package com.appiancorp.oauth.inbound.authserver.persistence.service;

import com.appiancorp.oauth.inbound.authserver.AuthzServerUtils;
import com.appiancorp.oauth.inbound.authserver.GrantedAuthorization;
import com.appiancorp.oauth.inbound.authserver.clients.pm.ProcessMiningFrontEndClientConfig;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthEncryptionException;
import com.appiancorp.oauth.inbound.authserver.persistence.entities.TokenFamilyBuilder;
import com.appiancorp.oauth.inbound.authserver.persistence.entities.TokenFamilyEntity;
import com.appiancorp.oauth.inbound.authserver.persistence.entities.TokenFamilyEntityDao;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenFamily;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenFamilyEncryptionService;
import com.appiancorp.oauth.inbound.authserver.tokens.TokenFamilyEntityService;
import java.net.URI;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.transaction.Transactional;
import org.hibernate.exception.ConstraintViolationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/authserver/persistence/service/TokenFamilyEntityServiceImpl.class */
public class TokenFamilyEntityServiceImpl implements TokenFamilyEntityService {
    private static final Logger LOG = LoggerFactory.getLogger(TokenFamilyEntityServiceImpl.class);
    private final TokenFamilyEntityDao tokenFamilyEntityDao;
    private final TokenFamilyEncryptionService encryptionService;
    private final ProcessMiningFrontEndClientConfig processMiningFrontEndClientConfig;

    public TokenFamilyEntityServiceImpl(TokenFamilyEntityDao tokenFamilyEntityDao, TokenFamilyEncryptionService tokenFamilyEncryptionService, ProcessMiningFrontEndClientConfig processMiningFrontEndClientConfig) {
        this.tokenFamilyEntityDao = tokenFamilyEntityDao;
        this.encryptionService = tokenFamilyEncryptionService;
        this.processMiningFrontEndClientConfig = processMiningFrontEndClientConfig;
    }

    public Optional<TokenFamily> getTokenFamilyById(String str) throws OAuthEncryptionException {
        return getTokenFamilyWithDecryption(this.tokenFamilyEntityDao.getTokenFamilyById(str));
    }

    public Optional<TokenFamily> getTokenFamilyByAuthCode(String str) throws OAuthEncryptionException {
        return getTokenFamilyWithDecryption(this.tokenFamilyEntityDao.getTokenFamilyByAuthCodeHash(AuthzServerUtils.getAuthCodeHash(str)));
    }

    public Optional<TokenFamily> getTokenFamilyByRefreshTokenId(String str) throws OAuthEncryptionException {
        return getTokenFamilyWithDecryption(this.tokenFamilyEntityDao.getTokenFamilyByRefreshTokenId(str));
    }

    public String delete(String str) {
        LOG.debug("Deleting token family of id: {}", str);
        this.tokenFamilyEntityDao.delete(str);
        return str;
    }

    public String createTokenFamilyFromGrantedAuthorization(GrantedAuthorization grantedAuthorization, String str, String str2) throws OAuthEncryptionException {
        String encryptValue = this.encryptionService.encryptValue((String) grantedAuthorization.getSessionId().get());
        try {
            long expirationTsInMillis = getExpirationTsInMillis(this.processMiningFrontEndClientConfig.getAuthCodeExpirationInSecs());
            String authCodeHash = AuthzServerUtils.getAuthCodeHash(str);
            TokenFamily build = TokenFamilyBuilder.anOAuthInboundTokenFamily().withId(str2).withAuthCodeHash(authCodeHash).withAuthCodeExpirationTs(expirationTsInMillis).withSessionId(encryptValue).withUserUuid(grantedAuthorization.getUserUuid()).withCodeChallenge((String) grantedAuthorization.getCodeChallenge().get()).withRedirectUri(((URI) grantedAuthorization.getRedirectURI().get()).toString()).withRefreshTokenExpirationTs(expirationTsInMillis).build();
            LOG.debug("Added a new token family of id {} for auth code hash {}.", str2, authCodeHash);
            this.tokenFamilyEntityDao.create((TokenFamilyEntity) build);
            return str;
        } catch (ConstraintViolationException e) {
            LOG.error("Found a previous entry for token family ID {}.", str2);
            throw new IllegalStateException((Throwable) e);
        }
    }

    public long updateWithRefreshTokenId(TokenFamily tokenFamily, String str) throws OAuthEncryptionException {
        TokenFamily copy = tokenFamily.copy();
        long expirationTsInMillis = getExpirationTsInMillis(this.processMiningFrontEndClientConfig.getRefreshTokenExpirationInSecs());
        ((TokenFamilyEntity) copy).setSessionId(this.encryptionService.encryptValue(copy.getSessionId()));
        ((TokenFamilyEntity) copy).setAuthCodeUsed(true);
        ((TokenFamilyEntity) copy).setRefreshTokenId(str);
        ((TokenFamilyEntity) copy).setRefreshTokenExpirationTs(Long.valueOf(expirationTsInMillis));
        this.tokenFamilyEntityDao.update((TokenFamilyEntity) copy);
        LOG.debug("Updated refresh token id {} in token family of id {} for user uuid {}.", str, copy.getRefreshTokenId());
        return expirationTsInMillis;
    }

    @Transactional
    public void removeExpiredTokenFamilies() {
        Set set = (Set) this.tokenFamilyEntityDao.getAllExpiredBeforeTsInMillis(Long.valueOf(System.currentTimeMillis() - TimeUnit.MINUTES.toMillis(this.processMiningFrontEndClientConfig.getTokenFamilyMaintenanceWindowCadenceInMins()))).stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
        LOG.debug("Removing expired token families: {}", set);
        this.tokenFamilyEntityDao.delete(set);
    }

    private Optional<TokenFamily> getTokenFamilyWithDecryption(Optional<TokenFamilyEntity> optional) throws OAuthEncryptionException {
        if (!optional.isPresent()) {
            return Optional.empty();
        }
        TokenFamilyEntity tokenFamilyEntity = optional.get();
        tokenFamilyEntity.setSessionId(this.encryptionService.decryptValue(tokenFamilyEntity.getSessionId()));
        return Optional.of(tokenFamilyEntity);
    }

    private long getExpirationTsInMillis(long j) {
        return System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(j);
    }
}
