package org.mitre.oauth2.service.impl;

import com.google.common.base.Strings;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Date;
import java.util.UUID;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.repository.OAuth2ClientRepository;
import org.mitre.oauth2.repository.OAuth2TokenRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/classes/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.class */
public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEntityService {

    @Autowired
    private OAuth2ClientRepository clientRepository;

    @Autowired
    private OAuth2TokenRepository tokenRepository;

    @Autowired
    private ApprovedSiteService approvedSiteService;

    @Autowired
    private WhitelistedSiteService whitelistedSiteService;

    @Autowired
    private BlacklistedSiteService blacklistedSiteService;

    public DefaultOAuth2ClientDetailsEntityService() {
    }

    public DefaultOAuth2ClientDetailsEntityService(OAuth2ClientRepository oAuth2ClientRepository, OAuth2TokenRepository oAuth2TokenRepository) {
        this.clientRepository = oAuth2ClientRepository;
        this.tokenRepository = oAuth2TokenRepository;
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public ClientDetailsEntity saveNewClient(ClientDetailsEntity clientDetailsEntity) {
        if (clientDetailsEntity.getId() != null) {
            throw new IllegalArgumentException("Tried to save a new client with an existing ID: " + clientDetailsEntity.getId());
        }
        if (clientDetailsEntity.getRegisteredRedirectUri() != null) {
            for (String str : clientDetailsEntity.getRegisteredRedirectUri()) {
                if (this.blacklistedSiteService.isBlacklisted(str)) {
                    throw new IllegalArgumentException("Client URI is blacklisted: " + str);
                }
            }
        }
        if (Strings.isNullOrEmpty(clientDetailsEntity.getClientId())) {
            clientDetailsEntity = generateClientId(clientDetailsEntity);
        }
        if (clientDetailsEntity.isAllowRefresh()) {
            clientDetailsEntity.getScope().add("offline_access");
        } else {
            clientDetailsEntity.getScope().remove("offline_access");
        }
        clientDetailsEntity.setCreatedAt(new Date());
        return this.clientRepository.saveClient(clientDetailsEntity);
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public ClientDetailsEntity getClientById(Long l) {
        return this.clientRepository.getById(l);
    }

    @Override // org.springframework.security.oauth2.provider.ClientDetailsService
    public ClientDetailsEntity loadClientByClientId(String str) throws OAuth2Exception, InvalidClientException, IllegalArgumentException {
        if (Strings.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Client id must not be empty!");
        }
        ClientDetailsEntity clientByClientId = this.clientRepository.getClientByClientId(str);
        if (clientByClientId == null) {
            throw new InvalidClientException("Client with id " + str + " was not found");
        }
        return clientByClientId;
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public void deleteClient(ClientDetailsEntity clientDetailsEntity) throws InvalidClientException {
        if (this.clientRepository.getById(clientDetailsEntity.getId()) == null) {
            throw new InvalidClientException("Client with id " + clientDetailsEntity.getClientId() + " was not found");
        }
        this.tokenRepository.clearTokensForClient(clientDetailsEntity);
        this.approvedSiteService.clearApprovedSitesForClient(clientDetailsEntity);
        WhitelistedSite byClientId = this.whitelistedSiteService.getByClientId(clientDetailsEntity.getClientId());
        if (byClientId != null) {
            this.whitelistedSiteService.remove(byClientId);
        }
        this.clientRepository.deleteClient(clientDetailsEntity);
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public ClientDetailsEntity updateClient(ClientDetailsEntity clientDetailsEntity, ClientDetailsEntity clientDetailsEntity2) throws IllegalArgumentException {
        if (clientDetailsEntity == null || clientDetailsEntity2 == null) {
            throw new IllegalArgumentException("Neither old client or new client can be null!");
        }
        for (String str : clientDetailsEntity2.getRegisteredRedirectUri()) {
            if (this.blacklistedSiteService.isBlacklisted(str)) {
                throw new IllegalArgumentException("Client URI is blacklisted: " + str);
            }
        }
        if (clientDetailsEntity2.isAllowRefresh()) {
            clientDetailsEntity2.getScope().add("offline_access");
        } else {
            clientDetailsEntity2.getScope().remove("offline_access");
        }
        return this.clientRepository.updateClient(clientDetailsEntity.getId(), clientDetailsEntity2);
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public Collection<ClientDetailsEntity> getAllClients() {
        return this.clientRepository.getAllClients();
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public ClientDetailsEntity generateClientId(ClientDetailsEntity clientDetailsEntity) {
        clientDetailsEntity.setClientId(UUID.randomUUID().toString());
        return clientDetailsEntity;
    }

    @Override // org.mitre.oauth2.service.ClientDetailsEntityService
    public ClientDetailsEntity generateClientSecret(ClientDetailsEntity clientDetailsEntity) {
        clientDetailsEntity.setClientSecret(Base64.encodeBase64URLSafeString(new BigInteger(512, new SecureRandom()).toByteArray()).replace(Expression.EQUAL, ""));
        return clientDetailsEntity;
    }
}
