package org.appfuse.service.impl;

import java.util.Date;
import javax.sql.DataSource;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.math.RandomUtils;
import org.apache.commons.lang.time.DateUtils;
import org.appfuse.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;

/* loaded from: input_file:WEB-INF/lib/appfuse-service-3.5.0.jar:org/appfuse/service/impl/PersistentPasswordTokenManagerImpl.class */
public class PersistentPasswordTokenManagerImpl implements PasswordTokenManager {
    private JdbcTemplate jdbcTemplate;
    private String deleteTokenSql = "delete from password_reset_token where username=?";
    private String insertTokenSql = "insert into password_reset_token (username, token, expiration_time) values (?, ?, ?)";
    private String selectTokenSql = "select count(token) from password_reset_token where username=? and token=? and expiration_time > NOW()";

    @Autowired
    public void setDataSource(DataSource dataSource) {
        this.jdbcTemplate = new JdbcTemplate(dataSource);
    }

    public void setDeleteTokenSql(String str) {
        this.deleteTokenSql = str;
    }

    public void setInsertTokenSql(String str) {
        this.insertTokenSql = str;
    }

    public void setSelectTokenSql(String str) {
        this.selectTokenSql = str;
    }

    @Override // org.appfuse.service.impl.PasswordTokenManager
    public String generateRecoveryToken(User user) {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(RandomUtils.nextInt(16) + 16);
        persistToken(user, randomAlphanumeric);
        return randomAlphanumeric;
    }

    @Override // org.appfuse.service.impl.PasswordTokenManager
    public boolean isRecoveryTokenValid(User user, String str) {
        return isRecoveryTokenPersisted(user, str);
    }

    @Override // org.appfuse.service.impl.PasswordTokenManager
    public void invalidateRecoveryToken(User user, String str) {
        this.jdbcTemplate.update(this.deleteTokenSql, user.getUsername());
    }

    protected void persistToken(User user, String str) {
        this.jdbcTemplate.update(this.deleteTokenSql, user.getUsername());
        this.jdbcTemplate.update(this.insertTokenSql, user.getUsername(), str, getExpirationTime());
    }

    protected boolean isRecoveryTokenPersisted(User user, String str) {
        Number number = (Number) this.jdbcTemplate.queryForObject(this.selectTokenSql, new Object[]{user.getUsername(), str}, Integer.class);
        return number != null && number.intValue() == 1;
    }

    private Date getExpirationTime() {
        return DateUtils.addDays(new Date(), 1);
    }
}
