package io.jans.as.server.service;

import com.google.common.collect.Lists;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.configuration.LockMessageConfig;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.CacheGrant;
import io.jans.as.server.service.token.StatusListIndexService;
import io.jans.as.server.util.TokenHashUtil;
import io.jans.model.token.TokenEntity;
import io.jans.model.token.TokenType;
import io.jans.model.tokenstatus.TokenStatus;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.search.filter.Filter;
import io.jans.service.CacheService;
import io.jans.service.MessageService;
import io.jans.util.StringHelper;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:io/jans/as/server/service/GrantService.class */
public class GrantService {
    private static final ExecutorService statusListPool = Executors.newFixedThreadPool(5, runnable -> {
        Thread thread = new Thread(runnable);
        thread.setName("grant_service_status_list_pool");
        thread.setDaemon(true);
        return thread;
    });

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager persistenceEntryManager;

    @Inject
    private ClientService clientService;

    @Inject
    private MessageService messageService;

    @Inject
    private CacheService cacheService;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private StatusListIndexService statusListIndexService;

    public static String generateGrantId() {
        return UUID.randomUUID().toString();
    }

    public String buildDn(String str) {
        return String.format("tknCde=%s,", str) + tokenBaseDn();
    }

    private String tokenBaseDn() {
        return this.staticConfiguration.getBaseDn().getTokens();
    }

    public void merge(TokenEntity tokenEntity) {
        this.persistenceEntryManager.merge(tokenEntity);
    }

    public void mergeSilently(TokenEntity tokenEntity) {
        try {
            this.persistenceEntryManager.merge(tokenEntity);
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public boolean shouldPersist() {
        return !BooleanUtils.isTrue(this.appConfiguration.getSaveTokensInCacheAndDontSaveInPersistence());
    }

    public boolean shouldSaveInCache() {
        return BooleanUtils.isTrue(this.appConfiguration.getSaveTokensInCache()) || BooleanUtils.isTrue(this.appConfiguration.getSaveTokensInCacheAndDontSaveInPersistence());
    }

    public void persist(TokenEntity tokenEntity) {
        if (tokenEntity.isAccessToken() || tokenEntity.isLogoutStatusJwt() || shouldPersist()) {
            this.persistenceEntryManager.persist(tokenEntity);
        }
        if (shouldSaveInCache()) {
            saveInCache(tokenEntity);
        }
        if (TokenType.ACCESS_TOKEN.getValue().equals(tokenEntity.getTokenType())) {
            publishIdTokenLockMessage(tokenEntity, "add");
        }
    }

    private void saveInCache(TokenEntity tokenEntity) {
        this.cacheService.put((int) ((tokenEntity.getExpirationDate().getTime() - System.currentTimeMillis()) / 1000), TokenHashUtil.hash(tokenEntity.getTokenCode()), tokenEntity.getTokenCode());
    }

    public void remove(TokenEntity tokenEntity) {
        this.persistenceEntryManager.remove(tokenEntity);
        this.log.trace("Removed token from DB, code: {}", tokenEntity.getTokenCode());
        if (TokenType.ACCESS_TOKEN == tokenEntity.getTokenTypeEnum()) {
            publishIdTokenLockMessage(tokenEntity, "del");
        }
    }

    protected void publishIdTokenLockMessage(TokenEntity tokenEntity, String str) {
        LockMessageConfig lockMessageConfig = this.appConfiguration.getLockMessageConfig();
        if (lockMessageConfig != null && Boolean.TRUE.equals(lockMessageConfig.getEnableTokenMessages()) && StringHelper.isNotEmpty(lockMessageConfig.getTokenMessagesChannel())) {
            this.messageService.publish(lockMessageConfig.getTokenMessagesChannel(), String.format("{\"tknTyp\" : \"%s\", \"tknId\" : \"%s\", \"tknOp\" : \"%s\"}", tokenEntity.getTokenType(), tokenEntity.getTokenCode(), str));
        }
    }

    public void removeSilently(TokenEntity tokenEntity) {
        try {
            remove(tokenEntity);
            if (StringUtils.isNotBlank(tokenEntity.getAuthorizationCode())) {
                this.cacheService.remove(CacheGrant.cacheKey(tokenEntity.getAuthorizationCode(), tokenEntity.getGrantId()));
            }
            if (shouldSaveInCache()) {
                this.cacheService.remove(tokenEntity.getTokenCode());
            }
            statusListPool.execute(() -> {
                Integer statusListIndex = tokenEntity.getAttributes().getStatusListIndex();
                if (statusListIndex == null || statusListIndex.intValue() <= 0) {
                    return;
                }
                this.statusListIndexService.updateStatusAtIndexes(Lists.newArrayList(new Integer[]{statusListIndex}), TokenStatus.INVALID);
            });
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public void remove(List<TokenEntity> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<TokenEntity> it = list.iterator();
        while (it.hasNext()) {
            try {
                remove(it.next());
            } catch (Exception e) {
                this.log.error("Failed to remove entry", e);
            }
        }
    }

    public void removeSilently(List<TokenEntity> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (TokenEntity tokenEntity : list) {
            try {
                remove(tokenEntity);
                if (StringUtils.isNotBlank(tokenEntity.getAuthorizationCode())) {
                    this.cacheService.remove(CacheGrant.cacheKey(tokenEntity.getAuthorizationCode(), tokenEntity.getGrantId()));
                }
                if (shouldSaveInCache()) {
                    this.cacheService.remove(tokenEntity.getTokenCode());
                }
                Integer statusListIndex = tokenEntity.getAttributes().getStatusListIndex();
                if (statusListIndex != null && statusListIndex.intValue() >= 0) {
                    arrayList.add(statusListIndex);
                }
            } catch (Exception e) {
                this.log.error(e.getMessage(), e);
            }
        }
        statusListPool.execute(() -> {
            this.statusListIndexService.updateStatusAtIndexes(arrayList, TokenStatus.INVALID);
        });
    }

    public void remove(AuthorizationGrant authorizationGrant) {
        if (authorizationGrant == null || authorizationGrant.getTokenEntity() == null) {
            return;
        }
        try {
            remove(authorizationGrant.getTokenEntity());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
    }

    public List<TokenEntity> getGrantsOfClient(String str) {
        try {
            return this.persistenceEntryManager.findEntries(this.clientService.buildClientDn(str), TokenEntity.class, Filter.createPresenceFilter("tknCde"));
        } catch (Exception e) {
            logException(e);
            return Collections.emptyList();
        }
    }

    public TokenEntity getGrantByCode(String str) {
        Object obj = this.cacheService.get(TokenHashUtil.hash(str));
        return obj instanceof TokenEntity ? (TokenEntity) obj : load(buildDn(TokenHashUtil.hash(str)));
    }

    public TokenEntity getGrantByReferenceId(String str) {
        try {
            List findEntries = this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("jansId", str));
            if (findEntries.size() > 1) {
                this.log.error("Found more then one tokens by referenceId {}", str);
                return null;
            }
            if (findEntries.size() == 1) {
                return (TokenEntity) findEntries.get(0);
            }
            return null;
        } catch (Exception e) {
            logException(e);
            return null;
        }
    }

    private void logException(Exception exc) {
        if (BooleanUtils.isTrue(this.appConfiguration.getLogNotFoundEntityAsError())) {
            this.log.error(exc.getMessage(), exc);
        } else {
            this.log.trace(exc.getMessage(), exc);
        }
    }

    private TokenEntity load(String str) {
        try {
            return (TokenEntity) this.persistenceEntryManager.find(TokenEntity.class, str);
        } catch (Exception e) {
            logException(e);
            return null;
        }
    }

    public TokenEntity getGrantsByJti(String str) {
        try {
            List findEntries = this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("jti", str));
            if (findEntries.size() > 1) {
                this.log.error("Found more then one tokens by jti {}", str);
                return null;
            }
            if (findEntries.size() == 1) {
                return (TokenEntity) findEntries.get(0);
            }
            return null;
        } catch (Exception e) {
            logException(e);
            return null;
        }
    }

    public List<TokenEntity> getGrantsByGrantId(String str) {
        try {
            return this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("grtId", str));
        } catch (Exception e) {
            logException(e);
            return Collections.emptyList();
        }
    }

    public List<TokenEntity> getGrantsByAuthorizationCode(String str) {
        try {
            return this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("authzCode", TokenHashUtil.hash(str)));
        } catch (Exception e) {
            logException(e);
            return Collections.emptyList();
        }
    }

    public List<TokenEntity> getGrantsBySessionDn(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            List findEntries = this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("ssnId", str));
            if (findEntries != null) {
                arrayList.addAll(findEntries);
            }
        } catch (Exception e) {
            logException(e);
        }
        return arrayList;
    }

    public List<TokenEntity> getGrantsByUserDn(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            List findEntries = this.persistenceEntryManager.findEntries(tokenBaseDn(), TokenEntity.class, Filter.createEqualityFilter("jansUsrDN", str));
            if (findEntries != null) {
                arrayList.addAll(findEntries);
            }
        } catch (Exception e) {
            logException(e);
        }
        return arrayList;
    }

    public void logout(String str) {
        List<TokenEntity> grantsBySessionDn = getGrantsBySessionDn(str);
        filterOutRefreshTokenFromDeletion(grantsBySessionDn);
        removeSilently(grantsBySessionDn);
    }

    public void filterOutRefreshTokenFromDeletion(List<TokenEntity> list) {
        if (BooleanUtils.isTrue(this.appConfiguration.getRemoveRefreshTokensForClientOnLogout())) {
            return;
        }
        ArrayList newArrayList = Lists.newArrayList();
        for (TokenEntity tokenEntity : list) {
            if (tokenEntity.getTokenTypeEnum() == TokenType.REFRESH_TOKEN && !tokenEntity.getAttributes().isOnlineAccess()) {
                newArrayList.add(tokenEntity);
            }
        }
        if (newArrayList.isEmpty()) {
            return;
        }
        this.log.trace("Refresh tokens are not removed on logout (because removeRefreshTokensForClientOnLogout configuration property is false or online_access scope is used).");
        list.removeAll(newArrayList);
    }

    public void removeAllTokensBySession(String str) {
        removeSilently(getGrantsBySessionDn(str));
    }

    public void removeByCode(String str) {
        TokenEntity grantByCode = getGrantByCode(str);
        if (grantByCode != null) {
            removeSilently(grantByCode);
        }
        this.cacheService.remove(CacheGrant.cacheKey(str, null));
    }

    public void removeAuthorizationCode(String str) {
        this.cacheService.remove(CacheGrant.cacheKey(str, null));
    }

    public void removeAllByAuthorizationCode(String str) {
        removeSilently(getGrantsByAuthorizationCode(str));
    }

    public void removeAllByGrantId(String str) {
        removeSilently(getGrantsByGrantId(str));
    }
}
