package com.day.cq.mailer.oauth.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.day.cq.mailer.oauth.OAuthTokenStoreService;
import com.day.cq.mailer.oauth.commons.OAuthUtil;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(label = "CQ Mailer OAuthCode Store Service")
/* loaded from: input_file:com/day/cq/mailer/oauth/impl/OAuthTokenStoreServiceImpl.class */
public class OAuthTokenStoreServiceImpl implements OAuthTokenStoreService {

    @Reference
    private SlingRepository repository;

    @Reference
    private ResourceResolverFactory resourceResolverFactory;

    @Reference
    private CryptoSupport crypto;
    private static final String OAUTH_CONFIG_PATH = "/conf/global/settings/mailer/oauth";
    private static final String ACCESS_TOKEN = "accessToken";
    private static final String REFRESH_TOKEN = "refreshToken";
    private static final String CREATED_TIMESTAMP = "createdTime";
    private static final String UPDATED_TIMESTAMP = "updatedTime";
    private static final String RESOURCE_TYPE = "sling:OsgiConfig";
    private static final String MAILER_CONFIG_SERVICE = "mailer-config-service";
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private Session userAdminSession = null;
    private ResourceResolver userAdminResolver = null;
    private volatile String cachedEncryptedConfiguredRefreshToken = null;
    private volatile String cachedEncryptedActiveRefreshToken = null;

    public void closeSessionAndResolver() {
        this.log.debug("closing session");
        if (this.userAdminSession != null && this.userAdminSession.isLive()) {
            this.userAdminSession.logout();
            if (this.userAdminResolver == null || !this.userAdminResolver.isLive()) {
                this.userAdminResolver = null;
            } else {
                this.userAdminResolver.close();
                this.userAdminResolver = null;
            }
            this.userAdminSession = null;
            return;
        }
        if (this.userAdminResolver == null || !this.userAdminResolver.isLive()) {
            this.userAdminResolver = null;
            this.userAdminSession = null;
        } else {
            this.userAdminResolver.close();
            this.userAdminSession = null;
            this.userAdminResolver = null;
        }
    }

    private ResourceResolver getResourceResolver() throws RepositoryException, LoginException {
        this.log.trace("creating userAdmin session");
        if (this.userAdminSession == null) {
            this.userAdminSession = this.repository.loginService(MAILER_CONFIG_SERVICE, (String) null);
        }
        this.log.trace("creating userAdmin Resolver");
        if (this.userAdminResolver == null && this.userAdminSession != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("user.jcr.session", this.userAdminSession);
            this.userAdminResolver = this.resourceResolverFactory.getResourceResolver(hashMap);
        }
        return this.userAdminResolver;
    }

    private static Resource getOrCreateResource(ResourceResolver resourceResolver, String str, String str2, String str3, boolean z) throws PersistenceException {
        return getOrCreateResource(resourceResolver, str, (Map<String, Object>) (str2 == null ? null : Collections.singletonMap("sling:resourceType", str2)), str3, z);
    }

    private static Resource getOrCreateResource(ResourceResolver resourceResolver, String str, Map<String, Object> map, String str2, boolean z) throws PersistenceException {
        Resource resource = resourceResolver.getResource(str);
        if (resource == null) {
            int lastIndexOf = str.lastIndexOf(47);
            String substring = str.substring(lastIndexOf + 1);
            Resource resource2 = lastIndexOf == 0 ? resourceResolver.getResource("/") : getOrCreateResource(resourceResolver, str.substring(0, lastIndexOf), str2, str2, z);
            if (z) {
                resourceResolver.commit();
            }
            try {
                resource = resourceResolver.create(resource2, substring, map);
            } catch (PersistenceException e) {
                resourceResolver.commit();
                resource = resourceResolver.getResource(resource2, substring);
                if (resource == null) {
                    throw e;
                }
            }
            if (z) {
                try {
                    resourceResolver.commit();
                    resource = resourceResolver.getResource(resource2, substring);
                } catch (PersistenceException e2) {
                    resourceResolver.revert();
                    resource = resourceResolver.getResource(resource2, substring);
                    if (resource == null) {
                        resource = resourceResolver.create(resource2, substring, map);
                        resourceResolver.commit();
                    }
                }
            }
        }
        return resource;
    }

    @Override // com.day.cq.mailer.oauth.OAuthTokenStoreService
    public String getRefreshToken() throws LoginException, RepositoryException {
        try {
            this.log.debug("fetching Refresh token from resource");
            if (StringUtils.isNotBlank(this.cachedEncryptedActiveRefreshToken)) {
                String str = this.cachedEncryptedActiveRefreshToken;
                closeSessionAndResolver();
                return str;
            }
            if (StringUtils.isNotBlank(this.cachedEncryptedConfiguredRefreshToken)) {
                String str2 = this.cachedEncryptedConfiguredRefreshToken;
                closeSessionAndResolver();
                return str2;
            }
            Resource resource = getResourceResolver().getResource(OAUTH_CONFIG_PATH);
            if (resource == null) {
                this.log.warn("refresh token resource is null");
                closeSessionAndResolver();
                return null;
            }
            ValueMap valueMap = ResourceUtil.getValueMap(resource);
            String str3 = (String) valueMap.get(OAuthUtil.JCR_OSGI_COFNIG_REFRESH_TOKEN);
            String str4 = (String) valueMap.get(OAuthUtil.JCR_ACTIVE_REFRESH_TOKEN);
            this.cachedEncryptedConfiguredRefreshToken = str3;
            this.cachedEncryptedActiveRefreshToken = str4;
            if (StringUtils.isNotBlank(str4)) {
                this.log.debug("using OSGI config refresh token");
                closeSessionAndResolver();
                return str4;
            }
            if (!StringUtils.isNotBlank(str3)) {
                return null;
            }
            this.log.debug("using jcr active refresh token");
            closeSessionAndResolver();
            return str3;
        } finally {
            closeSessionAndResolver();
        }
    }

    private String getStoredOSGIConfigRefreshToken() throws LoginException, RepositoryException {
        this.log.debug("fetching JCR OSGI Refresh token from resource");
        Resource resource = getResourceResolver().getResource(OAUTH_CONFIG_PATH);
        if (resource == null) {
            this.log.error("error occurred while fetching JCR OSGI refreshToken as resource is null");
            return null;
        }
        String str = (String) ResourceUtil.getValueMap(resource).get(OAuthUtil.JCR_OSGI_COFNIG_REFRESH_TOKEN);
        this.log.trace("fetched JCR OSGI Refresh Token from resource");
        return str;
    }

    @Override // com.day.cq.mailer.oauth.OAuthTokenStoreService
    public void updateToken(String str) throws LoginException, RepositoryException, PersistenceException {
        if (this.crypto == null) {
            throw new PersistenceException("crypto is null");
        }
        this.log.debug("Storing OAuth refresh tokens for later use");
        if (StringUtils.isBlank(str)) {
            this.log.debug("provided refreshToken is blank");
            return;
        }
        String encryptedToken = OAuthUtil.getEncryptedToken(str, this.crypto);
        try {
            Resource resource = getResource();
            ModifiableValueMap modifiableValueMap = (ModifiableValueMap) resource.adaptTo(ModifiableValueMap.class);
            if (modifiableValueMap == null) {
                this.log.debug("Please check permissions of user used in mailer-admin");
                throw new PersistenceException("check permissions of user used in mailer-admin");
            }
            this.cachedEncryptedActiveRefreshToken = encryptedToken;
            modifiableValueMap.put(OAuthUtil.JCR_ACTIVE_REFRESH_TOKEN, encryptedToken);
            modifiableValueMap.put(UPDATED_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
            resource.getResourceResolver().commit();
            this.log.debug("tokens updated");
        } finally {
            closeSessionAndResolver();
        }
    }

    @Override // com.day.cq.mailer.oauth.OAuthTokenStoreService
    public boolean configure(String str) throws LoginException, RepositoryException, PersistenceException {
        if (this.crypto == null) {
            throw new PersistenceException("crypto is null");
        }
        this.log.debug("Storing OAuth refresh tokens for later use");
        if (StringUtils.isBlank(str)) {
            return false;
        }
        String encryptedToken = OAuthUtil.getEncryptedToken(str, this.crypto);
        try {
            if (!isOSGIConfigTokenNeedToUpdated(str, OAuthUtil.getDecryptedToken(getStoredOSGIConfigRefreshToken(), this.crypto))) {
                return false;
            }
            Resource resource = getResource();
            ModifiableValueMap modifiableValueMap = (ModifiableValueMap) resource.adaptTo(ModifiableValueMap.class);
            if (modifiableValueMap == null) {
                this.log.debug("Please check permissions of user used in mailer-admin");
                throw new PersistenceException("check permissions of user used in mailer-admin");
            }
            this.cachedEncryptedConfiguredRefreshToken = encryptedToken;
            this.cachedEncryptedActiveRefreshToken = null;
            modifiableValueMap.put(OAuthUtil.JCR_OSGI_COFNIG_REFRESH_TOKEN, encryptedToken);
            modifiableValueMap.remove(OAuthUtil.JCR_ACTIVE_REFRESH_TOKEN);
            modifiableValueMap.put(UPDATED_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
            resource.getResourceResolver().commit();
            this.log.debug("tokens saved");
            closeSessionAndResolver();
            return true;
        } finally {
            closeSessionAndResolver();
        }
    }

    private boolean isOSGIConfigTokenNeedToUpdated(String str, String str2) {
        this.log.debug("checking if OSGI Config Token Need To Updated");
        return !StringUtils.equals(str, str2);
    }

    private Resource getResource() throws PersistenceException, LoginException, RepositoryException {
        this.log.debug("creating/fetching resource to store tokens");
        HashMap hashMap = new HashMap();
        hashMap.put(CREATED_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
        return getOrCreateResource(getResourceResolver(), OAUTH_CONFIG_PATH, (Map<String, Object>) hashMap, RESOURCE_TYPE, true);
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resourceResolverFactory = resourceResolverFactory;
    }

    protected void unbindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resourceResolverFactory == resourceResolverFactory) {
            this.resourceResolverFactory = null;
        }
    }

    protected void bindCrypto(CryptoSupport cryptoSupport) {
        this.crypto = cryptoSupport;
    }

    protected void unbindCrypto(CryptoSupport cryptoSupport) {
        if (this.crypto == cryptoSupport) {
            this.crypto = null;
        }
    }
}
