userName = ?";
    private static final String DEFAULT_ACCESS_TOKENS_FROM_CLIENTID_SELECT_STATEMENT = "from AccessToken where clientId = ?";
    private static final String DEFAULT_ACCESS_TOKEN_DELETE_FROM_REFRESH_TOKEN_STATEMENT = "delete from AccessToken where refreshToken = ?";
    private static final String DEFAULT_REFRESH_TOKEN_SELECT_STATEMENT = "from RefreshToken where tokenId = ?";
    private String selectAccessTokenHql = DEFAULT_ACCESS_TOKEN_SELECT_STATEMENT;
    private String selectAccessTokenFromAuthenticationHql = DEFAULT_ACCESS_TOKEN_FROM_AUTHENTICATION_SELECT_STATEMENT;
    private String selectAccessTokensFromUserNameAndClientIdHql = DEFAULT_ACCESS_TOKENS_FROM_USERNAME_AND_CLIENT_SELECT_STATEMENT;
    private String selectAccessTokensFromUserNameHql = DEFAULT_ACCESS_TOKENS_FROM_USERNAME_SELECT_STATEMENT;
    private String selectAccessTokensFromClientIdHql = DEFAULT_ACCESS_TOKENS_FROM_CLIENTID_SELECT_STATEMENT;
    private String selectRefreshTokenHql = DEFAULT_REFRESH_TOKEN_SELECT_STATEMENT;
    private String deleteAccessTokenFromRefreshTokenHql = DEFAULT_ACCESS_TOKEN_DELETE_FROM_REFRESH_TOKEN_STATEMENT;
    private AuthenticationKeyGenerator authenticationKeyGenerator = new DefaultAuthenticationKeyGenerator();
    private BaseDao baseDao = (BaseDao) SpringContextHolder.getBean(BaseDao.class);

    public void setAuthenticationKeyGenerator(AuthenticationKeyGenerator authenticationKeyGenerator) {
        this.authenticationKeyGenerator = authenticationKeyGenerator;
    }

    public OAuth2AccessToken getAccessToken(OAuth2Authentication oAuth2Authentication) {
        List findByHql;
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = null;
        String extractKey = this.authenticationKeyGenerator.extractKey(oAuth2Authentication);
        try {
            findByHql = this.baseDao.findByHql(this.selectAccessTokenFromAuthenticationHql, new Object[]{extractKey});
        } catch (IllegalArgumentException e) {
            LOG.error("Could not extract access token for authentication " + oAuth2Authentication, e);
        } catch (EmptyResultDataAccessException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Failed to find access token for authentication " + oAuth2Authentication);
            }
        }
        if (CollectionUtils.isEmpty(findByHql) || ((AccessToken) findByHql.get(0)).getToken() == null) {
            throw new EmptyResultDataAccessException(1);
        }
        defaultOAuth2AccessToken = deserializeAccessToken(((AccessToken) findByHql.get(0)).getToken());
        if (((AccessToken) findByHql.get(0)).getPrivateKey() != null) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("privateKey", deserializePrivateKey(((AccessToken) findByHql.get(0)).getPrivateKey()));
            defaultOAuth2AccessToken.setAdditionalInformation(linkedHashMap);
        }
        if (defaultOAuth2AccessToken != null && !extractKey.equals(this.authenticationKeyGenerator.extractKey(readAuthentication(defaultOAuth2AccessToken.getValue())))) {
            removeAccessToken(defaultOAuth2AccessToken.getValue());
            storeAccessToken(defaultOAuth2AccessToken, oAuth2Authentication);
        }
        return defaultOAuth2AccessToken;
    }

    public void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
        OAuth2AccessToken accessToken = getAccessToken(oAuth2Authentication);
        if (accessToken == null || accessToken.isExpired()) {
            Map additionalInformation = oAuth2AccessToken.getAdditionalInformation();
            String str = null;
            if (oAuth2AccessToken.getRefreshToken() != null) {
                str = oAuth2AccessToken.getRefreshToken().getValue();
            }
            if (readAccessToken(oAuth2AccessToken.getValue()) != null) {
                removeAccessToken(oAuth2AccessToken.getValue());
            }
            String str2 = null;
            if (!oAuth2Authentication.isClientOnly()) {
                str2 = (oAuth2Authentication.getUserAuthentication() == null || !(oAuth2Authentication.getUserAuthentication() instanceof PreAuthenticatedAuthenticationToken)) ? oAuth2Authentication.getName() : ((CustomerSecurityUser) oAuth2Authentication.getPrincipal()).getStaff().getLoginName();
            }
            AccessToken accessToken2 = new AccessToken();
            accessToken2.setTokenId(extractTokenKey(oAuth2AccessToken.getValue()));
            accessToken2.setToken(serializeAccessToken(oAuth2AccessToken));
            accessToken2.setAuthenticationId(this.authenticationKeyGenerator.extractKey(oAuth2Authentication));
            accessToken2.setUserName(str2);
            accessToken2.setClientId(oAuth2Authentication.getOAuth2Request().getClientId());
            accessToken2.setAuthentication(serializeAuthentication(oAuth2Authentication));
            accessToken2.setRefreshToken(extractTokenKey(str));
            accessToken2.setPrivateKey(serializePrivateKey(additionalInformation.get("privateKey").toString()));
            this.baseDao.save(accessToken2);
        }
    }

    public OAuth2AccessToken readAccessToken(String str) {
        List findByHql;
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = null;
        try {
            findByHql = this.baseDao.findByHql(this.selectAccessTokenHql, new Object[]{extractTokenKey(str)});
        } catch (IllegalArgumentException e) {
            LOG.warn("Failed to deserialize access token for " + str, e);
            removeAccessToken(str);
        } catch (EmptyResultDataAccessException e2) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failed to find access token for token " + str);
            }
        }
        if (findByHql.isEmpty()) {
            throw new EmptyResultDataAccessException(1);
        }
        defaultOAuth2AccessToken = deserializeAccessToken(((AccessToken) findByHql.get(0)).getToken());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("privateKey", deserializePrivateKey(((AccessToken) findByHql.get(0)).getPrivateKey()));
        defaultOAuth2AccessToken.setAdditionalInformation(linkedHashMap);
        return defaultOAuth2AccessToken;
    }

    public void removeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        removeAccessToken(oAuth2AccessToken.getValue());
    }

    public void removeAccessToken(String str) {
        this.baseDao.delete(AccessToken.class, new Serializable[]{extractTokenKey(str)});
        OAuth2AccessToken readAccessToken = readAccessToken(str);
        if (readAccessToken == null || readAccessToken.getRefreshToken() == null) {
            return;
        }
        removeAccessTokenUsingRefreshToken(readAccessToken.getRefreshToken().getValue());
    }

    public OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        return readAuthentication(oAuth2AccessToken.getValue());
    }

    public OAuth2Authentication readAuthentication(String str) {
        List findByHql;
        OAuth2Authentication oAuth2Authentication = null;
        try {
            findByHql = this.baseDao.findByHql(this.selectAccessTokenHql, new Object[]{extractTokenKey(str)});
        } catch (IllegalArgumentException e) {
            LOG.warn("Failed to deserialize authentication for " + str, e);
            removeAccessToken(str);
        } catch (EmptyResultDataAccessException e2) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failed to find access token for token " + str);
            }
        }
        if (findByHql.isEmpty()) {
            throw new EmptyResultDataAccessException(1);
        }
        oAuth2Authentication = deserializeAuthentication(((AccessToken) findByHql.get(0)).getAuthentication());
        return oAuth2Authentication;
    }

    public void storeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken, OAuth2Authentication oAuth2Authentication) {
        RefreshToken refreshToken = new RefreshToken();
        refreshToken.setTokenId(extractTokenKey(oAuth2RefreshToken.getValue()));
        refreshToken.setToken(serializeRefreshToken(oAuth2RefreshToken));
        refreshToken.setAuthentication(serializeAuthentication(oAuth2Authentication));
        this.baseDao.save(refreshToken);
    }

    public OAuth2RefreshToken readRefreshToken(String str) {
        List findByHql;
        OAuth2RefreshToken oAuth2RefreshToken = null;
        try {
            findByHql = this.baseDao.findByHql(this.selectRefreshTokenHql, new Object[]{extractTokenKey(str)});
        } catch (IllegalArgumentException e) {
            LOG.warn("Failed to deserialize refresh token for token " + str, e);
            removeRefreshToken(str);
        } catch (EmptyResultDataAccessException e2) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failed to find refresh token for token " + str);
            }
        }
        if (findByHql.isEmpty()) {
            throw new EmptyResultDataAccessException(1);
        }
        oAuth2RefreshToken = deserializeRefreshToken(((RefreshToken) findByHql.get(0)).getToken());
        return oAuth2RefreshToken;
    }

    public void removeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeRefreshToken(oAuth2RefreshToken.getValue());
    }

    public void removeRefreshToken(String str) {
        this.baseDao.delete(RefreshToken.class, new Serializable[]{extractTokenKey(str)});
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        return readAuthenticationForRefreshToken(oAuth2RefreshToken.getValue());
    }

    public OAuth2Authentication readAuthenticationForRefreshToken(String str) {
        List findByHql;
        OAuth2Authentication oAuth2Authentication = null;
        try {
            findByHql = this.baseDao.findByHql(this.selectRefreshTokenHql, new Object[]{extractTokenKey(str)});
        } catch (IllegalArgumentException e) {
            LOG.warn("Failed to deserialize access token for " + str, e);
            removeRefreshToken(str);
        } catch (EmptyResultDataAccessException e2) {
            if (LOG.isInfoEnabled()) {
                LOG.info("Failed to find access token for token " + str);
            }
        }
        if (findByHql.isEmpty()) {
            throw new EmptyResultDataAccessException(1);
        }
        oAuth2Authentication = deserializeAuthentication(((RefreshToken) findByHql.get(0)).getAuthentication());
        return oAuth2Authentication;
    }

    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        removeAccessTokenUsingRefreshToken(oAuth2RefreshToken.getValue());
    }

    public void removeAccessTokenUsingRefreshToken(String str) {
        this.baseDao.execNoResultHql(this.deleteAccessTokenFromRefreshTokenHql, new Object[]{extractTokenKey(str)});
    }

    public Collection<OAuth2AccessToken> findTokensByClientId(String str) {
        ArrayList arrayList = new ArrayList();
        List<AccessToken> findByHql = this.baseDao.findByHql(this.selectAccessTokensFromClientIdHql, new Object[]{str});
        if (!findByHql.isEmpty()) {
            for (AccessToken accessToken : findByHql) {
                try {
                    arrayList.add(deserializeAccessToken(accessToken.getToken()));
                } catch (IllegalArgumentException e) {
                    this.baseDao.delete(AccessToken.class, new Serializable[]{accessToken.getTokenId()});
                    arrayList.add(null);
                }
            }
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for clientId " + str);
        }
        return m146super(arrayList);
    }

    public Collection<OAuth2AccessToken> findTokensByUserName(String str) {
        ArrayList arrayList = new ArrayList();
        List<AccessToken> findByHql = this.baseDao.findByHql(this.selectAccessTokensFromUserNameHql, new Object[]{str});
        if (!findByHql.isEmpty()) {
            for (AccessToken accessToken : findByHql) {
                try {
                    arrayList.add(deserializeAccessToken(accessToken.getToken()));
                } catch (IllegalArgumentException e) {
                    this.baseDao.delete(AccessToken.class, new Serializable[]{accessToken.getTokenId()});
                    arrayList.add(null);
                }
            }
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for userName " + str);
        }
        return m146super(arrayList);
    }

    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        List<AccessToken> findByHql = this.baseDao.findByHql(this.selectAccessTokensFromUserNameAndClientIdHql, new Object[]{str2, str});
        if (!findByHql.isEmpty()) {
            for (AccessToken accessToken : findByHql) {
                try {
                    arrayList.add(deserializeAccessToken(accessToken.getToken()));
                } catch (IllegalArgumentException e) {
                    this.baseDao.delete(AccessToken.class, new Serializable[]{accessToken.getTokenId()});
                    arrayList.add(null);
                }
            }
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Failed to find access token for clientId " + str + " and userName " + str2);
        }
        return m146super(arrayList);
    }

    /* renamed from: super, reason: not valid java name */
    private List<OAuth2AccessToken> m146super(List<OAuth2AccessToken> list) {
        ArrayList arrayList = new ArrayList();
        for (OAuth2AccessToken oAuth2AccessToken : list) {
            if (oAuth2AccessToken != null) {
                arrayList.add(oAuth2AccessToken);
            }
        }
        return arrayList;
    }

    protected String extractTokenKey(String str) {
        if (str == null) {
            return null;
        }
        try {
            try {
                return String.format("%032x", new BigInteger(1, MessageDigest.getInstance("MD5").digest(str.getBytes("UTF-8"))));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
        }
    }

    protected byte[] serializeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
        return SerializationUtils.serialize(oAuth2AccessToken);
    }

    protected byte[] serializePrivateKey(String str) {
        return SerializationUtils.serialize(str);
    }

    protected byte[] serializeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        return SerializationUtils.serialize(oAuth2RefreshToken);
    }

    protected byte[] serializeAuthentication(OAuth2Authentication oAuth2Authentication) {
        return SerializationUtils.serialize(oAuth2Authentication);
    }

    protected OAuth2AccessToken deserializeAccessToken(byte[] bArr) {
        return (OAuth2AccessToken) SerializationUtils.deserialize(bArr);
    }

    protected String deserializePrivateKey(byte[] bArr) {
        return (String) SerializationUtils.deserialize(bArr);
    }

    protected OAuth2RefreshToken deserializeRefreshToken(byte[] bArr) {
        return (OAuth2RefreshToken) SerializationUtils.deserialize(bArr);
    }

    protected OAuth2Authentication deserializeAuthentication(byte[] bArr) {
        return (OAuth2Authentication) SerializationUtils.deserialize(bArr);
    }

    public String getSelectAccessTokenHql() {
        return this.selectAccessTokenHql;
    }

    public void setSelectAccessTokenHql(String str) {
        this.selectAccessTokenHql = str;
    }

    public String getSelectAccessTokenFromAuthenticationHql() {
        return this.selectAccessTokenFromAuthenticationHql;
    }

    public void setSelectAccessTokenFromAuthenticationHql(String str) {
        this.selectAccessTokenFromAuthenticationHql = str;
    }

    public String getSelectAccessTokensFromUserNameAndClientIdHql() {
        return this.selectAccessTokensFromUserNameAndClientIdHql;
    }

    public void setSelectAccessTokensFromUserNameAndClientIdHql(String str) {
        this.selectAccessTokensFromUserNameAndClientIdHql = str;
    }

    public String getSelectAccessTokensFromUserNameHql() {
        return this.selectAccessTokensFromUserNameHql;
    }

    public void setSelectAccessTokensFromUserNameHql(String str) {
        this.selectAccessTokensFromUserNameHql = str;
    }

    public String getSelectAccessTokensFromClientIdHql() {
        return this.selectAccessTokensFromClientIdHql;
    }

    public void setSelectAccessTokensFromClientIdHql(String str) {
        this.selectAccessTokensFromClientIdHql = str;
    }

    public String getSelectRefreshTokenHql() {
        return this.selectRefreshTokenHql;
    }

    public void setSelectRefreshTokenHql(String str) {
        this.selectRefreshTokenHql = str;
    }

    public String getDeleteAccessTokenFromRefreshTokenHql() {
        return this.deleteAccessTokenFromRefreshTokenHql;
    }

    public void setDeleteAccessTokenFromRefreshTokenHql(String str) {
        this.deleteAccessTokenFromRefreshTokenHql = str;
    }
}
