package org.apache.cxf.rs.security.oauth2.provider;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.rt.security.crypto.KeyProperties;

/* loaded from: input_file:lib/cxf-rt-rs-security-oauth2-3.1.8.jar:org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.class */
public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider {
    protected SecretKey key;
    private Set<String> tokens;
    private Set<String> refreshTokens;
    private ConcurrentHashMap<String, String> clientsMap;

    public DefaultEncryptingOAuthDataProvider(String str, int i) {
        this(new KeyProperties(str, i));
    }

    public DefaultEncryptingOAuthDataProvider(KeyProperties keyProperties) {
        this(CryptoUtils.getSecretKey(keyProperties));
    }

    public DefaultEncryptingOAuthDataProvider(SecretKey secretKey) {
        this.tokens = Collections.synchronizedSet(new HashSet());
        this.refreshTokens = Collections.synchronizedSet(new HashSet());
        this.clientsMap = new ConcurrentHashMap<>();
        this.key = secretKey;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider, org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public Client getClient(String str) throws OAuthServiceException {
        return ModelEncryptionSupport.decryptClient(this.clientsMap.get(str), this.key);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public void setClient(Client client) {
        this.clientsMap.put(client.getClientId(), ModelEncryptionSupport.encryptClient(client, this.key));
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    public void doRemoveClient(Client client) {
        this.clientsMap.remove(client.getClientId());
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public List<Client> getClients(UserSubject userSubject) {
        ArrayList arrayList = new ArrayList(this.clientsMap.size());
        Iterator it = this.clientsMap.keySet().iterator();
        while (it.hasNext()) {
            Client client = getClient((String) it.next());
            if (isClientMatched(client, userSubject)) {
                arrayList.add(client);
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject userSubject) {
        ArrayList arrayList = new ArrayList(this.tokens.size());
        Iterator<String> it = this.tokens.iterator();
        while (it.hasNext()) {
            ServerAccessToken accessToken = getAccessToken(it.next());
            if (isTokenMatched(accessToken, client, userSubject)) {
                arrayList.add(accessToken);
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<RefreshToken> getRefreshTokens(Client client, UserSubject userSubject) {
        ArrayList arrayList = new ArrayList(this.refreshTokens.size());
        Iterator<String> it = this.refreshTokens.iterator();
        while (it.hasNext()) {
            RefreshToken refreshToken = getRefreshToken(it.next());
            if (isTokenMatched(refreshToken, client, userSubject)) {
                arrayList.add(refreshToken);
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getAccessToken(String str) throws OAuthServiceException {
        try {
            return ModelEncryptionSupport.decryptAccessToken(this, str, this.key);
        } catch (SecurityException e) {
            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED, e);
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveAccessToken(ServerAccessToken serverAccessToken) {
        encryptAccessToken(serverAccessToken);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeAccessToken(ServerAccessToken serverAccessToken) {
        this.tokens.remove(serverAccessToken.getTokenKey());
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void saveRefreshToken(RefreshToken refreshToken) {
        String encryptRefreshToken = ModelEncryptionSupport.encryptRefreshToken(refreshToken, this.key);
        refreshToken.setTokenKey(encryptRefreshToken);
        this.refreshTokens.add(encryptRefreshToken);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected void doRevokeRefreshToken(RefreshToken refreshToken) {
        this.refreshTokens.remove(refreshToken.getTokenKey());
    }

    private void encryptAccessToken(ServerAccessToken serverAccessToken) {
        String encryptAccessToken = ModelEncryptionSupport.encryptAccessToken(serverAccessToken, this.key);
        this.tokens.add(encryptAccessToken);
        serverAccessToken.setTokenKey(encryptAccessToken);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider
    protected RefreshToken getRefreshToken(String str) {
        try {
            return ModelEncryptionSupport.decryptRefreshToken(this, str, this.key);
        } catch (SecurityException e) {
            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED, e);
        }
    }
}
