package org.springframework.security.oauth2.client;

import java.nio.charset.StandardCharsets;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import org.codehaus.groovy.syntax.Types;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlParameterValue;
import org.springframework.jdbc.support.lob.DefaultLobHandler;
import org.springframework.jdbc.support.lob.LobCreator;
import org.springframework.jdbc.support.lob.LobHandler;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.1.jar:org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService.class */
public class JdbcOAuth2AuthorizedClientService implements OAuth2AuthorizedClientService {
    private static final String COLUMN_NAMES = "client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at";
    private static final String TABLE_NAME = "oauth2_authorized_client";
    private static final String PK_FILTER = "client_registration_id = ? AND principal_name = ?";
    private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at FROM oauth2_authorized_client WHERE client_registration_id = ? AND principal_name = ?";
    private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO oauth2_authorized_client (client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)";
    private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM oauth2_authorized_client WHERE client_registration_id = ? AND principal_name = ?";
    private static final String UPDATE_AUTHORIZED_CLIENT_SQL = "UPDATE oauth2_authorized_client SET access_token_type = ?, access_token_value = ?, access_token_issued_at = ?, access_token_expires_at = ?, access_token_scopes = ?, refresh_token_value = ?, refresh_token_issued_at = ? WHERE client_registration_id = ? AND principal_name = ?";
    protected final JdbcOperations jdbcOperations;
    protected RowMapper<OAuth2AuthorizedClient> authorizedClientRowMapper;
    protected Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> authorizedClientParametersMapper;
    protected final LobHandler lobHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.1.jar:org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService$LobCreatorArgumentPreparedStatementSetter.class */
    public static final class LobCreatorArgumentPreparedStatementSetter extends ArgumentPreparedStatementSetter {
        protected final LobCreator lobCreator;

        private LobCreatorArgumentPreparedStatementSetter(LobCreator lobCreator, Object[] objArr) {
            super(objArr);
            this.lobCreator = lobCreator;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.springframework.jdbc.core.ArgumentPreparedStatementSetter
        public void doSetValue(PreparedStatement preparedStatement, int i, Object obj) throws SQLException {
            if (obj instanceof SqlParameterValue) {
                SqlParameterValue sqlParameterValue = (SqlParameterValue) obj;
                if (sqlParameterValue.getSqlType() == 2004) {
                    if (sqlParameterValue.getValue() != null) {
                        Assert.isInstanceOf((Class<?>) byte[].class, sqlParameterValue.getValue(), "Value of blob parameter must be byte[]");
                    }
                    this.lobCreator.setBlobAsBytes(preparedStatement, i, (byte[]) sqlParameterValue.getValue());
                    return;
                }
            }
            super.doSetValue(preparedStatement, i, obj);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.1.jar:org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService$OAuth2AuthorizedClientHolder.class */
    public static final class OAuth2AuthorizedClientHolder {
        private final OAuth2AuthorizedClient authorizedClient;
        private final Authentication principal;

        public OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
            Assert.notNull(oAuth2AuthorizedClient, "authorizedClient cannot be null");
            Assert.notNull(authentication, "principal cannot be null");
            this.authorizedClient = oAuth2AuthorizedClient;
            this.principal = authentication;
        }

        public OAuth2AuthorizedClient getAuthorizedClient() {
            return this.authorizedClient;
        }

        public Authentication getPrincipal() {
            return this.principal;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.1.jar:org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService$OAuth2AuthorizedClientParametersMapper.class */
    public static class OAuth2AuthorizedClientParametersMapper implements Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> {
        @Override // java.util.function.Function
        public List<SqlParameterValue> apply(OAuth2AuthorizedClientHolder oAuth2AuthorizedClientHolder) {
            OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizedClientHolder.getAuthorizedClient();
            Authentication principal = oAuth2AuthorizedClientHolder.getPrincipal();
            ClientRegistration clientRegistration = authorizedClient.getClientRegistration();
            OAuth2AccessToken accessToken = authorizedClient.getAccessToken();
            OAuth2RefreshToken refreshToken = authorizedClient.getRefreshToken();
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SqlParameterValue(12, clientRegistration.getRegistrationId()));
            arrayList.add(new SqlParameterValue(12, principal.getName()));
            arrayList.add(new SqlParameterValue(12, accessToken.getTokenType().getValue()));
            arrayList.add(new SqlParameterValue(Types.SWITCH_BLOCK_TERMINATORS, accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8)));
            arrayList.add(new SqlParameterValue(93, Timestamp.from(accessToken.getIssuedAt())));
            arrayList.add(new SqlParameterValue(93, Timestamp.from(accessToken.getExpiresAt())));
            String str = null;
            if (!CollectionUtils.isEmpty(accessToken.getScopes())) {
                str = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ",");
            }
            arrayList.add(new SqlParameterValue(12, str));
            byte[] bArr = null;
            Timestamp timestamp = null;
            if (refreshToken != null) {
                bArr = refreshToken.getTokenValue().getBytes(StandardCharsets.UTF_8);
                if (refreshToken.getIssuedAt() != null) {
                    timestamp = Timestamp.from(refreshToken.getIssuedAt());
                }
            }
            arrayList.add(new SqlParameterValue(Types.SWITCH_BLOCK_TERMINATORS, bArr));
            arrayList.add(new SqlParameterValue(93, timestamp));
            return arrayList;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.1.jar:org/springframework/security/oauth2/client/JdbcOAuth2AuthorizedClientService$OAuth2AuthorizedClientRowMapper.class */
    public static class OAuth2AuthorizedClientRowMapper implements RowMapper<OAuth2AuthorizedClient> {
        protected final ClientRegistrationRepository clientRegistrationRepository;
        protected LobHandler lobHandler = new DefaultLobHandler();

        public OAuth2AuthorizedClientRowMapper(ClientRegistrationRepository clientRegistrationRepository) {
            Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
            this.clientRegistrationRepository = clientRegistrationRepository;
        }

        public final void setLobHandler(LobHandler lobHandler) {
            Assert.notNull(lobHandler, "lobHandler cannot be null");
            this.lobHandler = lobHandler;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.jdbc.core.RowMapper
        public OAuth2AuthorizedClient mapRow(ResultSet resultSet, int i) throws SQLException {
            String string = resultSet.getString("client_registration_id");
            ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(string);
            if (findByRegistrationId == null) {
                throw new DataRetrievalFailureException("The ClientRegistration with id '" + string + "' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
            }
            OAuth2AccessToken.TokenType tokenType = null;
            if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(resultSet.getString("access_token_type"))) {
                tokenType = OAuth2AccessToken.TokenType.BEARER;
            }
            String str = new String(this.lobHandler.getBlobAsBytes(resultSet, "access_token_value"), StandardCharsets.UTF_8);
            Instant instant = resultSet.getTimestamp("access_token_issued_at").toInstant();
            Instant instant2 = resultSet.getTimestamp("access_token_expires_at").toInstant();
            Set<String> emptySet = Collections.emptySet();
            String string2 = resultSet.getString("access_token_scopes");
            if (string2 != null) {
                emptySet = StringUtils.commaDelimitedListToSet(string2);
            }
            OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(tokenType, str, instant, instant2, emptySet);
            OAuth2RefreshToken oAuth2RefreshToken = null;
            byte[] blobAsBytes = this.lobHandler.getBlobAsBytes(resultSet, "refresh_token_value");
            if (blobAsBytes != null) {
                String str2 = new String(blobAsBytes, StandardCharsets.UTF_8);
                Instant instant3 = null;
                Timestamp timestamp = resultSet.getTimestamp("refresh_token_issued_at");
                if (timestamp != null) {
                    instant3 = timestamp.toInstant();
                }
                oAuth2RefreshToken = new OAuth2RefreshToken(str2, instant3);
            }
            return new OAuth2AuthorizedClient(findByRegistrationId, resultSet.getString("principal_name"), oAuth2AccessToken, oAuth2RefreshToken);
        }
    }

    public JdbcOAuth2AuthorizedClientService(JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository) {
        this(jdbcOperations, clientRegistrationRepository, new DefaultLobHandler());
    }

    public JdbcOAuth2AuthorizedClientService(JdbcOperations jdbcOperations, ClientRegistrationRepository clientRegistrationRepository, LobHandler lobHandler) {
        Assert.notNull(jdbcOperations, "jdbcOperations cannot be null");
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(lobHandler, "lobHandler cannot be null");
        this.jdbcOperations = jdbcOperations;
        this.lobHandler = lobHandler;
        OAuth2AuthorizedClientRowMapper oAuth2AuthorizedClientRowMapper = new OAuth2AuthorizedClientRowMapper(clientRegistrationRepository);
        oAuth2AuthorizedClientRowMapper.setLobHandler(lobHandler);
        this.authorizedClientRowMapper = oAuth2AuthorizedClientRowMapper;
        this.authorizedClientParametersMapper = new OAuth2AuthorizedClientParametersMapper();
    }

    @Override // org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
    public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String str, String str2) {
        Assert.hasText(str, "clientRegistrationId cannot be empty");
        Assert.hasText(str2, "principalName cannot be empty");
        List query = this.jdbcOperations.query(LOAD_AUTHORIZED_CLIENT_SQL, new ArgumentPreparedStatementSetter(new SqlParameterValue[]{new SqlParameterValue(12, str), new SqlParameterValue(12, str2)}), this.authorizedClientRowMapper);
        if (query.isEmpty()) {
            return null;
        }
        return (T) query.get(0);
    }

    @Override // org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
    public void saveAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        Assert.notNull(oAuth2AuthorizedClient, "authorizedClient cannot be null");
        Assert.notNull(authentication, "principal cannot be null");
        if (null != loadAuthorizedClient(oAuth2AuthorizedClient.getClientRegistration().getRegistrationId(), authentication.getName())) {
            updateAuthorizedClient(oAuth2AuthorizedClient, authentication);
            return;
        }
        try {
            insertAuthorizedClient(oAuth2AuthorizedClient, authentication);
        } catch (DuplicateKeyException e) {
            updateAuthorizedClient(oAuth2AuthorizedClient, authentication);
        }
    }

    private void updateAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        List<SqlParameterValue> apply = this.authorizedClientParametersMapper.apply(new OAuth2AuthorizedClientHolder(oAuth2AuthorizedClient, authentication));
        SqlParameterValue remove = apply.remove(0);
        SqlParameterValue remove2 = apply.remove(0);
        apply.add(remove);
        apply.add(remove2);
        LobCreator lobCreator = this.lobHandler.getLobCreator();
        try {
            this.jdbcOperations.update(UPDATE_AUTHORIZED_CLIENT_SQL, new LobCreatorArgumentPreparedStatementSetter(lobCreator, apply.toArray()));
            if (lobCreator != null) {
                lobCreator.close();
            }
        } catch (Throwable th) {
            if (lobCreator != null) {
                try {
                    lobCreator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void insertAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        List<SqlParameterValue> apply = this.authorizedClientParametersMapper.apply(new OAuth2AuthorizedClientHolder(oAuth2AuthorizedClient, authentication));
        LobCreator lobCreator = this.lobHandler.getLobCreator();
        try {
            this.jdbcOperations.update(SAVE_AUTHORIZED_CLIENT_SQL, new LobCreatorArgumentPreparedStatementSetter(lobCreator, apply.toArray()));
            if (lobCreator != null) {
                lobCreator.close();
            }
        } catch (Throwable th) {
            if (lobCreator != null) {
                try {
                    lobCreator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // org.springframework.security.oauth2.client.OAuth2AuthorizedClientService
    public void removeAuthorizedClient(String str, String str2) {
        Assert.hasText(str, "clientRegistrationId cannot be empty");
        Assert.hasText(str2, "principalName cannot be empty");
        this.jdbcOperations.update(REMOVE_AUTHORIZED_CLIENT_SQL, new ArgumentPreparedStatementSetter(new SqlParameterValue[]{new SqlParameterValue(12, str), new SqlParameterValue(12, str2)}));
    }

    public final void setAuthorizedClientRowMapper(RowMapper<OAuth2AuthorizedClient> rowMapper) {
        Assert.notNull(rowMapper, "authorizedClientRowMapper cannot be null");
        this.authorizedClientRowMapper = rowMapper;
    }

    public final void setAuthorizedClientParametersMapper(Function<OAuth2AuthorizedClientHolder, List<SqlParameterValue>> function) {
        Assert.notNull(function, "authorizedClientParametersMapper cannot be null");
        this.authorizedClientParametersMapper = function;
    }
}
