package com.appiancorp.oauth.inbound.persistence;

import com.appiancorp.access.ServiceAccountMembershipCheck;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthClientMaximumLimitException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthClientNotFoundException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthClientRevokedException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInactiveClientException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInvalidServiceAccountException;
import com.appiancorp.oauth.inbound.monitor.OAuthClientAuditEvent;
import com.appiancorp.oauth.inbound.monitor.OAuthClientAuditLogger;
import com.appiancorp.security.auth.ServiceAccountStatus;
import com.appiancorp.services.exceptions.InvalidUserException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/appiancorp/oauth/inbound/persistence/OAuthConfigDaoServiceImpl.class */
public class OAuthConfigDaoServiceImpl implements OAuthConfigDaoService {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthConfigDaoServiceImpl.class);
    private static final String DEBUG_STRING = "An OAuthConfig object with clientId: ";
    private final OAuthConfigDaoProvider oAuthConfigDaoProvider;
    private final ServiceAccountMembershipCheck serviceAccountMembershipCheck;
    private final OAuthClientAuditLogger oAuthClientAuditLogger;

    public OAuthConfigDaoServiceImpl(OAuthConfigDaoProvider oAuthConfigDaoProvider, ServiceAccountMembershipCheck serviceAccountMembershipCheck, OAuthClientAuditLogger oAuthClientAuditLogger) {
        this.oAuthConfigDaoProvider = oAuthConfigDaoProvider;
        this.serviceAccountMembershipCheck = serviceAccountMembershipCheck;
        this.oAuthClientAuditLogger = oAuthClientAuditLogger;
    }

    public void persistConfig(String str, String str2, String str3, Long l) throws OAuthClientMaximumLimitException, OAuthInvalidServiceAccountException {
        checkOAuthConfigLimit();
        checkServiceAccountMembership(l);
        OAuthConfig build = OAuthConfigBuilder.builder().clientId(str).salt(str2).serviceAccountId(l).alias(str3).build();
        getOAuthConfigDao().create(build);
        LOG.debug("{} {} has been successfully created and persisted", DEBUG_STRING, str);
        this.oAuthClientAuditLogger.log(OAuthClientAuditEvent.CREATED, build);
    }

    private void checkServiceAccountMembership(Long l) throws OAuthInvalidServiceAccountException {
        if (this.serviceAccountMembershipCheck.getServiceAccountStatus(l) != ServiceAccountStatus.VALID) {
            throw new OAuthInvalidServiceAccountException();
        }
    }

    public void revokeConfig(String str) throws OAuthClientNotFoundException {
        OAuthConfigDao oAuthConfigDao = getOAuthConfigDao();
        Optional byClientId = oAuthConfigDao.getByClientId(str);
        if (!byClientId.isPresent()) {
            LOG.debug("{} {} was not found.  A Client must exist in order to be revoked.", DEBUG_STRING, str);
            throw new OAuthClientNotFoundException();
        }
        OAuthConfig oAuthConfig = (OAuthConfig) byClientId.get();
        if (oAuthConfig.isRevoked()) {
            return;
        }
        oAuthConfig.setRevoked(true);
        oAuthConfigDao.update(oAuthConfig);
        LOG.debug("{} {} has been successfully revoked.", DEBUG_STRING, str);
        this.oAuthClientAuditLogger.log(OAuthClientAuditEvent.DELETED, oAuthConfig);
    }

    public boolean isAliasUnique(Long l, String str) {
        return getOAuthConfigDao().isAliasUnique(l, str);
    }

    public OAuthConfigEntity getActiveConfigByClientId(String str) throws OAuthClientNotFoundException, OAuthInactiveClientException, OAuthClientRevokedException {
        Optional byClientId = getOAuthConfigDao().getByClientId(str);
        if (!byClientId.isPresent()) {
            LOG.error("There is no existing client associated with clientId {}", str);
            throw new OAuthClientNotFoundException();
        }
        OAuthConfig oAuthConfig = (OAuthConfig) byClientId.get();
        if (!oAuthConfig.isActive()) {
            LOG.error("An inactive client is associated with clientId {}", str);
            throw new OAuthInactiveClientException();
        }
        if (!oAuthConfig.isRevoked()) {
            return oAuthConfig;
        }
        LOG.error("A revoked client is associated with clientId {}", str);
        throw new OAuthClientRevokedException();
    }

    public void renameConfig(String str, String str2) throws OAuthClientNotFoundException, OAuthClientRevokedException {
        OAuthConfigDao oAuthConfigDao = getOAuthConfigDao();
        OAuthConfig checkAndReturnOAuthConfig = checkAndReturnOAuthConfig(oAuthConfigDao, str);
        if (str2.equals(checkAndReturnOAuthConfig.getAlias())) {
            return;
        }
        checkAndReturnOAuthConfig.setAlias(str2);
        oAuthConfigDao.rename(checkAndReturnOAuthConfig);
        LOG.debug("{} {} has been successfully renamed to {}.", new Object[]{DEBUG_STRING, str, str2});
        this.oAuthClientAuditLogger.log(OAuthClientAuditEvent.RENAMED, checkAndReturnOAuthConfig);
    }

    public void deactivateConfig(String str) throws OAuthClientNotFoundException, OAuthClientRevokedException {
        OAuthConfigDao oAuthConfigDao = getOAuthConfigDao();
        OAuthConfig checkAndReturnOAuthConfig = checkAndReturnOAuthConfig(oAuthConfigDao, str);
        if (!checkAndReturnOAuthConfig.isActive()) {
            LOG.debug("{} {} was already inactive. Will not attempt to deactivate.", DEBUG_STRING, str);
            return;
        }
        checkAndReturnOAuthConfig.setActive(false);
        oAuthConfigDao.update(checkAndReturnOAuthConfig);
        LOG.debug("{} {} has been successfully deactivated.", DEBUG_STRING, str);
        this.oAuthClientAuditLogger.log(OAuthClientAuditEvent.DEACTIVATED, checkAndReturnOAuthConfig);
    }

    public void reactivateConfig(String str) throws OAuthClientNotFoundException, OAuthClientRevokedException {
        OAuthConfigDao oAuthConfigDao = getOAuthConfigDao();
        OAuthConfig checkAndReturnOAuthConfig = checkAndReturnOAuthConfig(oAuthConfigDao, str);
        if (checkAndReturnOAuthConfig.isActive()) {
            LOG.debug("{} {} was already active. Will not attempt to reactivate.", DEBUG_STRING, str);
            return;
        }
        checkAndReturnOAuthConfig.setActive(true);
        oAuthConfigDao.update(checkAndReturnOAuthConfig);
        LOG.debug("{} {} has been successfully reactivated.", DEBUG_STRING, str);
        this.oAuthClientAuditLogger.log(OAuthClientAuditEvent.REACTIVATED, checkAndReturnOAuthConfig);
    }

    private OAuthConfig checkAndReturnOAuthConfig(OAuthConfigDao oAuthConfigDao, String str) throws OAuthClientNotFoundException, OAuthClientRevokedException {
        Optional byClientId = oAuthConfigDao.getByClientId(str);
        if (!byClientId.isPresent()) {
            throw new OAuthClientNotFoundException();
        }
        OAuthConfig oAuthConfig = (OAuthConfig) byClientId.get();
        if (oAuthConfig.isRevoked()) {
            throw new OAuthClientRevokedException();
        }
        return oAuthConfig;
    }

    public void updateConfigLastUsed(String str) throws OAuthClientNotFoundException, OAuthClientRevokedException, OAuthInactiveClientException {
        OAuthConfig activeConfigByClientId = getActiveConfigByClientId(str);
        activeConfigByClientId.setLastUsedDate(Date.from(Instant.now()));
        getOAuthConfigDao().update(activeConfigByClientId);
    }

    public List<OAuthConfigEntity> getActiveConfigs() {
        return getConfigs(true);
    }

    public List<OAuthConfigEntity> getInactiveConfigs() {
        return getConfigs(false);
    }

    public List<OAuthConfigEntity> getAllConfigs() {
        OAuthConfigDao oAuthConfigDao = getOAuthConfigDao();
        oAuthConfigDao.getClass();
        return getConfigs(oAuthConfigDao::findAll);
    }

    private void checkOAuthConfigLimit() throws OAuthClientMaximumLimitException {
        if (getOAuthConfigDao().findAll().size() >= 100) {
            LOG.debug("The total number of clients is already at or exceeds the maximum number of 100 (active and inactive) non-revoked clients.");
            throw new OAuthClientMaximumLimitException();
        }
    }

    private List<OAuthConfigEntity> getConfigs(boolean z) {
        return getConfigs(() -> {
            return getOAuthConfigDao().findAllByIsActive(z);
        });
    }

    private List<OAuthConfigEntity> getConfigs(Supplier<List<OAuthConfig>> supplier) {
        try {
            return new ArrayList(supplier.get());
        } catch (InvalidUserException e) {
            LOG.debug(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    private OAuthConfigDao getOAuthConfigDao() {
        return this.oAuthConfigDaoProvider.getDao();
    }
}
