package org.springframework.security.oauth2.server.authorization.client;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import org.springframework.aot.hint.RuntimeHints;
import org.springframework.aot.hint.RuntimeHintsRegistrar;
import org.springframework.context.annotation.ImportRuntimeHints;
import org.springframework.core.io.ClassPathResource;
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlParameterValue;
import org.springframework.security.jackson2.SecurityJackson2Modules;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.ConfigurationSettingNames;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@ImportRuntimeHints({JdbcRegisteredClientRepositoryRuntimeHintsRegistrar.class})
/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository.class */
public class JdbcRegisteredClientRepository implements RegisteredClientRepository {
    private static final String COLUMN_NAMES = "id, client_id, client_id_issued_at, client_secret, client_secret_expires_at, client_name, client_authentication_methods, authorization_grant_types, redirect_uris, post_logout_redirect_uris, scopes, client_settings,token_settings";
    private static final String TABLE_NAME = "oauth2_registered_client";
    private static final String PK_FILTER = "id = ?";
    private static final String LOAD_REGISTERED_CLIENT_SQL = "SELECT id, client_id, client_id_issued_at, client_secret, client_secret_expires_at, client_name, client_authentication_methods, authorization_grant_types, redirect_uris, post_logout_redirect_uris, scopes, client_settings,token_settings FROM oauth2_registered_client WHERE ";
    private static final String INSERT_REGISTERED_CLIENT_SQL = "INSERT INTO oauth2_registered_client(id, client_id, client_id_issued_at, client_secret, client_secret_expires_at, client_name, client_authentication_methods, authorization_grant_types, redirect_uris, post_logout_redirect_uris, scopes, client_settings,token_settings) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
    private static final String UPDATE_REGISTERED_CLIENT_SQL = "UPDATE oauth2_registered_client SET client_secret = ?, client_secret_expires_at = ?, client_name = ?, client_authentication_methods = ?, authorization_grant_types = ?, redirect_uris = ?, post_logout_redirect_uris = ?, scopes = ?, client_settings = ?, token_settings = ? WHERE id = ?";
    private static final String COUNT_REGISTERED_CLIENT_SQL = "SELECT COUNT(*) FROM oauth2_registered_client WHERE ";
    private final JdbcOperations jdbcOperations;
    private RowMapper<RegisteredClient> registeredClientRowMapper;
    private Function<RegisteredClient, List<SqlParameterValue>> registeredClientParametersMapper;

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository$JdbcRegisteredClientRepositoryRuntimeHintsRegistrar.class */
    static class JdbcRegisteredClientRepositoryRuntimeHintsRegistrar implements RuntimeHintsRegistrar {
        JdbcRegisteredClientRepositoryRuntimeHintsRegistrar() {
        }

        public void registerHints(RuntimeHints runtimeHints, ClassLoader classLoader) {
            runtimeHints.resources().registerResource(new ClassPathResource("org/springframework/security/oauth2/server/authorization/client/oauth2-registered-client-schema.sql"));
        }
    }

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository$RegisteredClientParametersMapper.class */
    public static class RegisteredClientParametersMapper implements Function<RegisteredClient, List<SqlParameterValue>> {
        private ObjectMapper objectMapper = new ObjectMapper();

        public RegisteredClientParametersMapper() {
            this.objectMapper.registerModules(SecurityJackson2Modules.getModules(JdbcRegisteredClientRepository.class.getClassLoader()));
            this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
        }

        @Override // java.util.function.Function
        public List<SqlParameterValue> apply(RegisteredClient registeredClient) {
            Timestamp from = registeredClient.getClientIdIssuedAt() != null ? Timestamp.from(registeredClient.getClientIdIssuedAt()) : Timestamp.from(Instant.now());
            Timestamp from2 = registeredClient.getClientSecretExpiresAt() != null ? Timestamp.from(registeredClient.getClientSecretExpiresAt()) : null;
            ArrayList arrayList = new ArrayList(registeredClient.getClientAuthenticationMethods().size());
            registeredClient.getClientAuthenticationMethods().forEach(clientAuthenticationMethod -> {
                arrayList.add(clientAuthenticationMethod.getValue());
            });
            ArrayList arrayList2 = new ArrayList(registeredClient.getAuthorizationGrantTypes().size());
            registeredClient.getAuthorizationGrantTypes().forEach(authorizationGrantType -> {
                arrayList2.add(authorizationGrantType.getValue());
            });
            return Arrays.asList(new SqlParameterValue(12, registeredClient.getId()), new SqlParameterValue(12, registeredClient.getClientId()), new SqlParameterValue(93, from), new SqlParameterValue(12, registeredClient.getClientSecret()), new SqlParameterValue(93, from2), new SqlParameterValue(12, registeredClient.getClientName()), new SqlParameterValue(12, StringUtils.collectionToCommaDelimitedString(arrayList)), new SqlParameterValue(12, StringUtils.collectionToCommaDelimitedString(arrayList2)), new SqlParameterValue(12, StringUtils.collectionToCommaDelimitedString(registeredClient.getRedirectUris())), new SqlParameterValue(12, StringUtils.collectionToCommaDelimitedString(registeredClient.getPostLogoutRedirectUris())), new SqlParameterValue(12, StringUtils.collectionToCommaDelimitedString(registeredClient.getScopes())), new SqlParameterValue(12, writeMap(registeredClient.getClientSettings().getSettings())), new SqlParameterValue(12, writeMap(registeredClient.getTokenSettings().getSettings())));
        }

        public final void setObjectMapper(ObjectMapper objectMapper) {
            Assert.notNull(objectMapper, "objectMapper cannot be null");
            this.objectMapper = objectMapper;
        }

        protected final ObjectMapper getObjectMapper() {
            return this.objectMapper;
        }

        private String writeMap(Map<String, Object> map) {
            try {
                return this.objectMapper.writeValueAsString(map);
            } catch (Exception e) {
                throw new IllegalArgumentException(e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/JdbcRegisteredClientRepository$RegisteredClientRowMapper.class */
    public static class RegisteredClientRowMapper implements RowMapper<RegisteredClient> {
        private ObjectMapper objectMapper = new ObjectMapper();

        public RegisteredClientRowMapper() {
            this.objectMapper.registerModules(SecurityJackson2Modules.getModules(JdbcRegisteredClientRepository.class.getClassLoader()));
            this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
        }

        /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
        public RegisteredClient m34mapRow(ResultSet resultSet, int i) throws SQLException {
            Timestamp timestamp = resultSet.getTimestamp(OidcClientMetadataClaimNames.CLIENT_ID_ISSUED_AT);
            Timestamp timestamp2 = resultSet.getTimestamp(OidcClientMetadataClaimNames.CLIENT_SECRET_EXPIRES_AT);
            Set commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(resultSet.getString("client_authentication_methods"));
            Set commaDelimitedListToSet2 = StringUtils.commaDelimitedListToSet(resultSet.getString("authorization_grant_types"));
            Set commaDelimitedListToSet3 = StringUtils.commaDelimitedListToSet(resultSet.getString(OidcClientMetadataClaimNames.REDIRECT_URIS));
            Set commaDelimitedListToSet4 = StringUtils.commaDelimitedListToSet(resultSet.getString(OidcClientMetadataClaimNames.POST_LOGOUT_REDIRECT_URIS));
            Set commaDelimitedListToSet5 = StringUtils.commaDelimitedListToSet(resultSet.getString("scopes"));
            RegisteredClient.Builder scopes = RegisteredClient.withId(resultSet.getString("id")).clientId(resultSet.getString(OidcClientMetadataClaimNames.CLIENT_ID)).clientIdIssuedAt(timestamp != null ? timestamp.toInstant() : null).clientSecret(resultSet.getString(OidcClientMetadataClaimNames.CLIENT_SECRET)).clientSecretExpiresAt(timestamp2 != null ? timestamp2.toInstant() : null).clientName(resultSet.getString(OidcClientMetadataClaimNames.CLIENT_NAME)).clientAuthenticationMethods(set -> {
                commaDelimitedListToSet.forEach(str -> {
                    set.add(resolveClientAuthenticationMethod(str));
                });
            }).authorizationGrantTypes(set2 -> {
                commaDelimitedListToSet2.forEach(str -> {
                    set2.add(resolveAuthorizationGrantType(str));
                });
            }).redirectUris(set3 -> {
                set3.addAll(commaDelimitedListToSet3);
            }).postLogoutRedirectUris(set4 -> {
                set4.addAll(commaDelimitedListToSet4);
            }).scopes(set5 -> {
                set5.addAll(commaDelimitedListToSet5);
            });
            scopes.clientSettings(ClientSettings.withSettings(parseMap(resultSet.getString("client_settings"))).build());
            Map<String, Object> parseMap = parseMap(resultSet.getString("token_settings"));
            TokenSettings.Builder withSettings = TokenSettings.withSettings(parseMap);
            if (!parseMap.containsKey(ConfigurationSettingNames.Token.ACCESS_TOKEN_FORMAT)) {
                withSettings.accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED);
            }
            scopes.tokenSettings(withSettings.build());
            return scopes.build();
        }

        public final void setObjectMapper(ObjectMapper objectMapper) {
            Assert.notNull(objectMapper, "objectMapper cannot be null");
            this.objectMapper = objectMapper;
        }

        protected final ObjectMapper getObjectMapper() {
            return this.objectMapper;
        }

        private Map<String, Object> parseMap(String str) {
            try {
                return (Map) this.objectMapper.readValue(str, new TypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientRowMapper.1
                });
            } catch (Exception e) {
                throw new IllegalArgumentException(e.getMessage(), e);
            }
        }

        private static AuthorizationGrantType resolveAuthorizationGrantType(String str) {
            return AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(str) ? AuthorizationGrantType.AUTHORIZATION_CODE : AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equals(str) ? AuthorizationGrantType.CLIENT_CREDENTIALS : AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(str) ? AuthorizationGrantType.REFRESH_TOKEN : new AuthorizationGrantType(str);
        }

        private static ClientAuthenticationMethod resolveClientAuthenticationMethod(String str) {
            return ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue().equals(str) ? ClientAuthenticationMethod.CLIENT_SECRET_BASIC : ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue().equals(str) ? ClientAuthenticationMethod.CLIENT_SECRET_POST : ClientAuthenticationMethod.NONE.getValue().equals(str) ? ClientAuthenticationMethod.NONE : new ClientAuthenticationMethod(str);
        }
    }

    public JdbcRegisteredClientRepository(JdbcOperations jdbcOperations) {
        Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
        this.jdbcOperations = jdbcOperations;
        this.registeredClientRowMapper = new RegisteredClientRowMapper();
        this.registeredClientParametersMapper = new RegisteredClientParametersMapper();
    }

    @Override // org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
    public void save(RegisteredClient registeredClient) {
        Assert.notNull(registeredClient, "registeredClient cannot be null");
        if (findBy(PK_FILTER, registeredClient.getId()) != null) {
            updateRegisteredClient(registeredClient);
        } else {
            insertRegisteredClient(registeredClient);
        }
    }

    private void updateRegisteredClient(RegisteredClient registeredClient) {
        ArrayList arrayList = new ArrayList(this.registeredClientParametersMapper.apply(registeredClient));
        SqlParameterValue sqlParameterValue = (SqlParameterValue) arrayList.remove(0);
        arrayList.remove(0);
        arrayList.remove(0);
        arrayList.add(sqlParameterValue);
        this.jdbcOperations.update(UPDATE_REGISTERED_CLIENT_SQL, new ArgumentPreparedStatementSetter(arrayList.toArray()));
    }

    private void insertRegisteredClient(RegisteredClient registeredClient) {
        assertUniqueIdentifiers(registeredClient);
        this.jdbcOperations.update(INSERT_REGISTERED_CLIENT_SQL, new ArgumentPreparedStatementSetter(this.registeredClientParametersMapper.apply(registeredClient).toArray()));
    }

    private void assertUniqueIdentifiers(RegisteredClient registeredClient) {
        Integer num = (Integer) this.jdbcOperations.queryForObject("SELECT COUNT(*) FROM oauth2_registered_client WHERE client_id = ?", Integer.class, new Object[]{registeredClient.getClientId()});
        if (num != null && num.intValue() > 0) {
            throw new IllegalArgumentException("Registered client must be unique. Found duplicate client identifier: " + registeredClient.getClientId());
        }
        Integer num2 = (Integer) this.jdbcOperations.queryForObject("SELECT COUNT(*) FROM oauth2_registered_client WHERE client_secret = ?", Integer.class, new Object[]{registeredClient.getClientSecret()});
        if (num2 != null && num2.intValue() > 0) {
            throw new IllegalArgumentException("Registered client must be unique. Found duplicate client secret for identifier: " + registeredClient.getId());
        }
    }

    @Override // org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
    public RegisteredClient findById(String str) {
        Assert.hasText(str, "id cannot be empty");
        return findBy(PK_FILTER, str);
    }

    @Override // org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
    public RegisteredClient findByClientId(String str) {
        Assert.hasText(str, "clientId cannot be empty");
        return findBy("client_id = ?", str);
    }

    private RegisteredClient findBy(String str, Object... objArr) {
        List query = this.jdbcOperations.query("SELECT id, client_id, client_id_issued_at, client_secret, client_secret_expires_at, client_name, client_authentication_methods, authorization_grant_types, redirect_uris, post_logout_redirect_uris, scopes, client_settings,token_settings FROM oauth2_registered_client WHERE " + str, this.registeredClientRowMapper, objArr);
        if (query.isEmpty()) {
            return null;
        }
        return (RegisteredClient) query.get(0);
    }

    public final void setRegisteredClientRowMapper(RowMapper<RegisteredClient> rowMapper) {
        Assert.notNull(rowMapper, "registeredClientRowMapper cannot be null");
        this.registeredClientRowMapper = rowMapper;
    }

    public final void setRegisteredClientParametersMapper(Function<RegisteredClient, List<SqlParameterValue>> function) {
        Assert.notNull(function, "registeredClientParametersMapper cannot be null");
        this.registeredClientParametersMapper = function;
    }

    protected final JdbcOperations getJdbcOperations() {
        return this.jdbcOperations;
    }

    protected final RowMapper<RegisteredClient> getRegisteredClientRowMapper() {
        return this.registeredClientRowMapper;
    }

    protected final Function<RegisteredClient, List<SqlParameterValue>> getRegisteredClientParametersMapper() {
        return this.registeredClientParametersMapper;
    }
}
