package org.wso2.carbon.identity.oauth2.dao;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.internal.OAuthApplicationMgtListener;
import org.wso2.carbon.identity.oauth2.model.AuthzCodeDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2TokenUtil;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.openidconnect.OIDCConstants;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/dao/AuthorizationCodeDAOImpl.class */
public class AuthorizationCodeDAOImpl extends AbstractOAuthDAO implements AuthorizationCodeDAO {
    private static final Log log = LogFactory.getLog(AuthorizationCodeDAOImpl.class);
    private static final String IDN_OAUTH2_AUTHORIZATION_CODE = "IDN_OAUTH2_AUTHORIZATION_CODE";
    private boolean isHashDisabled = OAuth2Util.isHashDisabled();

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public void insertAuthorizationCode(String str, String str2, String str3, AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
        if (isPersistenceEnabled()) {
            if (log.isDebugEnabled()) {
                if (IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                    log.debug("Persisting authorization code (hashed): " + DigestUtils.sha256Hex(str) + " for client: " + str2 + " user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId());
                } else {
                    log.debug("Persisting authorization code for client: " + str2 + " user: " + authzCodeDO.getAuthorizedUser().getLoggableUserId());
                }
            }
            Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
            PreparedStatement preparedStatement = null;
            String userStoreDomain = OAuth2Util.getUserStoreDomain(authzCodeDO.getAuthorizedUser());
            String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(authzCodeDO.getAuthorizedUser());
            try {
                try {
                    preparedStatement = dBConnection.prepareStatement(OAuth2ServiceComponentHolder.isIDPIdColumnEnabled() ? SQLQueries.STORE_AUTHORIZATION_CODE_WITH_PKCE_IDP_NAME : SQLQueries.STORE_AUTHORIZATION_CODE_WITH_PKCE);
                    preparedStatement.setString(1, authzCodeDO.getAuthzCodeId());
                    preparedStatement.setString(2, getPersistenceProcessor().getProcessedAuthzCode(str));
                    preparedStatement.setString(3, str3);
                    preparedStatement.setString(4, "");
                    preparedStatement.setString(5, authzCodeDO.getAuthorizedUser().getUserName());
                    preparedStatement.setString(6, userStoreDomain);
                    int tenantId = OAuth2Util.getTenantId(authzCodeDO.getAuthorizedUser().getTenantDomain());
                    preparedStatement.setInt(7, tenantId);
                    preparedStatement.setTimestamp(8, authzCodeDO.getIssuedTime(), Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC)));
                    preparedStatement.setLong(9, authzCodeDO.getValidityPeriod());
                    preparedStatement.setString(10, authzCodeDO.getAuthorizedUser().getAuthenticatedSubjectIdentifier());
                    preparedStatement.setString(11, authzCodeDO.getPkceCodeChallenge());
                    preparedStatement.setString(12, authzCodeDO.getPkceCodeChallengeMethod());
                    preparedStatement.setString(13, getHashingPersistenceProcessor().getProcessedAuthzCode(str));
                    preparedStatement.setString(14, getPersistenceProcessor().getProcessedClientId(str2));
                    if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
                        preparedStatement.setString(15, authenticatedIDP);
                        preparedStatement.setInt(16, tenantId);
                    }
                    preparedStatement.execute();
                    addAuthorizationCodeScopes(authzCodeDO, dBConnection, tenantId);
                    IdentityDatabaseUtil.commitTransaction(dBConnection);
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                    throw new IdentityOAuth2Exception("Error when storing the authorization code for consumer key : " + str2, e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public void deactivateAuthorizationCodes(List<AuthzCodeDO> list) throws IdentityOAuth2Exception {
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                StringBuilder sb = new StringBuilder();
                for (AuthzCodeDO authzCodeDO : list) {
                    sb.append("Deactivating authorization code(hashed): ").append(DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode())).append(" client: ").append(authzCodeDO.getConsumerKey()).append(" user: ").append(authzCodeDO.getAuthorizedUser().getLoggableUserId()).append("\n");
                }
                log.debug(sb.toString());
            } else {
                StringBuilder sb2 = new StringBuilder();
                for (AuthzCodeDO authzCodeDO2 : list) {
                    sb2.append("Deactivating authorization code client: ").append(authzCodeDO2.getConsumerKey()).append(" user: ").append(authzCodeDO2.getAuthorizedUser().getLoggableUserId()).append("\n");
                }
                log.debug(sb2.toString());
            }
        }
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
                for (AuthzCodeDO authzCodeDO3 : list) {
                    preparedStatement.setString(1, authzCodeDO3.getOauthTokenId());
                    preparedStatement.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(authzCodeDO3.getAuthorizationCode()));
                    preparedStatement.addBatch();
                }
                preparedStatement.executeBatch();
                IdentityDatabaseUtil.commitTransaction(dBConnection);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                if (1 != 0) {
                    OAuth2TokenUtil.postRevokeCodes(list, "INACTIVE");
                }
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public AuthorizationCodeValidationResult validateAuthorizationCode(String str, String str2) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                log.debug("Validating authorization code(hashed): " + DigestUtils.sha256Hex(str2) + " for client: " + str);
            } else {
                log.debug("Validating authorization code for client: " + str);
            }
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        AuthorizationCodeValidationResult authorizationCodeValidationResult = null;
        try {
            try {
                PreparedStatement prepareStatement = dBConnection.prepareStatement(OAuth2ServiceComponentHolder.isIDPIdColumnEnabled() ? SQLQueries.VALIDATE_AUTHZ_CODE_WITH_PKCE_IDP_NAME : SQLQueries.VALIDATE_AUTHZ_CODE_WITH_PKCE);
                prepareStatement.setString(1, getPersistenceProcessor().getProcessedClientId(str));
                prepareStatement.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(str2));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    String string = executeQuery.getString(8);
                    String string2 = executeQuery.getString(1);
                    String string3 = executeQuery.getString(2);
                    int i = executeQuery.getInt(3);
                    String tenantDomain = OAuth2Util.getTenantDomain(i);
                    String string4 = executeQuery.getString(4);
                    String string5 = executeQuery.getString(5);
                    Timestamp timestamp = executeQuery.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC)));
                    long j = executeQuery.getLong(7);
                    String string6 = executeQuery.getString(11);
                    String string7 = executeQuery.getString(12);
                    String string8 = executeQuery.getString(13);
                    String string9 = executeQuery.getString(14);
                    String str3 = null;
                    if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
                        str3 = executeQuery.getString(15);
                    }
                    AuthenticatedUser createAuthenticatedUser = OAuth2Util.createAuthenticatedUser(string2, string3, tenantDomain, str3);
                    try {
                        createAuthenticatedUser.setAuthenticatedSubjectIdentifier(string7, OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProviderByClientId(str, OAuthApplicationMgtListener.OAUTH2, tenantDomain));
                        String string10 = executeQuery.getString(9);
                        String tokenBindingReference = StringUtils.isNotBlank(string10) ? getTokenBindingReference(dBConnection, string10, i) : "NONE";
                        if (StringUtils.isBlank(string4)) {
                            string4 = OAuth2Util.buildScopeString((String[]) getAuthorizationCodeScopes(dBConnection, string6, i).toArray(new String[0]));
                        }
                        authorizationCodeValidationResult = new AuthorizationCodeValidationResult(createAuthzCodeDo(str, str2, createAuthenticatedUser, string, string4, string5, string6, string8, string9, timestamp, j, tokenBindingReference), string10);
                    } catch (IdentityApplicationManagementException e) {
                        throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data for client id " + str, (Throwable) e);
                    }
                }
                AuthorizationCodeValidationResult authorizationCodeValidationResult2 = authorizationCodeValidationResult;
                IdentityDatabaseUtil.closeAllConnections(dBConnection, executeQuery, prepareStatement);
                return authorizationCodeValidationResult2;
            } catch (SQLException e2) {
                throw new IdentityOAuth2Exception("Error when validating an authorization code", e2);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, (PreparedStatement) null);
            throw th;
        }
    }

    private String getTokenBindingReference(Connection connection, String str, int i) throws SQLException {
        PreparedStatement prepareStatement = connection.prepareStatement(SQLQueries.RETRIEVE_TOKEN_BINDING_REFERENCE_TOKEN_ID);
        Throwable th = null;
        try {
            prepareStatement.setString(1, str);
            prepareStatement.setInt(2, i);
            ResultSet executeQuery = prepareStatement.executeQuery();
            Throwable th2 = null;
            try {
                try {
                    if (executeQuery.next()) {
                        String string = executeQuery.getString("TOKEN_BINDING_REF");
                        if (executeQuery != null) {
                            if (0 != 0) {
                                try {
                                    executeQuery.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                executeQuery.close();
                            }
                        }
                        return string;
                    }
                    if (executeQuery != null) {
                        if (0 != 0) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            executeQuery.close();
                        }
                    }
                    if (prepareStatement == null) {
                        return "NONE";
                    }
                    if (0 == 0) {
                        prepareStatement.close();
                        return "NONE";
                    }
                    try {
                        prepareStatement.close();
                        return "NONE";
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                        return "NONE";
                    }
                } catch (Throwable th6) {
                    th2 = th6;
                    throw th6;
                }
            } catch (Throwable th7) {
                if (executeQuery != null) {
                    if (th2 != null) {
                        try {
                            executeQuery.close();
                        } catch (Throwable th8) {
                            th2.addSuppressed(th8);
                        }
                    } else {
                        executeQuery.close();
                    }
                }
                throw th7;
            }
        } finally {
            if (prepareStatement != null) {
                if (0 != 0) {
                    try {
                        prepareStatement.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    prepareStatement.close();
                }
            }
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public void updateAuthorizationCodeState(String str, String str2) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                log.debug("Changing state of authorization code(hashed): " + DigestUtils.sha256Hex(str) + " to: " + str2);
            } else {
                log.debug("Changing state of authorization code  to: " + str2);
            }
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.UPDATE_AUTHORIZATION_CODE_STATE);
                preparedStatement.setString(1, str2);
                preparedStatement.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(str));
                preparedStatement.execute();
                IdentityDatabaseUtil.commitTransaction(dBConnection);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                if (1 != 0) {
                    OAuth2TokenUtil.postRevokeCode(str, str2, null, null);
                }
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while updating the state of Authorization Code : " + str.toString(), e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public void deactivateAuthorizationCode(AuthzCodeDO authzCodeDO) throws IdentityOAuth2Exception {
        if (isPersistenceEnabled()) {
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                log.debug("Deactivating authorization code(hashed): " + DigestUtils.sha256Hex(authzCodeDO.getAuthorizationCode()));
            }
            PreparedStatement preparedStatement = null;
            Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
            try {
                try {
                    preparedStatement = dBConnection.prepareStatement(SQLQueries.DEACTIVATE_AUTHZ_CODE_AND_INSERT_CURRENT_TOKEN);
                    preparedStatement.setString(1, authzCodeDO.getOauthTokenId());
                    preparedStatement.setString(2, getHashingPersistenceProcessor().getProcessedAuthzCode(authzCodeDO.getAuthorizationCode()));
                    preparedStatement.executeUpdate();
                    IdentityDatabaseUtil.commitTransaction(dBConnection);
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                    if (1 != 0) {
                        OAuth2TokenUtil.postRevokeCode(authzCodeDO.getAuthzCodeId(), "INACTIVE", authzCodeDO.getOauthTokenId(), authzCodeDO.getAuthorizationCode());
                    }
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                    throw new IdentityOAuth2Exception("Error when deactivating authorization code", e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public Set<String> getAuthorizationCodesByUser(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving authorization codes of user: " + authenticatedUser.toString());
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String str = SQLQueries.GET_AUTHORIZATION_CODES_BY_AUTHZUSER;
        if (!isUserStoreInUsernameCaseSensitive) {
            try {
                try {
                    str = str.replace("AUTHZ_USER", TokenManagementDAOImpl.LOWER_AUTHZ_USER);
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                    throw new IdentityOAuth2Exception("Error occurred while revoking Access Token with user Name : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()), e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
        preparedStatement = dBConnection.prepareStatement(str);
        if (isUserStoreInUsernameCaseSensitive) {
            preparedStatement.setString(1, authenticatedUser.getUserName());
        } else {
            preparedStatement.setString(1, authenticatedUser.getUserName().toLowerCase());
        }
        preparedStatement.setInt(2, OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()));
        preparedStatement.setString(3, authenticatedUser.getUserStoreDomain());
        preparedStatement.setString(4, "ACTIVE");
        ResultSet executeQuery = preparedStatement.executeQuery();
        while (executeQuery.next()) {
            if (OAuth2Util.calculateValidityInMillis(executeQuery.getTimestamp(2, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))).getTime(), executeQuery.getLong(3)) > 1000 && this.isHashDisabled) {
                hashSet.add(getPersistenceProcessor().getPreprocessedAuthzCode(executeQuery.getString(1)));
            }
        }
        IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
        return hashSet;
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public List<AuthzCodeDO> getAuthorizationCodesByUserForOpenidScope(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving authorization codes of user: " + authenticatedUser.toString());
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ArrayList arrayList = new ArrayList();
        String userName = authenticatedUser.getUserName();
        String tenantDomain = authenticatedUser.getTenantDomain();
        String userStoreDomain = authenticatedUser.getUserStoreDomain();
        boolean isUserStoreInUsernameCaseSensitive = IdentityUtil.isUserStoreInUsernameCaseSensitive(authenticatedUser.toString());
        String str = SQLQueries.GET_OPEN_ID_AUTHORIZATION_CODE_DATA_BY_AUTHZUSER;
        if (!isUserStoreInUsernameCaseSensitive) {
            try {
                try {
                    str = str.replace("AUTHZ_USER", TokenManagementDAOImpl.LOWER_AUTHZ_USER);
                } catch (SQLException e) {
                    IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                    throw new IdentityOAuth2Exception("Error occurred while revoking authorization code with username : " + authenticatedUser.getUserName() + " tenant ID : " + OAuth2Util.getTenantId(authenticatedUser.getTenantDomain()), e);
                }
            } catch (Throwable th) {
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                throw th;
            }
        }
        preparedStatement = dBConnection.prepareStatement(str);
        if (isUserStoreInUsernameCaseSensitive) {
            preparedStatement.setString(1, userName);
        } else {
            preparedStatement.setString(1, userName.toLowerCase());
        }
        preparedStatement.setInt(2, OAuth2Util.getTenantId(tenantDomain));
        preparedStatement.setString(3, userStoreDomain);
        preparedStatement.setString(4, "ACTIVE");
        ResultSet executeQuery = preparedStatement.executeQuery();
        while (executeQuery.next()) {
            long j = executeQuery.getLong(3);
            Timestamp timestamp = executeQuery.getTimestamp(2, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC)));
            long time = timestamp.getTime();
            String string = executeQuery.getString(1);
            String string2 = executeQuery.getString(4);
            String[] buildScopeArray = OAuth2Util.buildScopeArray(executeQuery.getString(5));
            String string3 = executeQuery.getString(6);
            String string4 = executeQuery.getString(7);
            AuthenticatedUser createAuthenticatedUser = OAuth2Util.createAuthenticatedUser(userName, userStoreDomain, tenantDomain, executeQuery.getString(8));
            if (isAuthorizationCodeIssuedForOpenidScope(buildScopeArray) && OAuth2Util.getTimeToExpire(time, j) > 0 && this.isHashDisabled) {
                arrayList.add(new AuthzCodeDO(createAuthenticatedUser, buildScopeArray, timestamp, j, string3, string4, string, string2));
            }
        }
        dBConnection.commit();
        IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
        return arrayList;
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public Set<String> getAuthorizationCodesByConsumerKey(String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving authorization codes for client: " + str);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_AUTHORIZATION_CODES_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    if (this.isHashDisabled) {
                        hashSet.add(getPersistenceProcessor().getPreprocessedAuthzCode(executeQuery.getString(1)));
                    }
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting authorization codes from authorization code table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public Set<String> getActiveAuthorizationCodesByConsumerKey(String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving active authorization codes for client: " + str);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_ACTIVE_AUTHORIZATION_CODES_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "ACTIVE");
                ResultSet executeQuery = preparedStatement.executeQuery();
                while (executeQuery.next()) {
                    if (this.isHashDisabled) {
                        hashSet.add(getPersistenceProcessor().getPreprocessedAuthzCode(executeQuery.getString(1)));
                    }
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting authorization codes from authorization code table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public List<AuthzCodeDO> getLatestAuthorizationCodesByTenant(int i) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving latest authorization codes of tenant id: " + i);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        ArrayList arrayList = new ArrayList();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(OAuth2ServiceComponentHolder.isIDPIdColumnEnabled() ? SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT_IDP_NAME : SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_TENANT);
                preparedStatement.setInt(1, i);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    String string4 = resultSet.getString(4);
                    String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                    Timestamp timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC)));
                    long j = resultSet.getLong(7);
                    String string5 = resultSet.getString(8);
                    String string6 = resultSet.getString(9);
                    String str = null;
                    if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
                        str = resultSet.getString(10);
                    }
                    AuthenticatedUser createAuthenticatedUser = OAuth2Util.createAuthenticatedUser(string4, string6, OAuth2Util.getTenantDomain(i), str);
                    if (ArrayUtils.isEmpty(buildScopeArray)) {
                        buildScopeArray = (String[]) getAuthorizationCodeScopes(dBConnection, string, i).toArray(new String[0]);
                    }
                    arrayList.add(new AuthzCodeDO(createAuthenticatedUser, buildScopeArray, timestamp, j, string5, string3, string2, string));
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public List<AuthzCodeDO> getLatestAuthorizationCodesByUserStore(int i, String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving latest authorization codes of userstore: " + str + " tenant id: " + i);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        String sanitizedUserStoreDomain = OAuth2Util.getSanitizedUserStoreDomain(str);
        ArrayList arrayList = new ArrayList();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(OAuth2ServiceComponentHolder.isIDPIdColumnEnabled() ? SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN_IDP_NAME : SQLQueries.LIST_LATEST_AUTHZ_CODES_IN_USER_DOMAIN);
                preparedStatement.setInt(1, i);
                preparedStatement.setString(2, sanitizedUserStoreDomain);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    String string4 = resultSet.getString(4);
                    String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                    Timestamp timestamp = resultSet.getTimestamp(6, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC)));
                    long j = resultSet.getLong(7);
                    String string5 = resultSet.getString(8);
                    String str2 = null;
                    if (OAuth2ServiceComponentHolder.isIDPIdColumnEnabled()) {
                        str2 = resultSet.getString(9);
                    }
                    AuthenticatedUser createAuthenticatedUser = OAuth2Util.createAuthenticatedUser(string4, sanitizedUserStoreDomain, OAuth2Util.getTenantDomain(i), str2);
                    if (ArrayUtils.isEmpty(buildScopeArray)) {
                        buildScopeArray = (String[]) getAuthorizationCodeScopes(dBConnection, string, i).toArray(new String[0]);
                    }
                    arrayList.add(new AuthzCodeDO(createAuthenticatedUser, buildScopeArray, timestamp, j, string5, string3, string2, string));
                }
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return arrayList;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while retrieving latest authorization codes of user store : " + sanitizedUserStoreDomain + " in tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public void updateUserStoreDomain(int i, String str, String str2) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Renaming userstore domain: " + str + " as: " + str2 + " tenant id: " + i + " in IDN_OAUTH2_AUTHORIZATION_CODE table");
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        String sanitizedUserStoreDomain = OAuth2Util.getSanitizedUserStoreDomain(str);
        String sanitizedUserStoreDomain2 = OAuth2Util.getSanitizedUserStoreDomain(str2);
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RENAME_USER_STORE_IN_AUTHORIZATION_CODES_TABLE);
                preparedStatement.setString(1, sanitizedUserStoreDomain2);
                preparedStatement.setInt(2, i);
                preparedStatement.setString(3, sanitizedUserStoreDomain);
                int executeUpdate = preparedStatement.executeUpdate();
                if (log.isDebugEnabled()) {
                    log.debug("Number of rows being updated : " + executeUpdate);
                }
                IdentityDatabaseUtil.commitTransaction(dBConnection);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollbackTransaction(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while renaming user store : " + sanitizedUserStoreDomain + "in tenant :" + i, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, (ResultSet) null, preparedStatement);
            throw th;
        }
    }

    private void addAuthorizationCodeScopes(AuthzCodeDO authzCodeDO, Connection connection, int i) throws SQLException {
        PreparedStatement prepareStatement = connection.prepareStatement(SQLQueries.INSERT_OAUTH2_CODE_SCOPE);
        Throwable th = null;
        try {
            try {
                String authzCodeId = authzCodeDO.getAuthzCodeId();
                if (authzCodeDO.getScope() != null) {
                    for (String str : new HashSet(Arrays.asList(authzCodeDO.getScope()))) {
                        prepareStatement.setString(1, authzCodeId);
                        prepareStatement.setString(2, str);
                        prepareStatement.setInt(3, i);
                        prepareStatement.addBatch();
                    }
                }
                prepareStatement.executeBatch();
                if (prepareStatement != null) {
                    if (0 == 0) {
                        prepareStatement.close();
                        return;
                    }
                    try {
                        prepareStatement.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (prepareStatement != null) {
                if (th != null) {
                    try {
                        prepareStatement.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    prepareStatement.close();
                }
            }
            throw th4;
        }
    }

    private List<String> getAuthorizationCodeScopes(Connection connection, String str, int i) throws SQLException {
        ArrayList arrayList = new ArrayList();
        PreparedStatement prepareStatement = connection.prepareStatement(SQLQueries.GET_OAUTH2_CODE_SCOPE);
        Throwable th = null;
        try {
            prepareStatement.setString(1, str);
            prepareStatement.setInt(2, i);
            ResultSet executeQuery = prepareStatement.executeQuery();
            Throwable th2 = null;
            while (executeQuery.next()) {
                try {
                    try {
                        arrayList.add(executeQuery.getString(1));
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (executeQuery != null) {
                        if (th2 != null) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            executeQuery.close();
                        }
                    }
                    throw th3;
                }
            }
            if (executeQuery != null) {
                if (0 != 0) {
                    try {
                        executeQuery.close();
                    } catch (Throwable th5) {
                        th2.addSuppressed(th5);
                    }
                } else {
                    executeQuery.close();
                }
            }
            return arrayList;
        } finally {
            if (prepareStatement != null) {
                if (0 != 0) {
                    try {
                        prepareStatement.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    prepareStatement.close();
                }
            }
        }
    }

    private String getAuthorizationCodeByCodeId(String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving authorization code by code id: " + str);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_AUTHZ_CODE_BY_CODE_ID);
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                if (!resultSet.next()) {
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                    return null;
                }
                String string = resultSet.getString("AUTHORIZATION_CODE");
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return string;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Authorization Code' for authorization code : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public String getCodeIdByAuthorizationCode(String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("AccessToken")) {
            log.debug("Retrieving id of authorization code(hashed): " + DigestUtils.sha256Hex(str));
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection(false);
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.RETRIEVE_CODE_ID_BY_AUTHORIZATION_CODE);
                preparedStatement.setString(1, getHashingPersistenceProcessor().getProcessedAuthzCode(str));
                resultSet = preparedStatement.executeQuery();
                if (!resultSet.next()) {
                    IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                    return null;
                }
                String string = resultSet.getString(OIDCConstants.Event.CODE_ID);
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return string;
            } catch (SQLException e) {
                throw new IdentityOAuth2Exception("Error occurred while retrieving 'Code ID' for authorization code : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    private AuthzCodeDO createAuthzCodeDo(String str, String str2, AuthenticatedUser authenticatedUser, String str3, String str4, String str5, String str6, String str7, String str8, Timestamp timestamp, long j, String str9) {
        return new AuthzCodeDO(authenticatedUser, OAuth2Util.buildScopeArray(str4), timestamp, j, str5, str, str2, str6, str3, str7, str8, str9);
    }

    private boolean isActiveAuthzCodeIssuedForOidcFlow(String[] strArr, long j, long j2) {
        return isAuthorizationCodeIssuedForOpenidScope(strArr) && OAuth2Util.getTimeToExpire(j, j2) > 0;
    }

    @Override // org.wso2.carbon.identity.oauth2.dao.AuthorizationCodeDAO
    public Set<AuthzCodeDO> getAuthorizationCodeDOSetByConsumerKeyForOpenidScope(String str) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving active authorization code data objects for client: " + str);
        }
        Connection dBConnection = IdentityDatabaseUtil.getDBConnection();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        HashSet hashSet = new HashSet();
        try {
            try {
                preparedStatement = dBConnection.prepareStatement(SQLQueries.GET_DETAILED_ACTIVE_AUTHORIZATION_CODES_FOR_CONSUMER_KEY);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, "ACTIVE");
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    AuthzCodeDO authzCodeDO = new AuthzCodeDO();
                    String preprocessedAuthzCode = getPersistenceProcessor().getPreprocessedAuthzCode(resultSet.getString(1));
                    String string = resultSet.getString(2);
                    long time = resultSet.getTimestamp(3, Calendar.getInstance(TimeZone.getTimeZone(Constants.UTC))).getTime();
                    long j = resultSet.getLong(4);
                    String[] buildScopeArray = OAuth2Util.buildScopeArray(resultSet.getString(5));
                    authzCodeDO.setAuthorizationCode(preprocessedAuthzCode);
                    authzCodeDO.setAuthzCodeId(string);
                    if (isActiveAuthzCodeIssuedForOidcFlow(buildScopeArray, time, j) && this.isHashDisabled) {
                        hashSet.add(authzCodeDO);
                    }
                }
                dBConnection.commit();
                IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                IdentityDatabaseUtil.rollBack(dBConnection);
                throw new IdentityOAuth2Exception("Error occurred while getting authorization codes and code ids from authorization code table for the application with consumer key : " + str, e);
            }
        } catch (Throwable th) {
            IdentityDatabaseUtil.closeAllConnections(dBConnection, resultSet, preparedStatement);
            throw th;
        }
    }

    private boolean isAuthorizationCodeIssuedForOpenidScope(String[] strArr) {
        if (ArrayUtils.isNotEmpty(strArr)) {
            return Arrays.asList(strArr).contains(OAuth2Util.OPENID_SCOPE);
        }
        return false;
    }
}
