package org.xdi.oxauth.service;

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.util.StaticUtils;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.gluu.site.ldap.persistence.BatchOperation;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.slf4j.Logger;
import org.xdi.ldap.model.SearchScope;
import org.xdi.oxauth.audit.ApplicationAuditLogger;
import org.xdi.oxauth.model.audit.Action;
import org.xdi.oxauth.model.audit.OAuth2AuditLog;
import org.xdi.oxauth.model.common.AuthorizationGrant;
import org.xdi.oxauth.model.common.CacheGrant;
import org.xdi.oxauth.model.common.ClientTokens;
import org.xdi.oxauth.model.common.SessionTokens;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.config.StaticConfiguration;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.ldap.Grant;
import org.xdi.oxauth.model.ldap.TokenLdap;
import org.xdi.oxauth.model.ldap.TokenType;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.oxauth.util.TokenHashUtil;
import org.xdi.service.CacheService;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/service/GrantService.class */
public class GrantService {

    @Inject
    private Logger log;

    @Inject
    private LdapEntryManager ldapEntryManager;

    @Inject
    private ApplicationAuditLogger applicationAuditLogger;

    @Inject
    private ClientService clientService;

    @Inject
    private CacheService cacheService;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.xdi.oxauth.service.GrantService$4, reason: invalid class name */
    /* loaded from: input_file:org/xdi/oxauth/service/GrantService$4.class */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$org$xdi$oxauth$model$ldap$TokenType = new int[TokenType.values().length];

        static {
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.ID_TOKEN.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.REFRESH_TOKEN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$xdi$oxauth$model$ldap$TokenType[TokenType.ACCESS_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public static String generateGrantId() {
        return UUID.randomUUID().toString();
    }

    public String buildDn(String str, String str2, String str3) {
        return String.format("uniqueIdentifier=%s,oxAuthGrantId=%s,", str, str2) + this.clientService.buildClientDn(str3);
    }

    public String baseDn() {
        return this.staticConfiguration.getBaseDn().getClients();
    }

    public void merge(TokenLdap tokenLdap) {
        this.ldapEntryManager.merge(tokenLdap);
    }

    public void mergeSilently(TokenLdap tokenLdap) {
        try {
            this.ldapEntryManager.merge(tokenLdap);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
    }

    private boolean shouldPutInCache(TokenType tokenType, boolean z) {
        if (z && BooleanUtils.isTrue(this.appConfiguration.getUseCacheForAllImplicitFlowObjects())) {
            return true;
        }
        switch (AnonymousClass4.$SwitchMap$org$xdi$oxauth$model$ldap$TokenType[tokenType.ordinal()]) {
            case Constants.SKIP_CACHE_PUT_FOR_NATIVE_PERSISTENCE /* 1 */:
                if (!ServerUtil.isTrue(this.appConfiguration.getPersistIdTokenInLdap())) {
                    return true;
                }
                break;
            case 2:
                break;
            default:
                return false;
        }
        return !ServerUtil.isTrue(this.appConfiguration.getPersistRefreshTokenInLdap());
    }

    public void persist(TokenLdap tokenLdap) {
        String hashedToken = TokenHashUtil.getHashedToken(tokenLdap.getTokenCode());
        tokenLdap.setTokenCode(hashedToken);
        if (!shouldPutInCache(tokenLdap.getTokenTypeEnum(), tokenLdap.isImplicitFlow())) {
            prepareGrantBranch(tokenLdap.getGrantId(), tokenLdap.getClientId());
            this.ldapEntryManager.persist(tokenLdap);
            return;
        }
        ClientTokens cacheClientTokens = getCacheClientTokens(tokenLdap.getClientId());
        cacheClientTokens.getTokenHashes().add(hashedToken);
        String str = null;
        switch (AnonymousClass4.$SwitchMap$org$xdi$oxauth$model$ldap$TokenType[tokenLdap.getTokenTypeEnum().ordinal()]) {
            case Constants.SKIP_CACHE_PUT_FOR_NATIVE_PERSISTENCE /* 1 */:
                str = Integer.toString(this.appConfiguration.getIdTokenLifetime());
                break;
            case 2:
                str = Integer.toString(this.appConfiguration.getRefreshTokenLifetime());
                break;
            case 3:
                str = Integer.toString(this.appConfiguration.getAccessTokenLifetime());
                break;
        }
        tokenLdap.setIsFromCache(true);
        this.cacheService.put(str, hashedToken, tokenLdap);
        this.cacheService.put(str, cacheClientTokens.cacheKey(), cacheClientTokens);
        if (StringUtils.isNotBlank(tokenLdap.getSessionDn())) {
            SessionTokens cacheSessionTokens = getCacheSessionTokens(tokenLdap.getSessionDn());
            cacheSessionTokens.getTokenHashes().add(hashedToken);
            this.cacheService.put(str, cacheSessionTokens.cacheKey(), cacheSessionTokens);
        }
    }

    public ClientTokens getCacheClientTokens(String str) {
        ClientTokens clientTokens = new ClientTokens(str);
        Object obj = this.cacheService.get((String) null, clientTokens.cacheKey());
        return obj instanceof ClientTokens ? (ClientTokens) obj : clientTokens;
    }

    public SessionTokens getCacheSessionTokens(String str) {
        SessionTokens sessionTokens = new SessionTokens(str);
        Object obj = this.cacheService.get((String) null, sessionTokens.cacheKey());
        return obj instanceof SessionTokens ? (SessionTokens) obj : sessionTokens;
    }

    public void remove(Grant grant) {
        this.ldapEntryManager.remove(grant);
        this.log.trace("Removed grant, id: " + grant.getId());
    }

    public void remove(TokenLdap tokenLdap) {
        if (tokenLdap.isFromCache()) {
            this.cacheService.remove((String) null, TokenHashUtil.getHashedToken(tokenLdap.getTokenCode()));
            this.log.trace("Removed token from cache, code: " + tokenLdap.getTokenCode());
        } else {
            this.ldapEntryManager.remove(tokenLdap);
            this.log.trace("Removed token from LDAP, code: " + tokenLdap.getTokenCode());
        }
    }

    public void removeSilently(TokenLdap tokenLdap) {
        try {
            remove(tokenLdap);
            if (StringUtils.isNotBlank(tokenLdap.getAuthorizationCode())) {
                this.cacheService.remove((String) null, CacheGrant.cacheKey(tokenLdap.getClientId(), tokenLdap.getAuthorizationCode(), tokenLdap.getGrantId()));
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
    }

    public void removeGrants(List<Grant> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<Grant> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public void remove(List<TokenLdap> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<TokenLdap> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public void removeSilently(List<TokenLdap> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<TokenLdap> it = list.iterator();
        while (it.hasNext()) {
            removeSilently(it.next());
        }
    }

    public void remove(AuthorizationGrant authorizationGrant) {
        if (authorizationGrant == null || authorizationGrant.getTokenLdap() == null) {
            return;
        }
        try {
            remove(authorizationGrant.getTokenLdap());
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
        }
    }

    public List<TokenLdap> getGrantsOfClient(String str) {
        try {
            return this.ldapEntryManager.findEntries(this.clientService.buildClientDn(str), TokenLdap.class, Filter.create("oxAuthTokenCode=*"));
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    public TokenLdap getGrantsByCodeAndClient(String str, String str2) {
        return load(this.clientService.buildClientDn(str2), str);
    }

    public TokenLdap getGrantsByCode(String str) {
        return getGrantsByCode(str, false);
    }

    public TokenLdap getGrantsByCode(String str, boolean z) {
        Object obj = this.cacheService.get((String) null, TokenHashUtil.getHashedToken(str));
        if (obj instanceof TokenLdap) {
            return (TokenLdap) obj;
        }
        if (z) {
            return null;
        }
        return load(baseDn(), str);
    }

    private TokenLdap load(String str, String str2) {
        try {
            List findEntries = this.ldapEntryManager.findEntries(str, TokenLdap.class, Filter.create(String.format("oxAuthTokenCode=%s", TokenHashUtil.getHashedToken(str2))));
            if (findEntries == null || findEntries.isEmpty()) {
                return null;
            }
            return (TokenLdap) findEntries.get(0);
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return null;
        } catch (LDAPException e2) {
            this.log.trace(e2.getMessage(), e2);
            return null;
        }
    }

    public List<TokenLdap> getGrantsByGrantId(String str) {
        try {
            return this.ldapEntryManager.findEntries(baseDn(), TokenLdap.class, Filter.create(String.format("oxAuthGrantId=%s", str)));
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e);
            return Collections.emptyList();
        } catch (LDAPException e2) {
            this.log.trace(e2.getMessage(), e2);
            return Collections.emptyList();
        }
    }

    public List<TokenLdap> getGrantsByAuthorizationCode(String str) {
        try {
            return this.ldapEntryManager.findEntries(baseDn(), TokenLdap.class, Filter.create(String.format("oxAuthAuthorizationCode=%s", TokenHashUtil.getHashedToken(str))));
        } catch (LDAPException e) {
            this.log.trace(e.getMessage(), e);
            return Collections.emptyList();
        } catch (Exception e2) {
            this.log.trace(e2.getMessage(), e2);
            return Collections.emptyList();
        }
    }

    public List<TokenLdap> getGrantsBySessionDn(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            List findEntries = this.ldapEntryManager.findEntries(baseDn(), TokenLdap.class, Filter.create(String.format("oxAuthSessionDn=%s", str)));
            if (findEntries != null) {
                arrayList.addAll(findEntries);
            }
            arrayList.addAll(getGrantsFromCacheBySessionDn(str));
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        return arrayList;
    }

    public List<TokenLdap> getGrantsFromCacheBySessionDn(String str) {
        return StringUtils.isBlank(str) ? Collections.emptyList() : getCacheTokensEntries(getCacheSessionTokens(str).getTokenHashes());
    }

    public List<TokenLdap> getCacheClientTokensEntries(String str) {
        Object obj = this.cacheService.get((String) null, new ClientTokens(str).cacheKey());
        return obj instanceof ClientTokens ? getCacheTokensEntries(((ClientTokens) obj).getTokenHashes()) : Collections.emptyList();
    }

    public List<TokenLdap> getCacheTokensEntries(Set<String> set) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            Object obj = this.cacheService.get((String) null, it.next());
            if (obj instanceof TokenLdap) {
                TokenLdap tokenLdap = (TokenLdap) obj;
                tokenLdap.setIsFromCache(true);
                arrayList.add(tokenLdap);
            }
        }
        return arrayList;
    }

    public void removeAllTokensBySession(String str) {
        removeSilently(getGrantsBySessionDn(str));
    }

    public void removeByCode(String str, String str2) {
        TokenLdap grantsByCodeAndClient = getGrantsByCodeAndClient(str, str2);
        if (grantsByCodeAndClient != null) {
            removeSilently(grantsByCodeAndClient);
        }
        this.cacheService.remove((String) null, CacheGrant.cacheKey(str2, str, null));
    }

    public void removeAllByAuthorizationCode(String str) {
        removeSilently(getGrantsByAuthorizationCode(str));
    }

    public void removeAllByGrantId(String str) {
        removeSilently(getGrantsByGrantId(str));
    }

    public void cleanUp() {
        new BatchOperation<TokenLdap>(this.ldapEntryManager) { // from class: org.xdi.oxauth.service.GrantService.1
            protected List<TokenLdap> getChunkOrNull(int i) {
                return GrantService.this.ldapEntryManager.findEntries(GrantService.this.baseDn(), TokenLdap.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<TokenLdap> list) {
                GrantService.this.auditLogging(list);
                GrantService.this.remove(list);
            }

            private Filter getFilter() {
                try {
                    return Filter.create(String.format("(oxAuthExpiration<=%s)", StaticUtils.encodeGeneralizedTime(new Date())));
                } catch (LDAPException e) {
                    GrantService.this.log.trace(e.getMessage(), e);
                    return Filter.createPresenceFilter("oxAuthExpiration");
                }
            }
        }.iterateAllByChunks(25);
        new BatchOperation<Grant>(this.ldapEntryManager) { // from class: org.xdi.oxauth.service.GrantService.2
            protected List<Grant> getChunkOrNull(int i) {
                return GrantService.this.ldapEntryManager.findEntries(GrantService.this.baseDn(), Grant.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<Grant> list) {
                GrantService.this.removeGrants(list);
            }

            private Filter getFilter() {
                try {
                    Calendar calendar = Calendar.getInstance();
                    calendar.add(13, 60);
                    return Filter.create(String.format("(&(oxAuthCreation<=%s)(|(numsubordinates=0)(hasSubordinates=FALSE)))", StaticUtils.encodeGeneralizedTime(calendar.getTime())));
                } catch (LDAPException e) {
                    GrantService.this.log.trace(e.getMessage(), e);
                    return Filter.createPresenceFilter("oxAuthCreation");
                }
            }
        }.iterateAllByChunks(25);
        new BatchOperation<Grant>(this.ldapEntryManager) { // from class: org.xdi.oxauth.service.GrantService.3
            protected List<Grant> getChunkOrNull(int i) {
                return GrantService.this.ldapEntryManager.findEntries(GrantService.this.baseDn(), Grant.class, getFilter(), SearchScope.SUB, (String[]) null, this, 0, i, i);
            }

            protected void performAction(List<Grant> list) {
                GrantService.this.removeGrants(list);
            }

            private Filter getFilter() {
                try {
                    return Filter.create("(&(!(oxAuthCreation=*))(|(numsubordinates=0)(hasSubordinates=FALSE)))");
                } catch (LDAPException e) {
                    GrantService.this.log.trace(e.getMessage(), e);
                    return Filter.createPresenceFilter("oxAuthCreation");
                }
            }
        }.iterateAllByChunks(25);
    }

    private void addGrantBranch(String str, String str2) {
        Grant grant = new Grant();
        grant.setDn(getBaseDnForGrant(str, str2));
        grant.setId(str);
        grant.setCreationDate(new Date());
        this.ldapEntryManager.persist(grant);
    }

    private void prepareGrantBranch(String str, String str2) {
        if (containsGrantBranch(str, str2)) {
            return;
        }
        addGrantBranch(str, str2);
    }

    private boolean containsGrantBranch(String str, String str2) {
        return this.ldapEntryManager.contains(Grant.class, getBaseDnForGrant(str, str2));
    }

    private String getBaseDnForGrant(String str, String str2) {
        return String.format("oxAuthGrantId=%s,", str) + this.clientService.buildClientDn(str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void auditLogging(Collection<TokenLdap> collection) {
        for (TokenLdap tokenLdap : collection) {
            OAuth2AuditLog oAuth2AuditLog = new OAuth2AuditLog(null, Action.SESSION_DESTROYED);
            oAuth2AuditLog.setSuccess(true);
            oAuth2AuditLog.setClientId(tokenLdap.getClientId());
            oAuth2AuditLog.setScope(tokenLdap.getScope());
            oAuth2AuditLog.setUsername(tokenLdap.getUserId());
            this.applicationAuditLogger.sendMessage(oAuth2AuditLog);
        }
    }
}
