package org.cloudfoundry.identity.uaa.mfa;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable;
import org.cloudfoundry.identity.uaa.cypto.EncryptionKeyService;
import org.cloudfoundry.identity.uaa.cypto.EncryptionServiceException;
import org.cloudfoundry.identity.uaa.mfa.exception.UnableToPersistMfaException;
import org.cloudfoundry.identity.uaa.mfa.exception.UnableToRetrieveMfaException;
import org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigAlreadyExistsException;
import org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/mfa/JdbcUserGoogleMfaCredentialsProvisioning.class */
public class JdbcUserGoogleMfaCredentialsProvisioning implements SystemDeletable, UserMfaCredentialsProvisioning<UserGoogleMfaCredentials> {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) JdbcUserGoogleMfaCredentialsProvisioning.class);
    private static final String CREATE_USER_MFA_CONFIG_SQL = "INSERT INTO user_google_mfa_credentials (user_id, secret_key, encrypted_validation_code, scratch_codes, mfa_provider_id, zone_id, encryption_key_label) VALUES (?,?,?,?,?,?,?)";
    private static final String UPDATE_USER_MFA_CONFIG_SQL = "UPDATE user_google_mfa_credentials SET secret_key=?, encrypted_validation_code=?, scratch_codes=?, mfa_provider_id=?, zone_id=? WHERE user_id=?";
    private static final String QUERY_USER_MFA_CONFIG_ALL_SQL = "SELECT * FROM user_google_mfa_credentials WHERE user_id=? AND mfa_provider_id=?";
    private static final String DELETE_USER_MFA_CONFIG_SQL = "DELETE FROM user_google_mfa_credentials WHERE user_id=?";
    private static final String DELETE_PROVIDER_MFA_CONFIG_SQL = "DELETE FROM user_google_mfa_credentials WHERE mfa_provider_id=?";
    private static final String DELETE_ZONE_MFA_CONFIG_SQL = "DELETE FROM user_google_mfa_credentials WHERE zone_id=?";
    private JdbcTemplate jdbcTemplate;
    private UserMfaCredentialsMapper mapper;
    private EncryptionKeyService encryptionKeyService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.24.0.jar:org/cloudfoundry/identity/uaa/mfa/JdbcUserGoogleMfaCredentialsProvisioning$UserMfaCredentialsMapper.class */
    public static final class UserMfaCredentialsMapper implements RowMapper<UserGoogleMfaCredentials> {
        private EncryptionKeyService encryptionKeyService;

        public UserMfaCredentialsMapper(EncryptionKeyService encryptionKeyService) {
            this.encryptionKeyService = encryptionKeyService;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public UserGoogleMfaCredentials mapRow(ResultSet resultSet, int i) throws SQLException {
            UserGoogleMfaCredentials userGoogleMfaCredentials;
            String string = resultSet.getString("encryption_key_label");
            if (StringUtils.isEmpty(string)) {
                userGoogleMfaCredentials = new UserGoogleMfaCredentials(resultSet.getString("user_id"), resultSet.getString("secret_key"), resultSet.getInt("validation_code"), fromSCString(resultSet.getString("scratch_codes")));
            } else {
                try {
                    EncryptionKeyService.EncryptionKey orElseGet = this.encryptionKeyService.getKey(string).orElseGet(() -> {
                        RuntimeException runtimeException = new RuntimeException("Attempted to retrieve record with an unknown decryption key");
                        JdbcUserGoogleMfaCredentialsProvisioning.logger.error(String.format("Couldn't decrypt with unknown key label : %s", string), (Throwable) runtimeException);
                        throw new UnableToRetrieveMfaException(runtimeException);
                    });
                    userGoogleMfaCredentials = new UserGoogleMfaCredentials(resultSet.getString("user_id"), new String(orElseGet.decrypt(Base64Utils.decodeFromString(resultSet.getString("secret_key")))), Integer.valueOf(new String(orElseGet.decrypt(Base64Utils.decodeFromString(resultSet.getString("encrypted_validation_code"))))).intValue(), fromSCString(new String(orElseGet.decrypt(Base64Utils.decodeFromString(resultSet.getString("scratch_codes"))))));
                } catch (EncryptionServiceException e) {
                    JdbcUserGoogleMfaCredentialsProvisioning.logger.error("Unable to decrypt MFA credentials", (Throwable) e);
                    throw new UnableToRetrieveMfaException(e);
                }
            }
            userGoogleMfaCredentials.setMfaProviderId(resultSet.getString("mfa_provider_id"));
            userGoogleMfaCredentials.setZoneId(resultSet.getString("zone_id"));
            return userGoogleMfaCredentials;
        }

        private List<Integer> fromSCString(String str) {
            return (List) Arrays.stream(str.split(",")).map(str2 -> {
                return Integer.valueOf(Integer.parseInt(str2));
            }).collect(Collectors.toList());
        }
    }

    public JdbcUserGoogleMfaCredentialsProvisioning(JdbcTemplate jdbcTemplate, EncryptionKeyService encryptionKeyService) {
        this.jdbcTemplate = jdbcTemplate;
        this.mapper = new UserMfaCredentialsMapper(encryptionKeyService);
        this.encryptionKeyService = encryptionKeyService;
    }

    private String encrypt(String str) throws EncryptionServiceException {
        return Base64Utils.encodeToString(this.encryptionKeyService.getActiveKey().encrypt(str));
    }

    @Override // org.cloudfoundry.identity.uaa.mfa.UserMfaCredentialsProvisioning
    public void save(UserGoogleMfaCredentials userGoogleMfaCredentials, String str) {
        try {
            this.jdbcTemplate.update(CREATE_USER_MFA_CONFIG_SQL, preparedStatement -> {
                int i = 1 + 1;
                preparedStatement.setString(1, userGoogleMfaCredentials.getUserId());
                try {
                    int i2 = i + 1;
                    preparedStatement.setString(i, encrypt(userGoogleMfaCredentials.getSecretKey()));
                    int i3 = i2 + 1;
                    preparedStatement.setString(i2, encrypt(String.valueOf(userGoogleMfaCredentials.getValidationCode())));
                    int i4 = i3 + 1;
                    preparedStatement.setString(i3, encrypt(toCSScratchCode(userGoogleMfaCredentials.getScratchCodes())));
                    int i5 = i4 + 1;
                    preparedStatement.setString(i4, userGoogleMfaCredentials.getMfaProviderId());
                    int i6 = i5 + 1;
                    preparedStatement.setString(i5, str);
                    int i7 = i6 + 1;
                    preparedStatement.setString(i6, this.encryptionKeyService.getActiveKey().getLabel());
                } catch (EncryptionServiceException e) {
                    logger.error("Unable to encrypt MFA credentials", (Throwable) e);
                    throw new UnableToPersistMfaException(e);
                }
            });
        } catch (DuplicateKeyException e) {
            throw new UserMfaConfigAlreadyExistsException(e.getMostSpecificCause().getMessage());
        }
    }

    @Override // org.cloudfoundry.identity.uaa.mfa.UserMfaCredentialsProvisioning
    public void update(UserGoogleMfaCredentials userGoogleMfaCredentials, String str) {
        this.jdbcTemplate.update(UPDATE_USER_MFA_CONFIG_SQL, preparedStatement -> {
            try {
                int i = 1 + 1;
                preparedStatement.setString(1, encrypt(userGoogleMfaCredentials.getSecretKey()));
                int i2 = i + 1;
                preparedStatement.setString(i, encrypt(String.valueOf(userGoogleMfaCredentials.getValidationCode())));
                int i3 = i2 + 1;
                preparedStatement.setString(i2, encrypt(toCSScratchCode(userGoogleMfaCredentials.getScratchCodes())));
                int i4 = i3 + 1;
                preparedStatement.setString(i3, userGoogleMfaCredentials.getMfaProviderId());
                int i5 = i4 + 1;
                preparedStatement.setString(i4, str);
                int i6 = i5 + 1;
                preparedStatement.setString(i5, userGoogleMfaCredentials.getUserId());
            } catch (EncryptionServiceException e) {
                logger.error("Unable to encrypt MFA credentials", (Throwable) e);
                throw new UnableToPersistMfaException(e);
            }
        });
        retrieve(userGoogleMfaCredentials.getUserId(), userGoogleMfaCredentials.getMfaProviderId());
    }

    @Override // org.cloudfoundry.identity.uaa.mfa.UserMfaCredentialsProvisioning
    public UserGoogleMfaCredentials retrieve(String str, String str2) {
        try {
            return (UserGoogleMfaCredentials) this.jdbcTemplate.queryForObject(QUERY_USER_MFA_CONFIG_ALL_SQL, this.mapper, str, str2);
        } catch (EmptyResultDataAccessException e) {
            throw new UserMfaConfigDoesNotExistException("No Creds for user " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByUser(String str, String str2) {
        return delete(str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByMfaProvider(String str, String str2) {
        return this.jdbcTemplate.update(DELETE_PROVIDER_MFA_CONFIG_SQL, str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public int deleteByIdentityZone(String str) {
        return this.jdbcTemplate.update(DELETE_ZONE_MFA_CONFIG_SQL, str);
    }

    @Override // org.cloudfoundry.identity.uaa.mfa.UserMfaCredentialsProvisioning
    public int delete(String str) {
        return this.jdbcTemplate.update(DELETE_USER_MFA_CONFIG_SQL, str);
    }

    @Override // org.cloudfoundry.identity.uaa.audit.event.SystemDeletable
    public Log getLogger() {
        return LogFactory.getLog(JdbcUserGoogleMfaCredentialsProvisioning.class);
    }

    private String toCSScratchCode(List<Integer> list) {
        return StringUtils.join(list, ",");
    }
}
