package org.wso2.is.key.manager.tokenpersistence.utils;

import java.util.Collections;
import java.util.List;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.openidconnect.OIDCClaimUtil;
import org.wso2.is.key.manager.tokenpersistence.PersistenceConstants;

/* loaded from: input_file:org/wso2/is/key/manager/tokenpersistence/utils/OpaqueTokenUtil.class */
public class OpaqueTokenUtil {
    private static final Log log = LogFactory.getLog(OpaqueTokenUtil.class);

    public static AccessTokenDO findRefreshToken(String str) throws IdentityOAuth2Exception {
        AccessTokenDO refreshToken = OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().getRefreshToken(str);
        refreshToken.addProperty(PersistenceConstants.IS_PERSISTED, true);
        return refreshToken;
    }

    public static RefreshTokenValidationDataDO validateOpaqueRefreshToken(String str, String str2) throws IdentityOAuth2Exception {
        RefreshTokenValidationDataDO validateRefreshToken = validateRefreshToken(str2, str);
        if (validateRefreshToken.getAccessToken() != null) {
            return validateRefreshToken;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Invalid Refresh Token provided for Client with Client Id : %s", str2));
        }
        throw new IdentityOAuth2Exception("Persisted access token data not found.");
    }

    private static RefreshTokenValidationDataDO validateRefreshToken(String str, String str2) throws IdentityOAuth2Exception {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("RefreshToken")) {
                log.debug("Validating refresh token(hashed): " + DigestUtils.sha256Hex(str2) + " client: " + str);
            } else {
                log.debug("Validating refresh token for client: " + str);
            }
        }
        RefreshTokenValidationDataDO validateRefreshToken = OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().validateRefreshToken(str, str2);
        validateRefreshToken.addProperty(PersistenceConstants.IS_PERSISTED, true);
        return validateRefreshToken;
    }

    public static void validateTokenConsent(RefreshTokenValidationDataDO refreshTokenValidationDataDO) throws IdentityOAuth2Exception {
        if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) {
            String grantType = refreshTokenValidationDataDO.getGrantType();
            if (PersistenceConstants.REFRESH_TOKEN.equals(grantType)) {
                refreshTokenValidationDataDO.setConsented(OAuth2Util.getAccessTokenDOFromTokenIdentifier(refreshTokenValidationDataDO.getAccessToken(), false).isConsentedToken());
            } else if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(grantType)) {
                refreshTokenValidationDataDO.setConsented(true);
            }
        }
    }

    public static void revokeTokens(List<AccessTokenDO> list) throws IdentityOAuth2Exception {
        if (list.isEmpty()) {
            return;
        }
        for (AccessTokenDO accessTokenDO : list) {
            OAuthUtil.invokePreRevocationBySystemListeners(accessTokenDO, Collections.emptyMap());
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{accessTokenDO.getAccessToken()}, OAuth2Util.isHashEnabled());
            OAuthUtil.invokePostRevocationBySystemListeners(accessTokenDO, Collections.emptyMap());
        }
    }
}
