package org.thingsboard.server.dao.oauth2;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import javax.transaction.Transactional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.oauth2.MapperType;
import org.thingsboard.server.common.data.oauth2.OAuth2BasicMapperConfig;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2CustomMapperConfig;
import org.thingsboard.server.common.data.oauth2.OAuth2DomainInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2Info;
import org.thingsboard.server.common.data.oauth2.OAuth2MapperConfig;
import org.thingsboard.server.common.data.oauth2.OAuth2MobileInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2Params;
import org.thingsboard.server.common.data.oauth2.OAuth2ParamsInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2Registration;
import org.thingsboard.server.common.data.oauth2.OAuth2RegistrationInfo;
import org.thingsboard.server.common.data.oauth2.PlatformType;
import org.thingsboard.server.common.data.oauth2.SchemeType;
import org.thingsboard.server.common.data.oauth2.TenantNameStrategyType;
import org.thingsboard.server.common.data.oauth2.deprecated.ClientRegistrationDto;
import org.thingsboard.server.common.data.oauth2.deprecated.DomainInfo;
import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientRegistrationInfo;
import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientsDomainParams;
import org.thingsboard.server.common.data.oauth2.deprecated.OAuth2ClientsParams;
import org.thingsboard.server.dao.entity.AbstractEntityService;
import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.exception.IncorrectParameterException;
import org.thingsboard.server.dao.oauth2.deprecated.OAuth2ClientRegistrationDao;
import org.thingsboard.server.dao.oauth2.deprecated.OAuth2ClientRegistrationInfoDao;
import org.thingsboard.server.dao.service.Validator;

@Service
/* loaded from: input_file:org/thingsboard/server/dao/oauth2/OAuth2ServiceImpl.class */
public class OAuth2ServiceImpl extends AbstractEntityService implements OAuth2Service {
    private static final Logger log = LoggerFactory.getLogger(OAuth2ServiceImpl.class);
    public static final String INCORRECT_TENANT_ID = "Incorrect tenantId ";
    public static final String INCORRECT_CLIENT_REGISTRATION_ID = "Incorrect clientRegistrationId ";
    public static final String INCORRECT_DOMAIN_NAME = "Incorrect domainName ";
    public static final String INCORRECT_DOMAIN_SCHEME = "Incorrect domainScheme ";

    @Autowired
    private OAuth2ClientRegistrationInfoDao clientRegistrationInfoDao;

    @Autowired
    private OAuth2ClientRegistrationDao clientRegistrationDao;

    @Autowired
    private OAuth2ParamsDao oauth2ParamsDao;

    @Autowired
    private OAuth2RegistrationDao oauth2RegistrationDao;

    @Autowired
    private OAuth2DomainDao oauth2DomainDao;

    @Autowired
    private OAuth2MobileDao oauth2MobileDao;
    private final Consumer<OAuth2ClientsParams> clientParamsValidator = oAuth2ClientsParams -> {
        if (oAuth2ClientsParams == null || oAuth2ClientsParams.getDomainsParams() == null) {
            throw new DataValidationException("Domain params should be specified!");
        }
        for (OAuth2ClientsDomainParams oAuth2ClientsDomainParams : oAuth2ClientsParams.getDomainsParams()) {
            if (oAuth2ClientsDomainParams.getDomainInfos() == null || oAuth2ClientsDomainParams.getDomainInfos().isEmpty()) {
                throw new DataValidationException("List of domain configuration should be specified!");
            }
            for (DomainInfo domainInfo : oAuth2ClientsDomainParams.getDomainInfos()) {
                if (StringUtils.isEmpty(domainInfo.getName())) {
                    throw new DataValidationException("Domain name should be specified!");
                }
                if (domainInfo.getScheme() == null) {
                    throw new DataValidationException("Domain scheme should be specified!");
                }
            }
            ((Map) oAuth2ClientsDomainParams.getDomainInfos().stream().collect(Collectors.groupingBy((v0) -> {
                return v0.getName();
            }))).forEach((str, list) -> {
                if (list.size() > 1 && list.stream().anyMatch(domainInfo2 -> {
                    return domainInfo2.getScheme() == SchemeType.MIXED;
                })) {
                    throw new DataValidationException("MIXED scheme type shouldn't be combined with another scheme type!");
                }
            });
            if (oAuth2ClientsDomainParams.getClientRegistrations() == null || oAuth2ClientsDomainParams.getClientRegistrations().isEmpty()) {
                throw new DataValidationException("Client registrations should be specified!");
            }
            for (ClientRegistrationDto clientRegistrationDto : oAuth2ClientsDomainParams.getClientRegistrations()) {
                if (StringUtils.isEmpty(clientRegistrationDto.getClientId())) {
                    throw new DataValidationException("Client ID should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getClientSecret())) {
                    throw new DataValidationException("Client secret should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getAuthorizationUri())) {
                    throw new DataValidationException("Authorization uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getAccessTokenUri())) {
                    throw new DataValidationException("Token uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getScope())) {
                    throw new DataValidationException("Scope should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getUserInfoUri())) {
                    throw new DataValidationException("User info uri should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getUserNameAttributeName())) {
                    throw new DataValidationException("User name attribute name should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getClientAuthenticationMethod())) {
                    throw new DataValidationException("Client authentication method should be specified!");
                }
                if (StringUtils.isEmpty(clientRegistrationDto.getLoginButtonLabel())) {
                    throw new DataValidationException("Login button label should be specified!");
                }
                OAuth2MapperConfig mapperConfig = clientRegistrationDto.getMapperConfig();
                if (mapperConfig == null) {
                    throw new DataValidationException("Mapper config should be specified!");
                }
                if (mapperConfig.getType() == null) {
                    throw new DataValidationException("Mapper config type should be specified!");
                }
                if (mapperConfig.getType() == MapperType.BASIC) {
                    OAuth2BasicMapperConfig basic = mapperConfig.getBasic();
                    if (basic == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (StringUtils.isEmpty(basic.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.GITHUB) {
                    OAuth2BasicMapperConfig basic2 = mapperConfig.getBasic();
                    if (basic2 == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (!StringUtils.isEmpty(basic2.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key cannot be configured for GITHUB mapper type!");
                    }
                    if (basic2.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic2.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic2.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.CUSTOM) {
                    OAuth2CustomMapperConfig custom = mapperConfig.getCustom();
                    if (custom == null) {
                        throw new DataValidationException("Custom config should be specified!");
                    }
                    if (StringUtils.isEmpty(custom.getUrl())) {
                        throw new DataValidationException("Custom mapper URL should be specified!");
                    }
                }
            }
        }
    };
    private final Consumer<OAuth2Info> oauth2InfoValidator = oAuth2Info -> {
        if (oAuth2Info == null || oAuth2Info.getOauth2ParamsInfos() == null) {
            throw new DataValidationException("OAuth2 param infos should be specified!");
        }
        for (OAuth2ParamsInfo oAuth2ParamsInfo : oAuth2Info.getOauth2ParamsInfos()) {
            if (oAuth2ParamsInfo.getDomainInfos() == null || oAuth2ParamsInfo.getDomainInfos().isEmpty()) {
                throw new DataValidationException("List of domain configuration should be specified!");
            }
            for (OAuth2DomainInfo oAuth2DomainInfo : oAuth2ParamsInfo.getDomainInfos()) {
                if (StringUtils.isEmpty(oAuth2DomainInfo.getName())) {
                    throw new DataValidationException("Domain name should be specified!");
                }
                if (oAuth2DomainInfo.getScheme() == null) {
                    throw new DataValidationException("Domain scheme should be specified!");
                }
            }
            ((Map) oAuth2ParamsInfo.getDomainInfos().stream().collect(Collectors.groupingBy((v0) -> {
                return v0.getName();
            }))).forEach((str, list) -> {
                if (list.size() > 1 && list.stream().anyMatch(oAuth2DomainInfo2 -> {
                    return oAuth2DomainInfo2.getScheme() == SchemeType.MIXED;
                })) {
                    throw new DataValidationException("MIXED scheme type shouldn't be combined with another scheme type!");
                }
                ((Map) list.stream().collect(Collectors.groupingBy((v0) -> {
                    return v0.getScheme();
                }))).forEach((schemeType, list) -> {
                    if (list.size() > 1) {
                        throw new DataValidationException("Domain name and protocol must be unique within OAuth2 parameters!");
                    }
                });
            });
            if (oAuth2ParamsInfo.getMobileInfos() != null) {
                for (OAuth2MobileInfo oAuth2MobileInfo : oAuth2ParamsInfo.getMobileInfos()) {
                    if (StringUtils.isEmpty(oAuth2MobileInfo.getPkgName())) {
                        throw new DataValidationException("Package should be specified!");
                    }
                    if (StringUtils.isEmpty(oAuth2MobileInfo.getAppSecret())) {
                        throw new DataValidationException("Application secret should be specified!");
                    }
                    if (oAuth2MobileInfo.getAppSecret().length() < 16) {
                        throw new DataValidationException("Application secret should be at least 16 characters!");
                    }
                }
                ((Map) oAuth2ParamsInfo.getMobileInfos().stream().collect(Collectors.groupingBy((v0) -> {
                    return v0.getPkgName();
                }))).forEach((str2, list2) -> {
                    if (list2.size() > 1) {
                        throw new DataValidationException("Mobile app package name must be unique within OAuth2 parameters!");
                    }
                });
            }
            if (oAuth2ParamsInfo.getClientRegistrations() == null || oAuth2ParamsInfo.getClientRegistrations().isEmpty()) {
                throw new DataValidationException("Client registrations should be specified!");
            }
            for (OAuth2RegistrationInfo oAuth2RegistrationInfo : oAuth2ParamsInfo.getClientRegistrations()) {
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getClientId())) {
                    throw new DataValidationException("Client ID should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getClientSecret())) {
                    throw new DataValidationException("Client secret should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getAuthorizationUri())) {
                    throw new DataValidationException("Authorization uri should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getAccessTokenUri())) {
                    throw new DataValidationException("Token uri should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getScope())) {
                    throw new DataValidationException("Scope should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getUserNameAttributeName())) {
                    throw new DataValidationException("User name attribute name should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getClientAuthenticationMethod())) {
                    throw new DataValidationException("Client authentication method should be specified!");
                }
                if (StringUtils.isEmpty(oAuth2RegistrationInfo.getLoginButtonLabel())) {
                    throw new DataValidationException("Login button label should be specified!");
                }
                OAuth2MapperConfig mapperConfig = oAuth2RegistrationInfo.getMapperConfig();
                if (mapperConfig == null) {
                    throw new DataValidationException("Mapper config should be specified!");
                }
                if (mapperConfig.getType() == null) {
                    throw new DataValidationException("Mapper config type should be specified!");
                }
                if (mapperConfig.getType() == MapperType.BASIC) {
                    OAuth2BasicMapperConfig basic = mapperConfig.getBasic();
                    if (basic == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (StringUtils.isEmpty(basic.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.GITHUB) {
                    OAuth2BasicMapperConfig basic2 = mapperConfig.getBasic();
                    if (basic2 == null) {
                        throw new DataValidationException("Basic config should be specified!");
                    }
                    if (!StringUtils.isEmpty(basic2.getEmailAttributeKey())) {
                        throw new DataValidationException("Email attribute key cannot be configured for GITHUB mapper type!");
                    }
                    if (basic2.getTenantNameStrategy() == null) {
                        throw new DataValidationException("Tenant name strategy should be specified!");
                    }
                    if (basic2.getTenantNameStrategy() == TenantNameStrategyType.CUSTOM && StringUtils.isEmpty(basic2.getTenantNamePattern())) {
                        throw new DataValidationException("Tenant name pattern should be specified!");
                    }
                }
                if (mapperConfig.getType() == MapperType.CUSTOM) {
                    OAuth2CustomMapperConfig custom = mapperConfig.getCustom();
                    if (custom == null) {
                        throw new DataValidationException("Custom config should be specified!");
                    }
                    if (StringUtils.isEmpty(custom.getUrl())) {
                        throw new DataValidationException("Custom mapper URL should be specified!");
                    }
                }
            }
        }
    };

    public List<OAuth2ClientInfo> getOAuth2Clients(String str, String str2, String str3, PlatformType platformType) {
        log.trace("Executing getOAuth2Clients [{}://{}] pkgName=[{}] platformType=[{}]", new Object[]{str, str2, str3, platformType});
        if (str == null) {
            throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME);
        }
        try {
            SchemeType valueOf = SchemeType.valueOf(str.toUpperCase());
            Validator.validateString(str2, "Incorrect domainName " + str2);
            return (List) this.oauth2RegistrationDao.findEnabledByDomainSchemesDomainNameAndPkgNameAndPlatformType(Arrays.asList(valueOf, SchemeType.MIXED), str2, str3, platformType).stream().map(OAuth2Utils::toClientInfo).collect(Collectors.toList());
        } catch (IllegalArgumentException e) {
            throw new IncorrectParameterException(INCORRECT_DOMAIN_SCHEME);
        }
    }

    @Deprecated
    @Transactional
    public void saveOAuth2Params(OAuth2ClientsParams oAuth2ClientsParams) {
        log.trace("Executing saveOAuth2Params [{}]", oAuth2ClientsParams);
        this.clientParamsValidator.accept(oAuth2ClientsParams);
        this.clientRegistrationDao.deleteAll();
        this.clientRegistrationInfoDao.deleteAll();
        oAuth2ClientsParams.getDomainsParams().forEach(oAuth2ClientsDomainParams -> {
            oAuth2ClientsDomainParams.getClientRegistrations().forEach(clientRegistrationDto -> {
                OAuth2ClientRegistrationInfo save = this.clientRegistrationInfoDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toClientRegistrationInfo(oAuth2ClientsParams.isEnabled(), clientRegistrationDto));
                oAuth2ClientsDomainParams.getDomainInfos().forEach(domainInfo -> {
                    this.clientRegistrationDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toClientRegistration(save.getId(), domainInfo.getScheme(), domainInfo.getName()));
                });
            });
        });
    }

    @Transactional
    public void saveOAuth2Info(OAuth2Info oAuth2Info) {
        log.trace("Executing saveOAuth2Info [{}]", oAuth2Info);
        this.oauth2InfoValidator.accept(oAuth2Info);
        this.oauth2ParamsDao.deleteAll();
        oAuth2Info.getOauth2ParamsInfos().forEach(oAuth2ParamsInfo -> {
            OAuth2Params save = this.oauth2ParamsDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.infoToOAuth2Params(oAuth2Info));
            oAuth2ParamsInfo.getClientRegistrations().forEach(oAuth2RegistrationInfo -> {
                this.oauth2RegistrationDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toOAuth2Registration(save.getId(), oAuth2RegistrationInfo));
            });
            oAuth2ParamsInfo.getDomainInfos().forEach(oAuth2DomainInfo -> {
                this.oauth2DomainDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toOAuth2Domain(save.getId(), oAuth2DomainInfo));
            });
            if (oAuth2ParamsInfo.getMobileInfos() != null) {
                oAuth2ParamsInfo.getMobileInfos().forEach(oAuth2MobileInfo -> {
                    this.oauth2MobileDao.save(TenantId.SYS_TENANT_ID, OAuth2Utils.toOAuth2Mobile(save.getId(), oAuth2MobileInfo));
                });
            }
        });
    }

    @Deprecated
    public OAuth2ClientsParams findOAuth2Params() {
        log.trace("Executing findOAuth2Params");
        return OAuth2Utils.toOAuth2Params(this.clientRegistrationInfoDao.findAllExtended());
    }

    public OAuth2Info findOAuth2Info() {
        log.trace("Executing findOAuth2Info");
        OAuth2Info oAuth2Info = new OAuth2Info();
        List<OAuth2Params> find = this.oauth2ParamsDao.find(TenantId.SYS_TENANT_ID);
        oAuth2Info.setEnabled(find.stream().anyMatch(oAuth2Params -> {
            return oAuth2Params.isEnabled();
        }));
        ArrayList arrayList = new ArrayList();
        oAuth2Info.setOauth2ParamsInfos(arrayList);
        find.stream().sorted(Comparator.comparing((v0) -> {
            return v0.getUuidId();
        })).forEach(oAuth2Params2 -> {
            arrayList.add(OAuth2Utils.toOAuth2ParamsInfo(this.oauth2RegistrationDao.findByOAuth2ParamsId(oAuth2Params2.getId().getId()), this.oauth2DomainDao.findByOAuth2ParamsId(oAuth2Params2.getId().getId()), this.oauth2MobileDao.findByOAuth2ParamsId(oAuth2Params2.getId().getId())));
        });
        return oAuth2Info;
    }

    public OAuth2Registration findRegistration(UUID uuid) {
        log.trace("Executing findRegistration [{}]", uuid);
        Validator.validateId(uuid, "Incorrect clientRegistrationId " + uuid);
        return this.oauth2RegistrationDao.findById(null, uuid);
    }

    public String findAppSecret(UUID uuid, String str) {
        log.trace("Executing findAppSecret [{}][{}]", uuid, str);
        Validator.validateId(uuid, "Incorrect clientRegistrationId " + uuid);
        Validator.validateString(str, "Incorrect package name");
        return this.oauth2RegistrationDao.findAppSecret(uuid, str);
    }

    public List<OAuth2Registration> findAllRegistrations() {
        log.trace("Executing findAllRegistrations");
        return this.oauth2RegistrationDao.find(TenantId.SYS_TENANT_ID);
    }
}
