package org.apache.sling.auth.oauth_client.impl;

import java.time.ZonedDateTime;
import java.util.Calendar;
import java.util.GregorianCalendar;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.oauth_client.ClientConnection;
import org.apache.sling.commons.crypto.CryptoService;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(configurationPolicy = ConfigurationPolicy.REQUIRE)
/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/JcrUserHomeOAuthTokenStore.class */
public class JcrUserHomeOAuthTokenStore implements OAuthTokenStore {
    private static final String PROPERTY_NAME_EXPIRES_AT = "expires_at";
    private static final String PROPERTY_NAME_ACCESS_TOKEN = "access_token";
    private static final String PROPERTY_NAME_REFRESH_TOKEN = "refresh_token";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private CryptoService cryptoService;

    @Activate
    public JcrUserHomeOAuthTokenStore(@Reference(target = "(names=sling-oauth)") CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    @Override // org.apache.sling.auth.oauth_client.impl.OAuthTokenStore
    public OAuthToken getAccessToken(ClientConnection clientConnection, ResourceResolver resourceResolver) {
        try {
            User user = (User) resourceResolver.adaptTo(User.class);
            Value[] property = user.getProperty(propertyPath(clientConnection, PROPERTY_NAME_EXPIRES_AT));
            if (property != null && property.length == 1 && property[0].getType() == 5) {
                Calendar date = property[0].getDate();
                if (date.before(Calendar.getInstance())) {
                    this.logger.info("Token for {} expired at {}, marking as expired", clientConnection.name(), date);
                    return new OAuthToken(TokenState.EXPIRED, null);
                }
            }
            return getToken(clientConnection, user, PROPERTY_NAME_ACCESS_TOKEN);
        } catch (RepositoryException e) {
            throw new OAuthException((Throwable) e);
        }
    }

    private OAuthToken getToken(ClientConnection clientConnection, User user, String str) throws RepositoryException {
        Value[] property = user.getProperty(propertyPath(clientConnection, str));
        if (property == null) {
            return new OAuthToken(TokenState.MISSING, null);
        }
        if (property.length != 1) {
            throw new OAuthException(String.format("Unexpected value count %d for token property %s", Integer.valueOf(property.length), str));
        }
        return new OAuthToken(TokenState.VALID, this.cryptoService.decrypt(property[0].getString()));
    }

    @Override // org.apache.sling.auth.oauth_client.impl.OAuthTokenStore
    public OAuthToken getRefreshToken(ClientConnection clientConnection, ResourceResolver resourceResolver) {
        try {
            return getToken(clientConnection, (User) resourceResolver.adaptTo(User.class), PROPERTY_NAME_REFRESH_TOKEN);
        } catch (RepositoryException e) {
            throw new OAuthException((Throwable) e);
        }
    }

    @Override // org.apache.sling.auth.oauth_client.impl.OAuthTokenStore
    public void persistTokens(ClientConnection clientConnection, ResourceResolver resourceResolver, OAuthTokens oAuthTokens) {
        try {
            User user = (User) resourceResolver.adaptTo(User.class);
            Session session = (Session) resourceResolver.adaptTo(Session.class);
            ZonedDateTime zonedDateTime = null;
            long expiresAt = oAuthTokens.expiresAt();
            if (expiresAt > 0) {
                zonedDateTime = ZonedDateTime.now().plusSeconds(expiresAt);
            }
            user.setProperty(propertyPath(clientConnection, PROPERTY_NAME_ACCESS_TOKEN), createTokenValue(session, oAuthTokens.accessToken()));
            if (zonedDateTime != null) {
                user.setProperty(propertyPath(clientConnection, PROPERTY_NAME_EXPIRES_AT), session.getValueFactory().createValue(GregorianCalendar.from(zonedDateTime)));
            } else {
                user.removeProperty(propertyPath(clientConnection, PROPERTY_NAME_EXPIRES_AT));
            }
            if (oAuthTokens.refreshToken() != null) {
                String refreshToken = oAuthTokens.refreshToken();
                if (refreshToken != null) {
                    user.setProperty(propertyPath(clientConnection, PROPERTY_NAME_REFRESH_TOKEN), createTokenValue(session, refreshToken));
                } else {
                    user.removeProperty(propertyPath(clientConnection, PROPERTY_NAME_REFRESH_TOKEN));
                }
            }
            session.save();
        } catch (RepositoryException e) {
            throw new OAuthException((Throwable) e);
        }
    }

    private Value createTokenValue(Session session, String str) throws RepositoryException {
        return session.getValueFactory().createValue(this.cryptoService.encrypt(str));
    }

    private String propertyPath(ClientConnection clientConnection, String str) {
        return nodePath(clientConnection) + "/" + str;
    }

    private String nodePath(ClientConnection clientConnection) {
        return "oauth-tokens/" + clientConnection.name();
    }

    @Override // org.apache.sling.auth.oauth_client.impl.OAuthTokenStore
    public void clearAccessToken(ClientConnection clientConnection, ResourceResolver resourceResolver) throws OAuthException {
        try {
            User user = (User) resourceResolver.adaptTo(User.class);
            Session session = (Session) resourceResolver.adaptTo(Session.class);
            user.removeProperty(propertyPath(clientConnection, PROPERTY_NAME_ACCESS_TOKEN));
            user.removeProperty(propertyPath(clientConnection, PROPERTY_NAME_EXPIRES_AT));
            session.save();
        } catch (RepositoryException e) {
            throw new OAuthException((Throwable) e);
        }
    }
}
