package org.apache.cxf.rs.security.oauth2.provider;

import jakarta.persistence.EntityManager;
import jakarta.persistence.EntityManagerFactory;
import jakarta.persistence.EntityTransaction;
import jakarta.persistence.TypedQuery;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;

/* loaded from: input_file:lib/cxf-shade-9.1.0.jar:org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.class */
public class JPAOAuthDataProvider extends AbstractOAuthDataProvider {
    private static final String CLIENT_QUERY = "SELECT client FROM Client client INNER JOIN client.resourceOwnerSubject ros";
    private EntityManagerFactory entityManagerFactory;

    /* loaded from: input_file:lib/cxf-shade-9.1.0.jar:org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider$EntityManagerOperation.class */
    public interface EntityManagerOperation<T> extends Function<EntityManager, T> {
    }

    public void setEntityManagerFactory(EntityManagerFactory entityManagerFactory) {
        this.entityManagerFactory = entityManagerFactory;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public Client doGetClient(String str) throws OAuthServiceException {
        return (Client) execute(entityManager -> {
            return (Client) entityManager.find(Client.class, str);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T execute(EntityManagerOperation<T> entityManagerOperation) {
        EntityManager entityManager = getEntityManager();
        try {
            T apply = entityManagerOperation.apply(entityManager);
            closeIfNeeded(entityManager);
            return apply;
        } catch (Throwable th) {
            closeIfNeeded(entityManager);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T executeInTransaction(EntityManagerOperation<T> entityManagerOperation) {
        EntityManager entityManager = getEntityManager();
        EntityTransaction entityTransaction = null;
        try {
            try {
                entityTransaction = beginIfNeeded(entityManager);
                T apply = entityManagerOperation.apply(entityManager);
                flushIfNeeded(entityManager);
                commitIfNeeded(entityManager);
                closeIfNeeded(entityManager);
                return apply;
            } catch (RuntimeException e) {
                if (entityTransaction != null) {
                    entityTransaction.rollback();
                }
                throw e;
            }
        } catch (Throwable th) {
            closeIfNeeded(entityManager);
            throw th;
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public void setClient(Client client) {
        executeInTransaction(entityManager -> {
            if (client.getResourceOwnerSubject() != null) {
                UserSubject userSubject = (UserSubject) entityManager.find(UserSubject.class, client.getResourceOwnerSubject().getId());
                if (userSubject == null) {
                    entityManager.persist(client.getResourceOwnerSubject());
                } else {
                    client.setResourceOwnerSubject(userSubject);
                }
            }
            if (((Long) entityManager.createQuery("SELECT count(client) from Client client where client.clientId = :id", Long.class).setParameter("id", (Object) client.getClientId()).getSingleResult()).longValue() > 0) {
                entityManager.merge(client);
                return null;
            }
            entityManager.persist(client);
            return null;
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRemoveClient(Client client) {
        executeInTransaction(entityManager -> {
            entityManager.remove((Client) entityManager.getReference(Client.class, client.getClientId()));
            return null;
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public List<Client> getClients(UserSubject userSubject) {
        return (List) execute(entityManager -> {
            return getClientsQuery(userSubject, entityManager).getResultList();
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject userSubject) {
        return (List) execute(entityManager -> {
            return CastUtils.cast((List<?>) getTokensQuery(client, userSubject, entityManager).getResultList());
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<RefreshToken> getRefreshTokens(Client client, UserSubject userSubject) {
        return (List) execute(entityManager -> {
            return getRefreshTokensQuery(client, userSubject, entityManager).getResultList();
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getAccessToken(String str) throws OAuthServiceException {
        return (ServerAccessToken) execute(entityManager -> {
            TypedQuery parameter = entityManager.createQuery("SELECT t FROM BearerAccessToken t WHERE t.tokenKey = :tokenKey", BearerAccessToken.class).setParameter("tokenKey", (Object) str);
            if (parameter.getResultList().isEmpty()) {
                return null;
            }
            return (BearerAccessToken) parameter.getSingleResult();
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeAccessToken(ServerAccessToken serverAccessToken) {
        executeInTransaction(entityManager -> {
            entityManager.remove((ServerAccessToken) entityManager.getReference(serverAccessToken.getClass(), serverAccessToken.getTokenKey()));
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public void linkRefreshTokenToAccessToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        super.linkRefreshTokenToAccessToken(refreshToken, serverAccessToken);
        executeInTransaction(entityManager -> {
            entityManager.merge(serverAccessToken);
            return null;
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected RefreshToken getRefreshToken(String str) {
        return (RefreshToken) execute(entityManager -> {
            return (RefreshToken) entityManager.find(RefreshToken.class, str);
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeRefreshToken(RefreshToken refreshToken) {
        executeInTransaction(entityManager -> {
            entityManager.remove((RefreshToken) entityManager.getReference(RefreshToken.class, refreshToken.getTokenKey()));
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public ServerAccessToken doCreateAccessToken(AccessTokenRegistration accessTokenRegistration) {
        ServerAccessToken doCreateAccessToken = super.doCreateAccessToken(accessTokenRegistration);
        if (doCreateAccessToken.getAudiences() != null) {
            doCreateAccessToken.setAudiences(new ArrayList(doCreateAccessToken.getAudiences()));
        }
        if (doCreateAccessToken.getExtraProperties() != null) {
            doCreateAccessToken.setExtraProperties(new HashMap(doCreateAccessToken.getExtraProperties()));
        }
        if (doCreateAccessToken.getScopes() != null) {
            doCreateAccessToken.setScopes(new ArrayList(doCreateAccessToken.getScopes()));
        }
        if (doCreateAccessToken.getParameters() != null) {
            doCreateAccessToken.setParameters(new HashMap(doCreateAccessToken.getParameters()));
        }
        return doCreateAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveAccessToken(ServerAccessToken serverAccessToken) {
        executeInTransaction(entityManager -> {
            LinkedList linkedList = new LinkedList();
            for (OAuthPermission oAuthPermission : serverAccessToken.getScopes()) {
                OAuthPermission oAuthPermission2 = (OAuthPermission) entityManager.find(OAuthPermission.class, oAuthPermission.getPermission());
                if (oAuthPermission2 != null) {
                    linkedList.add(oAuthPermission2);
                } else {
                    entityManager.persist(oAuthPermission);
                    linkedList.add(oAuthPermission);
                }
            }
            serverAccessToken.setScopes(linkedList);
            if (serverAccessToken.getSubject() != null) {
                if (((UserSubject) entityManager.find(UserSubject.class, serverAccessToken.getSubject().getId())) == null) {
                    entityManager.persist(serverAccessToken.getSubject());
                } else {
                    serverAccessToken.setSubject((UserSubject) entityManager.merge(serverAccessToken.getSubject()));
                }
            }
            if (serverAccessToken.getClient() != null) {
                serverAccessToken.setClient((Client) entityManager.find(Client.class, serverAccessToken.getClient().getClientId()));
            }
            entityManager.persist(serverAccessToken);
            return null;
        });
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveRefreshToken(RefreshToken refreshToken) {
        persistEntity(refreshToken);
    }

    protected void persistEntity(Object obj) {
        executeInTransaction(entityManager -> {
            entityManager.persist(obj);
            return null;
        });
    }

    protected void removeEntity(Object obj) {
        executeInTransaction(entityManager -> {
            entityManager.remove(obj);
            return null;
        });
    }

    protected TypedQuery<Client> getClientsQuery(UserSubject userSubject, EntityManager entityManager) {
        return userSubject == null ? entityManager.createQuery(CLIENT_QUERY, Client.class) : entityManager.createQuery("SELECT client FROM Client client INNER JOIN client.resourceOwnerSubject ros WHERE ros.login = :login", Client.class).setParameter("login", (Object) userSubject.getLogin());
    }

    protected TypedQuery<BearerAccessToken> getTokensQuery(Client client, UserSubject userSubject, EntityManager entityManager) {
        return getQuery("BearerAccessToken", client, userSubject, entityManager, BearerAccessToken.class);
    }

    protected TypedQuery<RefreshToken> getRefreshTokensQuery(Client client, UserSubject userSubject, EntityManager entityManager) {
        return getQuery("RefreshToken", client, userSubject, entityManager, RefreshToken.class);
    }

    private static <T> TypedQuery<T> getQuery(String str, Client client, UserSubject userSubject, EntityManager entityManager, Class<T> cls) {
        StringBuilder append = new StringBuilder("SELECT t FROM ").append(str).append(" t");
        HashMap hashMap = new HashMap();
        if (client != null || userSubject != null) {
            append.append(" WHERE");
            if (client != null) {
                append.append(" t.client.clientId = :clientId");
                hashMap.put("clientId", client.getClientId());
            }
            if (userSubject != null) {
                if (!hashMap.isEmpty()) {
                    append.append(" AND");
                }
                append.append(" t.subject.login = :login");
                hashMap.put("login", userSubject.getLogin());
            }
        }
        TypedQuery<T> createQuery = entityManager.createQuery(append.toString(), cls);
        for (Map.Entry entry : hashMap.entrySet()) {
            createQuery.setParameter((String) entry.getKey(), entry.getValue());
        }
        return createQuery;
    }

    protected EntityManager getEntityManager() {
        return this.entityManagerFactory.createEntityManager();
    }

    protected EntityTransaction beginIfNeeded(EntityManager entityManager) {
        EntityTransaction transaction = entityManager.getTransaction();
        transaction.begin();
        return transaction;
    }

    protected void flushIfNeeded(EntityManager entityManager) {
        entityManager.flush();
    }

    protected void commitIfNeeded(EntityManager entityManager) {
        entityManager.getTransaction().commit();
    }

    protected void closeIfNeeded(EntityManager entityManager) {
        entityManager.close();
    }
}
