package org.cloudfoundry.identity.uaa.oauth.token;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable;
import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken;
import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioning.class */
public class JdbcRevocableTokenProvisioning implements RevocableTokenProvisioning, SystemDeletable {
    protected static final String TABLE = "revocable_tokens";
    protected static final String GET_QUERY = "SELECT token_id,client_id,user_id,format,response_type,issued_at,expires_at,scope,data,identity_zone_id FROM revocable_tokens WHERE token_id=? AND identity_zone_id=?";
    protected static final String GET_BY_USER_QUERY = "SELECT token_id,client_id,user_id,format,response_type,issued_at,expires_at,scope,data,identity_zone_id FROM revocable_tokens WHERE user_id=? AND identity_zone_id=?";
    protected static final String GET_BY_CLIENT_QUERY = "SELECT token_id,client_id,user_id,format,response_type,issued_at,expires_at,scope,data,identity_zone_id FROM revocable_tokens WHERE client_id=? AND identity_zone_id=?";
    protected static final String INSERT_QUERY = "INSERT INTO revocable_tokens (token_id,client_id,user_id,format,response_type,issued_at,expires_at,scope,data,identity_zone_id) VALUES (?,?,?,?,?,?,?,?,?,?)";
    protected static final String DELETE_QUERY = "DELETE FROM revocable_tokens WHERE token_id=? and identity_zone_id=?";
    protected static final String DELETE_EXPIRED_QUERY = "DELETE FROM revocable_tokens WHERE expires_at < ?";
    protected static final String DELETE_BY_CLIENT_QUERY = "DELETE FROM revocable_tokens WHERE client_id = ? AND identity_zone_id=?";
    protected static final String DELETE_BY_USER_QUERY = "DELETE FROM revocable_tokens WHERE user_id = ? AND identity_zone_id=?";
    protected static final String DELETE_BY_ZONE_QUERY = "DELETE FROM revocable_tokens WHERE identity_zone_id=?";
    protected final JdbcTemplate template;
    protected final LimitSqlAdapter limitSqlAdapter;
    private static final String REFRESH_TOKEN_RESPONSE_TYPE = RevocableToken.TokenType.REFRESH_TOKEN.toString();
    protected static final String FIELDS = "token_id,client_id,user_id,format,response_type,issued_at,expires_at,scope,data,identity_zone_id";
    protected static final String UPDATE_FIELDS = FIELDS.substring(FIELDS.indexOf(44) + 1, FIELDS.lastIndexOf(44)).replace(",", "=?,") + "=?";
    protected static final String UPDATE_QUERY = "UPDATE revocable_tokens SET " + UPDATE_FIELDS + " WHERE token_id=? and identity_zone_id=?";
    protected static final String DELETE_REFRESH_TOKEN_QUERY = "DELETE FROM revocable_tokens WHERE user_id=? AND client_id=? AND response_type='" + REFRESH_TOKEN_RESPONSE_TYPE + "' AND identity_zone_id=?";
    protected static final Log logger = LogFactory.getLog(JdbcRevocableTokenProvisioning.class);
    protected AtomicLong lastExpiredCheck = new AtomicLong(0);
    protected long expirationCheckInterval = 30000;
    private long maxExpirationRuntime = 2500;
    protected final RowMapper<RevocableToken> rowMapper = new RevocableTokenRowMapper();

    /* loaded from: input_file:org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioning$RevocableTokenRowMapper.class */
    protected static final class RevocableTokenRowMapper implements RowMapper<RevocableToken> {
        protected RevocableTokenRowMapper() {
        }

        /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
        public RevocableToken m87mapRow(ResultSet resultSet, int i) throws SQLException {
            RevocableToken revocableToken = new RevocableToken();
            int i2 = 1 + 1;
            revocableToken.setTokenId(resultSet.getString(1));
            int i3 = i2 + 1;
            revocableToken.setClientId(resultSet.getString(i2));
            int i4 = i3 + 1;
            revocableToken.setUserId(resultSet.getString(i3));
            int i5 = i4 + 1;
            revocableToken.setFormat(resultSet.getString(i4));
            int i6 = i5 + 1;
            String string = resultSet.getString(i5);
            if (StringUtils.hasText(string)) {
                revocableToken.setResponseType(RevocableToken.TokenType.valueOf(string));
            }
            int i7 = i6 + 1;
            revocableToken.setIssuedAt(resultSet.getLong(i6));
            int i8 = i7 + 1;
            revocableToken.setExpiresAt(resultSet.getLong(i7));
            int i9 = i8 + 1;
            revocableToken.setScope(resultSet.getString(i8));
            int i10 = i9 + 1;
            revocableToken.setValue(resultSet.getString(i9));
            int i11 = i10 + 1;
            revocableToken.setZoneId(resultSet.getString(i10));
            return revocableToken;
        }
    }

    public JdbcRevocableTokenProvisioning(JdbcTemplate jdbcTemplate, LimitSqlAdapter limitSqlAdapter) {
        this.template = jdbcTemplate;
        this.limitSqlAdapter = limitSqlAdapter;
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public List<RevocableToken> retrieveAll(String str) {
        return null;
    }

    public RevocableToken retrieve(String str, boolean z, String str2) {
        if (z) {
            checkExpired();
        }
        RevocableToken revocableToken = (RevocableToken) this.template.queryForObject(GET_QUERY, this.rowMapper, new Object[]{str, str2});
        if (!z || revocableToken.getExpiresAt() >= System.currentTimeMillis()) {
            return revocableToken;
        }
        delete(str, 0, str2);
        throw new EmptyResultDataAccessException("Token expired.", 1);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public RevocableToken retrieve(String str, String str2) {
        return retrieve(str, true, str2);
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning
    public int deleteRefreshTokensForClientAndUserId(String str, String str2, String str3) {
        return this.template.update(DELETE_REFRESH_TOKEN_QUERY, new Object[]{str2, str, str3});
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public RevocableToken create(RevocableToken revocableToken, String str) {
        checkExpired();
        this.template.update(INSERT_QUERY, new Object[]{revocableToken.getTokenId(), revocableToken.getClientId(), revocableToken.getUserId(), revocableToken.getFormat(), revocableToken.getResponseType().toString(), Long.valueOf(revocableToken.getIssuedAt()), Long.valueOf(revocableToken.getExpiresAt()), revocableToken.getScope(), revocableToken.getValue(), str});
        return retrieve(revocableToken.getTokenId(), false, str);
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public RevocableToken update(String str, RevocableToken revocableToken, String str2) {
        this.template.update(UPDATE_QUERY, new Object[]{revocableToken.getClientId(), revocableToken.getUserId(), revocableToken.getFormat(), revocableToken.getResponseType().toString(), Long.valueOf(revocableToken.getIssuedAt()), Long.valueOf(revocableToken.getExpiresAt()), revocableToken.getScope(), revocableToken.getValue(), str, str2});
        return retrieve(str, false, str2);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.cloudfoundry.identity.uaa.resources.ResourceManager
    public RevocableToken delete(String str, int i, String str2) {
        RevocableToken retrieve = retrieve(str, false, str2);
        this.template.update(DELETE_QUERY, new Object[]{str, str2});
        return retrieve;
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByIdentityZone(String str) {
        return this.template.update(DELETE_BY_ZONE_QUERY, new Object[]{str});
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByClient(String str, String str2) {
        return this.template.update(DELETE_BY_CLIENT_QUERY, new Object[]{str, str2});
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByUser(String str, String str2) {
        return this.template.update(DELETE_BY_USER_QUERY, new Object[]{str, str2});
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public Log getLogger() {
        return logger;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning
    public List<RevocableToken> getUserTokens(String str, String str2) {
        return this.template.query(GET_BY_USER_QUERY, this.rowMapper, new Object[]{str, str2});
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning
    public List<RevocableToken> getUserTokens(String str, String str2, String str3) {
        if (StringUtils.isEmpty(str2)) {
            throw new NullPointerException("Client ID can not be null when retrieving tokens.");
        }
        return (List) getUserTokens(str, str3).stream().filter(revocableToken -> {
            return str2.equals(revocableToken.getClientId());
        }).collect(Collectors.toList());
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning
    public List<RevocableToken> getClientTokens(String str, String str2) {
        return this.template.query(GET_BY_CLIENT_QUERY, this.rowMapper, new Object[]{str, str2});
    }

    public long getExpirationCheckInterval() {
        return this.expirationCheckInterval;
    }

    public void setExpirationCheckInterval(long j) {
        this.expirationCheckInterval = j;
    }

    public long getMaxExpirationRuntime() {
        return this.maxExpirationRuntime;
    }

    public void checkExpired() {
        long currentTimeMillis = System.currentTimeMillis();
        long j = this.lastExpiredCheck.get();
        if (currentTimeMillis - j > getExpirationCheckInterval() && this.lastExpiredCheck.compareAndSet(j, currentTimeMillis) && runDeleteExpired(currentTimeMillis)) {
            this.lastExpiredCheck.set(0L);
        }
    }

    protected boolean runDeleteExpired(long j) {
        int update;
        String deleteExpiredQuery = this.limitSqlAdapter.getDeleteExpiredQuery(TABLE, "token_id", "expires_at", 500);
        do {
            update = this.template.update(deleteExpiredQuery, new Object[]{Long.valueOf(j)});
            logger.info("Removed " + update + " expired revocable tokens.");
            if (update <= 0) {
                break;
            }
        } while (System.currentTimeMillis() - j < this.maxExpirationRuntime);
        return update >= 500;
    }

    public long getLastExpiredRun() {
        return this.lastExpiredCheck.get();
    }

    public void setMaxExpirationRuntime(long j) {
        this.maxExpirationRuntime = j;
    }
}
