package org.eclipse.smarthome.auth.oauth2client.internal;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonPrimitive;
import java.security.GeneralSecurityException;
import java.time.LocalDateTime;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.eclipse.jdt.annotation.NonNullByDefault;
import org.eclipse.smarthome.core.auth.client.oauth2.AccessTokenResponse;
import org.eclipse.smarthome.core.auth.client.oauth2.StorageCipher;
import org.eclipse.smarthome.core.storage.Storage;
import org.eclipse.smarthome.core.storage.StorageService;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NonNullByDefault
@Component(property = {"CIPHER_TARGET=SymmetricKeyCipher"})
/* loaded from: input_file:org/eclipse/smarthome/auth/oauth2client/internal/OAuthStoreHandlerImpl.class */
public class OAuthStoreHandlerImpl implements OAuthStoreHandler {
    protected static final int EXPIRE_DAYS = 183;
    protected static final int ACCESS_TOKEN_CACHE_SIZE = 50;
    private static final String STORE_NAME = "StorageHandler.For.OAuthClientService";
    private static final String STORE_KEY_INDEX_OF_HANDLES = "INDEX_HANDLES";

    @NonNullByDefault({})
    private StorageFacade storageFacade;
    private final Set<String> allHandles = new HashSet();
    private final Set<StorageCipher> allAvailableStorageCiphers = new LinkedHashSet();
    private Optional<StorageCipher> storageCipher = Optional.empty();
    private final Logger logger = LoggerFactory.getLogger(OAuthStoreHandlerImpl.class);

    /* loaded from: input_file:org/eclipse/smarthome/auth/oauth2client/internal/OAuthStoreHandlerImpl$StorageFacade.class */
    private class StorageFacade implements AutoCloseable {
        private final Storage<String> storage;
        private final Lock storageLock = new ReentrantLock();
        private final Gson gson = new GsonBuilder().registerTypeAdapter(LocalDateTime.class, (jsonElement, type, jsonDeserializationContext) -> {
            return LocalDateTime.parse(jsonElement.getAsString());
        }).registerTypeAdapter(LocalDateTime.class, (localDateTime, type2, jsonSerializationContext) -> {
            return new JsonPrimitive(localDateTime.toString());
        }).setPrettyPrinting().create();

        public StorageFacade(Storage<String> storage) {
            this.storage = storage;
        }

        public Set<String> getAllHandlesFromIndex() {
            HashSet hashSet = new HashSet();
            try {
                String str = get(OAuthStoreHandlerImpl.STORE_KEY_INDEX_OF_HANDLES);
                OAuthStoreHandlerImpl.this.logger.debug("All available handles: {}", str);
                return str == null ? hashSet : (Set) this.gson.fromJson(str, HashSet.class);
            } catch (RuntimeException unused) {
                return hashSet;
            }
        }

        public String get(String str) {
            this.storageLock.lock();
            try {
                return (String) this.storage.get(str);
            } finally {
                this.storageLock.unlock();
            }
        }

        public Object get(String str, StorageRecordType storageRecordType) {
            String str2;
            this.storageLock.lock();
            try {
                str2 = (String) this.storage.get(storageRecordType.getKey(str));
            } catch (Throwable th) {
                this.storageLock.unlock();
                throw th;
            }
            if (str2 == null) {
                this.storageLock.unlock();
                return null;
            }
            if (storageRecordType.equals(StorageRecordType.ACCESS_TOKEN_RESPONSE)) {
                try {
                    AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.gson.fromJson(str2, AccessTokenResponse.class);
                    this.storageLock.unlock();
                    return accessTokenResponse;
                } catch (Exception e) {
                    OAuthStoreHandlerImpl.this.logger.error("Unable to deserialize json, discarding AccessTokenResponse.  Please check json against standard or with oauth provider. json:\n{}", str2, e);
                    this.storageLock.unlock();
                    return null;
                }
            }
            if (storageRecordType.equals(StorageRecordType.SERVICE_CONFIGURATION)) {
                try {
                    PersistedParams persistedParams = (PersistedParams) this.gson.fromJson(str2, PersistedParams.class);
                    this.storageLock.unlock();
                    return persistedParams;
                } catch (Exception e2) {
                    OAuthStoreHandlerImpl.this.logger.error("Unable to deserialize json, discarding PersistedParams. json:\n{}", str2, e2);
                    this.storageLock.unlock();
                    return null;
                }
            }
            if (!storageRecordType.equals(StorageRecordType.LAST_USED)) {
                this.storageLock.unlock();
                return null;
            }
            try {
                LocalDateTime localDateTime = (LocalDateTime) this.gson.fromJson(str2, LocalDateTime.class);
                this.storageLock.unlock();
                return localDateTime;
            } catch (Exception unused) {
                OAuthStoreHandlerImpl.this.logger.info("Unable to deserialize json, reset LAST_USED to now.  json:\n{}", str2);
                LocalDateTime now = LocalDateTime.now();
                this.storageLock.unlock();
                return now;
            }
            this.storageLock.unlock();
            throw th;
        }

        public void put(String str, LocalDateTime localDateTime) {
            this.storageLock.lock();
            try {
                if (localDateTime == null) {
                    this.storage.put(StorageRecordType.LAST_USED.getKey(str), (Object) null);
                } else {
                    this.storage.put(StorageRecordType.LAST_USED.getKey(str), this.gson.toJson(localDateTime));
                }
            } finally {
                this.storageLock.unlock();
            }
        }

        public void put(String str, AccessTokenResponse accessTokenResponse) {
            this.storageLock.lock();
            try {
                if (accessTokenResponse == null) {
                    this.storage.put(StorageRecordType.ACCESS_TOKEN_RESPONSE.getKey(str), (Object) null);
                } else {
                    this.storage.put(StorageRecordType.ACCESS_TOKEN_RESPONSE.getKey(str), this.gson.toJson(accessTokenResponse));
                    this.storage.put(StorageRecordType.LAST_USED.getKey(str), this.gson.toJson(LocalDateTime.now()));
                    if (!OAuthStoreHandlerImpl.this.allHandles.contains(str)) {
                        OAuthStoreHandlerImpl.this.allHandles.add(str);
                        this.storage.put(OAuthStoreHandlerImpl.STORE_KEY_INDEX_OF_HANDLES, this.gson.toJson(OAuthStoreHandlerImpl.this.allHandles));
                    }
                }
            } finally {
                this.storageLock.unlock();
            }
        }

        public void put(String str, PersistedParams persistedParams) {
            this.storageLock.lock();
            try {
                if (persistedParams == null) {
                    this.storage.put(StorageRecordType.SERVICE_CONFIGURATION.getKey(str), (Object) null);
                } else {
                    this.storage.put(StorageRecordType.SERVICE_CONFIGURATION.getKey(str), this.gson.toJson(persistedParams));
                    this.storage.put(StorageRecordType.LAST_USED.getKey(str), this.gson.toJson(LocalDateTime.now()));
                    if (!OAuthStoreHandlerImpl.this.allHandles.contains(str)) {
                        OAuthStoreHandlerImpl.this.allHandles.add(str);
                        this.storage.put(OAuthStoreHandlerImpl.STORE_KEY_INDEX_OF_HANDLES, this.gson.toJson(OAuthStoreHandlerImpl.this.allHandles));
                    }
                }
            } finally {
                this.storageLock.unlock();
            }
        }

        public void removeByHandle(String str) {
            OAuthStoreHandlerImpl.this.logger.debug("Removing handle {} from storage", str);
            this.storageLock.lock();
            try {
                if (OAuthStoreHandlerImpl.this.allHandles.remove(str)) {
                    this.storage.remove(StorageRecordType.ACCESS_TOKEN_RESPONSE.getKey(str));
                    this.storage.remove(StorageRecordType.LAST_USED.getKey(str));
                    this.storage.remove(StorageRecordType.SERVICE_CONFIGURATION.getKey(str));
                    this.storage.put(OAuthStoreHandlerImpl.STORE_KEY_INDEX_OF_HANDLES, this.gson.toJson(OAuthStoreHandlerImpl.this.allHandles));
                }
            } finally {
                this.storageLock.unlock();
            }
        }

        public void removeAll() {
            Iterator<String> it = getAllHandlesFromIndex().iterator();
            while (it.hasNext()) {
                removeByHandle(it.next());
            }
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            String str;
            boolean z = false;
            try {
                try {
                    z = this.storageLock.tryLock(15L, TimeUnit.SECONDS);
                    if (z && (str = (String) this.storage.get(OAuthStoreHandlerImpl.STORE_KEY_INDEX_OF_HANDLES)) != null) {
                        for (String str2 : str.trim().split(" ")) {
                            if (OAuthStoreHandlerImpl.this.isExpired((LocalDateTime) get(str2, StorageRecordType.LAST_USED))) {
                                removeByHandle(str2);
                            }
                        }
                    }
                    if (z) {
                        try {
                            this.storageLock.unlock();
                        } catch (IllegalMonitorStateException e) {
                            OAuthStoreHandlerImpl.this.logger.error("Unexpected attempt to unlock without lock", e);
                        }
                    }
                } catch (InterruptedException unused) {
                    Thread.currentThread().interrupt();
                    if (z) {
                        try {
                            this.storageLock.unlock();
                        } catch (IllegalMonitorStateException e2) {
                            OAuthStoreHandlerImpl.this.logger.error("Unexpected attempt to unlock without lock", e2);
                        }
                    }
                }
            } catch (Throwable th) {
                if (z) {
                    try {
                        this.storageLock.unlock();
                    } catch (IllegalMonitorStateException e3) {
                        OAuthStoreHandlerImpl.this.logger.error("Unexpected attempt to unlock without lock", e3);
                    }
                }
                throw th;
            }
        }
    }

    @Activate
    public void activate(Map<String, Object> map) throws GeneralSecurityException {
        String str = (String) map.getOrDefault("CIPHER_TARGET", "SymmetricKeyCipher");
        this.storageCipher = this.allAvailableStorageCiphers.stream().filter(storageCipher -> {
            return storageCipher.getUniqueCipherId().equals(str);
        }).findFirst();
        this.logger.debug("Using Cipher: {}", this.storageCipher.orElseThrow(() -> {
            return new GeneralSecurityException("No StorageCipher with target=" + str);
        }));
    }

    @Deactivate
    public void deactivate() {
        this.storageFacade.close();
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public AccessTokenResponse loadAccessTokenResponse(String str) throws GeneralSecurityException {
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) this.storageFacade.get(str, StorageRecordType.ACCESS_TOKEN_RESPONSE);
        if (accessTokenResponse == null) {
            return null;
        }
        return decryptToken(accessTokenResponse);
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public void saveAccessTokenResponse(String str, AccessTokenResponse accessTokenResponse) {
        AccessTokenResponse accessTokenResponse2;
        AccessTokenResponse accessTokenResponse3 = accessTokenResponse;
        if (accessTokenResponse3 == null) {
            accessTokenResponse3 = new AccessTokenResponse();
        }
        try {
            accessTokenResponse2 = encryptToken(accessTokenResponse3);
        } catch (GeneralSecurityException e) {
            this.logger.warn("Unable to encrypt token, storing as-is", e);
            accessTokenResponse2 = accessTokenResponse3;
        }
        this.storageFacade.put(str, accessTokenResponse2);
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public void remove(String str) {
        this.storageFacade.removeByHandle(str);
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public void removeAll() {
        this.storageFacade.removeAll();
        this.allHandles.clear();
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public void savePersistedParams(String str, PersistedParams persistedParams) {
        this.storageFacade.put(str, persistedParams);
    }

    @Override // org.eclipse.smarthome.auth.oauth2client.internal.OAuthStoreHandler
    public PersistedParams loadPersistedParams(String str) {
        return (PersistedParams) this.storageFacade.get(str, StorageRecordType.SERVICE_CONFIGURATION);
    }

    private AccessTokenResponse encryptToken(AccessTokenResponse accessTokenResponse) throws GeneralSecurityException {
        AccessTokenResponse accessTokenResponse2 = (AccessTokenResponse) accessTokenResponse.clone();
        if (accessTokenResponse.getAccessToken() != null) {
            accessTokenResponse2.setAccessToken(encrypt(accessTokenResponse.getAccessToken()));
        }
        if (accessTokenResponse.getRefreshToken() != null) {
            accessTokenResponse2.setRefreshToken(encrypt(accessTokenResponse.getRefreshToken()));
        }
        return accessTokenResponse2;
    }

    private AccessTokenResponse decryptToken(AccessTokenResponse accessTokenResponse) throws GeneralSecurityException {
        AccessTokenResponse accessTokenResponse2 = (AccessTokenResponse) accessTokenResponse.clone();
        if (!this.storageCipher.isPresent()) {
            return accessTokenResponse2;
        }
        this.logger.debug("Decrypting token: {}", accessTokenResponse);
        accessTokenResponse2.setAccessToken(this.storageCipher.get().decrypt(accessTokenResponse.getAccessToken()));
        accessTokenResponse2.setRefreshToken(this.storageCipher.get().decrypt(accessTokenResponse.getRefreshToken()));
        return accessTokenResponse2;
    }

    private String encrypt(String str) throws GeneralSecurityException {
        return !this.storageCipher.isPresent() ? str : this.storageCipher.get().encrypt(str);
    }

    @Reference
    protected synchronized void setStorageService(StorageService storageService) {
        this.storageFacade = new StorageFacade(storageService.getStorage(STORE_NAME));
    }

    protected synchronized void unsetStorageService(StorageService storageService) {
        this.storageFacade.close();
        this.storageFacade = null;
    }

    @Reference(cardinality = ReferenceCardinality.AT_LEAST_ONE)
    protected synchronized void setStorageCipher(StorageCipher storageCipher) {
        this.allAvailableStorageCiphers.add(storageCipher);
    }

    protected synchronized void unsetStorageCipher(StorageCipher storageCipher) {
        this.allAvailableStorageCiphers.remove(storageCipher);
        if (this.storageCipher.isPresent() && this.storageCipher.get() == storageCipher) {
            this.storageCipher = Optional.empty();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isExpired(LocalDateTime localDateTime) {
        if (localDateTime == null) {
            return false;
        }
        return localDateTime.plusDays(183L).isBefore(LocalDateTime.now());
    }
}
