package org.wso2.carbon.identity.oauth2.dao;

import java.sql.Connection;
import java.sql.DataTruncation;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.SQLIntegrityConstraintViolationException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.TimeZone;
import java.util.UUID;
import java.util.concurrent.BlockingDeque;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.LinkedBlockingDeque;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.SQLQueries;
import org.wso2.carbon.identity.oauth.tokenprocessor.PlainTextPersistenceProcessor;
import org.wso2.carbon.identity.oauth.tokenprocessor.TokenPersistenceProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.AuthzCodeDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/dao/TokenMgtDAO.class */
public class TokenMgtDAO {
    public static final String AUTHZ_USER = "AUTHZ_USER";
    public static final String LOWER_AUTHZ_USER = "LOWER(AUTHZ_USER)";
    private static final String UTC = "UTC";
    private static TokenPersistenceProcessor persistenceProcessor;
    private static int maxPoolSize;
    private boolean enablePersist;
    private static final String IDN_OAUTH2_ACCESS_TOKEN = "IDN_OAUTH2_ACCESS_TOKEN";
    private static final String IDN_OAUTH2_AUTHORIZATION_CODE = "IDN_OAUTH2_AUTHORIZATION_CODE";
    private static int tokenPersistRetryCount = 5;
    private static BlockingDeque<AccessContextTokenDO> accessContextTokenQueue = new LinkedBlockingDeque();
    private static BlockingDeque<AuthContextTokenDO> authContextTokenQueue = new LinkedBlockingDeque();
    private static final Log log = LogFactory.getLog(TokenMgtDAO.class);

    public TokenMgtDAO() {
        this.enablePersist = true;
        try {
            persistenceProcessor = OAuthServerConfiguration.getInstance().getPersistenceProcessor();
        } catch (IdentityOAuth2Exception e) {
            log.error("Error retrieving TokenPersistenceProcessor. Defaulting to PlainTextProcessor", e);
            persistenceProcessor = new PlainTextPersistenceProcessor();
        }
        if (IdentityUtil.getProperty("JDBCPersistenceManager.TokenPersist.Enable") != null) {
            this.enablePersist = Boolean.parseBoolean(IdentityUtil.getProperty("JDBCPersistenceManager.TokenPersist.Enable"));
        }
        if (IdentityUtil.getProperty("OAuth.TokenPersistence.RetryCount") != null) {
            tokenPersistRetryCount = Integer.parseInt(IdentityUtil.getProperty("OAuth.TokenPersistence.RetryCount"));
        }
    }

    public void storeAuthorizationCode(String str, String str2, String str3, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
        if (this.enablePersist) {
            if (maxPoolSize > 0) {
                authContextTokenQueue.push(new AuthContextTokenDO(str, str2, str3, authzCodeDO));
            } else {
                persistAuthorizationCode(str, str2, str3, authzCodeDO);
            }
        }
    }

    public void persistAuthorizationCode(String str, String str2, String str3, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
        if (this.enablePersist) {
            Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
            PreparedStatement preparedStatement = null;
            try {
                try {
                    if (OAuth2ServiceComponentHolder.isPkceEnabled()) {
                        preparedStatement = dBConnection.prepareStatement(SQLQueries.STORE_AUTHORIZATION_CODE_WITH_PKCE);
                        preparedStatement.setString(1, authzCodeDO.getAuthzCodeId());
                        preparedStatement.setString(2, persistenceProcessor.getProcessedAuthzCode(str));
                        preparedStatement.setString(3, str3);
                        preparedStatement.setString(4, OAuth2Util.buildScopeString(authzCodeDO.getScope()));
                        preparedStatement.setString(5, authzCodeDO.getAuthorizedUser().getUserName());
                        preparedStatement.setString(6, getSanitizedUserStoreDomain(authzCodeDO.getAuthorizedUser().getUserStoreDomain()));
                        preparedStatement.setInt(7, OAuth2Util.getTenantId(authzCodeDO.getAuthorizedUser().getTenantDomain()));
                        preparedStatement.setTimestamp(8, authzCodeDO.getIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        preparedStatement.setLong(9, authzCodeDO.getValidityPeriod());
                        preparedStatement.setString(10, authzCodeDO.getAuthorizedUser().getAuthenticatedSubjectIdentifier());
                        preparedStatement.setString(11, authzCodeDO.getPkceCodeChallenge());
                        preparedStatement.setString(12, authzCodeDO.getPkceCodeChallengeMethod());
                        preparedStatement.setString(13, persistenceProcessor.getProcessedClientId(str2));
                    } else {
                        preparedStatement = dBConnection.prepareStatement(SQLQueries.STORE_AUTHORIZATION_CODE);
                        preparedStatement.setString(1, authzCodeDO.getAuthzCodeId());
                        preparedStatement.setString(2, persistenceProcessor.getProcessedAuthzCode(str));
                        preparedStatement.setString(3, str3);
                        preparedStatement.setString(4, OAuth2Util.buildScopeString(authzCodeDO.getScope()));
                        preparedStatement.setString(5, authzCodeDO.getAuthorizedUser().getUserName());
                        preparedStatement.setString(6, getSanitizedUserStoreDomain(authzCodeDO.getAuthorizedUser().getUserStoreDomain()));
                        preparedStatement.setInt(7, OAuth2Util.getTenantId(authzCodeDO.getAuthorizedUser().getTenantDomain()));
                        preparedStatement.setTimestamp(8, authzCodeDO.getIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        preparedStatement.setLong(9, authzCodeDO.getValidityPeriod());
                        preparedStatement.setString(10, authzCodeDO.getAuthorizedUser().getAuthenticatedSubjectIdentifier());
                        preparedStatement.setString(11, persistenceProcessor.getProcessedClientId(str2));
                    }
                    preparedStatement.execute();
                    dBConnection.commit();
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                } catch (SQLException e) {
                    throw new IdentityOAuth2Exception("Error when storing the authorization code for consumer key : " + str2, e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
    }

    public void deactivateAuthorizationCode(String str, String str2) throws IdentityOAuth2Exception {
        if (this.enablePersist) {
            if (maxPoolSize > 0) {
                authContextTokenQueue.push(new AuthContextTokenDO(str, str2));
                return;
            }
            AuthzCodeDO authzCodeDO = new AuthzCodeDO();
            authzCodeDO.setAuthorizationCode(str);
            authzCodeDO.setOauthTokenId(str2);
            deactivateAuthorizationCode(authzCodeDO);
        }
    }

    public void storeAccessToken(String str, String str2, AccessTokenDO accessTokenDO, Connection connection, String str3) throws IdentityOAuth2Exception {
        if (this.enablePersist) {
            storeAccessToken(str, str2, accessTokenDO, connection, str3, 0);
        }
    }

    private void storeAccessToken(String str, String str2, AccessTokenDO accessTokenDO, Connection connection, String str3, int i) throws IdentityOAuth2Exception {
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str3);
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        String str4 = "IDN_OAUTH2_ACCESS_TOKEN";
        if (StringUtils.isNotBlank(sanitizedUserStoreDomain) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(sanitizedUserStoreDomain)) {
            str4 = str4 + "_" + sanitizedUserStoreDomain;
        }
        try {
            try {
                try {
                    try {
                        preparedStatement = connection.prepareStatement(SQLQueries.INSERT_OAUTH2_ACCESS_TOKEN.replaceAll("\\$accessTokenStoreTable", str4));
                        preparedStatement.setString(1, persistenceProcessor.getProcessedAccessTokenIdentifier(str));
                        if (accessTokenDO.getRefreshToken() != null) {
                            preparedStatement.setString(2, persistenceProcessor.getProcessedRefreshToken(accessTokenDO.getRefreshToken()));
                        } else {
                            preparedStatement.setString(2, accessTokenDO.getRefreshToken());
                        }
                        preparedStatement.setString(3, accessTokenDO.getAuthzUser().getUserName());
                        int tenantId = OAuth2Util.getTenantId(accessTokenDO.getAuthzUser().getTenantDomain());
                        preparedStatement.setInt(4, tenantId);
                        preparedStatement.setString(5, getSanitizedUserStoreDomain(accessTokenDO.getAuthzUser().getUserStoreDomain()));
                        preparedStatement.setTimestamp(6, accessTokenDO.getIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        preparedStatement.setTimestamp(7, accessTokenDO.getRefreshTokenIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        preparedStatement.setLong(8, accessTokenDO.getValidityPeriodInMillis());
                        preparedStatement.setLong(9, accessTokenDO.getRefreshTokenValidityPeriodInMillis());
                        preparedStatement.setString(10, OAuth2Util.hashScopes(accessTokenDO.getScope()));
                        preparedStatement.setString(11, accessTokenDO.getTokenState());
                        preparedStatement.setString(12, accessTokenDO.getTokenType());
                        preparedStatement.setString(13, accessTokenDO.getTokenId());
                        preparedStatement.setString(14, accessTokenDO.getGrantType());
                        preparedStatement.setString(15, accessTokenDO.getAuthzUser().getAuthenticatedSubjectIdentifier());
                        preparedStatement.setString(16, persistenceProcessor.getProcessedClientId(str2));
                        preparedStatement.execute();
                        String tokenId = accessTokenDO.getTokenId();
                        preparedStatement2 = connection.prepareStatement(SQLQueries.INSERT_OAUTH2_TOKEN_SCOPE);
                        if (accessTokenDO.getScope() != null && accessTokenDO.getScope().length > 0) {
                            for (String str5 : accessTokenDO.getScope()) {
                                preparedStatement2.setString(1, tokenId);
                                preparedStatement2.setString(2, str5);
                                preparedStatement2.setInt(3, tenantId);
                                preparedStatement2.execute();
                            }
                        }
                        if (i > 0) {
                            log.info("Successfully recovered 'CON_APP_KEY' constraint violation with the attempt : " + i);
                        }
                        IdentityDatabaseUtil.closeStatement(preparedStatement2);
                        IdentityDatabaseUtil.closeStatement(preparedStatement);
                    } catch (SQLIntegrityConstraintViolationException e) {
                        if (i >= tokenPersistRetryCount) {
                            log.error("'CON_APP_KEY' constrain violation retry count exceeds above the maximum count - " + tokenPersistRetryCount);
                            throw new IdentityOAuth2Exception("Access Token for consumer key : " + str2 + ", user : " + accessTokenDO.getAuthzUser() + " and scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope()) + "already exists", e);
                        }
                        recoverFromConAppKeyConstraintViolation(str, str2, accessTokenDO, connection, sanitizedUserStoreDomain, i + 1);
                        IdentityDatabaseUtil.closeStatement(preparedStatement2);
                        IdentityDatabaseUtil.closeStatement(preparedStatement);
                    }
                } catch (DataTruncation e2) {
                    throw new IdentityOAuth2Exception("Invalid request", e2);
                }
            } catch (SQLException e3) {
                if (!e3.getMessage().contains("CON_APP_KEY")) {
                    throw new IdentityOAuth2Exception("Error when storing the access token for consumer key : " + str2, e3);
                }
                if (i >= tokenPersistRetryCount) {
                    log.error("'CON_APP_KEY' constrain violation retry count exceeds above the maximum count - " + tokenPersistRetryCount);
                    throw new IdentityOAuth2Exception("Access Token for consumer key : " + str2 + ", user : " + accessTokenDO.getAuthzUser() + " and scope : " + OAuth2Util.buildScopeString(accessTokenDO.getScope()) + "already exists", e3);
                }
                recoverFromConAppKeyConstraintViolation(str, str2, accessTokenDO, connection, sanitizedUserStoreDomain, i + 1);
                IdentityDatabaseUtil.closeStatement(preparedStatement2);
                IdentityDatabaseUtil.closeStatement(preparedStatement);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeStatement(preparedStatement2);
            IdentityDatabaseUtil.closeStatement(preparedStatement);
            throw th;
        }
    }

    public void storeAccessToken(String str, String str2, AccessTokenDO accessTokenDO, AccessTokenDO accessTokenDO2, String str3) throws IdentityException {
        if (this.enablePersist) {
            String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str3);
            if (maxPoolSize > 0) {
                accessContextTokenQueue.push(new AccessContextTokenDO(str, str2, accessTokenDO, accessTokenDO2, sanitizedUserStoreDomain));
            } else {
                persistAccessToken(str, str2, accessTokenDO, accessTokenDO2, sanitizedUserStoreDomain);
            }
        }
    }

    public boolean persistAccessToken(String str, String str2, AccessTokenDO accessTokenDO, AccessTokenDO accessTokenDO2, String str3) throws IdentityOAuth2Exception {
        if (!this.enablePersist) {
            return false;
        }
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str3);
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                dBConnection.setAutoCommit(false);
                if (accessTokenDO2 != null) {
                    setAccessTokenState(dBConnection, accessTokenDO2.getTokenId(), "EXPIRED", UUID.randomUUID().toString(), sanitizedUserStoreDomain);
                }
                storeAccessToken(str, str2, accessTokenDO, dBConnection, sanitizedUserStoreDomain);
                if (accessTokenDO.getAuthorizationCode() != null) {
                    AuthzCodeDO authzCodeDO = new AuthzCodeDO();
                    authzCodeDO.setAuthorizationCode(accessTokenDO.getAuthorizationCode());
                    authzCodeDO.setOauthTokenId(accessTokenDO.getTokenId());
                    deactivateAuthorizationCode(authzCodeDO, dBConnection);
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeConnection(dBConnection);
                return true;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while persisting access token", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeConnection(dBConnection);
            throw th;
        }
    }

    public AccessTokenDO retrieveLatestAccessToken(String str, AuthenticatedUser authenticatedUser, String str2, String str3, boolean z) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String tenantDomain = authenticatedUser.getTenantDomain();
        int tenantId = OAuth2Util.getTenantId(tenantDomain);
        String userName = authenticatedUser.getUserName();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(authenticatedUser.getUserStoreDomain());
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                String str4 = (dBConnection.getMetaData().getDriverName().contains("MySQL") || dBConnection.getMetaData().getDriverName().contains("H2")) ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MYSQL : dBConnection.getMetaData().getDatabaseProductName().contains("DB2") ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_DB2SQL : dBConnection.getMetaData().getDriverName().contains("MS SQL") ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : dBConnection.getMetaData().getDriverName().contains("Microsoft") ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : dBConnection.getMetaData().getDriverName().contains("PostgreSQL") ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_POSTGRESQL : dBConnection.getMetaData().getDriverName().contains("Informix") ? SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_INFORMIX : SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_ORACLE;
                if (!z) {
                    str4 = str4.replace("TOKEN_SCOPE_HASH=?", "TOKEN_SCOPE_HASH=? AND TOKEN_STATE='ACTIVE'");
                }
                if (StringUtils.isNotEmpty(sanitizedUserStoreDomain2) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(sanitizedUserStoreDomain2)) {
                    str4 = str4.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + sanitizedUserStoreDomain2);
                }
                if (!isUserStoreInUsernameCaseSensitive) {
                    str4 = str4.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                String hashScopes = OAuth2Util.hashScopes(str3);
                if (hashScopes == null) {
                    str4 = str4.replace("TOKEN_SCOPE_HASH=?", "TOKEN_SCOPE_HASH IS NULL");
                }
                preparedStatement = dBConnection.prepareStatement(str4);
                preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(2, userName);
                } else {
                    preparedStatement.setString(2, userName.toLowerCase());
                }
                preparedStatement.setInt(3, tenantId);
                preparedStatement.setString(4, sanitizedUserStoreDomain);
                if (hashScopes != null) {
                    preparedStatement.setString(5, hashScopes);
                }
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    boolean z2 = false;
                    String string = resultSet.getString(7);
                    if (z) {
                        if ("ACTIVE".equals(string) || "EXPIRED".equals(string)) {
                            z2 = true;
                        }
                    } else if ("ACTIVE".equals(string)) {
                        z2 = true;
                    }
                    if (z2) {
                        String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                        String str5 = null;
                        if (resultSet.getString(2) != null) {
                            str5 = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                        }
                        long time = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                        long time2 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                        long j = resultSet.getLong(5);
                        long j2 = resultSet.getLong(6);
                        String string2 = resultSet.getString(8);
                        String string3 = resultSet.getString(9);
                        String string4 = resultSet.getString(10);
                        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
                        authenticatedUser2.setUserName(userName);
                        authenticatedUser2.setTenantDomain(tenantDomain);
                        authenticatedUser2.setUserStoreDomain(sanitizedUserStoreDomain);
                        authenticatedUser2.setAuthenticatedSubjectIdentifier(string4);
                        AccessTokenDO accessTokenDO = new AccessTokenDO(str, authenticatedUser2, OAuth2Util.buildScopeArray(str3), new Timestamp(time), new Timestamp(time2), j, j2, string2);
                        accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                        accessTokenDO.setRefreshToken(str5);
                        accessTokenDO.setTokenState(string);
                        accessTokenDO.setTokenId(string3);
                        IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                        return accessTokenDO;
                    }
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return null;
            } catch (SQLException e) {
                String str6 = "Error occurred while trying to retrieve latest 'ACTIVE' access token for Client ID : " + str + ", User ID : " + authenticatedUser + " and  Scope : " + str3;
                if (z) {
                    str6 = str6.replace("ACTIVE", "ACTIVE or EXPIRED");
                }
                throw new IdentityOAuth2Exception(str6, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public Set<AccessTokenDO> retrieveAccessTokens(String str, AuthenticatedUser authenticatedUser, String str2, boolean z) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String tenantDomain = authenticatedUser.getTenantDomain();
        String userName = authenticatedUser.getUserName();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(authenticatedUser.getUserStoreDomain());
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashMap hashMap = new HashMap();
        try {
            try {
                int tenantId = OAuth2Util.getTenantId(tenantDomain);
                String str3 = SQLQueries.RETRIEVE_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER;
                if (z) {
                    str3 = SQLQueries.RETRIEVE_ACTIVE_EXPIRED_ACCESS_TOKEN_BY_CLIENT_ID_USER;
                }
                if (StringUtils.isNotEmpty(sanitizedUserStoreDomain2) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(sanitizedUserStoreDomain2)) {
                    str3 = str3.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + sanitizedUserStoreDomain2);
                }
                if (!isUserStoreInUsernameCaseSensitive) {
                    str3 = str3.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                preparedStatement = dBConnection.prepareStatement(str3);
                preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(2, userName);
                } else {
                    preparedStatement.setString(2, userName.toLowerCase());
                }
                preparedStatement.setInt(3, tenantId);
                preparedStatement.setString(4, sanitizedUserStoreDomain);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                    if (hashMap.get(preprocessedAccessTokenIdentifier) == null) {
                        String preprocessedRefreshToken = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                        Timestamp timestamp = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        Timestamp timestamp2 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        long j = resultSet.getLong(5);
                        long j2 = resultSet.getLong(6);
                        String string = resultSet.getString(7);
                        String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(8));
                        String string2 = resultSet.getString(9);
                        String string3 = resultSet.getString(10);
                        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
                        authenticatedUser2.setUserName(userName);
                        authenticatedUser2.setTenantDomain(tenantDomain);
                        authenticatedUser2.setUserStoreDomain(sanitizedUserStoreDomain);
                        authenticatedUser2.setAuthenticatedSubjectIdentifier(string3);
                        AccessTokenDO accessTokenDO = new AccessTokenDO(str, authenticatedUser2, buildScopeArray, timestamp, timestamp2, j, j2, string);
                        accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                        accessTokenDO.setRefreshToken(preprocessedRefreshToken);
                        accessTokenDO.setTokenId(string2);
                        hashMap.put(preprocessedAccessTokenIdentifier, accessTokenDO);
                    } else {
                        String trim = resultSet.getString(8).trim();
                        AccessTokenDO accessTokenDO2 = (AccessTokenDO) hashMap.get(preprocessedAccessTokenIdentifier);
                        accessTokenDO2.setScope((String[]) ArrayUtils.add(accessTokenDO2.getScope(), trim));
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return new HashSet(hashMap.values());
            } catch (SQLException e) {
                String str4 = "Error occurred while retrieving 'ACTIVE' access tokens for Client ID : " + str + " and User ID : " + authenticatedUser;
                if (z) {
                    str4 = str4.replace("ACTIVE", "ACTIVE or EXPIRED");
                }
                throw new IdentityOAuth2Exception(str4, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public AuthzCodeDO validateAuthorizationCode(String str, String str2) throws IdentityOAuth2Exception {
        String string;
        String string2;
        String string3;
        Timestamp timestamp;
        long j;
        String string4;
        AuthenticatedUser authenticatedUser;
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                String str3 = null;
                String str4 = null;
                if (OAuth2ServiceComponentHolder.isPkceEnabled()) {
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.VALIDATE_AUTHZ_CODE_WITH_PKCE);
                    preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                    preparedStatement.setString(2, persistenceProcessor.getProcessedAuthzCode(str2));
                    resultSet = preparedStatement.executeQuery();
                    if (!resultSet.next()) {
                        IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                        return null;
                    }
                    string = resultSet.getString(8);
                    String string5 = resultSet.getString(1);
                    String string6 = resultSet.getString(2);
                    String tenantDomain = OAuth2Util.getTenantDomain(resultSet.getInt(3));
                    string2 = resultSet.getString(4);
                    string3 = resultSet.getString(5);
                    timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                    j = resultSet.getLong(7);
                    string4 = resultSet.getString(11);
                    String string7 = resultSet.getString(12);
                    str3 = resultSet.getString(13);
                    str4 = resultSet.getString(14);
                    authenticatedUser = new AuthenticatedUser();
                    authenticatedUser.setUserName(string5);
                    authenticatedUser.setTenantDomain(tenantDomain);
                    authenticatedUser.setUserStoreDomain(string6);
                    authenticatedUser.setAuthenticatedSubjectIdentifier(string7);
                    String addTenantDomainToEntry = UserCoreUtil.addTenantDomainToEntry(UserCoreUtil.addDomainToName(string5, string6), tenantDomain);
                    if (!"ACTIVE".equals(string)) {
                        revokeToken(resultSet.getString(9), addTenantDomainToEntry);
                    }
                } else {
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.VALIDATE_AUTHZ_CODE);
                    preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                    preparedStatement.setString(2, persistenceProcessor.getProcessedAuthzCode(str2));
                    resultSet = preparedStatement.executeQuery();
                    if (!resultSet.next()) {
                        IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                        return null;
                    }
                    string = resultSet.getString(8);
                    String string8 = resultSet.getString(1);
                    String string9 = resultSet.getString(2);
                    String tenantDomain2 = OAuth2Util.getTenantDomain(resultSet.getInt(3));
                    string2 = resultSet.getString(4);
                    string3 = resultSet.getString(5);
                    timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                    j = resultSet.getLong(7);
                    string4 = resultSet.getString(11);
                    String string10 = resultSet.getString(12);
                    authenticatedUser = new AuthenticatedUser();
                    authenticatedUser.setUserName(string8);
                    authenticatedUser.setTenantDomain(tenantDomain2);
                    authenticatedUser.setUserStoreDomain(string9);
                    authenticatedUser.setAuthenticatedSubjectIdentifier(string10);
                    String addTenantDomainToEntry2 = UserCoreUtil.addTenantDomainToEntry(UserCoreUtil.addDomainToName(string8, string9), tenantDomain2);
                    if (!"ACTIVE".equals(string)) {
                        revokeToken(resultSet.getString(9), addTenantDomainToEntry2);
                    }
                }
                dBConnection.commit();
                AuthzCodeDO authzCodeDO = new AuthzCodeDO(authenticatedUser, OAuth2Util.buildScopeArray(string2), timestamp, j, string3, str, str2, string4, string, str3, str4);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return authzCodeDO;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when validating an authorization code", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public void changeAuthzCodeState(String str, String str2) throws IdentityOAuth2Exception {
        if (maxPoolSize > 0) {
            authContextTokenQueue.push(new AuthContextTokenDO(str));
        } else {
            doChangeAuthzCodeState(str, str2);
        }
    }

    public void deactivateAuthorizationCode(List<AuthzCodeDO> list) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
                for (AuthzCodeDO authzCodeDO : list) {
                    preparedStatement.setString(1, authzCodeDO.getOauthTokenId());
                    preparedStatement.setString(2, persistenceProcessor.getPreprocessedAuthzCode(authzCodeDO.getAuthorizationCode()));
                    preparedStatement.addBatch();
                }
                preparedStatement.executeBatch();
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public void doChangeAuthzCodeState(String str, String str2) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.UPDATE_AUTHORIZATION_CODE_STATE.replace("IDN_OAUTH2_AUTHORIZATION_CODE", "IDN_OAUTH2_AUTHORIZATION_CODE"));
                preparedStatement.setString(1, str2);
                preparedStatement.setString(2, persistenceProcessor.getPreprocessedAuthzCode(str));
                preparedStatement.execute();
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while updating the state of Authorization Code : " + str.toString(), e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public void deactivateAuthorizationCode(AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                deactivateAuthorizationCode(authzCodeDO, dBConnection);
                dBConnection.commit();
                IdentityDatabaseUtil.closeConnection(dBConnection);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeConnection(dBConnection);
            throw th;
        }
    }

    private void deactivateAuthorizationCode(AuthzCodeDO authzCodeDO, Connection connection) throws IdentityOAuth2Exception {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = connection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
                preparedStatement.setString(1, authzCodeDO.getOauthTokenId());
                preparedStatement.setString(2, persistenceProcessor.getPreprocessedAuthzCode(authzCodeDO.getAuthorizationCode()));
                preparedStatement.executeUpdate();
                IdentityDatabaseUtil.closeAllConnections((Connection) null, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections((Connection) null, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public RefreshTokenValidationDataDO validateRefreshToken(String str, String str2) throws IdentityOAuth2Exception {
        RefreshTokenValidationDataDO refreshTokenValidationDataDO = new RefreshTokenValidationDataDO();
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        String str3 = null;
        try {
            try {
                if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                    str3 = OAuth2Util.getUserStoreDomainFromAccessToken(str2);
                }
                String str4 = "IDN_OAUTH2_ACCESS_TOKEN";
                if (StringUtils.isNotBlank(str3) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(str3)) {
                    str4 = str4 + "_" + str3;
                }
                String replaceAll = SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_MYSQL.replaceAll("\\$accessTokenStoreTable", str4);
                String replaceAll2 = SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_DB2SQL.replaceAll("\\$accessTokenStoreTable", str4);
                String replaceAll3 = SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_ORACLE.replaceAll("\\$accessTokenStoreTable", str4);
                String replaceAll4 = SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_MSSQL.replaceAll("\\$accessTokenStoreTable", str4);
                String replaceAll5 = (dBConnection.getMetaData().getDriverName().contains("MySQL") || dBConnection.getMetaData().getDriverName().contains("H2")) ? replaceAll : dBConnection.getMetaData().getDatabaseProductName().contains("DB2") ? replaceAll2 : dBConnection.getMetaData().getDriverName().contains("MS SQL") ? replaceAll4 : dBConnection.getMetaData().getDriverName().contains("Microsoft") ? replaceAll4 : dBConnection.getMetaData().getDriverName().contains("PostgreSQL") ? SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_POSTGRESQL.replaceAll("\\$accessTokenStoreTable", str4) : dBConnection.getMetaData().getDriverName().contains("INFORMIX") ? SQLQueries.RETRIEVE_ACCESS_TOKEN_VALIDATION_DATA_INFORMIX.replaceAll("\\$accessTokenStoreTable", str4) : replaceAll3;
                if (str2 == null) {
                    replaceAll5 = replaceAll5.replace("REFRESH_TOKEN = ?", "REFRESH_TOKEN IS NULL");
                }
                preparedStatement = dBConnection.prepareStatement(replaceAll5);
                preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                if (str2 != null) {
                    preparedStatement.setString(2, persistenceProcessor.getProcessedRefreshToken(str2));
                }
                resultSet = preparedStatement.executeQuery();
                int i = 0;
                ArrayList arrayList = new ArrayList();
                while (resultSet.next()) {
                    if (i == 0) {
                        refreshTokenValidationDataDO.setAccessToken(persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1)));
                        String string = resultSet.getString(2);
                        int i2 = resultSet.getInt(3);
                        String string2 = resultSet.getString(4);
                        String tenantDomain = OAuth2Util.getTenantDomain(i2);
                        refreshTokenValidationDataDO.setScope(OAuth2Util.buildScopeArray(resultSet.getString(5)));
                        refreshTokenValidationDataDO.setRefreshTokenState(resultSet.getString(6));
                        refreshTokenValidationDataDO.setIssuedTime(resultSet.getTimestamp(7, Calendar.getInstance(TimeZone.getTimeZone(UTC))));
                        refreshTokenValidationDataDO.setValidityPeriodInMillis(resultSet.getLong(8));
                        refreshTokenValidationDataDO.setTokenId(resultSet.getString(9));
                        refreshTokenValidationDataDO.setGrantType(resultSet.getString(10));
                        String string3 = resultSet.getString(11);
                        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                        authenticatedUser.setUserName(string);
                        authenticatedUser.setUserStoreDomain(string2);
                        authenticatedUser.setTenantDomain(tenantDomain);
                        authenticatedUser.setAuthenticatedSubjectIdentifier(string3);
                        refreshTokenValidationDataDO.setAuthorizedUser(authenticatedUser);
                    } else {
                        arrayList.add(resultSet.getString(5));
                    }
                    i++;
                }
                if (arrayList.size() > 0 && refreshTokenValidationDataDO != null) {
                    refreshTokenValidationDataDO.setScope((String[]) ArrayUtils.addAll(refreshTokenValidationDataDO.getScope(), arrayList.toArray(new String[arrayList.size()])));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return refreshTokenValidationDataDO;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when validating a refresh token", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public AccessTokenDO retrieveAccessToken(String str, boolean z) throws IdentityOAuth2Exception {
        AccessTokenDO accessTokenDO = null;
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        String str2 = null;
        try {
            try {
                if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                    str2 = OAuth2Util.getUserStoreDomainFromAccessToken(str);
                }
                String str3 = z ? SQLQueries.RETRIEVE_ACTIVE_EXPIRED_ACCESS_TOKEN : SQLQueries.RETRIEVE_ACTIVE_ACCESS_TOKEN;
                if (StringUtils.isNotBlank(str2) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(str2)) {
                    str3 = str3.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + str2);
                }
                preparedStatement = dBConnection.prepareStatement(str3);
                preparedStatement.setString(1, persistenceProcessor.getProcessedAccessTokenIdentifier(str));
                resultSet = preparedStatement.executeQuery();
                int i = 0;
                ArrayList arrayList = new ArrayList();
                while (resultSet.next()) {
                    if (i == 0) {
                        String preprocessedClientId = persistenceProcessor.getPreprocessedClientId(resultSet.getString(1));
                        String string = resultSet.getString(2);
                        int i2 = resultSet.getInt(3);
                        String tenantDomain = OAuth2Util.getTenantDomain(i2);
                        String string2 = resultSet.getString(4);
                        String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                        Timestamp timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        Timestamp timestamp2 = resultSet.getTimestamp(7, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        long j = resultSet.getLong(8);
                        long j2 = resultSet.getLong(9);
                        String string3 = resultSet.getString(10);
                        String string4 = resultSet.getString(11);
                        String string5 = resultSet.getString(12);
                        String string6 = resultSet.getString(13);
                        String string7 = resultSet.getString(14);
                        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                        authenticatedUser.setUserName(string);
                        authenticatedUser.setUserStoreDomain(string2);
                        authenticatedUser.setTenantDomain(tenantDomain);
                        authenticatedUser.setAuthenticatedSubjectIdentifier(string7);
                        accessTokenDO = new AccessTokenDO(preprocessedClientId, authenticatedUser, buildScopeArray, timestamp, timestamp2, j, j2, string3);
                        accessTokenDO.setAccessToken(str);
                        accessTokenDO.setRefreshToken(string4);
                        accessTokenDO.setTokenId(string5);
                        accessTokenDO.setGrantType(string6);
                        accessTokenDO.setTenantID(i2);
                    } else {
                        arrayList.add(resultSet.getString(5));
                    }
                    i++;
                }
                if (arrayList.size() > 0 && accessTokenDO != null) {
                    accessTokenDO.setScope((String[]) ArrayUtils.addAll(accessTokenDO.getScope(), arrayList.toArray(new String[arrayList.size()])));
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return accessTokenDO;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error when retrieving Access Token" + e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public void setAccessTokenState(Connection connection, String str, String str2, String str3, String str4) throws IdentityOAuth2Exception {
        PreparedStatement preparedStatement = null;
        try {
            try {
                String str5 = "UPDATE IDN_OAUTH2_ACCESS_TOKEN SET TOKEN_STATE=?, TOKEN_STATE_ID=? WHERE TOKEN_ID=?";
                if (StringUtils.isNotBlank(str4) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(str4)) {
                    str5 = str5.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + str4);
                }
                preparedStatement = connection.prepareStatement(str5);
                preparedStatement.setString(1, str2);
                preparedStatement.setString(2, str3);
                preparedStatement.setString(3, str);
                preparedStatement.executeUpdate();
                IdentityDatabaseUtil.closeStatement(preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error while updating Access Token with ID : " + str + " to Token State : " + str2, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeStatement(preparedStatement);
            throw th;
        }
    }

    public void revokeTokens(String[] strArr) throws IdentityOAuth2Exception {
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            revokeTokensIndividual(strArr);
        } else {
            revokeTokensBatch(strArr);
        }
    }

    public void revokeTokensBatch(String[] strArr) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        if (strArr.length > 1) {
            try {
                try {
                    dBConnection.setAutoCommit(false);
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.REVOKE_ACCESS_TOKEN.replace("IDN_OAUTH2_ACCESS_TOKEN", "IDN_OAUTH2_ACCESS_TOKEN"));
                    for (String str : strArr) {
                        preparedStatement.setString(1, "REVOKED");
                        preparedStatement.setString(2, UUID.randomUUID().toString());
                        preparedStatement.setString(3, persistenceProcessor.getProcessedAccessTokenIdentifier(str));
                        preparedStatement.addBatch();
                    }
                    preparedStatement.executeBatch();
                    dBConnection.commit();
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollBack(dBConnection);
                    throw new IdentityOAuth2Exception("Error occurred while revoking Access Tokens : " + Arrays.toString(strArr), e);
                }
            } finally {
            }
        }
        try {
            if (strArr.length == 1) {
                try {
                    dBConnection.setAutoCommit(true);
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.REVOKE_ACCESS_TOKEN.replace("IDN_OAUTH2_ACCESS_TOKEN", "IDN_OAUTH2_ACCESS_TOKEN"));
                    preparedStatement.setString(1, "REVOKED");
                    preparedStatement.setString(2, UUID.randomUUID().toString());
                    preparedStatement.setString(3, persistenceProcessor.getProcessedAccessTokenIdentifier(strArr[0]));
                    preparedStatement.executeUpdate();
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                } catch (SQLException e2) {
                    throw new IdentityOAuth2Exception("Error occurred while revoking Access Token : " + Arrays.toString(strArr), e2);
                }
            }
        } finally {
        }
    }

    public void revokeTokensIndividual(String[] strArr) throws IdentityOAuth2Exception {
        String str = "IDN_OAUTH2_ACCESS_TOKEN";
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                dBConnection.setAutoCommit(false);
                for (String str2 : strArr) {
                    if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                        str = OAuth2Util.getAccessTokenStoreTableFromAccessToken(str2);
                    }
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.REVOKE_ACCESS_TOKEN.replace("IDN_OAUTH2_ACCESS_TOKEN", str));
                    preparedStatement.setString(1, "REVOKED");
                    preparedStatement.setString(2, UUID.randomUUID().toString());
                    preparedStatement.setString(3, persistenceProcessor.getProcessedAccessTokenIdentifier(str2));
                    int executeUpdate = preparedStatement.executeUpdate();
                    if (log.isDebugEnabled()) {
                        log.debug("Number of rows being updated : " + executeUpdate);
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while revoking Access Token : " + Arrays.toString(strArr), e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public void revokeToken(String str, String str2) throws IdentityOAuth2Exception {
        String str3 = "IDN_OAUTH2_ACCESS_TOKEN";
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                    str3 = OAuth2Util.getAccessTokenStoreTableFromUserId(str2);
                }
                preparedStatement = dBConnection.prepareStatement("UPDATE IDN_OAUTH2_ACCESS_TOKEN SET TOKEN_STATE=?, TOKEN_STATE_ID=? WHERE TOKEN_ID=?".replace("IDN_OAUTH2_ACCESS_TOKEN", str3));
                preparedStatement.setString(1, "REVOKED");
                preparedStatement.setString(2, UUID.randomUUID().toString());
                preparedStatement.setString(3, str);
                int executeUpdate = preparedStatement.executeUpdate();
                if (log.isDebugEnabled()) {
                    log.debug("Number of rows being updated : " + executeUpdate);
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with ID : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<String> getAccessTokensForUser(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        String str = "IDN_OAUTH2_ACCESS_TOKEN";
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        try {
            try {
                if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                    str = OAuth2Util.getAccessTokenStoreTableFromUserId(authenticatedUser.toString());
                }
                String replace = SQLQueries.GET_ACCESS_TOKEN_BY_AUTHZUSER.replace("IDN_OAUTH2_ACCESS_TOKEN", str);
                if (!isUserStoreInUsernameCaseSensitive) {
                    replace = replace.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                preparedStatement = dBConnection.prepareStatement(replace);
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(1, authenticatedUser.getUserName());
                } else {
                    preparedStatement.setString(1, authenticatedUser.getUserName().toLowerCase());
                }
                preparedStatement.setInt(2, OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()));
                preparedStatement.setString(3, "ACTIVE");
                preparedStatement.setString(4, authenticatedUser.getUserStoreDomain());
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    hashSet.add(persistenceProcessor.getPreprocessedAccessTokenIdentifier(executeQuery.getString(1)));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with user Name : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()), e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<String> getAuthorizationCodesForUser(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String str = SQLQueries.GET_AUTHORIZATION_CODES_BY_AUTHZUSER;
        if (!isUserStoreInUsernameCaseSensitive) {
            try {
                try {
                    str = str.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollBack(dBConnection);
                    throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with user Name : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()), e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
        preparedStatement = dBConnection.prepareStatement(str);
        if (isUserStoreInUsernameCaseSensitive) {
            preparedStatement.setString(1, authenticatedUser.getUserName());
        } else {
            preparedStatement.setString(1, authenticatedUser.getUserName().toLowerCase());
        }
        preparedStatement.setInt(2, OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()));
        preparedStatement.setString(3, authenticatedUser.getUserStoreDomain());
        preparedStatement.setString(4, "ACTIVE");
        ResultSet executeQuery = preparedStatement.executeQuery();
        while (executeQuery.next()) {
            if (OAuth2Util.calculateValidityInMillis(executeQuery.getTimestamp(2).getTime(), executeQuery.getLong(3)) > 1000) {
                hashSet.add(persistenceProcessor.getPreprocessedAuthzCode(executeQuery.getString(1)));
            }
        }
        dBConnection.commit();
        IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
        return hashSet;
    }

    public Set<String> getActiveTokensForConsumerKey(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_ACCESS_TOKENS_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "ACTIVE");
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    hashSet.add(persistenceProcessor.getPreprocessedAccessTokenIdentifier(executeQuery.getString(1)));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting access tokens from acces token table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<AccessTokenDO> getActiveDetailedTokensForConsumerKey(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        new HashSet();
        HashMap hashMap = new HashMap();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_ACTIVE_DETAILS_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "ACTIVE");
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    String string = executeQuery.getString(2);
                    if (hashMap.containsKey(string)) {
                        AccessTokenDO accessTokenDO = (AccessTokenDO) hashMap.get(string);
                        String[] scope = accessTokenDO.getScope();
                        String[] strArr = new String[accessTokenDO.getScope().length + 1];
                        for (int i = 0; i < scope.length; i++) {
                            strArr[i] = scope[i];
                        }
                        strArr[scope.length] = executeQuery.getString(5);
                        accessTokenDO.setScope(strArr);
                    } else {
                        String string2 = executeQuery.getString(1);
                        int i2 = executeQuery.getInt(3);
                        String string3 = executeQuery.getString(4);
                        String[] buildScopeArray = OAuth2Util.buildScopeArray(executeQuery.getString(5));
                        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                        authenticatedUser.setUserName(string2);
                        authenticatedUser.setTenantDomain(OAuth2Util.getTenantDomain(i2));
                        authenticatedUser.setUserStoreDomain(string3);
                        AccessTokenDO accessTokenDO2 = new AccessTokenDO();
                        accessTokenDO2.setAccessToken(string);
                        accessTokenDO2.setConsumerKey(str);
                        accessTokenDO2.setScope(buildScopeArray);
                        accessTokenDO2.setAuthzUser(authenticatedUser);
                        hashMap.put(string, accessTokenDO2);
                    }
                }
                HashSet hashSet = new HashSet(hashMap.values());
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting access tokens from acces token table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<String> getAuthorizationCodesForConsumerKey(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_AUTHORIZATION_CODES_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    hashSet.add(persistenceProcessor.getPreprocessedAuthzCode(executeQuery.getString(1)));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting authorization codes from authorization code table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<String> getActiveAuthorizationCodesForConsumerKey(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_ACTIVE_AUTHORIZATION_CODES_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "ACTIVE");
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    hashSet.add(persistenceProcessor.getPreprocessedAuthzCode(executeQuery.getString(1)));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting authorization codes from authorization code table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<String> getAllTimeAuthorizedClientIds(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        String str = "IDN_OAUTH2_ACCESS_TOKEN";
        PreparedStatement preparedStatement = null;
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        ResultSet resultSet = null;
        HashSet hashSet = new HashSet();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String tenantDomain = authenticatedUser.getTenantDomain();
        String userName = authenticatedUser.getUserName();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(authenticatedUser.getUserStoreDomain());
        try {
            try {
                int tenantId = OAuth2Util.getTenantId(tenantDomain);
                if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                    str = OAuth2Util.getAccessTokenStoreTableFromUserId(authenticatedUser.toString());
                }
                String replace = SQLQueries.GET_DISTINCT_APPS_AUTHORIZED_BY_USER_ALL_TIME.replace("IDN_OAUTH2_ACCESS_TOKEN", str);
                if (!isUserStoreInUsernameCaseSensitive) {
                    replace = replace.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                preparedStatement = dBConnection.prepareStatement(replace);
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(1, userName);
                } else {
                    preparedStatement.setString(1, userName.toLowerCase());
                }
                preparedStatement.setInt(2, tenantId);
                preparedStatement.setString(3, sanitizedUserStoreDomain);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    hashSet.add(persistenceProcessor.getPreprocessedClientId(resultSet.getString(1)));
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving all distinct Client IDs authorized by User ID : " + authenticatedUser + " until now", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    @Deprecated
    public String findScopeOfResource(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_IOS_SCOPE_KEY);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString("SCOPE_KEY");
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return string;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error getting scopes for resource - " + str + " : " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    public Pair<String, Integer> findTenantAndScopeOfResource(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_IOS_SCOPE_KEY_WITH_TENANT);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    Pair<String, Integer> of = Pair.of(executeQuery.getString("SCOPE_KEY"), Integer.valueOf(executeQuery.getInt("TENANT_ID")));
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return of;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error getting scopes for resource - " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    public boolean validateScope(Connection connection, String str, String str2) {
        return false;
    }

    public void invalidateAndCreateNewToken(String str, String str2, String str3, String str4, AccessTokenDO accessTokenDO, String str5) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                dBConnection.setAutoCommit(false);
                setAccessTokenState(dBConnection, str, str2, str4, str5);
                storeAccessToken(accessTokenDO.getAccessToken(), str3, accessTokenDO, dBConnection, str5);
                updateTokenIdIfAutzCodeGrantType(str, accessTokenDO.getTokenId(), dBConnection);
                dBConnection.commit();
                IdentityDatabaseUtil.closeConnection(dBConnection);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error while regenerating access token", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeConnection(dBConnection);
            throw th;
        }
    }

    public void revokeOAuthConsentByApplicationAndUser(String str, String str2) throws IdentityOAuth2Exception {
        if (str == null || str2 == null) {
            log.error("Could not remove consent of user " + str + " for application " + str2);
            return;
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                dBConnection.setAutoCommit(false);
                preparedStatement = dBConnection.prepareStatement(SQLQueries.DELETE_USER_RPS);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                preparedStatement.execute();
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error deleting OAuth consent of Application " + str2 + " and User " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public void revokeOAuthConsentByApplicationAndUser(String str, String str2, String str3) throws IdentityOAuth2Exception {
        if (str == null || str3 == null) {
            log.error("Could not remove consent of user " + str + " for application " + str3);
            return;
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                dBConnection.setAutoCommit(false);
                preparedStatement = dBConnection.prepareStatement(SQLQueries.DELETE_USER_RPS_IN_TENANT);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, IdentityTenantUtil.getTenantId(str2));
                preparedStatement.setString(3, str3);
                preparedStatement.execute();
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error deleting OAuth consent of Application " + str3 + " and User " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public void updateApproveAlwaysForAppConsentByResourceOwner(String str, String str2, String str3, String str4) throws IdentityOAuth2Exception {
        if (str == null || str3 == null) {
            log.error("Could not remove consent of user " + str + " for application " + str3);
            return;
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                dBConnection.setAutoCommit(false);
                preparedStatement = dBConnection.prepareStatement(SQLQueries.UPDATE_TRUSTED_ALWAYS_IDN_OPENID_USER_RPS);
                preparedStatement.setString(1, str4);
                preparedStatement.setString(2, str);
                preparedStatement.setInt(3, IdentityTenantUtil.getTenantId(str2));
                preparedStatement.setString(4, str3);
                preparedStatement.execute();
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error updating trusted always in a consent of Application " + str3 + " and User " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public Set<AccessTokenDO> getAccessTokensOfTenant(int i) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashMap hashMap = new HashMap();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.LIST_ALL_TOKENS_IN_TENANT);
                preparedStatement.setInt(1, i);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                    if (hashMap.get(preprocessedAccessTokenIdentifier) == null) {
                        String preprocessedRefreshToken = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                        Timestamp timestamp = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        Timestamp timestamp2 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        long j = resultSet.getLong(5);
                        long j2 = resultSet.getLong(6);
                        String string = resultSet.getString(7);
                        String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(8));
                        String string2 = resultSet.getString(9);
                        String string3 = resultSet.getString(10);
                        String string4 = resultSet.getString(11);
                        String string5 = resultSet.getString(12);
                        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                        authenticatedUser.setUserName(string3);
                        authenticatedUser.setTenantDomain(OAuth2Util.getTenantDomain(i));
                        authenticatedUser.setUserStoreDomain(string4);
                        AccessTokenDO accessTokenDO = new AccessTokenDO(string5, authenticatedUser, buildScopeArray, timestamp, timestamp2, j, j2, string);
                        accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                        accessTokenDO.setRefreshToken(preprocessedRefreshToken);
                        accessTokenDO.setTokenId(string2);
                        hashMap.put(preprocessedAccessTokenIdentifier, accessTokenDO);
                    } else {
                        String trim = resultSet.getString(8).trim();
                        AccessTokenDO accessTokenDO2 = (AccessTokenDO) hashMap.get(preprocessedAccessTokenIdentifier);
                        accessTokenDO2.setScope((String[]) ArrayUtils.add(accessTokenDO2.getScope(), trim));
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return new HashSet(hashMap.values());
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'ACTIVE or EXPIRED' access tokens for user  tenant id : " + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public Set<AccessTokenDO> getAccessTokensOfUserStore(int i, String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashMap hashMap = new HashMap();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.LIST_ALL_TOKENS_IN_USER_STORE);
                preparedStatement.setInt(1, i);
                preparedStatement.setString(2, sanitizedUserStoreDomain);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                    if (hashMap.get(preprocessedAccessTokenIdentifier) == null) {
                        String preprocessedRefreshToken = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                        Timestamp timestamp = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        Timestamp timestamp2 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                        long j = resultSet.getLong(5);
                        long j2 = resultSet.getLong(6);
                        String string = resultSet.getString(7);
                        String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(8));
                        String string2 = resultSet.getString(9);
                        String string3 = resultSet.getString(10);
                        String string4 = resultSet.getString(11);
                        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                        authenticatedUser.setUserName(string3);
                        authenticatedUser.setTenantDomain(OAuth2Util.getTenantDomain(i));
                        authenticatedUser.setUserStoreDomain(sanitizedUserStoreDomain);
                        AccessTokenDO accessTokenDO = new AccessTokenDO(string4, authenticatedUser, buildScopeArray, timestamp, timestamp2, j, j2, string);
                        accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                        accessTokenDO.setRefreshToken(preprocessedRefreshToken);
                        accessTokenDO.setTokenId(string2);
                        hashMap.put(preprocessedAccessTokenIdentifier, accessTokenDO);
                    } else {
                        String trim = resultSet.getString(8).trim();
                        AccessTokenDO accessTokenDO2 = (AccessTokenDO) hashMap.get(preprocessedAccessTokenIdentifier);
                        accessTokenDO2.setScope((String[]) ArrayUtils.add(accessTokenDO2.getScope(), trim));
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return new HashSet(hashMap.values());
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'ACTIVE or EXPIRED' access tokens for user in store domain : " + sanitizedUserStoreDomain + " and tenant id : " + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public void renameUserStoreDomainInAccessTokenTable(int i, String str, String str2) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str);
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RENAME_USER_STORE_IN_ACCESS_TOKENS_TABLE);
                preparedStatement.setString(1, sanitizedUserStoreDomain2);
                preparedStatement.setInt(2, i);
                preparedStatement.setString(3, sanitizedUserStoreDomain);
                int executeUpdate = preparedStatement.executeUpdate();
                if (log.isDebugEnabled()) {
                    log.debug("Number of rows being updated : " + executeUpdate);
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while renaming user store : " + sanitizedUserStoreDomain + " in tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public List<AuthzCodeDO> getLatestAuthorizationCodesOfTenant(int i) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT);
                preparedStatement.setInt(1, i);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    String string4 = resultSet.getString(4);
                    String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                    Timestamp timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                    long j = resultSet.getLong(7);
                    String string5 = resultSet.getString(8);
                    String string6 = resultSet.getString(9);
                    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                    authenticatedUser.setUserName(string4);
                    authenticatedUser.setUserStoreDomain(string6);
                    authenticatedUser.setTenantDomain(OAuth2Util.getTenantDomain(i));
                    arrayList.add(new AuthzCodeDO(authenticatedUser, buildScopeArray, timestamp, j, string5, string3, string2, string));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public List<AuthzCodeDO> getLatestAuthorizationCodesOfUserStore(int i, String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str);
        ArrayList arrayList = new ArrayList();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN);
                preparedStatement.setInt(1, i);
                preparedStatement.setString(2, sanitizedUserStoreDomain);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    String string4 = resultSet.getString(4);
                    String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                    Timestamp timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(UTC)));
                    long j = resultSet.getLong(7);
                    String string5 = resultSet.getString(8);
                    AuthenticatedUser authenticatedUser = new AuthenticatedUser();
                    authenticatedUser.setUserName(string4);
                    authenticatedUser.setUserStoreDomain(sanitizedUserStoreDomain);
                    authenticatedUser.setTenantDomain(OAuth2Util.getTenantDomain(i));
                    arrayList.add(new AuthzCodeDO(authenticatedUser, buildScopeArray, timestamp, j, string5, string3, string2, string));
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of user store : " + sanitizedUserStoreDomain + " in tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public void renameUserStoreDomainInAuthorizationCodeTable(int i, String str, String str2) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(str);
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RENAME_USER_STORE_IN_AUTHORIZATION_CODES_TABLE);
                preparedStatement.setString(1, sanitizedUserStoreDomain2);
                preparedStatement.setInt(2, i);
                preparedStatement.setString(3, sanitizedUserStoreDomain);
                int executeUpdate = preparedStatement.executeUpdate();
                if (log.isDebugEnabled()) {
                    log.debug("Number of rows being updated : " + executeUpdate);
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while renaming user store : " + sanitizedUserStoreDomain + "in tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    public String getCodeIdByAuthorizationCode(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_CODE_ID_BY_AUTHORIZATION_CODE);
                prepareStatement.setString(1, persistenceProcessor.getProcessedAuthzCode(str));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString("CODE_ID");
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return string;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Code ID' for authorization code : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    public String getAuthzCodeByCodeId(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_AUTHZ_CODE_BY_CODE_ID);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString("AUTHORIZATION_CODE");
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return string;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Authorization Code' for authorization code : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    public String getTokenIdByToken(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_TOKEN_ID_BY_TOKEN);
                prepareStatement.setString(1, persistenceProcessor.getProcessedAccessTokenIdentifier(str));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString("TOKEN_ID");
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return string;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Token ID' for token : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    public String getTokenByTokenId(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_TOKEN_BY_TOKEN_ID);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString("ACCESS_TOKEN");
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                    return string;
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return null;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Access Token' for token id : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    private void updateTokenIdIfAutzCodeGrantType(String str, String str2, Connection connection) throws IdentityOAuth2Exception {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = connection.prepareStatement(SQLQueries.UPDATE_NEW_TOKEN_AGAINST_AUTHZ_CODE);
                preparedStatement.setString(1, str2);
                preparedStatement.setString(2, str);
                preparedStatement.executeUpdate();
                IdentityDatabaseUtil.closeStatement(preparedStatement);
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error while updating Access Token against authorization code for access token with ID : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeStatement(preparedStatement);
            throw th;
        }
    }

    @Deprecated
    public Set<String> getRolesOfScopeByScopeKey(String str) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashSet hashSet = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_ROLES_OF_SCOPE);
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    String string = resultSet.getString("ROLES");
                    if (!string.isEmpty()) {
                        hashSet = new HashSet(new ArrayList(Arrays.asList(string.replaceAll(" ", "").split(","))));
                    }
                }
                dBConnection.commit();
                HashSet hashSet2 = hashSet;
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return hashSet2;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error getting roles of scope - " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public Set<String> getRolesOfScopeByScopeKey(String str, int i) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashSet hashSet = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_ROLES_OF_SCOPE_FOR_TENANT);
                preparedStatement.setString(1, str);
                preparedStatement.setInt(2, i);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    String string = resultSet.getString("ROLES");
                    if (!string.isEmpty()) {
                        hashSet = new HashSet(new ArrayList(Arrays.asList(string.replaceAll(" ", "").split(","))));
                    }
                }
                dBConnection.commit();
                HashSet hashSet2 = hashSet;
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return hashSet2;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error getting roles of scope - " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public void updateAppAndRevokeTokensAndAuthzCodes(String str, Properties properties, String[] strArr, String[] strArr2) throws IdentityOAuth2Exception, IdentityApplicationManagementException {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        PreparedStatement preparedStatement3 = null;
        if (!properties.containsKey(OAuthConstants.ACTION_PROPERTY_KEY)) {
            throw new IdentityOAuth2Exception("Invalid operation.");
        }
        String property = properties.getProperty(OAuthConstants.ACTION_PROPERTY_KEY);
        try {
            try {
                dBConnection.setAutoCommit(false);
                if (OAuthConstants.ACTION_REVOKE.equals(property)) {
                    if (!properties.containsKey(OAuthConstants.OAUTH_APP_NEW_STATE)) {
                        throw new IdentityOAuth2Exception("New App State is not specified.");
                    }
                    String property2 = properties.getProperty(OAuthConstants.OAUTH_APP_NEW_STATE);
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.UPDATE_APPLICATION_STATE);
                    preparedStatement.setString(1, property2);
                    preparedStatement.setString(2, str);
                    preparedStatement.execute();
                } else if (OAuthConstants.ACTION_REGENERATE.equals(property)) {
                    if (!properties.containsKey(OAuthConstants.OAUTH_APP_NEW_SECRET_KEY)) {
                        throw new IdentityOAuth2Exception("New Consumer Secret is not specified.");
                    }
                    String property3 = properties.getProperty(OAuthConstants.OAUTH_APP_NEW_SECRET_KEY);
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.OAuthAppDAOSQLQueries.UPDATE_OAUTH_SECRET_KEY);
                    preparedStatement.setString(1, property3);
                    preparedStatement.setString(2, str);
                    preparedStatement.execute();
                }
                if (ArrayUtils.isNotEmpty(strArr2)) {
                    String str2 = "IDN_OAUTH2_ACCESS_TOKEN";
                    if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                        for (String str3 : strArr2) {
                            if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
                                str2 = OAuth2Util.getAccessTokenStoreTableFromAccessToken(str3);
                            }
                            preparedStatement2 = dBConnection.prepareStatement(SQLQueries.REVOKE_APP_ACCESS_TOKEN.replace("IDN_OAUTH2_ACCESS_TOKEN", str2));
                            preparedStatement2.setString(1, "REVOKED");
                            preparedStatement2.setString(2, UUID.randomUUID().toString());
                            preparedStatement2.setString(3, str);
                            int executeUpdate = preparedStatement2.executeUpdate();
                            if (log.isDebugEnabled()) {
                                log.debug("Number of rows being updated : " + executeUpdate);
                            }
                        }
                    } else {
                        preparedStatement2 = dBConnection.prepareStatement(SQLQueries.REVOKE_APP_ACCESS_TOKEN.replace("IDN_OAUTH2_ACCESS_TOKEN", str2));
                        preparedStatement2.setString(1, "REVOKED");
                        preparedStatement2.setString(2, UUID.randomUUID().toString());
                        preparedStatement2.setString(3, str);
                        preparedStatement2.setString(4, "ACTIVE");
                        preparedStatement2.execute();
                    }
                }
                if (ArrayUtils.isNotEmpty(strArr)) {
                    for (String str4 : strArr) {
                        if (maxPoolSize > 0) {
                            authContextTokenQueue.push(new AuthContextTokenDO(str4));
                        } else {
                            preparedStatement3 = dBConnection.prepareStatement(SQLQueries.UPDATE_AUTHORIZATION_CODE_STATE.replace("IDN_OAUTH2_AUTHORIZATION_CODE", "IDN_OAUTH2_AUTHORIZATION_CODE"));
                            preparedStatement3.setString(1, "REVOKED");
                            preparedStatement3.setString(2, persistenceProcessor.getPreprocessedAuthzCode(str4));
                            preparedStatement3.execute();
                        }
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeStatement(preparedStatement);
                IdentityDatabaseUtil.closeStatement(preparedStatement2);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement3);
            } catch (SQLException e) {
                throw new IdentityApplicationManagementException("Error while executing the SQL statement.", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeStatement((PreparedStatement) null);
            IdentityDatabaseUtil.closeStatement((PreparedStatement) null);
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    private String getSanitizedUserStoreDomain(String str) {
        return str != null ? str.toUpperCase() : IdentityUtil.getPrimaryDomainName();
    }

    private void recoverFromConAppKeyConstraintViolation(String str, String str2, AccessTokenDO accessTokenDO, Connection connection, String str3, int i) throws IdentityOAuth2Exception {
        log.warn("Retry attempt to recover 'CON_APP_KEY' constraint violation : " + i);
        AccessTokenDO retrieveLatestToken = retrieveLatestToken(connection, str2, accessTokenDO.getAuthzUser(), str3, OAuth2Util.buildScopeString(accessTokenDO.getScope()), false);
        AccessTokenDO retrieveLatestToken2 = retrieveLatestToken(connection, str2, accessTokenDO.getAuthzUser(), str3, OAuth2Util.buildScopeString(accessTokenDO.getScope()), true);
        if (retrieveLatestToken2 == null) {
            accessTokenDO.setIssuedTime(new Timestamp(new Date().getTime()));
            storeAccessToken(str, str2, accessTokenDO, connection, str3, i);
            return;
        }
        if (retrieveLatestToken != null && !retrieveLatestToken2.getIssuedTime().after(retrieveLatestToken.getIssuedTime())) {
            setAccessTokenState(connection, retrieveLatestToken2.getTokenId(), "INACTIVE", UUID.randomUUID().toString(), str3);
            accessTokenDO.setIssuedTime(new Timestamp(new Date().getTime()));
            storeAccessToken(str, str2, accessTokenDO, connection, str3, i);
        } else {
            if (maxPoolSize != 0) {
                setAccessTokenState(connection, retrieveLatestToken2.getTokenId(), "INACTIVE", UUID.randomUUID().toString(), str3);
                accessTokenDO.setIssuedTime(new Timestamp(new Date().getTime()));
                storeAccessToken(str, str2, accessTokenDO, connection, str3, i);
                return;
            }
            accessTokenDO.setTokenId(retrieveLatestToken2.getTokenId());
            accessTokenDO.setAccessToken(retrieveLatestToken2.getAccessToken());
            accessTokenDO.setRefreshToken(retrieveLatestToken2.getRefreshToken());
            accessTokenDO.setIssuedTime(retrieveLatestToken2.getIssuedTime());
            accessTokenDO.setRefreshTokenIssuedTime(retrieveLatestToken2.getRefreshTokenIssuedTime());
            accessTokenDO.setValidityPeriodInMillis(retrieveLatestToken2.getValidityPeriodInMillis());
            accessTokenDO.setRefreshTokenValidityPeriodInMillis(retrieveLatestToken2.getRefreshTokenValidityPeriodInMillis());
            accessTokenDO.setTokenType(retrieveLatestToken2.getTokenType());
            log.info("Successfully recovered 'CON_APP_KEY' constraint violation with the attempt : " + i);
        }
    }

    public List<AccessTokenDO> retrieveLatestAccessTokens(String str, AuthenticatedUser authenticatedUser, String str2, String str3, boolean z, int i) throws IdentityOAuth2Exception {
        String str4;
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String tenantDomain = authenticatedUser.getTenantDomain();
        int tenantId = OAuth2Util.getTenantId(tenantDomain);
        String userName = authenticatedUser.getUserName();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(authenticatedUser.getUserStoreDomain());
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        boolean z2 = false;
        try {
            try {
                if (dBConnection.getMetaData().getDriverName().contains("MySQL") || dBConnection.getMetaData().getDriverName().contains("H2")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MYSQL;
                } else if (dBConnection.getMetaData().getDatabaseProductName().contains("DB2")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_DB2SQL;
                } else if (dBConnection.getMetaData().getDriverName().contains("MS SQL")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL;
                } else if (dBConnection.getMetaData().getDriverName().contains("Microsoft")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL;
                } else if (dBConnection.getMetaData().getDriverName().contains("PostgreSQL")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_POSTGRESQL;
                } else if (dBConnection.getMetaData().getDriverName().contains("Informix")) {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_INFORMIX;
                } else {
                    str4 = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_ORACLE.replace("ROWNUM < 2", "ROWNUM < " + Integer.toString(i + 1));
                    z2 = true;
                }
                if (!z) {
                    str4 = str4.replace("TOKEN_SCOPE_HASH=?", "TOKEN_SCOPE_HASH=? AND TOKEN_STATE='ACTIVE'");
                }
                if (!z2) {
                    str4 = str4.replace("1", Integer.toString(i));
                }
                if (StringUtils.isNotEmpty(sanitizedUserStoreDomain2) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(sanitizedUserStoreDomain2)) {
                    str4 = str4.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + sanitizedUserStoreDomain2);
                }
                if (!isUserStoreInUsernameCaseSensitive) {
                    str4 = str4.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                String hashScopes = OAuth2Util.hashScopes(str3);
                if (hashScopes == null) {
                    str4 = str4.replace("TOKEN_SCOPE_HASH=?", "TOKEN_SCOPE_HASH IS NULL");
                }
                preparedStatement = dBConnection.prepareStatement(str4);
                preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(2, userName);
                } else {
                    preparedStatement.setString(2, userName.toLowerCase());
                }
                preparedStatement.setInt(3, tenantId);
                preparedStatement.setString(4, sanitizedUserStoreDomain);
                if (hashScopes != null) {
                    preparedStatement.setString(5, hashScopes);
                }
                resultSet = preparedStatement.executeQuery();
                long time = new Date().getTime();
                ArrayList arrayList = new ArrayList();
                int i2 = 0;
                while (resultSet.next()) {
                    long time2 = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                    if (i2 == 0) {
                        time = time2;
                    }
                    if (time != time2) {
                        IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                        return arrayList;
                    }
                    String string = resultSet.getString(7);
                    String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                    String str5 = null;
                    if (resultSet.getString(2) != null) {
                        str5 = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                    }
                    long time3 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                    long j = resultSet.getLong(5);
                    long j2 = resultSet.getLong(6);
                    String string2 = resultSet.getString(8);
                    String string3 = resultSet.getString(9);
                    String string4 = resultSet.getString(10);
                    AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
                    authenticatedUser2.setUserName(userName);
                    authenticatedUser2.setTenantDomain(tenantDomain);
                    authenticatedUser2.setUserStoreDomain(sanitizedUserStoreDomain);
                    authenticatedUser2.setAuthenticatedSubjectIdentifier(string4);
                    AccessTokenDO accessTokenDO = new AccessTokenDO(str, authenticatedUser2, OAuth2Util.buildScopeArray(str3), new Timestamp(time2), new Timestamp(time3), j, j2, string2);
                    accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                    accessTokenDO.setRefreshToken(str5);
                    accessTokenDO.setTokenState(string);
                    accessTokenDO.setTokenId(string3);
                    arrayList.add(accessTokenDO);
                    i2++;
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                String str6 = "Error occurred while trying to retrieve latest 'ACTIVE' access token for Client ID : " + str + ", User ID : " + authenticatedUser + " and  Scope : " + str3;
                if (z) {
                    str6 = str6.replace("ACTIVE", "ACTIVE or EXPIRED");
                }
                throw new IdentityOAuth2Exception(str6, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    public AccessTokenDO retrieveLatestToken(Connection connection, String str, AuthenticatedUser authenticatedUser, String str2, String str3, boolean z) throws IdentityOAuth2Exception {
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String tenantDomain = authenticatedUser.getTenantDomain();
        int tenantId = OAuth2Util.getTenantId(tenantDomain);
        String userName = authenticatedUser.getUserName();
        String sanitizedUserStoreDomain = getSanitizedUserStoreDomain(authenticatedUser.getUserStoreDomain());
        String sanitizedUserStoreDomain2 = getSanitizedUserStoreDomain(str2);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                String str4 = z ? (connection.getMetaData().getDriverName().contains("MySQL") || connection.getMetaData().getDriverName().contains("H2")) ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MYSQL : connection.getMetaData().getDatabaseProductName().contains("DB2") ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_DB2SQL : connection.getMetaData().getDriverName().contains("MS SQL") ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : connection.getMetaData().getDriverName().contains("Microsoft") ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : connection.getMetaData().getDriverName().contains("PostgreSQL") ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_POSTGRESQL : connection.getMetaData().getDriverName().contains("Informix") ? SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_INFORMIX : SQLQueries.RETRIEVE_LATEST_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_ORACLE : (connection.getMetaData().getDriverName().contains("MySQL") || connection.getMetaData().getDriverName().contains("H2")) ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MYSQL : connection.getMetaData().getDatabaseProductName().contains("DB2") ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_DB2SQL : connection.getMetaData().getDriverName().contains("MS SQL") ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : connection.getMetaData().getDriverName().contains("Microsoft") ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_MSSQL : connection.getMetaData().getDriverName().contains("PostgreSQL") ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_POSTGRESQL : connection.getMetaData().getDriverName().contains("Informix") ? SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_INFORMIX : SQLQueries.RETRIEVE_LATEST_NON_ACTIVE_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_ORACLE;
                if (StringUtils.isNotEmpty(sanitizedUserStoreDomain2) && !IdentityUtil.getPrimaryDomainName().equalsIgnoreCase(sanitizedUserStoreDomain2)) {
                    str4 = str4.replaceAll("\\bIDN_OAUTH2_ACCESS_TOKEN\\b", "IDN_OAUTH2_ACCESS_TOKEN_" + sanitizedUserStoreDomain2);
                }
                if (!isUserStoreInUsernameCaseSensitive) {
                    str4 = str4.replace(AUTHZ_USER, LOWER_AUTHZ_USER);
                }
                String hashScopes = OAuth2Util.hashScopes(str3);
                if (hashScopes == null) {
                    str4 = str4.replace("TOKEN_SCOPE_HASH=?", "TOKEN_SCOPE_HASH IS NULL");
                }
                preparedStatement = connection.prepareStatement(str4);
                preparedStatement.setString(1, persistenceProcessor.getProcessedClientId(str));
                if (isUserStoreInUsernameCaseSensitive) {
                    preparedStatement.setString(2, userName);
                } else {
                    preparedStatement.setString(2, userName.toLowerCase());
                }
                preparedStatement.setInt(3, tenantId);
                preparedStatement.setString(4, sanitizedUserStoreDomain);
                if (hashScopes != null) {
                    preparedStatement.setString(5, hashScopes);
                }
                resultSet = preparedStatement.executeQuery();
                if (!resultSet.next()) {
                    IdentityDatabaseUtil.closeAllConnections((Connection) null, resultSet, preparedStatement);
                    return null;
                }
                String preprocessedAccessTokenIdentifier = persistenceProcessor.getPreprocessedAccessTokenIdentifier(resultSet.getString(1));
                String str5 = null;
                if (resultSet.getString(2) != null) {
                    str5 = persistenceProcessor.getPreprocessedRefreshToken(resultSet.getString(2));
                }
                long time = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                long time2 = resultSet.getTimestamp(4, Calendar.getInstance(TimeZone.getTimeZone(UTC))).getTime();
                long j = resultSet.getLong(5);
                long j2 = resultSet.getLong(6);
                String string = resultSet.getString(7);
                String string2 = resultSet.getString(8);
                String string3 = resultSet.getString(9);
                AuthenticatedUser authenticatedUser2 = new AuthenticatedUser();
                authenticatedUser2.setUserName(userName);
                authenticatedUser2.setTenantDomain(tenantDomain);
                authenticatedUser2.setUserStoreDomain(sanitizedUserStoreDomain);
                authenticatedUser2.setAuthenticatedSubjectIdentifier(string3);
                AccessTokenDO accessTokenDO = new AccessTokenDO(str, authenticatedUser2, OAuth2Util.buildScopeArray(str3), new Timestamp(time), new Timestamp(time2), j, j2, string);
                accessTokenDO.setAccessToken(preprocessedAccessTokenIdentifier);
                accessTokenDO.setRefreshToken(str5);
                accessTokenDO.setTokenId(string2);
                IdentityDatabaseUtil.closeAllConnections((Connection) null, resultSet, preparedStatement);
                return accessTokenDO;
            } catch (SQLException e) {
                String str6 = "Error occurred while trying to retrieve latest 'ACTIVE' access token for Client ID : " + str + ", User ID : " + authenticatedUser + " and  Scope : " + str3;
                if (!z) {
                    str6 = str6.replace("ACTIVE", "NON ACTIVE");
                }
                throw new IdentityOAuth2Exception(str6, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections((Connection) null, resultSet, preparedStatement);
            throw th;
        }
    }

    static {
        maxPoolSize = 100;
        Log log2 = LogFactory.getLog(TokenMgtDAO.class);
        try {
            String property = IdentityUtil.getProperty("JDBCPersistenceManager.SessionDataPersist.PoolSize");
            if (StringUtils.isNotBlank(property)) {
                maxPoolSize = Integer.parseInt(property);
            }
        } catch (NumberFormatException e) {
            if (log2.isDebugEnabled()) {
                log2.debug("Error while parsing the JDBCPersistenceManager.SessionDataPersist.PoolSize.", e);
            }
            log2.warn("Session data persistence pool size is not configured. Using default value.");
        }
        if (maxPoolSize > 0) {
            log2.info("Thread pool size for session persistent consumer : " + maxPoolSize);
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(maxPoolSize);
            for (int i = 0; i < maxPoolSize; i++) {
                newFixedThreadPool.execute(new TokenPersistenceTask(accessContextTokenQueue));
            }
            ExecutorService newFixedThreadPool2 = Executors.newFixedThreadPool(maxPoolSize);
            for (int i2 = 0; i2 < maxPoolSize; i2++) {
                newFixedThreadPool2.execute(new AuthPersistenceTask(authContextTokenQueue));
            }
        }
    }
}
