package org.apache.syncope.core.logic;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.annotation.Resource;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.AccessTokenTO;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.search.OrderByClause;
import org.apache.syncope.core.persistence.api.entity.AccessToken;
import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.apache.syncope.core.spring.security.Encryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:org/apache/syncope/core/logic/AccessTokenLogic.class */
public class AccessTokenLogic extends AbstractTransactionalLogic<AccessTokenTO> {
    private static final Encryptor ENCRYPTOR = Encryptor.getInstance();

    @Resource(name = "anonymousUser")
    private String anonymousUser;

    @Autowired
    private AccessTokenDataBinder binder;

    @Autowired
    private AccessTokenDAO accessTokenDAO;

    private byte[] getAuthorities() {
        byte[] bArr = null;
        try {
            bArr = ENCRYPTOR.encode(POJOHelper.serialize(AuthContextUtils.getAuthorities()), CipherAlgorithm.AES).getBytes();
        } catch (Exception e) {
            LOG.error("Could not fetch authorities", e);
        }
        return bArr;
    }

    @PreAuthorize("isAuthenticated()")
    public Pair<String, Date> login() {
        if (!this.anonymousUser.equals(AuthContextUtils.getUsername())) {
            return this.binder.create(AuthContextUtils.getUsername(), Collections.emptyMap(), getAuthorities(), false);
        }
        SyncopeClientException build = SyncopeClientException.build(ClientExceptionType.InvalidRequest);
        build.getElements().add(this.anonymousUser + " cannot be granted an access token");
        throw build;
    }

    @PreAuthorize("isAuthenticated()")
    public Pair<String, Date> refresh() {
        AccessToken findByOwner = this.accessTokenDAO.findByOwner(AuthContextUtils.getUsername());
        if (findByOwner == null) {
            throw new NotFoundException("AccessToken for " + AuthContextUtils.getUsername());
        }
        return this.binder.update(findByOwner, getAuthorities());
    }

    @PreAuthorize("isAuthenticated()")
    public void logout() {
        AccessToken findByOwner = this.accessTokenDAO.findByOwner(AuthContextUtils.getUsername());
        if (findByOwner == null) {
            throw new NotFoundException("AccessToken for " + AuthContextUtils.getUsername());
        }
        delete(findByOwner.getKey());
    }

    @Transactional(readOnly = true)
    @PreAuthorize("hasRole('ACCESS_TOKEN_LIST')")
    public Pair<Integer, List<AccessTokenTO>> list(int i, int i2, List<OrderByClause> list) {
        return Pair.of(Integer.valueOf(this.accessTokenDAO.count()), (List) CollectionUtils.collect(this.accessTokenDAO.findAll(i, i2, list), new Transformer<AccessToken, AccessTokenTO>() { // from class: org.apache.syncope.core.logic.AccessTokenLogic.1
            public AccessTokenTO transform(AccessToken accessToken) {
                return AccessTokenLogic.this.binder.getAccessTokenTO(accessToken);
            }
        }, new ArrayList()));
    }

    @PreAuthorize("hasRole('ACCESS_TOKEN_DELETE')")
    public void delete(String str) {
        this.accessTokenDAO.delete(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.syncope.core.logic.AbstractLogic
    /* renamed from: resolveReference, reason: merged with bridge method [inline-methods] */
    public AccessTokenTO mo3resolveReference(Method method, Object... objArr) throws UnresolvedReferenceException {
        throw new UnresolvedReferenceException();
    }
}
