package org.springframework.security.authentication.ott;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.function.Function;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlParameterValue;
import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
import org.springframework.scheduling.support.CronTrigger;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.4.6.jar:org/springframework/security/authentication/ott/JdbcOneTimeTokenService.class */
public final class JdbcOneTimeTokenService implements OneTimeTokenService, DisposableBean, InitializingBean {
    private final JdbcOperations jdbcOperations;
    private ThreadPoolTaskScheduler taskScheduler;
    private static final String DEFAULT_CLEANUP_CRON = "@hourly";
    private static final String TABLE_NAME = "one_time_tokens";
    private static final String COLUMN_NAMES = "token_value, username, expires_at";
    private static final String SAVE_ONE_TIME_TOKEN_SQL = "INSERT INTO one_time_tokens (token_value, username, expires_at) VALUES (?, ?, ?)";
    private static final String FILTER = "token_value = ?";
    private static final String DELETE_ONE_TIME_TOKEN_SQL = "DELETE FROM one_time_tokens WHERE token_value = ?";
    private static final String SELECT_ONE_TIME_TOKEN_SQL = "SELECT token_value, username, expires_at FROM one_time_tokens WHERE token_value = ?";
    private static final String DELETE_ONE_TIME_TOKENS_BY_EXPIRY_TIME_QUERY = "DELETE FROM one_time_tokens WHERE expires_at < ?";
    private final Log logger = LogFactory.getLog(getClass());
    private Function<OneTimeToken, List<SqlParameterValue>> oneTimeTokenParametersMapper = new OneTimeTokenParametersMapper();
    private RowMapper<OneTimeToken> oneTimeTokenRowMapper = new OneTimeTokenRowMapper();
    private Clock clock = Clock.systemUTC();

    /* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.4.6.jar:org/springframework/security/authentication/ott/JdbcOneTimeTokenService$OneTimeTokenParametersMapper.class */
    private static class OneTimeTokenParametersMapper implements Function<OneTimeToken, List<SqlParameterValue>> {
        private OneTimeTokenParametersMapper() {
        }

        @Override // java.util.function.Function
        public List<SqlParameterValue> apply(OneTimeToken oneTimeToken) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SqlParameterValue(12, oneTimeToken.getTokenValue()));
            arrayList.add(new SqlParameterValue(12, oneTimeToken.getUsername()));
            arrayList.add(new SqlParameterValue(93, Timestamp.from(oneTimeToken.getExpiresAt())));
            return arrayList;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.4.6.jar:org/springframework/security/authentication/ott/JdbcOneTimeTokenService$OneTimeTokenRowMapper.class */
    private static class OneTimeTokenRowMapper implements RowMapper<OneTimeToken> {
        private OneTimeTokenRowMapper() {
        }

        /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
        public OneTimeToken m4601mapRow(ResultSet resultSet, int i) throws SQLException {
            return new DefaultOneTimeToken(resultSet.getString("token_value"), resultSet.getString("username"), resultSet.getTimestamp("expires_at").toInstant());
        }
    }

    public JdbcOneTimeTokenService(JdbcOperations jdbcOperations) {
        Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
        this.jdbcOperations = jdbcOperations;
        this.taskScheduler = createTaskScheduler(DEFAULT_CLEANUP_CRON);
    }

    public void setCleanupCron(String str) {
        this.taskScheduler = createTaskScheduler(str);
    }

    @Override // org.springframework.security.authentication.ott.OneTimeTokenService
    public OneTimeToken generate(GenerateOneTimeTokenRequest generateOneTimeTokenRequest) {
        Assert.notNull(generateOneTimeTokenRequest, "generateOneTimeTokenRequest cannot be null");
        DefaultOneTimeToken defaultOneTimeToken = new DefaultOneTimeToken(UUID.randomUUID().toString(), generateOneTimeTokenRequest.getUsername(), this.clock.instant().plus((TemporalAmount) Duration.ofMinutes(5L)));
        insertOneTimeToken(defaultOneTimeToken);
        return defaultOneTimeToken;
    }

    private void insertOneTimeToken(OneTimeToken oneTimeToken) {
        this.jdbcOperations.update(SAVE_ONE_TIME_TOKEN_SQL, new ArgumentPreparedStatementSetter(this.oneTimeTokenParametersMapper.apply(oneTimeToken).toArray()));
    }

    @Override // org.springframework.security.authentication.ott.OneTimeTokenService
    public OneTimeToken consume(OneTimeTokenAuthenticationToken oneTimeTokenAuthenticationToken) {
        Assert.notNull(oneTimeTokenAuthenticationToken, "authenticationToken cannot be null");
        List<OneTimeToken> selectOneTimeToken = selectOneTimeToken(oneTimeTokenAuthenticationToken);
        if (CollectionUtils.isEmpty(selectOneTimeToken)) {
            return null;
        }
        OneTimeToken oneTimeToken = selectOneTimeToken.get(0);
        deleteOneTimeToken(oneTimeToken);
        if (isExpired(oneTimeToken)) {
            return null;
        }
        return oneTimeToken;
    }

    private boolean isExpired(OneTimeToken oneTimeToken) {
        return this.clock.instant().isAfter(oneTimeToken.getExpiresAt());
    }

    private List<OneTimeToken> selectOneTimeToken(OneTimeTokenAuthenticationToken oneTimeTokenAuthenticationToken) {
        return this.jdbcOperations.query(SELECT_ONE_TIME_TOKEN_SQL, new ArgumentPreparedStatementSetter(List.of(new SqlParameterValue(12, oneTimeTokenAuthenticationToken.getTokenValue())).toArray()), this.oneTimeTokenRowMapper);
    }

    private void deleteOneTimeToken(OneTimeToken oneTimeToken) {
        this.jdbcOperations.update(DELETE_ONE_TIME_TOKEN_SQL, new ArgumentPreparedStatementSetter(List.of(new SqlParameterValue(12, oneTimeToken.getTokenValue())).toArray()));
    }

    private ThreadPoolTaskScheduler createTaskScheduler(String str) {
        if (str == null) {
            return null;
        }
        ThreadPoolTaskScheduler threadPoolTaskScheduler = new ThreadPoolTaskScheduler();
        threadPoolTaskScheduler.setThreadNamePrefix("spring-one-time-tokens-");
        threadPoolTaskScheduler.initialize();
        threadPoolTaskScheduler.schedule(this::cleanupExpiredTokens, new CronTrigger(str));
        return threadPoolTaskScheduler;
    }

    public void cleanupExpiredTokens() {
        int update = this.jdbcOperations.update(DELETE_ONE_TIME_TOKENS_BY_EXPIRY_TIME_QUERY, new ArgumentPreparedStatementSetter(List.of(new SqlParameterValue(93, Timestamp.from(Instant.now()))).toArray()));
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Cleaned up " + update + " expired tokens");
        }
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.taskScheduler.afterPropertiesSet();
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() throws Exception {
        if (this.taskScheduler != null) {
            this.taskScheduler.shutdown();
        }
    }

    public void setClock(Clock clock) {
        Assert.notNull(clock, "clock cannot be null");
        this.clock = clock;
    }
}
