package org.openvpms.web.security.oauth;

import java.time.Instant;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.persistence.criteria.Order;
import javax.persistence.criteria.Predicate;
import org.openvpms.component.model.bean.IMObjectBean;
import org.openvpms.component.model.entity.Entity;
import org.openvpms.component.query.criteria.CriteriaBuilder;
import org.openvpms.component.query.criteria.CriteriaQuery;
import org.openvpms.component.query.criteria.Root;
import org.openvpms.component.security.crypto.PasswordEncryptor;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/openvpms/web/security/oauth/OAuth2AuthorizedClientServiceImpl.class */
public class OAuth2AuthorizedClientServiceImpl implements OAuth2AuthorizedClientService {
    private final ClientRegistrationRepository repository;
    private final ArchetypeService service;
    private final PasswordEncryptor encryptor;
    private final Map<Entity, OAuth2AuthorizedClient> cache = Collections.synchronizedMap(new HashMap());
    private static final String OAUTH2_AUTHORIZED_CLIENT = "entity.oauth2AuthorizedClient";
    private static final String CLIENT_REGISTRATION_ID = "clientRegistrationId";
    private static final String PRINCIPAL_NAME = "name";
    private static final String ACCESS_TOKEN = "accessToken";
    private static final String ACCESS_TOKEN_ISSUED_AT = "accessTokenIssuedAt";
    private static final String ACCESS_TOKEN_EXPIRES_AT = "accessTokenExpiresAt";
    private static final String ACCESS_TOKEN_SCOPES = "accessTokenScopes";
    private static final String REFRESH_TOKEN = "refreshToken";
    private static final String REFRESH_TOKEN_ISSUED_AT = "refreshTokenIssuedAt";

    public OAuth2AuthorizedClientServiceImpl(ClientRegistrationRepository clientRegistrationRepository, ArchetypeService archetypeService, PasswordEncryptor passwordEncryptor) {
        this.repository = clientRegistrationRepository;
        this.service = archetypeService;
        this.encryptor = passwordEncryptor;
    }

    public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String str, String str2) {
        OAuth2AuthorizedClient orElse;
        Entity query;
        synchronized (this.cache) {
            orElse = this.cache.values().stream().filter(oAuth2AuthorizedClient -> {
                return str.equals(oAuth2AuthorizedClient.getClientRegistration().getClientId()) && str2.equals(oAuth2AuthorizedClient.getPrincipalName());
            }).findFirst().orElse(null);
        }
        if (orElse == null && (query = query(str, str2)) != null) {
            orElse = map(query);
            this.cache.put(query, orElse);
        }
        return (T) orElse;
    }

    public void saveAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        String registrationId = oAuth2AuthorizedClient.getClientRegistration().getRegistrationId();
        String name = authentication.getName();
        Entity query = query(registrationId, name);
        if (query == null) {
            query = (Entity) this.service.create(OAUTH2_AUTHORIZED_CLIENT, Entity.class);
        }
        IMObjectBean bean = this.service.getBean(query);
        if (query.isNew()) {
            bean.setValue(CLIENT_REGISTRATION_ID, registrationId);
            bean.setValue(PRINCIPAL_NAME, name);
        }
        OAuth2AccessToken accessToken = oAuth2AuthorizedClient.getAccessToken();
        OAuth2RefreshToken refreshToken = oAuth2AuthorizedClient.getRefreshToken();
        bean.setValue(ACCESS_TOKEN, this.encryptor.encrypt(accessToken.getTokenValue()));
        bean.setValue(ACCESS_TOKEN_ISSUED_AT, toDate(accessToken.getIssuedAt()));
        bean.setValue(ACCESS_TOKEN_EXPIRES_AT, toDate(accessToken.getExpiresAt()));
        String str = null;
        if (!CollectionUtils.isEmpty(accessToken.getScopes())) {
            str = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ",");
        }
        bean.setValue(ACCESS_TOKEN_SCOPES, str);
        if (refreshToken != null) {
            bean.setValue(REFRESH_TOKEN, this.encryptor.encrypt(refreshToken.getTokenValue()));
            bean.setValue(REFRESH_TOKEN_ISSUED_AT, toDate(refreshToken.getIssuedAt()));
        }
        bean.save();
        this.cache.put(query, oAuth2AuthorizedClient);
    }

    public void removeAuthorizedClient(String str, String str2) {
        Entity entity;
        synchronized (this.cache) {
            entity = (Entity) this.cache.entrySet().stream().filter(entry -> {
                return str.equals(((OAuth2AuthorizedClient) entry.getValue()).getClientRegistration().getClientId()) && str2.equals(((OAuth2AuthorizedClient) entry.getValue()).getPrincipalName());
            }).map((v0) -> {
                return v0.getKey();
            }).findFirst().orElse(null);
            if (entity != null) {
                this.cache.remove(entity);
            }
        }
        if (entity == null) {
            entity = query(str, str2);
        }
        if (entity != null) {
            this.service.remove(entity.getObjectReference());
        }
    }

    private OAuth2AuthorizedClient map(Entity entity) {
        IMObjectBean bean = this.service.getBean(entity);
        String string = bean.getString(CLIENT_REGISTRATION_ID);
        ClientRegistration findByRegistrationId = this.repository.findByRegistrationId(string);
        if (findByRegistrationId == null) {
            throw new DataRetrievalFailureException("The ClientRegistration with id '" + string + "' exists in the data source, however, it was not found in the ClientRegistrationRepository.");
        }
        String decrypt = this.encryptor.decrypt(bean.getString(ACCESS_TOKEN));
        Instant instant = bean.getDate(ACCESS_TOKEN_ISSUED_AT).toInstant();
        Instant instant2 = bean.getDate(ACCESS_TOKEN_EXPIRES_AT).toInstant();
        Set emptySet = Collections.emptySet();
        String string2 = bean.getString(ACCESS_TOKEN_SCOPES);
        if (string2 != null) {
            emptySet = StringUtils.commaDelimitedListToSet(string2);
        }
        OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, decrypt, instant, instant2, emptySet);
        OAuth2RefreshToken oAuth2RefreshToken = null;
        String string3 = bean.getString(REFRESH_TOKEN);
        if (string3 != null) {
            Instant instant3 = null;
            Date date = bean.getDate(REFRESH_TOKEN_ISSUED_AT);
            if (date != null) {
                instant3 = date.toInstant();
            }
            oAuth2RefreshToken = new OAuth2RefreshToken(this.encryptor.decrypt(string3), instant3);
        }
        return new OAuth2AuthorizedClient(findByRegistrationId, entity.getName(), oAuth2AccessToken, oAuth2RefreshToken);
    }

    private Date toDate(Instant instant) {
        if (instant != null) {
            return Date.from(instant);
        }
        return null;
    }

    private Entity query(String str, String str2) {
        CriteriaBuilder criteriaBuilder = this.service.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Entity.class);
        Root from = createQuery.from(Entity.class, new String[]{OAUTH2_AUTHORIZED_CLIENT});
        createQuery.where(new Predicate[]{criteriaBuilder.equal(from.get(PRINCIPAL_NAME), str2), criteriaBuilder.equal(from.get(CLIENT_REGISTRATION_ID), str)});
        createQuery.orderBy(new Order[]{criteriaBuilder.asc(from.get("id"))});
        return (Entity) this.service.createQuery(createQuery).getFirstResult();
    }
}
