package com.ibm.ws.security.oauth20.plugins.db;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.ibm.oauth.core.api.config.OAuthComponentConfiguration;
import com.ibm.oauth.core.api.error.OidcServerException;
import com.ibm.oauth.core.internal.oauth20.OAuth20Constants;
import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider;
import com.ibm.ws.security.oauth20.exception.OAuthDataException;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClient;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientDBModel;
import com.ibm.ws.security.oauth20.plugins.OidcBaseClientValidator;
import com.ibm.ws.security.oauth20.util.ClientUtils;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.security.oauth20.util.OidcOAuth20Util;
import com.ibm.ws.security.oauth20.web.RegistrationEndpointServices;
import com.ibm.wsspi.security.wim.SchemaConstants;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
import org.apache.aries.blueprint.compendium.cm.CmNamespaceHandler;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.15.jar:com/ibm/ws/security/oauth20/plugins/db/CachedDBOidcClientProvider.class */
public class CachedDBOidcClientProvider extends OAuthJDBCImpl implements OidcOAuth20ClientProvider {
    private Logger _log;
    private String _componentId;
    private String _tableName;
    private boolean hasRewrites;
    private String[] _providerRewrites;
    private DynamicDBMigrator _dbMigrator;
    static final long serialVersionUID = 2495464292905530276L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(CachedDBOidcClientProvider.class);
    private static final String CLASS = CachedDBOidcClientProvider.class.getName();
    private static final String CLIENT_CONFIG_PARAMS = String.format(" (%s, %s, %s, %s, %s, %s, %s)", OAuth20Constants.COMPONENTID, "CLIENTID", "CLIENTSECRET", "DISPLAYNAME", "REDIRECTURI", "ENABLED", "CLIENTMETADATA");

    public CachedDBOidcClientProvider(String str, DataSource dataSource, String str2, @Sensitive Object[] objArr, String str3, String[] strArr) {
        super(dataSource, objArr);
        this._log = Logger.getLogger(CLASS);
        this._componentId = str;
        this._tableName = str2;
        this._providerRewrites = strArr != null ? (String[]) strArr.clone() : null;
        this._dbMigrator = new DynamicDBMigrator(this._tableName);
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @ManualTrace
    public void initialize() {
        this._log.entering(CLASS, "initialize");
        if (this._log.isLoggable(Level.FINEST)) {
            try {
                this._log.logp(Level.FINEST, CLASS, "initialize", "Using ComponentId: " + this._componentId);
            } catch (Throwable th) {
                this._log.exiting(CLASS, "initialize");
                throw th;
            }
        }
        this.hasRewrites = ClientUtils.initRewrites(this._componentId, this._providerRewrites);
        this._log.exiting(CLASS, "initialize");
    }

    @Override // com.ibm.ws.security.oauth20.plugins.db.OAuthJDBCImpl, com.ibm.oauth.core.api.oauth20.client.OAuth20ClientProvider
    @ManualTrace
    public void init(OAuthComponentConfiguration oAuthComponentConfiguration) {
        this._log.entering(CLASS, "init");
        try {
            super.init(oAuthComponentConfiguration);
            this._tableName = oAuthComponentConfiguration.getConfigPropertyValue(OAuthJDBCImpl.CONFIG_CLIENT_TABLE);
            this._componentId = oAuthComponentConfiguration.getUniqueId();
            this._dbMigrator = new DynamicDBMigrator(this._tableName);
            if (this._log.isLoggable(Level.FINEST)) {
                this._log.logp(Level.FINEST, CLASS, "init", "Using ComponentId: " + this._componentId);
            }
            this.hasRewrites = ClientUtils.initRewrites(oAuthComponentConfiguration);
            this._log.exiting(CLASS, "init");
        } catch (Throwable th) {
            this._log.exiting(CLASS, "init");
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public OidcBaseClient put(OidcBaseClient oidcBaseClient) throws OidcServerException {
        this._log.entering(CLASS, "put", new Object[]{oidcBaseClient});
        Connection connection = null;
        boolean z = true;
        try {
            try {
                connection = getInitializedConnection();
                addClientToDB(connection, getOidcBaseClientDBModel(this._componentId, oidcBaseClient, 1));
                z = false;
                closeConnection(connection, false);
            } catch (SQLException e) {
                this._dbMigrator.execute(connection);
                try {
                    addClientToDB(connection, getOidcBaseClientDBModel(this._componentId, oidcBaseClient, 1));
                    z = false;
                    closeConnection(connection, false);
                } catch (SQLException e2) {
                    this._log.logp(Level.SEVERE, CLASS, "put", e2.getMessage(), (Throwable) e2);
                    throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                }
            }
            this._log.exiting(CLASS, "put", new Object[0]);
            if (z) {
                return null;
            }
            return oidcBaseClient;
        } catch (Throwable th) {
            closeConnection(connection, z);
            throw th;
        }
    }

    @ManualTrace
    private void addClientToDB(Connection connection, OidcBaseClientDBModel oidcBaseClientDBModel) throws SQLException, OidcServerException {
        this._log.entering(CLASS, "addClientToDB", new Object[]{oidcBaseClientDBModel});
        PreparedStatement preparedStatement = null;
        try {
            preparedStatement = connection.prepareStatement("INSERT INTO " + this._tableName + CLIENT_CONFIG_PARAMS + " VALUES ( ?, ?, ?, ?, ?, ?, ? )");
            preparedStatement.setString(1, this._componentId);
            preparedStatement.setString(2, oidcBaseClientDBModel.getClientId());
            preparedStatement.setString(3, oidcBaseClientDBModel.getClientSecret());
            preparedStatement.setString(4, oidcBaseClientDBModel.getDisplayName());
            preparedStatement.setString(5, oidcBaseClientDBModel.getRedirectUri());
            preparedStatement.setInt(6, oidcBaseClientDBModel.getEnabled());
            encodeClientSecretInClientMetadata(oidcBaseClientDBModel);
            preparedStatement.setString(7, oidcBaseClientDBModel.getClientMetadata().toString());
            preparedStatement.executeUpdate();
            closeStatement(preparedStatement, "addClientToDB");
            this._log.exiting(CLASS, "addClientToDB", null);
        } catch (Throwable th) {
            closeStatement(preparedStatement, "addClientToDB");
            this._log.exiting(CLASS, "addClientToDB", null);
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public OidcBaseClient get(String str) throws OidcServerException {
        this._log.entering(CLASS, "get", new Object[]{str});
        OidcBaseClient oidcBaseClient = null;
        Connection connection = null;
        boolean z = true;
        if (0 == 0) {
            try {
                try {
                    connection = getInitializedConnection();
                    oidcBaseClient = getClientFromDB(connection, str);
                    z = false;
                    closeConnection(connection, false);
                } catch (SQLException e) {
                    this._dbMigrator.execute(connection);
                    try {
                        oidcBaseClient = getClientFromDB(connection, str);
                        z = false;
                        closeConnection(connection, false);
                    } catch (SQLException e2) {
                        this._log.logp(Level.SEVERE, CLASS, "get", e2.getMessage(), (Throwable) e2);
                        throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                    }
                }
            } catch (Throwable th) {
                closeConnection(connection, z);
                throw th;
            }
        }
        if (this.hasRewrites && oidcBaseClient != null) {
            oidcBaseClient = ClientUtils.uriRewrite(oidcBaseClient);
        }
        this._log.exiting(CLASS, "get", oidcBaseClient);
        return oidcBaseClient;
    }

    @ManualTrace
    private OidcBaseClient getClientFromDB(Connection connection, String str) throws SQLException, OidcServerException {
        this._log.entering(CLASS, "getClientFromDB", new Object[]{str});
        OidcBaseClient oidcBaseClient = null;
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            preparedStatement = connection.prepareStatement("SELECT * FROM " + this._tableName + " WHERE " + OAuth20Constants.COMPONENTID + " = ? AND CLIENTID = ?");
            preparedStatement.setString(1, this._componentId);
            preparedStatement.setString(2, str);
            resultSet = preparedStatement.executeQuery();
            while (resultSet != null) {
                if (!resultSet.next()) {
                    break;
                }
                oidcBaseClient = getClientFromDBModel(connection, resultSet);
                if (oidcBaseClient != null) {
                    break;
                }
            }
            closeResultSet(resultSet);
            closeStatement(preparedStatement, "getClientFromDB");
            this._log.exiting(CLASS, "getClientFromDB", oidcBaseClient);
            return oidcBaseClient;
        } catch (Throwable th) {
            closeResultSet(resultSet);
            closeStatement(preparedStatement, "getClientFromDB");
            this._log.exiting(CLASS, "getClientFromDB", oidcBaseClient);
            throw th;
        }
    }

    private OidcBaseClient getClientFromDBModel(Connection connection, ResultSet resultSet) throws SQLException {
        OidcBaseClientDBModel dBModelOfClient = getDBModelOfClient(connection, resultSet);
        OidcBaseClient defaultFacade = setDefaultFacade(dBModelOfClient, getOidcBaseClient(dBModelOfClient));
        String clientSecret = defaultFacade.getClientSecret();
        if (clientSecret != null && !clientSecret.isEmpty()) {
            defaultFacade.setClientSecret(PasswordUtil.passwordDecode(clientSecret));
        }
        return defaultFacade;
    }

    private OidcBaseClient setDefaultFacade(OidcBaseClientDBModel oidcBaseClientDBModel, OidcBaseClient oidcBaseClient) {
        OidcBaseClient deepCopy = oidcBaseClient.getDeepCopy();
        deepCopy.setEnabled(oidcBaseClientDBModel.getEnabled() == 1);
        deepCopy.setComponentId(oidcBaseClientDBModel.getComponentId());
        if (isUninitializedClientMetdata(oidcBaseClientDBModel.getClientMetadata())) {
            String redirectUri = oidcBaseClientDBModel.getRedirectUri();
            if (!OidcOAuth20Util.isNullEmpty(redirectUri)) {
                deepCopy.setRedirectUris(OidcOAuth20Util.initJsonArray(redirectUri));
            }
            String clientSecret = oidcBaseClientDBModel.getClientSecret();
            if (!OidcOAuth20Util.isNullEmpty(clientSecret)) {
                deepCopy.setClientSecret(clientSecret);
            }
            String displayName = oidcBaseClientDBModel.getDisplayName();
            if (!OidcOAuth20Util.isNullEmpty(displayName)) {
                deepCopy.setClientName(displayName);
            }
            deepCopy.setClientSecretExpiresAt(0L);
            deepCopy.setClientIdIssuedAt(0L);
        }
        return OidcBaseClientValidator.getInstance(deepCopy).setDefaultsForOmitted();
    }

    private static boolean isUninitializedClientMetdata(JsonObject jsonObject) {
        return jsonObject == null || jsonObject.isJsonNull() || jsonObject.entrySet().size() == 0;
    }

    private OidcBaseClientDBModel getDBModelOfClient(Connection connection, ResultSet resultSet) throws SQLException {
        JsonObject asJsonObject;
        String string = resultSet.getString(OAuth20Constants.COMPONENTID);
        String string2 = resultSet.getString("CLIENTID");
        String string3 = resultSet.getString("CLIENTSECRET");
        String string4 = resultSet.getString("DISPLAYNAME");
        String string5 = resultSet.getString("REDIRECTURI");
        int i = resultSet.getInt("ENABLED");
        if (getDBType().isClobSupported()) {
            asJsonObject = new JsonParser().parse(resultSet.getClob("CLIENTMETADATA").getCharacterStream()).getAsJsonObject();
        } else {
            asJsonObject = new JsonParser().parse(resultSet.getString("CLIENTMETADATA")).getAsJsonObject();
        }
        return new OidcBaseClientDBModel(string, string2, string3, string4, string5, i, asJsonObject);
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @ManualTrace
    public Collection<OidcBaseClient> getAll() throws OidcServerException {
        this._log.entering(CLASS, "getAll", new Object[0]);
        Collection<OidcBaseClient> all = getAll(null);
        this._log.exiting(CLASS, "getAll", all);
        return all;
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public Collection<OidcBaseClient> getAll(HttpServletRequest httpServletRequest) throws OidcServerException {
        Collection<OidcBaseClient> findAllClientsFromDB;
        this._log.entering(CLASS, "getAll(request)", new Object[0]);
        Connection connection = null;
        boolean z = true;
        try {
            try {
                connection = getInitializedConnection();
                findAllClientsFromDB = findAllClientsFromDB(connection, httpServletRequest);
                z = false;
                closeConnection(connection, false);
            } catch (SQLException e) {
                this._dbMigrator.execute(connection);
                try {
                    findAllClientsFromDB = findAllClientsFromDB(connection, httpServletRequest);
                    z = false;
                    closeConnection(connection, false);
                } catch (SQLException e2) {
                    this._log.logp(Level.SEVERE, CLASS, "getAll(request)", e2.getMessage(), (Throwable) e2);
                    throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                }
            }
            if (this.hasRewrites && findAllClientsFromDB != null) {
                ArrayList arrayList = new ArrayList();
                Iterator<OidcBaseClient> it = findAllClientsFromDB.iterator();
                while (it.hasNext()) {
                    arrayList.add(ClientUtils.uriRewrite(it.next()));
                }
                findAllClientsFromDB = arrayList;
            }
            this._log.exiting(CLASS, "getAll(request)", findAllClientsFromDB);
            return findAllClientsFromDB;
        } catch (Throwable th) {
            closeConnection(connection, z);
            throw th;
        }
    }

    @ManualTrace
    private Collection<OidcBaseClient> findAllClientsFromDB(Connection connection, HttpServletRequest httpServletRequest) throws SQLException, OidcServerException {
        this._log.entering(CLASS, "findAllClientsFromDB(conn,request)", new Object[0]);
        ArrayList arrayList = new ArrayList();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            preparedStatement = connection.prepareStatement("SELECT * FROM " + this._tableName + " WHERE " + OAuth20Constants.COMPONENTID + " = ?");
            preparedStatement.setString(1, this._componentId);
            resultSet = preparedStatement.executeQuery();
            while (resultSet != null) {
                if (!resultSet.next()) {
                    break;
                }
                OidcBaseClient clientFromDBModel = getClientFromDBModel(connection, resultSet);
                if (httpServletRequest != null) {
                    RegistrationEndpointServices.processClientRegistationUri(clientFromDBModel, httpServletRequest);
                }
                arrayList.add(clientFromDBModel);
            }
            closeResultSet(resultSet);
            closeStatement(preparedStatement, "findAllClientsFromDB(conn,request)");
            this._log.exiting(CLASS, "findAllClientsFromDB(conn,request)", arrayList);
            return arrayList;
        } catch (Throwable th) {
            closeResultSet(resultSet);
            closeStatement(preparedStatement, "findAllClientsFromDB(conn,request)");
            this._log.exiting(CLASS, "findAllClientsFromDB(conn,request)", arrayList);
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public OidcBaseClient update(OidcBaseClient oidcBaseClient) throws OidcServerException {
        this._log.entering(CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, new Object[]{oidcBaseClient});
        OidcBaseClient oidcBaseClient2 = null;
        Connection connection = null;
        try {
            try {
                connection = getInitializedConnection();
                if (update(connection, getOidcBaseClientDBModel(this._componentId, oidcBaseClient, 1)) == 1) {
                    oidcBaseClient2 = oidcBaseClient;
                }
                closeConnection(connection, false);
            } catch (SQLException e) {
                this._dbMigrator.execute(connection);
                try {
                    if (update(connection, getOidcBaseClientDBModel(this._componentId, oidcBaseClient, 1)) == 1) {
                        oidcBaseClient2 = oidcBaseClient;
                    }
                    closeConnection(connection, false);
                } catch (SQLException e2) {
                    this._log.logp(Level.SEVERE, CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, e2.getMessage(), (Throwable) e2);
                    throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                }
            }
            this._log.exiting(CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, oidcBaseClient2);
            return oidcBaseClient2;
        } catch (Throwable th) {
            closeConnection(connection, true);
            throw th;
        }
    }

    @ManualTrace
    private int update(Connection connection, OidcBaseClientDBModel oidcBaseClientDBModel) throws OidcServerException, SQLException {
        this._log.entering(CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, new Object[]{connection, oidcBaseClientDBModel});
        PreparedStatement preparedStatement = null;
        int i = 0;
        try {
            preparedStatement = connection.prepareStatement("UPDATE " + this._tableName + " SET " + OAuth20Constants.COMPONENTID + "=? ,CLIENTSECRET=? ,DISPLAYNAME=? ,REDIRECTURI=? ,ENABLED=? ,CLIENTMETADATA=? WHERE CLIENTID= ?");
            preparedStatement.setString(1, this._componentId);
            preparedStatement.setString(2, oidcBaseClientDBModel.getClientSecret());
            preparedStatement.setString(3, oidcBaseClientDBModel.getDisplayName());
            preparedStatement.setString(4, oidcBaseClientDBModel.getRedirectUri());
            preparedStatement.setInt(5, oidcBaseClientDBModel.getEnabled());
            preparedStatement.setString(6, oidcBaseClientDBModel.getClientMetadata().toString());
            preparedStatement.setString(7, oidcBaseClientDBModel.getClientId());
            i = preparedStatement.executeUpdate();
            closeStatement(preparedStatement, CmNamespaceHandler.UPDATE_ATTRIBUTE);
            this._log.exiting(CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, Integer.valueOf(i));
            return i;
        } catch (Throwable th) {
            closeStatement(preparedStatement, CmNamespaceHandler.UPDATE_ATTRIBUTE);
            this._log.exiting(CLASS, CmNamespaceHandler.UPDATE_ATTRIBUTE, Integer.valueOf(i));
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @ManualTrace
    public boolean delete(String str) throws OidcServerException {
        this._log.entering(CLASS, SchemaConstants.CHANGETYPE_DELETE, new Object[]{str});
        Connection connection = null;
        try {
            try {
                connection = getInitializedConnection();
                boolean z = !deleteClientFromDB(connection, str);
                closeConnection(connection, z);
                this._log.exiting(CLASS, SchemaConstants.CHANGETYPE_DELETE, Boolean.valueOf(z));
                return !z;
            } catch (SQLException e) {
                FFDCFilter.processException(e, ConfigUtils.BUILTIN_DB_PROVIDER_CLASS, "567", this, new Object[]{str});
                this._log.logp(Level.SEVERE, CLASS, SchemaConstants.CHANGETYPE_DELETE, e.getMessage(), (Throwable) e);
                throw new OidcServerException(e.getLocalizedMessage(), "server_error", 500, e);
            }
        } catch (Throwable th) {
            closeConnection(connection, true);
            throw th;
        }
    }

    @ManualTrace
    private boolean deleteClientFromDB(Connection connection, String str) throws SQLException {
        this._log.entering(CLASS, "deleteClientFromDB", new Object[]{this._tableName, this._componentId, str});
        PreparedStatement preparedStatement = null;
        boolean z = true;
        try {
            preparedStatement = connection.prepareStatement("DELETE FROM " + this._tableName + " WHERE " + OAuth20Constants.COMPONENTID + " = ? AND CLIENTID = ?");
            preparedStatement.setString(1, this._componentId);
            preparedStatement.setString(2, str);
            int executeUpdate = preparedStatement.executeUpdate();
            this._log.logp(Level.FINE, CLASS, "deleteClientFromDB", "Num entries deleted: " + executeUpdate);
            if (executeUpdate > 0) {
                z = false;
            }
            closeResultSet(null);
            closeStatement(preparedStatement, "deleteClientFromDB");
            this._log.exiting(CLASS, "deleteClientFromDB", null);
            return !z;
        } catch (Throwable th) {
            closeResultSet(null);
            closeStatement(preparedStatement, "deleteClientFromDB");
            this._log.exiting(CLASS, "deleteClientFromDB", null);
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public boolean exists(String str) throws OidcServerException {
        this._log.entering(CLASS, "exists", new Object[]{str});
        Connection connection = null;
        boolean z = true;
        OidcBaseClient oidcBaseClient = null;
        try {
            if (0 == 0) {
                try {
                    connection = getInitializedConnection();
                    oidcBaseClient = getClientFromDB(connection, str);
                    z = false;
                    closeConnection(connection, false);
                } catch (SQLException e) {
                    this._dbMigrator.execute(connection);
                    try {
                        oidcBaseClient = getClientFromDB(connection, str);
                        z = false;
                        closeConnection(connection, false);
                    } catch (SQLException e2) {
                        this._log.logp(Level.SEVERE, CLASS, "exists", e2.getMessage(), (Throwable) e2);
                        throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                    }
                }
            }
            boolean z2 = oidcBaseClient != null;
            this._log.exiting(CLASS, "exists", "" + z2);
            return z2;
        } catch (Throwable th) {
            closeConnection(connection, z);
            throw th;
        }
    }

    @Override // com.ibm.ws.security.oauth20.api.OidcOAuth20ClientProvider
    @FFDCIgnore({SQLException.class})
    @ManualTrace
    public boolean validateClient(String str, String str2) throws OidcServerException {
        this._log.entering(CLASS, "validateClient", new Object[]{str, "secret_removed"});
        boolean z = false;
        Connection connection = null;
        boolean z2 = true;
        OidcBaseClient oidcBaseClient = null;
        if (str2 != null) {
            try {
                try {
                    if (!str2.isEmpty()) {
                        connection = getInitializedConnection();
                        oidcBaseClient = getClientFromDB(connection, str);
                        z2 = false;
                    }
                } catch (SQLException e) {
                    this._dbMigrator.execute(connection);
                    try {
                        oidcBaseClient = getClientFromDB(connection, str);
                        z2 = false;
                        closeConnection(connection, false);
                    } catch (SQLException e2) {
                        this._log.logp(Level.SEVERE, CLASS, "validateClient", e2.getMessage(), (Throwable) e2);
                        throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
                    }
                }
            } finally {
                closeConnection(connection, z2);
            }
        }
        if (oidcBaseClient != null && oidcBaseClient.isEnabled() && oidcBaseClient.isConfidential()) {
            if (this.hasRewrites) {
                oidcBaseClient = ClientUtils.uriRewrite(oidcBaseClient);
            }
            String clientSecret = oidcBaseClient.getClientSecret();
            if (clientSecret != null && clientSecret.equals(str2)) {
                z = true;
            }
        }
        this._log.exiting(CLASS, "validateClient", "" + z);
        return z;
    }

    @FFDCIgnore({OAuthDataException.class})
    private Connection getInitializedConnection() throws OidcServerException {
        try {
            Connection dBConnection = getDBConnection();
            dBConnection.setAutoCommit(false);
            return dBConnection;
        } catch (OAuthDataException e) {
            throw new OidcServerException(e.getLocalizedMessage(), "server_error", 500, e);
        } catch (SQLException e2) {
            FFDCFilter.processException(e2, ConfigUtils.BUILTIN_DB_PROVIDER_CLASS, "716", this, new Object[0]);
            throw new OidcServerException(e2.getLocalizedMessage(), "server_error", 500, e2);
        }
    }

    private static OidcBaseClientDBModel getOidcBaseClientDBModel(String str, OidcBaseClient oidcBaseClient, int i) {
        return new OidcBaseClientDBModel(str, oidcBaseClient.getClientId(), null, "", null, i, getClientMetadata(oidcBaseClient));
    }

    private static OidcBaseClient getOidcBaseClient(OidcBaseClientDBModel oidcBaseClientDBModel) {
        OidcBaseClient oidcBaseClient = (OidcBaseClient) OidcOAuth20Util.GSON_RAW.fromJson((JsonElement) oidcBaseClientDBModel.getClientMetadata(), OidcBaseClient.class);
        oidcBaseClient.setComponentId(oidcBaseClientDBModel.getComponentId());
        oidcBaseClient.setClientId(oidcBaseClientDBModel.getClientId());
        oidcBaseClient.setEnabled(oidcBaseClientDBModel.getEnabled() != 0);
        return oidcBaseClient;
    }

    private static JsonObject getClientMetadata(OidcBaseClient oidcBaseClient) {
        JsonObject jsonObj = OidcOAuth20Util.getJsonObj(oidcBaseClient);
        jsonObj.remove("client_id");
        return jsonObj;
    }

    private void encodeClientSecretInClientMetadata(OidcBaseClientDBModel oidcBaseClientDBModel) {
        String asString;
        JsonObject clientMetadata = oidcBaseClientDBModel.getClientMetadata();
        if (clientMetadata == null || !clientMetadata.has("client_secret") || (asString = clientMetadata.get("client_secret").getAsString()) == null || asString.isEmpty()) {
            return;
        }
        clientMetadata.addProperty("client_secret", PasswordUtil.passwordEncode(asString));
    }
}
