package org.cloudfoundry.identity.uaa.zone;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
import org.cloudfoundry.identity.uaa.resources.ResourceMonitor;
import org.cloudfoundry.identity.uaa.security.ContextSensitiveOAuth2SecurityExpressionMethods;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.dao.InvalidDataAccessResourceUsageException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.util.DefaultJdbcListFactory;
import org.springframework.security.oauth2.common.util.JdbcListFactory;
import org.springframework.security.oauth2.provider.ClientAlreadyExistsException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.class */
public class MultitenantJdbcClientDetailsService extends ClientServicesExtension implements ResourceMonitor<ClientDetails>, SystemDeletable {
    private static final String GET_CREATED_BY_SQL = "select created_by from oauth_client_details where client_id=? and identity_zone_id=?";
    private static final String CLIENT_FIELDS = "client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups";
    private static final String BASE_FIND_STATEMENT = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups from oauth_client_details";
    private static final String DEFAULT_FIND_STATEMENT = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups from oauth_client_details where identity_zone_id = :identityZoneId order by client_id";
    private static final String DEFAULT_SELECT_STATEMENT = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups from oauth_client_details where client_id = ? and identity_zone_id = ?";
    private static final String DEFAULT_INSERT_STATEMENT = "insert into oauth_client_details (client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups, client_id, identity_zone_id, created_by) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
    private static final String DEFAULT_UPDATE_SECRET_STATEMENT = "update oauth_client_details set client_secret = ? where client_id = ? and identity_zone_id = ?";
    static final String DEFAULT_DELETE_STATEMENT = "delete from oauth_client_details where client_id = ? and identity_zone_id = ?";
    private static final String DELETE_CLIENTS_BY_ZONE = "delete from oauth_client_details where identity_zone_id = ?";
    private RowMapper<ClientDetails> rowMapper = new ClientDetailsRowMapper();
    private String selectClientDetailsSql = DEFAULT_SELECT_STATEMENT;
    private PasswordEncoder passwordEncoder;
    private final JdbcTemplate jdbcTemplate;
    private JdbcListFactory listFactory;
    protected static final Log logger = LogFactory.getLog(MultitenantJdbcClientDetailsService.class);
    private static final String CLIENT_FIELDS_FOR_UPDATE = "resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, additional_information, autoapprove, lastmodified, required_user_groups";
    private static final String DEFAULT_UPDATE_STATEMENT = "update oauth_client_details set " + CLIENT_FIELDS_FOR_UPDATE.replaceAll(", ", "=?, ") + "=? where client_id = ? and identity_zone_id = ?";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService$ClientDetailsRowMapper.class */
    public static class ClientDetailsRowMapper implements RowMapper<ClientDetails> {
        private ClientDetailsRowMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public ClientDetails mapRow(ResultSet resultSet, int i) throws SQLException {
            BaseClientDetails baseClientDetails = new BaseClientDetails(resultSet.getString(1), resultSet.getString(3), resultSet.getString(4), resultSet.getString(5), resultSet.getString(7), resultSet.getString(6));
            baseClientDetails.setClientSecret(resultSet.getString(2));
            if (resultSet.getObject(8) != null) {
                baseClientDetails.setAccessTokenValiditySeconds(Integer.valueOf(resultSet.getInt(8)));
            }
            if (resultSet.getObject(9) != null) {
                baseClientDetails.setRefreshTokenValiditySeconds(Integer.valueOf(resultSet.getInt(9)));
            }
            String string = resultSet.getString(10);
            String string2 = resultSet.getString(11);
            Set<String> hashSet = new HashSet();
            if (string2 != null) {
                hashSet = StringUtils.commaDelimitedListToSet(string2);
            }
            if (string != null) {
                try {
                    Map<String, ?> map = (Map) JsonUtils.readValue(string, Map.class);
                    Object remove = map.remove(ClientConstants.AUTO_APPROVE);
                    baseClientDetails.setAdditionalInformation(map);
                    if (remove != null) {
                        if (((remove instanceof Boolean) && ((Boolean) remove).booleanValue()) || "true".equals(remove)) {
                            hashSet.add("true");
                        } else if (remove instanceof Collection) {
                            hashSet.addAll((Collection) remove);
                        }
                    }
                } catch (Exception e) {
                    MultitenantJdbcClientDetailsService.logger.warn("Could not decode JSON for additional information: " + baseClientDetails, e);
                }
            }
            baseClientDetails.setAutoApproveScopes(hashSet);
            if (resultSet.getObject(12) != null) {
                baseClientDetails.addAdditionalInformation("lastModified", resultSet.getTimestamp(12));
            }
            String string3 = resultSet.getString(13);
            if (StringUtils.isEmpty(string3)) {
                baseClientDetails.addAdditionalInformation(ClientConstants.REQUIRED_USER_GROUPS, Collections.emptySet());
            } else {
                baseClientDetails.addAdditionalInformation(ClientConstants.REQUIRED_USER_GROUPS, StringUtils.commaDelimitedListToSet(string3));
            }
            return baseClientDetails;
        }
    }

    public MultitenantJdbcClientDetailsService(JdbcTemplate jdbcTemplate) {
        Assert.notNull(jdbcTemplate, "JDbcTemplate required");
        this.jdbcTemplate = jdbcTemplate;
        this.listFactory = new DefaultJdbcListFactory(new NamedParameterJdbcTemplate(jdbcTemplate));
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public ClientDetails loadClientByClientId(String str, String str2) throws InvalidClientException {
        try {
            return (ClientDetails) this.jdbcTemplate.queryForObject(this.selectClientDetailsSql, new ClientDetailsRowMapper(), str, str2);
        } catch (EmptyResultDataAccessException e) {
            throw new NoSuchClientException("No client with requested id: " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void addClientDetails(ClientDetails clientDetails, String str) throws ClientAlreadyExistsException {
        try {
            this.jdbcTemplate.update(DEFAULT_INSERT_STATEMENT, getInsertClientDetailsFields(clientDetails, str));
        } catch (DuplicateKeyException e) {
            throw new ClientAlreadyExistsException("Client already exists: " + clientDetails.getClientId(), e);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void updateClientDetails(ClientDetails clientDetails, String str) throws NoSuchClientException {
        if (this.jdbcTemplate.update(DEFAULT_UPDATE_STATEMENT, getFieldsForUpdate(clientDetails, str)) != 1) {
            throw new NoSuchClientException("No client found with id = " + clientDetails.getClientId() + " in identity zone " + IdentityZoneHolder.get().getName());
        }
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void updateClientSecret(String str, String str2, String str3) throws NoSuchClientException {
        if (this.jdbcTemplate.update(DEFAULT_UPDATE_SECRET_STATEMENT, this.passwordEncoder.encode(str2), str, str3) != 1) {
            throw new NoSuchClientException("No client found with id = " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void removeClientDetails(String str, String str2) throws NoSuchClientException {
        deleteByClient(str, str2);
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public List<ClientDetails> listClientDetails(String str) {
        return this.listFactory.getList(DEFAULT_FIND_STATEMENT, Collections.singletonMap("identityZoneId", str), this.rowMapper);
    }

    private Object[] getInsertClientDetailsFields(ClientDetails clientDetails, String str) {
        Object[] fieldsForUpdate = getFieldsForUpdate(clientDetails, str);
        Object[] objArr = new Object[fieldsForUpdate.length + 2];
        System.arraycopy(fieldsForUpdate, 0, objArr, 1, fieldsForUpdate.length);
        objArr[0] = clientDetails.getClientSecret() != null ? this.passwordEncoder.encode(clientDetails.getClientSecret()) : null;
        objArr[objArr.length - 1] = getUserId();
        return objArr;
    }

    private Object[] getFieldsForUpdate(ClientDetails clientDetails, String str) {
        HashMap hashMap = new HashMap(clientDetails.getAdditionalInformation());
        try {
            return new Object[]{collectionToString(clientDetails.getResourceIds()), collectionToString(clientDetails.getScope()), collectionToString(clientDetails.getAuthorizedGrantTypes()), collectionToString(clientDetails.getRegisteredRedirectUri()), collectionToString(clientDetails.getAuthorities()), clientDetails.getAccessTokenValiditySeconds(), clientDetails.getRefreshTokenValiditySeconds(), JsonUtils.writeValueAsString(hashMap), getAutoApproveScopes(clientDetails), new Timestamp(System.currentTimeMillis()), collectionToString((Collection) hashMap.remove(ClientConstants.REQUIRED_USER_GROUPS)), clientDetails.getClientId(), str};
        } catch (Exception e) {
            logger.warn("Could not serialize additional information: " + clientDetails, e);
            throw new InvalidDataAccessResourceUsageException("Could not serialize additional information:" + clientDetails.getClientId(), e);
        }
    }

    private String collectionToString(Collection<?> collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        return StringUtils.collectionToCommaDelimitedString(collection);
    }

    private String getAutoApproveScopes(ClientDetails clientDetails) {
        if (clientDetails.isAutoApprove("true")) {
            return "true";
        }
        HashSet hashSet = new HashSet();
        for (String str : clientDetails.getScope()) {
            if (clientDetails.isAutoApprove(str)) {
                hashSet.add(str);
            }
        }
        return StringUtils.collectionToCommaDelimitedString(hashSet);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByIdentityZone(String str) {
        return this.jdbcTemplate.update(DELETE_CLIENTS_BY_ZONE, str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByClient(String str, String str2) {
        int update = this.jdbcTemplate.update(DEFAULT_DELETE_STATEMENT, str, str2);
        if (update == 0) {
            throw new NoSuchClientException("No client found with id = " + str);
        }
        return update;
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public Log getLogger() {
        return logger;
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void addClientSecret(String str, String str2, String str3) throws NoSuchClientException {
        ClientDetails loadClientByClientId = loadClientByClientId(str, str3);
        if (this.jdbcTemplate.update(DEFAULT_UPDATE_SECRET_STATEMENT, (loadClientByClientId.getClientSecret() == null ? "" : loadClientByClientId.getClientSecret() + " ") + this.passwordEncoder.encode(str2), str, str3) != 1) {
            throw new NoSuchClientException("No client found with id = " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.zone.ClientServicesExtension
    public void deleteClientSecret(String str, String str2) throws NoSuchClientException {
        if (this.jdbcTemplate.update(DEFAULT_UPDATE_SECRET_STATEMENT, loadClientByClientId(str, str2).getClientSecret().split(" ")[1], str, str2) != 1) {
            throw new NoSuchClientException("Unable to update client with " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.resources.ResourceMonitor
    public int getTotalCount() {
        Integer num = (Integer) this.jdbcTemplate.queryForObject("select count(*) from oauth_client_details", Integer.class);
        if (num != null) {
            return num.intValue();
        }
        return 0;
    }

    protected String getUserId() {
        String str = null;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        if (authentication.getPrincipal() instanceof UaaPrincipal) {
            str = ((UaaPrincipal) authentication.getPrincipal()).getId();
        } else if (authentication.getPrincipal() instanceof String) {
            str = getCreatedByForClientAndZone((String) authentication.getPrincipal(), new ContextSensitiveOAuth2SecurityExpressionMethods(authentication).getAuthenticationZoneId());
        }
        return str;
    }

    String getCreatedByForClientAndZone(String str, String str2) {
        return (String) this.jdbcTemplate.queryForObject(GET_CREATED_BY_SQL, new Object[]{str, str2}, String.class);
    }
}
