package org.gluu.oxauth.service;

import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.model.common.AuthorizationGrant;
import org.gluu.oxauth.model.common.CacheGrant;
import org.gluu.oxauth.model.common.ClientTokens;
import org.gluu.oxauth.model.common.SessionTokens;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.ldap.TokenLdap;
import org.gluu.oxauth.model.ldap.TokenType;
import org.gluu.oxauth.model.registration.Client;
import org.gluu.oxauth.service.fido.u2f.RawRegistrationService;
import org.gluu.oxauth.util.ServerUtil;
import org.gluu.oxauth.util.TokenHashUtil;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.search.filter.Filter;
import org.gluu.service.CacheService;
import org.gluu.service.cache.CacheConfiguration;
import org.gluu.service.cache.CacheProviderType;
import org.slf4j.Logger;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/service/GrantService.class */
public class GrantService {

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private ClientService clientService;

    @Inject
    private CacheService cacheService;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private CacheConfiguration cacheConfiguration;

    public static String generateGrantId() {
        return UUID.randomUUID().toString();
    }

    public String buildDn(String str) {
        return String.format("tknCde=%s,", str) + tokenBaseDn();
    }

    private String tokenBaseDn() {
        return this.staticConfiguration.getBaseDn().getTokens();
    }

    public void merge(TokenLdap tokenLdap) {
        this.ldapEntryManager.merge(tokenLdap);
    }

    public void mergeSilently(TokenLdap tokenLdap) {
        try {
            this.ldapEntryManager.merge(tokenLdap);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    private boolean shouldPutInCache(TokenType tokenType, boolean z) {
        if (this.cacheConfiguration.getCacheProviderType() == CacheProviderType.NATIVE_PERSISTENCE) {
            return false;
        }
        if (z && BooleanUtils.isTrue(this.appConfiguration.getUseCacheForAllImplicitFlowObjects())) {
            return true;
        }
        switch (tokenType) {
            case ID_TOKEN:
                if (!ServerUtil.isTrue(this.appConfiguration.getPersistIdTokenInLdap())) {
                    return true;
                }
                break;
            case REFRESH_TOKEN:
                break;
            default:
                return false;
        }
        return !ServerUtil.isTrue(this.appConfiguration.getPersistRefreshTokenInLdap());
    }

    public void persist(TokenLdap tokenLdap) {
        if (!shouldPutInCache(tokenLdap.getTokenTypeEnum(), tokenLdap.isImplicitFlow())) {
            this.ldapEntryManager.persist(tokenLdap);
            return;
        }
        ClientTokens cacheClientTokens = getCacheClientTokens(tokenLdap.getClientId());
        cacheClientTokens.getTokenHashes().add(tokenLdap.getTokenCode());
        int dynamicRegistrationExpirationTime = this.appConfiguration.getDynamicRegistrationExpirationTime();
        switch (AnonymousClass1.$SwitchMap$org$gluu$oxauth$model$ldap$TokenType[tokenLdap.getTokenTypeEnum().ordinal()]) {
            case 1:
                dynamicRegistrationExpirationTime = this.appConfiguration.getIdTokenLifetime();
                break;
            case 2:
                dynamicRegistrationExpirationTime = this.appConfiguration.getRefreshTokenLifetime();
                break;
            case 3:
            case 4:
                int accessTokenLifetime = this.appConfiguration.getAccessTokenLifetime();
                Client client = this.clientService.getClient(tokenLdap.getClientId());
                if (client != null && client.getAccessTokenLifetime() != null && client.getAccessTokenLifetime().intValue() > 0) {
                    accessTokenLifetime = client.getAccessTokenLifetime().intValue();
                }
                dynamicRegistrationExpirationTime = accessTokenLifetime;
                break;
            case RawRegistrationService.REGISTRATION_RESERVED_BYTE_VALUE /* 5 */:
                dynamicRegistrationExpirationTime = this.appConfiguration.getAuthorizationCodeLifetime();
                break;
        }
        tokenLdap.setIsFromCache(true);
        this.cacheService.put(dynamicRegistrationExpirationTime, tokenLdap.getTokenCode(), tokenLdap);
        this.cacheService.put(dynamicRegistrationExpirationTime, cacheClientTokens.cacheKey(), cacheClientTokens);
        if (StringUtils.isNotBlank(tokenLdap.getSessionDn())) {
            SessionTokens cacheSessionTokens = getCacheSessionTokens(tokenLdap.getSessionDn());
            cacheSessionTokens.getTokenHashes().add(tokenLdap.getTokenCode());
            this.cacheService.put(dynamicRegistrationExpirationTime, cacheSessionTokens.cacheKey(), cacheSessionTokens);
        }
    }

    public ClientTokens getCacheClientTokens(String str) {
        ClientTokens clientTokens = new ClientTokens(str);
        Object obj = this.cacheService.get(clientTokens.cacheKey());
        return obj instanceof ClientTokens ? (ClientTokens) obj : clientTokens;
    }

    public SessionTokens getCacheSessionTokens(String str) {
        SessionTokens sessionTokens = new SessionTokens(str);
        Object obj = this.cacheService.get(sessionTokens.cacheKey());
        return obj instanceof SessionTokens ? (SessionTokens) obj : sessionTokens;
    }

    public void remove(TokenLdap tokenLdap) {
        if (tokenLdap.isFromCache()) {
            this.cacheService.remove(tokenLdap.getTokenCode());
            this.log.trace("Removed token from cache, code: " + tokenLdap.getTokenCode());
        } else {
            this.ldapEntryManager.remove(tokenLdap);
            this.log.trace("Removed token from LDAP, code: " + tokenLdap.getTokenCode());
        }
    }

    public void removeSilently(TokenLdap tokenLdap) {
        try {
            remove(tokenLdap);
            if (StringUtils.isNotBlank(tokenLdap.getAuthorizationCode())) {
                this.cacheService.remove(CacheGrant.cacheKey(tokenLdap.getAuthorizationCode(), tokenLdap.getGrantId()));
            }
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void remove(List<TokenLdap> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<TokenLdap> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public void removeSilently(List<TokenLdap> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<TokenLdap> it = list.iterator();
        while (it.hasNext()) {
            removeSilently(it.next());
        }
    }

    public void remove(AuthorizationGrant authorizationGrant) {
        if (authorizationGrant == null || authorizationGrant.getTokenLdap() == null) {
            return;
        }
        try {
            remove(authorizationGrant.getTokenLdap());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public List<TokenLdap> getGrantsOfClient(String str) {
        try {
            return this.ldapEntryManager.findEntries(this.clientService.buildClientDn(str), TokenLdap.class, Filter.createPresenceFilter("tknCde"));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    public TokenLdap getGrantByCode(String str) {
        Object obj = this.cacheService.get(TokenHashUtil.hash(str));
        return obj instanceof TokenLdap ? (TokenLdap) obj : load(buildDn(TokenHashUtil.hash(str)));
    }

    private TokenLdap load(String str) {
        try {
            return (TokenLdap) this.ldapEntryManager.find(TokenLdap.class, str);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return null;
        }
    }

    public List<TokenLdap> getGrantsByGrantId(String str) {
        try {
            return this.ldapEntryManager.findEntries(tokenBaseDn(), TokenLdap.class, Filter.createEqualityFilter("grtId", str));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    public List<TokenLdap> getGrantsByAuthorizationCode(String str) {
        try {
            return this.ldapEntryManager.findEntries(tokenBaseDn(), TokenLdap.class, Filter.createEqualityFilter("authzCode", TokenHashUtil.hash(str)));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    public List<TokenLdap> getGrantsBySessionDn(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            List findEntries = this.ldapEntryManager.findEntries(tokenBaseDn(), TokenLdap.class, Filter.createEqualityFilter("ssnId", str));
            if (findEntries != null) {
                arrayList.addAll(findEntries);
            }
            arrayList.addAll(getGrantsFromCacheBySessionDn(str));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return arrayList;
    }

    public List<TokenLdap> getGrantsFromCacheBySessionDn(String str) {
        return StringUtils.isBlank(str) ? Collections.emptyList() : getCacheTokensEntries(getCacheSessionTokens(str).getTokenHashes());
    }

    public List<TokenLdap> getCacheClientTokensEntries(String str) {
        if (this.cacheConfiguration.getCacheProviderType() == CacheProviderType.NATIVE_PERSISTENCE) {
            return Collections.emptyList();
        }
        Object obj = this.cacheService.get(new ClientTokens(str).cacheKey());
        return obj instanceof ClientTokens ? getCacheTokensEntries(((ClientTokens) obj).getTokenHashes()) : Collections.emptyList();
    }

    public List<TokenLdap> getCacheTokensEntries(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            Object obj = this.cacheService.get(it.next());
            if (obj instanceof TokenLdap) {
                TokenLdap tokenLdap = (TokenLdap) obj;
                tokenLdap.setIsFromCache(true);
                arrayList.add(tokenLdap);
            }
        }
        return arrayList;
    }

    public void logout(String str) {
        List<TokenLdap> grantsBySessionDn = getGrantsBySessionDn(str);
        if (!this.appConfiguration.getRemoveRefreshTokensForClientOnLogout().booleanValue()) {
            ArrayList newArrayList = Lists.newArrayList();
            for (TokenLdap tokenLdap : grantsBySessionDn) {
                if (tokenLdap.getTokenTypeEnum() == TokenType.REFRESH_TOKEN) {
                    newArrayList.add(tokenLdap);
                }
            }
            if (!newArrayList.isEmpty()) {
                this.log.trace("Refresh tokens are not removed on logout (because removeRefreshTokensForClientOnLogout configuration property is false)");
                grantsBySessionDn.removeAll(newArrayList);
            }
        }
        removeSilently(grantsBySessionDn);
    }

    public void removeAllTokensBySession(String str, boolean z) {
        removeSilently(getGrantsBySessionDn(str));
    }

    public void removeByCode(String str) {
        TokenLdap grantByCode = getGrantByCode(str);
        if (grantByCode != null) {
            removeSilently(grantByCode);
        }
        this.cacheService.remove(CacheGrant.cacheKey(str, null));
    }

    public void removeAuthorizationCode(String str) {
        this.cacheService.remove(CacheGrant.cacheKey(str, null));
    }

    public void removeAllByAuthorizationCode(String str) {
        removeSilently(getGrantsByAuthorizationCode(str));
    }

    public void removeAllByGrantId(String str) {
        removeSilently(getGrantsByGrantId(str));
    }
}
