package org.keycloak.secretstore.api;

import com.datastax.driver.core.BoundStatement;
import com.datastax.driver.core.Row;
import com.datastax.driver.core.Session;
import java.sql.Timestamp;
import java.time.ZonedDateTime;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.keycloak.secretstore.api.internal.BoundStatements;
import org.keycloak.secretstore.api.internal.NamedStatement;
import org.keycloak.secretstore.api.internal.SecretStore;
import org.keycloak.secretstore.common.ZonedDateTimeAdapter;

@PermitAll
@Stateless
/* loaded from: input_file:WEB-INF/lib/secret-store-api-1.0.15.Final.jar:org/keycloak/secretstore/api/TokenService.class */
public class TokenService {

    @Inject
    @SecretStore
    Session session;

    @Inject
    ZonedDateTimeAdapter zonedDateTimeAdapter;

    @Inject
    @NamedStatement(BoundStatements.CREATE)
    Instance<BoundStatement> stmtCreate;

    @Inject
    @NamedStatement(BoundStatements.GET_BY_ID)
    Instance<BoundStatement> stmtGetById;

    @Inject
    @NamedStatement(BoundStatements.GET_BY_PRINCIPAL)
    Instance<BoundStatement> stmtGetByPrincipal;

    @Inject
    @NamedStatement(BoundStatements.REVOKE_BY_ID)
    Instance<BoundStatement> stmtRevokeById;

    @Inject
    @NamedStatement(BoundStatements.UPDATE)
    Instance<BoundStatement> stmtUpdate;

    public Token create(Token token) {
        UUID id = token.getId();
        String refreshToken = token.getRefreshToken();
        String secret = token.getSecret();
        String principal = token.getPrincipal();
        Timestamp convertToDatabaseColumn = this.zonedDateTimeAdapter.convertToDatabaseColumn(token.getCreatedAt());
        Timestamp convertToDatabaseColumn2 = this.zonedDateTimeAdapter.convertToDatabaseColumn(token.getUpdatedAt());
        this.session.execute(((BoundStatement) this.stmtCreate.get()).bind(id, refreshToken, secret, principal, token.getAttributes(), null, convertToDatabaseColumn, convertToDatabaseColumn2));
        return token;
    }

    public void revoke(UUID uuid) {
        this.session.execute(((BoundStatement) this.stmtRevokeById.get()).setUUID("id", uuid));
    }

    public Token getByIdForTrustedConsumers(UUID uuid) {
        List<Row> all = this.session.execute(((BoundStatement) this.stmtGetById.get()).bind(uuid)).all();
        if (all.size() > 1) {
            throw new IllegalStateException("There are more than one token for this ID!");
        }
        if (all.size() == 0) {
            return null;
        }
        return getFullTokenFromRow(all.stream().findFirst().get());
    }

    public Token update(Token token) {
        this.session.execute(((BoundStatement) this.stmtUpdate.get()).bind(token.getAttributes(), this.zonedDateTimeAdapter.convertToDatabaseColumn(token.getExpiresAt()), token.getId()));
        return token;
    }

    public Token getByIdForDistribution(UUID uuid) {
        List<Row> all = this.session.execute(((BoundStatement) this.stmtGetById.get()).bind(uuid)).all();
        if (all.size() > 1) {
            throw new IllegalStateException("There are more than one token for this ID!");
        }
        if (all.size() == 0) {
            return null;
        }
        return getSecureTokenFromRow(all.stream().findFirst().get());
    }

    public List<Token> getByPrincipalForTrustedConsumers(String str) {
        return (List) this.session.execute(((BoundStatement) this.stmtGetByPrincipal.get()).bind(str)).all().stream().map(this::getFullTokenFromRow).collect(Collectors.toList());
    }

    public List<Token> getByPrincipalForDistribution(String str) {
        return (List) this.session.execute(((BoundStatement) this.stmtGetByPrincipal.get()).bind(str)).all().stream().map(this::getSecureTokenFromRow).collect(Collectors.toList());
    }

    public Token validate(UUID uuid, String str) {
        Token byIdForTrustedConsumers = getByIdForTrustedConsumers(uuid);
        if (byIdForTrustedConsumers != null && byIdForTrustedConsumers.getSecret().equals(str)) {
            return byIdForTrustedConsumers;
        }
        return null;
    }

    private Token getFullTokenFromRow(Row row) {
        Token secureTokenFromRow = getSecureTokenFromRow(row);
        secureTokenFromRow.setRefreshToken(row.getString("refreshToken"));
        return secureTokenFromRow;
    }

    private Token getSecureTokenFromRow(Row row) {
        UUID uuid = row.getUUID("id");
        ZonedDateTime convertToEntityAttribute = this.zonedDateTimeAdapter.convertToEntityAttribute(row.getTimestamp("createdAt"));
        ZonedDateTime convertToEntityAttribute2 = this.zonedDateTimeAdapter.convertToEntityAttribute(row.getTimestamp("updatedAt"));
        String string = row.getString("secret");
        String string2 = row.getString("principal");
        Map map = row.getMap("attributes", String.class, String.class);
        ZonedDateTime zonedDateTime = null;
        if (!row.isNull("expiresAt")) {
            zonedDateTime = this.zonedDateTimeAdapter.convertToEntityAttribute(row.getTimestamp("expiresAt"));
        }
        return new Token(uuid, convertToEntityAttribute, convertToEntityAttribute2, null, string, map, string2, zonedDateTime);
    }
}
