package org.genesys.blocks.oauth.service;

import java.net.URL;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.persistence.EntityNotFoundException;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.genesys.blocks.oauth.model.OAuthClient;
import org.genesys.blocks.oauth.model.OAuthRole;
import org.genesys.blocks.oauth.model.QOAuthClient;
import org.genesys.blocks.oauth.persistence.OAuthClientRepository;
import org.genesys.blocks.security.service.impl.CustomAclServiceImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.data.domain.Sort;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.NoSuchClientException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@Service
/* loaded from: input_file:org/genesys/blocks/oauth/service/OAuthServiceImpl.class */
public class OAuthServiceImpl implements OAuthClientDetailsService, InitializingBean {
    private static final Logger LOG;

    @Value("${base.url:#{null}}")
    private String baseUrl;

    @Value("${oauth.clientId.suffix:#{null}}")
    private String clientIdSuffix;

    @Autowired
    private OAuthClientRepository oauthClientRepository;

    @Autowired
    public PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private CacheManager cacheManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void afterPropertiesSet() throws Exception {
        if (StringUtils.isEmpty(this.clientIdSuffix)) {
            if (StringUtils.isNotEmpty(this.baseUrl)) {
                this.clientIdSuffix = new URL(this.baseUrl).getHost();
            } else {
                this.clientIdSuffix = "localhost";
            }
        }
    }

    @Cacheable(cacheNames = {"oauthclient"}, key = "#clientId", unless = "#result == null")
    public ClientDetails loadClientByClientId(String str) throws ClientRegistrationException {
        OAuthClient client = getClient(str);
        if (client == null) {
            throw new NoSuchClientException(str);
        }
        client.getRoles().remove(OAuthRole.EVERYONE);
        client.setRuntimeAuthorities(OAuthRole.EVERYONE);
        return client;
    }

    private OAuthClient lazyLoad(OAuthClient oAuthClient) {
        if (oAuthClient != null) {
            oAuthClient.getRoles().size();
        }
        return oAuthClient;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public List<OAuthClient> listClientDetails() {
        return this.oauthClientRepository.findAll(Sort.by(new String[]{"clientId"}));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public Page<OAuthClient> listClientDetails(Pageable pageable) {
        return this.oauthClientRepository.findAll(pageable);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public OAuthClient getClient(String str) {
        OAuthClient findByClientId = this.oauthClientRepository.findByClientId(str);
        if (findByClientId != null) {
            findByClientId.getRoles().size();
        }
        return findByClientId;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @CacheEvict(cacheNames = {"oauthclient"}, key = "#client.clientId", condition = "#client != null")
    public OAuthClient removeClient(OAuthClient oAuthClient) {
        this.oauthClientRepository.delete(oAuthClient);
        return oAuthClient;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    public OAuthClient addClient(OAuthClient oAuthClient) {
        String str = RandomStringUtils.randomAlphanumeric(5).toLowerCase() + "." + RandomStringUtils.randomAlphanumeric(20).toLowerCase() + "@" + this.clientIdSuffix;
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(32);
        OAuthClient oAuthClient2 = new OAuthClient();
        oAuthClient2.apply(oAuthClient);
        oAuthClient2.setClientId(str);
        oAuthClient2.setClientSecret(this.passwordEncoder.encode(randomAlphanumeric));
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(oAuthClient2));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @CacheEvict(cacheNames = {"oauthclient"}, key = "#updates.clientId", condition = "#updates != null")
    public OAuthClient updateClient(long j, int i, OAuthClient oAuthClient) {
        OAuthClient findByIdAndVersion = this.oauthClientRepository.findByIdAndVersion(j, i);
        findByIdAndVersion.apply(oAuthClient);
        findByIdAndVersion.getRoles().remove(OAuthRole.EVERYONE);
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(findByIdAndVersion));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @CacheEvict(cacheNames = {"oauthclient"}, key = "#sourceId", condition = "#sourceId != null && #targetId != null")
    public OAuthClient updateClientId(String str, String str2) {
        Cache cache;
        OAuthClient client = getClient(str);
        client.setClientId(str2);
        if (this.cacheManager != null && (cache = this.cacheManager.getCache(CustomAclServiceImpl.CACHE_SID_NAMES)) != null) {
            cache.evict(str);
            cache.evict(client.getId());
        }
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(client));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public List<OAuthClient> autocompleteClients(String str, int i) {
        if (StringUtils.isBlank(str) || str.length() < 1) {
            return Collections.emptyList();
        }
        LOG.debug("Autocomplete for={}", str);
        return this.oauthClientRepository.findAll(QOAuthClient.oAuthClient.title.startsWithIgnoreCase(str).or(QOAuthClient.oAuthClient.clientId.startsWithIgnoreCase(str)).or(QOAuthClient.oAuthClient.description.contains(str)), PageRequest.of(0, Math.min(100, i), Sort.by(new String[]{"title"}))).getContent();
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#oauthClient, 'ADMINISTRATION')")
    public final String resetSecret(OAuthClient oAuthClient) {
        return setSecret(oAuthClient, null);
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#oauthClient, 'ADMINISTRATION')")
    public final String setSecret(OAuthClient oAuthClient, String str) {
        String encode;
        if (!$assertionsDisabled && oAuthClient == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && oAuthClient.getId() == null) {
            throw new AssertionError();
        }
        OAuthClient oAuthClient2 = (OAuthClient) this.oauthClientRepository.findById(oAuthClient.getId()).orElseThrow(() -> {
            return new EntityNotFoundException("Record not found.");
        });
        String clientSecret = oAuthClient2.getClientSecret();
        do {
            if (StringUtils.isBlank(str)) {
                str = RandomStringUtils.randomAlphanumeric(32);
            }
            encode = this.passwordEncoder.encode(str);
            if (clientSecret == null) {
                break;
            }
        } while (clientSecret.equals(encode));
        oAuthClient2.setClientSecret(encode);
        this.oauthClientRepository.save(oAuthClient2);
        return str;
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    @Transactional
    @PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#oauthClient, 'ADMINISTRATION')")
    public final OAuthClient removeSecret(OAuthClient oAuthClient) {
        if (!$assertionsDisabled && oAuthClient == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && oAuthClient.getId() == null) {
            throw new AssertionError();
        }
        OAuthClient oAuthClient2 = (OAuthClient) this.oauthClientRepository.findById(oAuthClient.getId()).orElseThrow(() -> {
            return new EntityNotFoundException("Record not found.");
        });
        if (oAuthClient2.getAuthorizedGrantTypes().contains("client_credentials")) {
            throw new RuntimeException("OAuth Client with client_credentials grant must have a secret");
        }
        oAuthClient2.setClientSecret(null);
        return lazyLoad((OAuthClient) this.oauthClientRepository.save(oAuthClient2));
    }

    @Override // org.genesys.blocks.oauth.service.OAuthClientDetailsService
    public boolean isOriginRegistered(String str) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        this.oauthClientRepository.findAll(QOAuthClient.oAuthClient.origins.contains(str)).forEach(oAuthClient -> {
            if (oAuthClient.getAllowedOrigins().contains(str)) {
                atomicBoolean.set(true);
            }
        });
        return atomicBoolean.get();
    }

    static {
        $assertionsDisabled = !OAuthServiceImpl.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(OAuthServiceImpl.class);
    }
}
