package com.atlassian.jira.oauth.serviceprovider;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.jira.exception.DataAccessException;
import com.atlassian.jira.oauth.serviceprovider.OfBizServiceProviderConsumerStore;
import com.atlassian.jira.ofbiz.OfBizDelegator;
import com.atlassian.jira.ofbiz.OfBizListIterator;
import com.atlassian.jira.propertyset.JiraPropertySetFactory;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.user.UserKeyService;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.collect.MapBuilder;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.oauth.event.AccessTokenRemovedEvent;
import com.atlassian.oauth.event.RequestTokenRemovedEvent;
import com.atlassian.oauth.serviceprovider.Clock;
import com.atlassian.oauth.serviceprovider.InvalidTokenException;
import com.atlassian.oauth.serviceprovider.ServiceProviderConsumerStore;
import com.atlassian.oauth.serviceprovider.ServiceProviderToken;
import com.atlassian.oauth.serviceprovider.ServiceProviderTokenStore;
import com.atlassian.oauth.serviceprovider.StoreException;
import com.atlassian.oauth.serviceprovider.SystemClock;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import com.opensymphony.module.propertyset.PropertySet;
import java.net.URI;
import java.security.Principal;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.jcip.annotations.GuardedBy;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.ofbiz.core.entity.EntityCondition;
import org.ofbiz.core.entity.GenericEntityException;
import org.ofbiz.core.entity.GenericModelException;
import org.ofbiz.core.entity.GenericValue;

/* loaded from: input_file:com/atlassian/jira/oauth/serviceprovider/OfBizServiceProviderTokenStore.class */
public class OfBizServiceProviderTokenStore implements ServiceProviderTokenStore {
    private static final Logger log = Logger.getLogger(OfBizServiceProviderTokenStore.class);
    public static final String TABLE = "OAuthServiceProviderToken";
    public static final String PROPERTY_SET_KEY = "OAuthServiceProviderToken";
    private final OfBizDelegator delegator;
    private final UserUtil userUtil;
    private final ServiceProviderConsumerStore consumerStore;
    private final JiraPropertySetFactory propertySetFactory;
    private final Clock clock;
    private final EventPublisher eventPublisher;
    private final UserKeyService userKeyService;

    /* loaded from: input_file:com/atlassian/jira/oauth/serviceprovider/OfBizServiceProviderTokenStore$Columns.class */
    static final class Columns {
        static final String ID = "id";
        static final String CREATED = "created";
        static final String TOKEN = "token";
        static final String TOKEN_SECRET = "tokenSecret";
        static final String TYPE = "tokenType";
        static final String CONSUMER_KEY = "consumerKey";
        static final String USERNAME = "username";
        static final String TTL = "ttl";
        static final String AUTHORIZATION = "auth";
        static final String CALLBACK = "callback";
        static final String VERIFIER = "verifier";
        static final String VERSION = "version";
        static final String SESSION_HANDLE = "sessionHandle";
        static final String SESSION_CREATION_TIME = "sessionCreationTime";
        static final String SESSION_LAST_RENEWAL_TIME = "sessionLastRenewalTime";
        static final String SESSION_TIME_TO_LIVE = "sessionTimeToLive";

        Columns() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/oauth/serviceprovider/OfBizServiceProviderTokenStore$TokenType.class */
    public enum TokenType {
        ACCESS,
        REQUEST
    }

    public OfBizServiceProviderTokenStore(OfBizDelegator ofBizDelegator, UserUtil userUtil, ServiceProviderConsumerStore serviceProviderConsumerStore, EventPublisher eventPublisher, JiraPropertySetFactory jiraPropertySetFactory, UserKeyService userKeyService) {
        this(ofBizDelegator, userUtil, serviceProviderConsumerStore, jiraPropertySetFactory, eventPublisher, userKeyService, new SystemClock());
    }

    @VisibleForTesting
    public OfBizServiceProviderTokenStore(OfBizDelegator ofBizDelegator, UserUtil userUtil, ServiceProviderConsumerStore serviceProviderConsumerStore, JiraPropertySetFactory jiraPropertySetFactory, EventPublisher eventPublisher, UserKeyService userKeyService, Clock clock) {
        this.userUtil = (UserUtil) Assertions.notNull("userUtil", userUtil);
        this.delegator = (OfBizDelegator) Assertions.notNull("delegator", ofBizDelegator);
        this.consumerStore = (ServiceProviderConsumerStore) Assertions.notNull("consumerStore", serviceProviderConsumerStore);
        this.propertySetFactory = (JiraPropertySetFactory) Assertions.notNull("propertySetFactory", jiraPropertySetFactory);
        this.eventPublisher = (EventPublisher) Assertions.notNull("eventPublisher", eventPublisher);
        this.clock = (Clock) Assertions.notNull("clock", clock);
        this.userKeyService = userKeyService;
    }

    public ServiceProviderToken get(String str) throws StoreException {
        Assertions.notNull("token", str);
        try {
            List findByAnd = this.delegator.findByAnd("OAuthServiceProviderToken", MapBuilder.newBuilder().add("token", str).toMap());
            if (findByAnd.isEmpty()) {
                return null;
            }
            return createTokenFromGV((GenericValue) findByAnd.get(0));
        } catch (DataAccessException e) {
            throw new StoreException(e);
        }
    }

    public Iterable<ServiceProviderToken> getAccessTokensForUser(String str) {
        String keyForUsername = this.userKeyService.getKeyForUsername(str);
        if (keyForUsername == null) {
            throw new IllegalArgumentException("There is no user with username '" + str + "'");
        }
        try {
            List findByAnd = this.delegator.findByAnd("OAuthServiceProviderToken", MapBuilder.newBuilder().add("username", keyForUsername).add("tokenType", TokenType.ACCESS.toString()).toMap());
            ArrayList arrayList = new ArrayList();
            Iterator it = findByAnd.iterator();
            while (it.hasNext()) {
                arrayList.add(createTokenFromGV((GenericValue) it.next()));
            }
            return arrayList;
        } catch (DataAccessException e) {
            throw new StoreException(e);
        }
    }

    public ServiceProviderToken put(ServiceProviderToken serviceProviderToken) throws StoreException {
        Assertions.notNull("token", serviceProviderToken);
        Map mutableMap = MapBuilder.newBuilder().add(OfBizServiceProviderConsumerStore.Columns.CREATED, new Timestamp(serviceProviderToken.getCreationTime())).add("token", serviceProviderToken.getToken()).add("tokenSecret", serviceProviderToken.getTokenSecret()).add("tokenType", serviceProviderToken.isAccessToken() ? TokenType.ACCESS.toString() : TokenType.REQUEST.toString()).add(OfBizServiceProviderConsumerStore.Columns.KEY, serviceProviderToken.getConsumer().getKey()).add("username", serviceProviderToken.getUser() == null ? null : this.userKeyService.getKeyForUsername(serviceProviderToken.getUser().getName())).add("auth", serviceProviderToken.getAuthorization() == null ? null : serviceProviderToken.getAuthorization().toString()).add("ttl", Long.valueOf(serviceProviderToken.getTimeToLive())).add("verifier", serviceProviderToken.getVerifier()).add(OfBizServiceProviderConsumerStore.Columns.CALLBACK, serviceProviderToken.getCallback() == null ? null : serviceProviderToken.getCallback().toASCIIString()).add("version", serviceProviderToken.getVersion() == null ? null : serviceProviderToken.getVersion().toString()).toMutableMap();
        ServiceProviderToken.Session session = serviceProviderToken.getSession();
        if (session != null) {
            mutableMap.put("sessionHandle", session.getHandle());
            mutableMap.put("sessionCreationTime", new Timestamp(session.getCreationTime()));
            mutableMap.put("sessionLastRenewalTime", new Timestamp(session.getLastRenewalTime()));
            mutableMap.put("sessionTimeToLive", new Timestamp(session.getTimeToLive()));
        }
        try {
            List findByAnd = this.delegator.findByAnd("OAuthServiceProviderToken", MapBuilder.newBuilder().add("token", serviceProviderToken.getToken()).toMap());
            if (findByAnd.isEmpty()) {
                setTokenProperties(this.delegator.createValue("OAuthServiceProviderToken", mutableMap).getLong(OfBizServiceProviderConsumerStore.Columns.ID), serviceProviderToken.getProperties());
            } else {
                GenericValue genericValue = (GenericValue) findByAnd.get(0);
                genericValue.setNonPKFields(mutableMap);
                try {
                    genericValue.store();
                    setTokenProperties(genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID), serviceProviderToken.getProperties());
                } catch (GenericEntityException e) {
                    throw new DataAccessException(e);
                }
            }
            return get(serviceProviderToken.getToken());
        } catch (DataAccessException e2) {
            throw new StoreException(e2);
        }
    }

    public void removeAndNotify(String str) throws StoreException {
        ServiceProviderToken remove = remove(str);
        if (remove != null) {
            publishRemovedTokenEvent(remove);
        }
    }

    @Nullable
    protected final ServiceProviderToken remove(String str) throws StoreException {
        Assertions.notNull("token", str);
        try {
            List findByAnd = this.delegator.findByAnd("OAuthServiceProviderToken", MapBuilder.newBuilder().add("token", str).toMap());
            if (findByAnd.isEmpty()) {
                return null;
            }
            GenericValue genericValue = (GenericValue) findByAnd.get(0);
            Long l = genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID);
            this.delegator.removeValue(genericValue);
            setTokenProperties(l, Collections.emptyMap());
            return createTokenFromGV(genericValue);
        } catch (DataAccessException e) {
            throw new StoreException(e);
        }
    }

    public void removeExpiredTokensAndNotify() throws StoreException {
        Iterator<ServiceProviderToken> it = removeExpiredTokens().iterator();
        while (it.hasNext()) {
            publishRemovedTokenEvent(it.next());
        }
    }

    protected final List<ServiceProviderToken> removeExpiredTokens() throws StoreException {
        OfBizListIterator<GenericValue> findListIteratorByCondition = this.delegator.findListIteratorByCondition("OAuthServiceProviderToken", (EntityCondition) null);
        ArrayList newArrayList = Lists.newArrayList();
        ArrayList newArrayList2 = Lists.newArrayList();
        try {
            for (GenericValue genericValue : findListIteratorByCondition) {
                ServiceProviderToken createTokenFromGV = createTokenFromGV(genericValue);
                if (createTokenFromGV.getSession() == null && createTokenFromGV.hasExpired(this.clock)) {
                    newArrayList2.add(genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID));
                    newArrayList.add(createTokenFromGV);
                }
            }
            removeByIds(newArrayList2);
            return newArrayList;
        } finally {
            findListIteratorByCondition.close();
        }
    }

    public void removeExpiredSessionsAndNotify() throws StoreException {
        removeExpiredSessions();
    }

    protected final void removeExpiredSessions() throws StoreException {
        OfBizListIterator<GenericValue> findListIteratorByCondition = this.delegator.findListIteratorByCondition("OAuthServiceProviderToken", (EntityCondition) null);
        ArrayList newArrayList = Lists.newArrayList();
        try {
            for (GenericValue genericValue : findListIteratorByCondition) {
                ServiceProviderToken.Session session = createTokenFromGV(genericValue).getSession();
                if (session != null && session.hasExpired(this.clock)) {
                    newArrayList.add(genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID));
                }
            }
            removeByIds(newArrayList);
        } finally {
            findListIteratorByCondition.close();
        }
    }

    public void removeByConsumer(String str) {
        Assertions.notNull(OfBizServiceProviderConsumerStore.Columns.KEY, str);
        try {
            this.delegator.removeByAnd("OAuthServiceProviderToken", MapBuilder.newBuilder().add(OfBizServiceProviderConsumerStore.Columns.KEY, str).toMap());
        } catch (DataAccessException e) {
            throw new StoreException(e);
        }
    }

    protected void removeByIds(List<Long> list) {
        try {
            int removeByOr = this.delegator.removeByOr("OAuthServiceProviderToken", OfBizServiceProviderConsumerStore.Columns.ID, list);
            if (log.isDebugEnabled()) {
                log.debug("Successfully removed " + removeByOr + " expired tokens.");
            }
        } catch (DataAccessException e) {
            throw new StoreException(e);
        } catch (GenericModelException e2) {
            throw new StoreException(e2);
        }
    }

    private ServiceProviderToken createTokenFromGV(GenericValue genericValue) {
        boolean isAccessToken = isAccessToken(genericValue.getString("tokenType"));
        String string = genericValue.getString("token");
        Principal user = getUser(genericValue.getString("username"));
        if (user == null && isAccessToken) {
            throw new InvalidTokenException("Token '" + string + "' is an access token, but has no user associated with it");
        }
        if (isAccessToken) {
            ServiceProviderToken.ServiceProviderTokenBuilder version = ServiceProviderToken.newAccessToken(string).tokenSecret(genericValue.getString("tokenSecret")).consumer(this.consumerStore.get(genericValue.getString(OfBizServiceProviderConsumerStore.Columns.KEY))).authorizedBy(user).creationTime(genericValue.getTimestamp(OfBizServiceProviderConsumerStore.Columns.CREATED).getTime()).timeToLive(genericValue.getLong("ttl").longValue()).properties(getTokenProperties(genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID))).version(getVersion(genericValue.getString("version")));
            if (genericValue.getString("sessionHandle") != null) {
                version = version.session(ServiceProviderToken.Session.newSession(genericValue.getString("sessionHandle")).creationTime(genericValue.getTimestamp("sessionCreationTime").getTime()).lastRenewalTime(genericValue.getTimestamp("sessionLastRenewalTime").getTime()).timeToLive(genericValue.getTimestamp("sessionTimeToLive").getTime()).build());
            }
            return version.build();
        }
        String string2 = genericValue.getString(OfBizServiceProviderConsumerStore.Columns.CALLBACK);
        URI uri = null;
        if (StringUtils.isNotBlank(string2)) {
            uri = URI.create(string2);
        }
        ServiceProviderToken.ServiceProviderTokenBuilder properties = ServiceProviderToken.newRequestToken(string).tokenSecret(genericValue.getString("tokenSecret")).consumer(this.consumerStore.get(genericValue.getString(OfBizServiceProviderConsumerStore.Columns.KEY))).callback(uri).creationTime(genericValue.getTimestamp(OfBizServiceProviderConsumerStore.Columns.CREATED).getTime()).timeToLive(genericValue.getLong("ttl").longValue()).version(getVersion(genericValue.getString("version"))).properties(getTokenProperties(genericValue.getLong(OfBizServiceProviderConsumerStore.Columns.ID)));
        ServiceProviderToken.Authorization authorization = getAuthorization(genericValue.getString("auth"), user);
        if (ServiceProviderToken.Authorization.AUTHORIZED.equals(authorization)) {
            properties = properties.authorizedBy(user).verifier(genericValue.getString("verifier"));
        } else if (ServiceProviderToken.Authorization.DENIED.equals(authorization)) {
            properties = properties.deniedBy(user);
        }
        return properties.build();
    }

    private ServiceProviderToken.Version getVersion(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return ServiceProviderToken.Version.valueOf(str);
    }

    private ServiceProviderToken.Authorization getAuthorization(String str, Principal principal) {
        return str != null ? ServiceProviderToken.Authorization.valueOf(str) : principal != null ? ServiceProviderToken.Authorization.AUTHORIZED : ServiceProviderToken.Authorization.NONE;
    }

    Principal getUser(String str) {
        ApplicationUser userByKey = this.userUtil.getUserByKey(str);
        if (userByKey == null) {
            return null;
        }
        return userByKey.getDirectoryUser();
    }

    private Map<String, String> getTokenProperties(Long l) {
        PropertySet buildCachingPropertySet = this.propertySetFactory.buildCachingPropertySet("OAuthServiceProviderToken", l, true);
        MapBuilder newBuilder = MapBuilder.newBuilder();
        for (String str : buildCachingPropertySet.getKeys()) {
            newBuilder.add(str, buildCachingPropertySet.getText(str));
        }
        return newBuilder.toMap();
    }

    @GuardedBy("external-lock")
    private void setTokenProperties(Long l, Map<String, String> map) {
        PropertySet buildCachingPropertySet = this.propertySetFactory.buildCachingPropertySet("OAuthServiceProviderToken", l, true);
        Iterator it = buildCachingPropertySet.getKeys().iterator();
        while (it.hasNext()) {
            buildCachingPropertySet.remove((String) it.next());
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            buildCachingPropertySet.setText(entry.getKey(), entry.getValue());
        }
    }

    private boolean isAccessToken(String str) {
        return TokenType.ACCESS.equals(TokenType.valueOf(str));
    }

    private void publishRemovedTokenEvent(@Nonnull ServiceProviderToken serviceProviderToken) {
        Principal user = serviceProviderToken.getUser();
        String name = user != null ? user.getName() : null;
        this.eventPublisher.publish(serviceProviderToken.isAccessToken() ? new AccessTokenRemovedEvent(name) : new RequestTokenRemovedEvent(name));
    }
}
