package org.cloudfoundry.identity.uaa.oauth.approval;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.event.ApprovalModifiedEvent;
import org.cloudfoundry.identity.uaa.oauth.approval.Approval;
import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory;
import org.cloudfoundry.identity.uaa.rest.jdbc.SearchQueryConverter;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.PreparedStatementSetter;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.3.1.jar:org/cloudfoundry/identity/uaa/oauth/approval/JdbcApprovalStore.class */
public class JdbcApprovalStore implements ApprovalStore, ApplicationEventPublisherAware {
    private final JdbcTemplate jdbcTemplate;
    private JdbcPagingListFactory pagingListFactory;
    private final SearchQueryConverter queryConverter;
    private static final String TABLE_NAME = "authz_approvals";
    private static final String FIELDS = "user_id,client_id,scope,expiresAt,status,lastModifiedAt";
    private static final String ADD_AUTHZ_SQL = String.format("insert into %s ( %s ) values (?,?,?,?,?,?)", TABLE_NAME, FIELDS);
    private static final String REFRESH_AUTHZ_SQL = String.format("update %s set lastModifiedAt=?, expiresAt=?, status=? where user_id=? and client_Id=? and scope=?", TABLE_NAME);
    private static final String GET_AUTHZ_SQL = String.format("select %s from %s", FIELDS, TABLE_NAME);
    private static final String DELETE_AUTHZ_SQL = String.format("delete from %s", TABLE_NAME);
    private static final String EXPIRE_AUTHZ_SQL = String.format("update %s set expiresAt = :expiry", TABLE_NAME);
    private ApplicationEventPublisher applicationEventPublisher;
    private final Log logger = LogFactory.getLog(getClass());
    private final RowMapper<Approval> rowMapper = new AuthorizationRowMapper();
    private boolean handleRevocationsAsExpiry = false;

    /* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.3.1.jar:org/cloudfoundry/identity/uaa/oauth/approval/JdbcApprovalStore$AuthorizationRowMapper.class */
    private static class AuthorizationRowMapper implements RowMapper<Approval> {
        private AuthorizationRowMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public Approval mapRow(ResultSet resultSet, int i) throws SQLException {
            String string = resultSet.getString(1);
            String string2 = resultSet.getString(2);
            String string3 = resultSet.getString(3);
            Timestamp timestamp = resultSet.getTimestamp(4);
            String string4 = resultSet.getString(5);
            return new Approval(string, string2, string3, timestamp, Approval.ApprovalStatus.valueOf(string4), resultSet.getTimestamp(6));
        }
    }

    public JdbcApprovalStore(JdbcTemplate jdbcTemplate, JdbcPagingListFactory jdbcPagingListFactory, SearchQueryConverter searchQueryConverter) {
        Assert.notNull(jdbcTemplate);
        Assert.notNull(searchQueryConverter);
        this.jdbcTemplate = jdbcTemplate;
        this.queryConverter = searchQueryConverter;
        this.pagingListFactory = jdbcPagingListFactory;
    }

    public void setHandleRevocationsAsExpiry(boolean z) {
        this.handleRevocationsAsExpiry = z;
    }

    public boolean refreshApproval(final Approval approval) {
        this.logger.debug(String.format("refreshing approval: [%s]", approval));
        if (this.jdbcTemplate.update(REFRESH_AUTHZ_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.oauth.approval.JdbcApprovalStore.1
            @Override // org.springframework.jdbc.core.PreparedStatementSetter
            public void setValues(PreparedStatement preparedStatement) throws SQLException {
                preparedStatement.setTimestamp(1, new Timestamp(approval.getLastUpdatedAt().getTime()));
                preparedStatement.setTimestamp(2, new Timestamp(approval.getExpiresAt().getTime()));
                preparedStatement.setString(3, (approval.getStatus() == null ? Approval.ApprovalStatus.APPROVED : approval.getStatus()).toString());
                preparedStatement.setString(4, approval.getUserId());
                preparedStatement.setString(5, approval.getClientId());
                preparedStatement.setString(6, approval.getScope());
            }
        }) != 1) {
            throw new DataIntegrityViolationException("Attempt to refresh non-existent authorization");
        }
        return true;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore
    public boolean addApproval(final Approval approval) {
        this.logger.debug(String.format("adding approval: [%s]", approval));
        try {
            refreshApproval(approval);
        } catch (DataIntegrityViolationException e) {
            if (this.jdbcTemplate.update(ADD_AUTHZ_SQL, new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.oauth.approval.JdbcApprovalStore.2
                @Override // org.springframework.jdbc.core.PreparedStatementSetter
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    preparedStatement.setString(1, approval.getUserId());
                    preparedStatement.setString(2, approval.getClientId());
                    preparedStatement.setString(3, approval.getScope());
                    preparedStatement.setTimestamp(4, new Timestamp(approval.getExpiresAt().getTime()));
                    preparedStatement.setString(5, (approval.getStatus() == null ? Approval.ApprovalStatus.APPROVED : approval.getStatus()).toString());
                    preparedStatement.setTimestamp(6, new Timestamp(approval.getLastUpdatedAt().getTime()));
                }
            }) == 0) {
                throw new EmptyResultDataAccessException("Approval add failed", 1);
            }
        }
        publish(new ApprovalModifiedEvent(approval, SecurityContextHolder.getContext().getAuthentication()));
        return true;
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore
    public boolean revokeApproval(Approval approval) {
        return revokeApprovals(String.format("user_id eq \"%s\" and client_id eq \"%s\" and scope eq \"%s\"", new Object[0]));
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore
    public boolean revokeApprovals(String str) {
        String str2;
        Map<String, ?> params;
        SearchQueryConverter.ProcessedFilter convert = this.queryConverter.convert(str, null, true);
        this.logger.debug(String.format("Filtering approvals with filter: [%s]", convert));
        if (this.handleRevocationsAsExpiry) {
            str2 = EXPIRE_AUTHZ_SQL + " where " + convert.getSql();
            params = convert.getParams();
            params.put("expiry", new Timestamp(new Date().getTime() - 1));
        } else {
            str2 = DELETE_AUTHZ_SQL + " where " + convert.getSql();
            params = convert.getParams();
        }
        try {
            this.logger.debug(String.format("revoked [%d] approvals matching sql: [%s]", Integer.valueOf(new NamedParameterJdbcTemplate(this.jdbcTemplate).update(str2, params)), convert));
            return true;
        } catch (DataAccessException e) {
            this.logger.error("Error expiring approvals, possible invalid filter: " + convert, e);
            throw new IllegalArgumentException("Error revoking approvals");
        }
    }

    public boolean purgeExpiredApprovals() {
        this.logger.debug("Purging expired approvals from database");
        try {
            this.logger.debug(this.jdbcTemplate.update(DELETE_AUTHZ_SQL + " where expiresAt <= ?", new PreparedStatementSetter() { // from class: org.cloudfoundry.identity.uaa.oauth.approval.JdbcApprovalStore.3
                @Override // org.springframework.jdbc.core.PreparedStatementSetter
                public void setValues(PreparedStatement preparedStatement) throws SQLException {
                    preparedStatement.setTimestamp(1, new Timestamp(new Date().getTime()));
                }
            }) + " expired approvals deleted");
            return true;
        } catch (DataAccessException e) {
            this.logger.error("Error purging expired approvals", e);
            return false;
        }
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore
    public List<Approval> getApprovals(String str) {
        SearchQueryConverter.ProcessedFilter convert = this.queryConverter.convert(str, null, true);
        this.logger.debug(String.format("Filtering approvals with filter: [%s]", convert));
        try {
            return this.pagingListFactory.createJdbcPagingList(GET_AUTHZ_SQL + " where " + convert.getSql(), convert.getParams(), this.rowMapper, 200);
        } catch (DataAccessException e) {
            this.logger.error("Error filtering approvals with filter: " + convert, e);
            throw new IllegalArgumentException("Invalid filter: " + str);
        }
    }

    @Override // org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore
    public List<Approval> getApprovals(String str, String str2) {
        return getApprovals(String.format("user_id eq \"%s\" and client_id eq \"%s\"", str, str2));
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    public void publish(ApplicationEvent applicationEvent) {
        if (this.applicationEventPublisher != null) {
            this.applicationEventPublisher.publishEvent(applicationEvent);
        }
    }
}
