package org.wso2.is.key.manager.tokenpersistence.processor;

import java.sql.Timestamp;
import java.util.Date;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.tokenprocessor.RefreshTokenGrantProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.is.key.manager.tokenpersistence.PersistenceConstants;
import org.wso2.is.key.manager.tokenpersistence.internal.ServiceReferenceHolder;
import org.wso2.is.key.manager.tokenpersistence.utils.TokenMgtUtil;

/* loaded from: input_file:org/wso2/is/key/manager/tokenpersistence/processor/InMemoryRefreshTokenGrantProcessor.class */
public class InMemoryRefreshTokenGrantProcessor implements RefreshTokenGrantProcessor {
    private static final Log log = LogFactory.getLog(InMemoryRefreshTokenGrantProcessor.class);

    public RefreshTokenValidationDataDO validateRefreshToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        RefreshTokenValidationDataDO verifiedRefreshToken = OAuth2ServiceComponentHolder.getInstance().getTokenProvider().getVerifiedRefreshToken(oauth2AccessTokenReqDTO.getRefreshToken(), oauth2AccessTokenReqDTO.getClientId());
        if (verifiedRefreshToken != null) {
            return verifiedRefreshToken;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Invalid Refresh Token provided for Client with Client Id : %s", oauth2AccessTokenReqDTO.getClientId()));
        }
        throw new IdentityOAuth2Exception("Valid refresh token data not found");
    }

    public void persistNewToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, AccessTokenDO accessTokenDO, String str, String str2) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        RefreshTokenValidationDataDO refreshTokenValidationDataDO = (RefreshTokenValidationDataDO) oAuthTokenReqMessageContext.getProperty(PersistenceConstants.PREV_ACCESS_TOKEN);
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("RefreshToken")) {
                log.debug(String.format("Invalidating previous refresh token (hashed): %s", DigestUtils.sha256Hex(refreshTokenValidationDataDO.getRefreshToken())));
            } else {
                log.debug("Invalidating previous refresh token.");
            }
        }
        if (refreshTokenValidationDataDO.getProperty(PersistenceConstants.IS_PERSISTED) != null && ((Boolean) refreshTokenValidationDataDO.getProperty(PersistenceConstants.IS_PERSISTED)).booleanValue()) {
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().invalidateAndCreateNewAccessToken(refreshTokenValidationDataDO.getTokenId(), "INACTIVE", str2, UUID.randomUUID().toString(), accessTokenDO, str, refreshTokenValidationDataDO.getGrantType());
            return;
        }
        long time = refreshTokenValidationDataDO.getIssuedTime().getTime() + refreshTokenValidationDataDO.getValidityPeriodInMillis();
        Optional<OAuthAppDO> oAuthApp = TokenMgtUtil.getOAuthApp(oauth2AccessTokenReqDTO.getClientId());
        if (!oAuthApp.isPresent()) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("OAuth App not found for Client Id: %s", oauth2AccessTokenReqDTO.getClientId()));
            }
            throw new IdentityOAuth2Exception("OAuth App not found for Client Id: " + oauth2AccessTokenReqDTO.getClientId());
        }
        if (isRenewRefreshToken(oAuthApp.get().getRenewRefreshTokenEnabled())) {
            ServiceReferenceHolder.getInstance().getInvalidTokenPersistenceService().addInvalidToken(refreshTokenValidationDataDO.getRefreshToken(), str2, Long.valueOf(time));
        }
    }

    public AccessTokenDO createAccessTokenBean(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, RefreshTokenValidationDataDO refreshTokenValidationDataDO, String str) {
        Timestamp timestamp = new Timestamp(new Date().getTime());
        String uuid = UUID.randomUUID().toString();
        oAuthTokenReqMessageContext.addProperty("usid", uuid);
        AccessTokenDO accessTokenDO = new AccessTokenDO();
        accessTokenDO.setConsumerKey(oAuth2AccessTokenReqDTO.getClientId());
        accessTokenDO.setAuthzUser(oAuthTokenReqMessageContext.getAuthorizedUser());
        accessTokenDO.setScope(oAuthTokenReqMessageContext.getScope());
        accessTokenDO.setTokenType(str);
        accessTokenDO.setTokenState("ACTIVE");
        accessTokenDO.setTokenId(uuid);
        accessTokenDO.setGrantType(oAuth2AccessTokenReqDTO.getGrantType());
        accessTokenDO.setIssuedTime(timestamp);
        accessTokenDO.setTokenBinding(oAuthTokenReqMessageContext.getTokenBinding());
        if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled() && refreshTokenValidationDataDO.isConsented()) {
            accessTokenDO.setIsConsentedToken(true);
            oAuthTokenReqMessageContext.setConsentedToken(true);
        }
        return accessTokenDO;
    }

    public boolean isLatestRefreshToken(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, RefreshTokenValidationDataDO refreshTokenValidationDataDO, String str) {
        return true;
    }

    private boolean isRenewRefreshToken(String str) {
        if (StringUtils.isNotBlank(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Reading the Oauth application specific renew refresh token value as " + str + " from the IDN_OIDC_PROPERTY table.");
            }
            return Boolean.parseBoolean(str);
        }
        if (log.isDebugEnabled()) {
            log.debug("Reading the global renew refresh token value from the identity.xml");
        }
        return OAuthServerConfiguration.getInstance().isRefreshTokenRenewalEnabled();
    }

    public void addUserAttributesToCache(AccessTokenDO accessTokenDO, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        AuthorizationGrantCacheEntry fromSessionStore;
        RefreshTokenValidationDataDO refreshTokenValidationDataDO = (RefreshTokenValidationDataDO) oAuthTokenReqMessageContext.getProperty(PersistenceConstants.PREV_ACCESS_TOKEN);
        if (refreshTokenValidationDataDO.getAccessToken() == null) {
            if (refreshTokenValidationDataDO.getTokenId() == null || accessTokenDO.getTokenId() == null || (fromSessionStore = AuthorizationGrantCache.getInstance().getFromSessionStore(refreshTokenValidationDataDO.getTokenId())) == null) {
                return;
            }
            fromSessionStore.setValidityPeriod(TimeUnit.MILLISECONDS.toNanos(accessTokenDO.getValidityPeriodInMillis()));
            AuthorizationGrantCache.getInstance().clearFromSessionStore(refreshTokenValidationDataDO.getTokenId());
            AuthorizationGrantCache.getInstance().storeToSessionStore(accessTokenDO.getTokenId(), fromSessionStore);
            return;
        }
        AuthorizationGrantCacheKey authorizationGrantCacheKey = new AuthorizationGrantCacheKey(refreshTokenValidationDataDO.getAccessToken());
        if (log.isDebugEnabled()) {
            log.debug("Getting AuthorizationGrantCacheEntry using access token id: " + accessTokenDO.getTokenId());
        }
        AuthorizationGrantCacheEntry valueFromCacheByTokenId = AuthorizationGrantCache.getInstance().getValueFromCacheByTokenId(authorizationGrantCacheKey, refreshTokenValidationDataDO.getTokenId());
        if (valueFromCacheByTokenId != null) {
            if (log.isDebugEnabled()) {
                log.debug("Getting user attributes cached against the previous access token with access token id: " + refreshTokenValidationDataDO.getTokenId());
            }
            AuthorizationGrantCacheKey authorizationGrantCacheKey2 = new AuthorizationGrantCacheKey(accessTokenDO.getAccessToken());
            if (StringUtils.isNotBlank(accessTokenDO.getTokenId())) {
                valueFromCacheByTokenId.setTokenId(accessTokenDO.getTokenId());
            } else {
                valueFromCacheByTokenId.setTokenId((String) null);
            }
            valueFromCacheByTokenId.setValidityPeriod(TimeUnit.MILLISECONDS.toNanos(accessTokenDO.getValidityPeriodInMillis()));
            AuthorizationGrantCache.getInstance().clearCacheEntryByTokenId(authorizationGrantCacheKey, refreshTokenValidationDataDO.getTokenId());
            AuthorizationGrantCache.getInstance().addToCacheByToken(authorizationGrantCacheKey2, valueFromCacheByTokenId);
        }
    }
}
