package org.springframework.security.web.webauthn.management;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Instant;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlParameterValue;
import org.springframework.jdbc.support.lob.LobCreator;
import org.springframework.jdbc.support.lob.LobHandler;
import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
import org.springframework.security.web.webauthn.api.Bytes;
import org.springframework.security.web.webauthn.api.CredentialRecord;
import org.springframework.security.web.webauthn.api.ImmutableCredentialRecord;
import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCose;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository.class */
public final class JdbcUserCredentialRepository implements UserCredentialRepository {
    private RowMapper<CredentialRecord> credentialRecordRowMapper = new CredentialRecordRowMapper((v0, v1) -> {
        return v0.getBytes(v1);
    });
    private Function<CredentialRecord, List<SqlParameterValue>> credentialRecordParametersMapper = new CredentialRecordParametersMapper();
    private SetBytes setBytes = (v0, v1, v2) -> {
        v0.setBytes(v1, v2);
    };
    private final JdbcOperations jdbcOperations;
    private static final String TABLE_NAME = "user_credentials";
    private static final String COLUMN_NAMES = "credential_id, user_entity_user_id, public_key, signature_count, uv_initialized, backup_eligible, authenticator_transports, public_key_credential_type, backup_state, attestation_object, attestation_client_data_json, created, last_used, label ";
    private static final String SAVE_CREDENTIAL_RECORD_SQL = "INSERT INTO user_credentials (credential_id, user_entity_user_id, public_key, signature_count, uv_initialized, backup_eligible, authenticator_transports, public_key_credential_type, backup_state, attestation_object, attestation_client_data_json, created, last_used, label ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
    private static final String ID_FILTER = "credential_id = ? ";
    private static final String USER_ID_FILTER = "user_entity_user_id = ? ";
    private static final String FIND_CREDENTIAL_RECORD_BY_ID_SQL = "SELECT credential_id, user_entity_user_id, public_key, signature_count, uv_initialized, backup_eligible, authenticator_transports, public_key_credential_type, backup_state, attestation_object, attestation_client_data_json, created, last_used, label  FROM user_credentials WHERE credential_id = ? ";
    private static final String FIND_CREDENTIAL_RECORD_BY_USER_ID_SQL = "SELECT credential_id, user_entity_user_id, public_key, signature_count, uv_initialized, backup_eligible, authenticator_transports, public_key_credential_type, backup_state, attestation_object, attestation_client_data_json, created, last_used, label  FROM user_credentials WHERE user_entity_user_id = ? ";
    private static final String DELETE_CREDENTIAL_RECORD_SQL = "DELETE FROM user_credentials WHERE credential_id = ? ";
    private static final String UPDATE_CREDENTIAL_RECORD_SQL = "UPDATE user_credentials SET user_entity_user_id = ?, public_key = ?, signature_count = ?, uv_initialized = ?, backup_eligible = ? ,authenticator_transports = ?, public_key_credential_type = ?, backup_state = ?, attestation_object = ?, attestation_client_data_json = ?, created = ?, last_used = ?, label = ? WHERE credential_id = ? ";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository$BlobArgumentPreparedStatementSetter.class */
    public static final class BlobArgumentPreparedStatementSetter extends ArgumentPreparedStatementSetter {
        private final SetBytes setBytes;

        private BlobArgumentPreparedStatementSetter(SetBytes setBytes, Object[] objArr) {
            super(objArr);
            this.setBytes = setBytes;
        }

        protected void doSetValue(PreparedStatement preparedStatement, int i, Object obj) throws SQLException {
            if (obj instanceof SqlParameterValue) {
                SqlParameterValue sqlParameterValue = (SqlParameterValue) obj;
                if (sqlParameterValue.getSqlType() == 2004) {
                    if (sqlParameterValue.getValue() != null) {
                        Assert.isInstanceOf((Class<?>) byte[].class, sqlParameterValue.getValue(), "Value of blob parameter must be byte[]");
                    }
                    this.setBytes.setBytes(preparedStatement, i, (byte[]) sqlParameterValue.getValue());
                    return;
                }
            }
            super.doSetValue(preparedStatement, i, obj);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository$CredentialRecordParametersMapper.class */
    private static class CredentialRecordParametersMapper implements Function<CredentialRecord, List<SqlParameterValue>> {
        private CredentialRecordParametersMapper() {
        }

        @Override // java.util.function.Function
        public List<SqlParameterValue> apply(CredentialRecord credentialRecord) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (!CollectionUtils.isEmpty(credentialRecord.getTransports())) {
                Iterator<AuthenticatorTransport> it = credentialRecord.getTransports().iterator();
                while (it.hasNext()) {
                    arrayList2.add(it.next().getValue());
                }
            }
            arrayList.add(new SqlParameterValue(12, credentialRecord.getCredentialId().toBase64UrlString()));
            arrayList.add(new SqlParameterValue(12, credentialRecord.getUserEntityUserId().toBase64UrlString()));
            arrayList.add(new SqlParameterValue(2004, credentialRecord.getPublicKey().getBytes()));
            arrayList.add(new SqlParameterValue(-5, Long.valueOf(credentialRecord.getSignatureCount())));
            arrayList.add(new SqlParameterValue(16, Boolean.valueOf(credentialRecord.isUvInitialized())));
            arrayList.add(new SqlParameterValue(16, Boolean.valueOf(credentialRecord.isBackupEligible())));
            arrayList.add(new SqlParameterValue(12, !CollectionUtils.isEmpty(credentialRecord.getTransports()) ? String.join(",", arrayList2) : ""));
            arrayList.add(new SqlParameterValue(12, credentialRecord.getCredentialType() != null ? credentialRecord.getCredentialType().getValue() : null));
            arrayList.add(new SqlParameterValue(16, Boolean.valueOf(credentialRecord.isBackupState())));
            arrayList.add(new SqlParameterValue(2004, credentialRecord.getAttestationObject() != null ? credentialRecord.getAttestationObject().getBytes() : null));
            arrayList.add(new SqlParameterValue(2004, credentialRecord.getAttestationClientDataJSON() != null ? credentialRecord.getAttestationClientDataJSON().getBytes() : null));
            arrayList.add(new SqlParameterValue(93, fromInstant(credentialRecord.getCreated())));
            arrayList.add(new SqlParameterValue(93, fromInstant(credentialRecord.getLastUsed())));
            arrayList.add(new SqlParameterValue(12, credentialRecord.getLabel()));
            return arrayList;
        }

        private Timestamp fromInstant(Instant instant) {
            if (instant == null) {
                return null;
            }
            return Timestamp.from(instant);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository$CredentialRecordRowMapper.class */
    private static class CredentialRecordRowMapper implements RowMapper<CredentialRecord> {
        private final GetBytes getBytes;

        CredentialRecordRowMapper(GetBytes getBytes) {
            this.getBytes = getBytes;
        }

        /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
        public CredentialRecord m5385mapRow(ResultSet resultSet, int i) throws SQLException {
            Bytes fromBase64 = Bytes.fromBase64(new String(resultSet.getString("credential_id").getBytes()));
            Bytes fromBase642 = Bytes.fromBase64(new String(resultSet.getString("user_entity_user_id").getBytes()));
            ImmutablePublicKeyCose immutablePublicKeyCose = new ImmutablePublicKeyCose(this.getBytes.getBytes(resultSet, "public_key"));
            long j = resultSet.getLong("signature_count");
            boolean z = resultSet.getBoolean("uv_initialized");
            boolean z2 = resultSet.getBoolean("backup_eligible");
            PublicKeyCredentialType valueOf = PublicKeyCredentialType.valueOf(resultSet.getString("public_key_credential_type"));
            boolean z3 = resultSet.getBoolean("backup_state");
            byte[] bytes = this.getBytes.getBytes(resultSet, "attestation_object");
            Bytes bytes2 = bytes != null ? new Bytes(bytes) : null;
            byte[] bytes3 = this.getBytes.getBytes(resultSet, "attestation_client_data_json");
            Bytes bytes4 = bytes3 != null ? new Bytes(bytes3) : null;
            Instant fromTimestamp = fromTimestamp(resultSet.getTimestamp("created"));
            Instant fromTimestamp2 = fromTimestamp(resultSet.getTimestamp("last_used"));
            String string = resultSet.getString("label");
            String[] split = resultSet.getString("authenticator_transports").split(",");
            HashSet hashSet = new HashSet();
            for (String str : split) {
                hashSet.add(AuthenticatorTransport.valueOf(str));
            }
            return ImmutableCredentialRecord.builder().credentialId(fromBase64).userEntityUserId(fromBase642).publicKey(immutablePublicKeyCose).signatureCount(j).uvInitialized(z).backupEligible(z2).credentialType(valueOf).backupState(z3).attestationObject(bytes2).attestationClientDataJSON(bytes4).created(fromTimestamp).label(string).lastUsed(fromTimestamp2).transports(hashSet).build();
        }

        private Instant fromTimestamp(Timestamp timestamp) {
            if (timestamp == null) {
                return null;
            }
            return timestamp.toInstant();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository$GetBytes.class */
    public interface GetBytes {
        byte[] getBytes(ResultSet resultSet, String str) throws SQLException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.5.1.jar:org/springframework/security/web/webauthn/management/JdbcUserCredentialRepository$SetBytes.class */
    public interface SetBytes {
        void setBytes(PreparedStatement preparedStatement, int i, byte[] bArr) throws SQLException;
    }

    public JdbcUserCredentialRepository(JdbcOperations jdbcOperations) {
        Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
        this.jdbcOperations = jdbcOperations;
    }

    @Override // org.springframework.security.web.webauthn.management.UserCredentialRepository
    public void delete(Bytes bytes) {
        Assert.notNull(bytes, "credentialId cannot be null");
        this.jdbcOperations.update(DELETE_CREDENTIAL_RECORD_SQL, new ArgumentPreparedStatementSetter(new SqlParameterValue[]{new SqlParameterValue(12, bytes.toBase64UrlString())}));
    }

    @Override // org.springframework.security.web.webauthn.management.UserCredentialRepository
    public void save(CredentialRecord credentialRecord) {
        Assert.notNull(credentialRecord, "record cannot be null");
        if (updateCredentialRecord(credentialRecord) == 0) {
            insertCredentialRecord(credentialRecord);
        }
    }

    private void insertCredentialRecord(CredentialRecord credentialRecord) {
        this.jdbcOperations.update(SAVE_CREDENTIAL_RECORD_SQL, new BlobArgumentPreparedStatementSetter(this.setBytes, this.credentialRecordParametersMapper.apply(credentialRecord).toArray()));
    }

    private int updateCredentialRecord(CredentialRecord credentialRecord) {
        List<SqlParameterValue> apply = this.credentialRecordParametersMapper.apply(credentialRecord);
        apply.add(apply.remove(0));
        return this.jdbcOperations.update(UPDATE_CREDENTIAL_RECORD_SQL, new BlobArgumentPreparedStatementSetter(this.setBytes, apply.toArray()));
    }

    @Override // org.springframework.security.web.webauthn.management.UserCredentialRepository
    public CredentialRecord findByCredentialId(Bytes bytes) {
        Assert.notNull(bytes, "credentialId cannot be null");
        List query = this.jdbcOperations.query(FIND_CREDENTIAL_RECORD_BY_ID_SQL, this.credentialRecordRowMapper, new Object[]{bytes.toBase64UrlString()});
        if (query.isEmpty()) {
            return null;
        }
        return (CredentialRecord) query.get(0);
    }

    @Override // org.springframework.security.web.webauthn.management.UserCredentialRepository
    public List<CredentialRecord> findByUserId(Bytes bytes) {
        Assert.notNull(bytes, "userId cannot be null");
        return this.jdbcOperations.query(FIND_CREDENTIAL_RECORD_BY_USER_ID_SQL, this.credentialRecordRowMapper, new Object[]{bytes.toBase64UrlString()});
    }

    @Deprecated(since = "6.5", forRemoval = true)
    public void setLobHandler(LobHandler lobHandler) {
        Assert.notNull(lobHandler, "lobHandler cannot be null");
        this.setBytes = (preparedStatement, i, bArr) -> {
            LobCreator lobCreator = lobHandler.getLobCreator();
            try {
                lobCreator.setBlobAsBytes(preparedStatement, i, bArr);
                if (lobCreator != null) {
                    lobCreator.close();
                }
            } catch (Throwable th) {
                if (lobCreator != null) {
                    try {
                        lobCreator.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        };
        Objects.requireNonNull(lobHandler);
        this.credentialRecordRowMapper = new CredentialRecordRowMapper(lobHandler::getBlobAsBytes);
    }
}
