package org.apache.knox.gateway.services.token.impl;

import java.sql.SQLException;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.token.KnoxToken;
import org.apache.knox.gateway.services.security.token.TokenMetadata;
import org.apache.knox.gateway.services.security.token.TokenStateServiceException;
import org.apache.knox.gateway.services.security.token.UnknownTokenException;
import org.apache.knox.gateway.util.JDBCUtils;
import org.apache.knox.gateway.util.Tokens;

/* loaded from: input_file:org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.class */
public class JDBCTokenStateService extends AbstractPersistentTokenStateService {
    private AliasService aliasService;
    private TokenStateDatabase tokenDatabase;
    private AtomicBoolean initialized = new AtomicBoolean(false);
    private Lock initLock = new ReentrantLock(true);
    private Lock addMetadataLock = new ReentrantLock(true);

    public void setAliasService(AliasService aliasService) {
        this.aliasService = aliasService;
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        if (this.initialized.get()) {
            return;
        }
        this.initLock.lock();
        try {
            super.init(gatewayConfig, map);
            if (this.aliasService == null) {
                throw new ServiceLifecycleException("The required AliasService reference has not been set.");
            }
            try {
                this.tokenDatabase = new TokenStateDatabase(JDBCUtils.getDataSource(gatewayConfig, this.aliasService));
                this.initialized.set(true);
            } catch (Exception e) {
                throw new ServiceLifecycleException("Error while initiating JDBCTokenStateService: " + e, e);
            }
        } finally {
            this.initLock.unlock();
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public void addToken(String str, long j, long j2, long j3) {
        try {
            if (!this.tokenDatabase.addToken(str, j, j2, j3)) {
                log.failedToSaveTokenInDatabase(Tokens.getTokenIDDisplayText(str));
                throw new TokenStateServiceException("Failed to save token " + Tokens.getTokenIDDisplayText(str) + " in the database");
            }
            log.savedTokenInDatabase(Tokens.getTokenIDDisplayText(str));
            super.addToken(str, j, j2, j3);
        } catch (SQLException e) {
            log.errorSavingTokenInDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
            throw new TokenStateServiceException("An error occurred while saving token " + Tokens.getTokenIDDisplayText(str) + " in the database", e);
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public long getTokenIssueTime(String str) throws UnknownTokenException {
        try {
            return super.getTokenIssueTime(str);
        } catch (UnknownTokenException e) {
            long j = 0;
            try {
                j = this.tokenDatabase.getTokenIssueTime(str);
            } catch (SQLException e2) {
                log.errorFetchingIssueTimeFromDatabase(Tokens.getTokenIDDisplayText(str), e2.getMessage(), e2);
            }
            if (j <= 0) {
                throw new UnknownTokenException(str);
            }
            log.fetchedIssueTimeFromDatabase(Tokens.getTokenIDDisplayText(str), j);
            super.setIssueTime(str, j);
            return j;
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public long getTokenExpiration(String str, boolean z) throws UnknownTokenException {
        if (z) {
            validateToken(str);
        }
        long j = 0;
        try {
            j = this.tokenDatabase.getTokenExpiration(str);
        } catch (SQLException e) {
            log.errorFetchingExpirationFromDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
        }
        if (j <= 0) {
            throw new UnknownTokenException(str);
        }
        log.fetchedExpirationFromDatabase(Tokens.getTokenIDDisplayText(str), j);
        super.updateExpiration(str, j);
        return j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public void updateExpiration(String str, long j) {
        try {
            if (!this.tokenDatabase.updateExpiration(str, j)) {
                log.failedToUpdateExpirationInDatabase(Tokens.getTokenIDDisplayText(str), j);
                throw new TokenStateServiceException("Failed to updated expiration for " + Tokens.getTokenIDDisplayText(str) + " in the database");
            }
            log.updatedExpirationInDatabase(Tokens.getTokenIDDisplayText(str), j);
            super.updateExpiration(str, j);
        } catch (SQLException e) {
            log.errorUpdatingExpirationInDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
            throw new TokenStateServiceException("An error occurred while updating expiration for " + Tokens.getTokenIDDisplayText(str) + " in the database", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public long getMaxLifetime(String str) {
        long maxLifetime = super.getMaxLifetime(str);
        if (maxLifetime < 1) {
            try {
                maxLifetime = this.tokenDatabase.getMaxLifetime(str);
                log.fetchedMaxLifetimeFromDatabase(Tokens.getTokenIDDisplayText(str), maxLifetime);
            } catch (SQLException e) {
                log.errorFetchingMaxLifetimeFromDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
            }
        }
        return maxLifetime;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public boolean isUnknown(String str) {
        boolean isUnknown = super.isUnknown(str);
        if (isUnknown) {
            try {
                isUnknown = this.tokenDatabase.getMaxLifetime(str) < 0;
            } catch (SQLException e) {
                log.errorFetchingMaxLifetimeFromDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
            }
        }
        return isUnknown;
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    protected void removeToken(String str) throws UnknownTokenException {
        try {
            if (!this.tokenDatabase.removeToken(str)) {
                throw new UnknownTokenException(str);
            }
            super.removeTokens(Collections.singleton(str));
            log.removedTokenFromDatabase(Tokens.getTokenIDDisplayText(str));
        } catch (SQLException e) {
            log.errorRemovingTokenFromDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    protected void evictExpiredTokens() {
        try {
            long currentTimeMillis = System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(this.tokenEvictionGracePeriod);
            Set<String> expiredTokenIds = this.tokenDatabase.getExpiredTokenIds(currentTimeMillis);
            if (!expiredTokenIds.isEmpty()) {
                log.removingExpiredTokensFromDatabase(expiredTokenIds.size(), String.join(", ", (Iterable<? extends CharSequence>) expiredTokenIds.stream().map(str -> {
                    return Tokens.getTokenIDDisplayText(str);
                }).collect(Collectors.toSet())));
                log.removedTokensFromDatabase(this.tokenDatabase.deleteExpiredTokens(currentTimeMillis));
                super.removeTokens(expiredTokenIds);
            }
        } catch (SQLException e) {
            log.errorRemovingTokensFromDatabase(e.getMessage(), e);
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public void addMetadata(String str, TokenMetadata tokenMetadata) {
        try {
            if (!saveMetadataMapInDatabase(str, tokenMetadata.getMetadataMap())) {
                log.failedToUpdateMetadataInDatabase(Tokens.getTokenIDDisplayText(str));
                throw new TokenStateServiceException("Failed to update metadata for " + Tokens.getTokenIDDisplayText(str) + " in the database");
            }
            log.updatedMetadataInDatabase(Tokens.getTokenIDDisplayText(str));
            super.addMetadata(str, tokenMetadata);
        } catch (SQLException e) {
            log.errorUpdatingMetadataInDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
            throw new TokenStateServiceException("An error occurred while updating metadata for " + Tokens.getTokenIDDisplayText(str) + " in the database", e);
        }
    }

    private boolean saveMetadataMapInDatabase(String str, Map<String, String> map) throws SQLException {
        this.addMetadataLock.lock();
        try {
            boolean z = false;
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (StringUtils.isNotBlank(entry.getValue()) && upsertTokenMetadata(str, entry.getKey(), entry.getValue())) {
                    z = true;
                }
            }
            return z;
        } finally {
            this.addMetadataLock.unlock();
        }
    }

    private boolean upsertTokenMetadata(String str, String str2, String str3) throws SQLException {
        if (this.tokenDatabase.updateMetadata(str, str2, str3)) {
            return true;
        }
        return this.tokenDatabase.addMetadata(str, str2, str3);
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public TokenMetadata getTokenMetadata(String str) throws UnknownTokenException {
        TokenMetadata tokenMetadata = null;
        try {
            tokenMetadata = this.tokenDatabase.getTokenMetadata(str);
        } catch (SQLException e) {
            log.errorFetchingMetadataFromDatabase(Tokens.getTokenIDDisplayText(str), e.getMessage(), e);
        }
        if (tokenMetadata == null) {
            throw new UnknownTokenException(str);
        }
        log.fetchedMetadataFromDatabase(Tokens.getTokenIDDisplayText(str));
        super.addMetadata(str, tokenMetadata);
        return tokenMetadata;
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public Collection<KnoxToken> getTokens(String str) {
        try {
            return this.tokenDatabase.getTokens(str);
        } catch (SQLException e) {
            log.errorFetchingTokensForUserFromDatabase(str, e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    @Override // org.apache.knox.gateway.services.token.impl.DefaultTokenStateService
    public Collection<KnoxToken> getDoAsTokens(String str) {
        try {
            return this.tokenDatabase.getDoAsTokens(str);
        } catch (SQLException e) {
            log.errorFetchingDoAsTokensForUserFromDatabase(str, e.getMessage(), e);
            return Collections.emptyList();
        }
    }
}
