package org.wso2.carbon.apimgt.gateway.security.handlers;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.gateway.exception.APIKeyMgtException;
import org.wso2.carbon.apimgt.gateway.models.APIKeyValidationInfoDTO;
import org.wso2.carbon.apimgt.gateway.models.AccessTokenInfo;
import org.wso2.carbon.apimgt.gateway.models.TokenValidationContext;
import org.wso2.carbon.apimgt.gateway.throttling.constants.APIConstants;
import org.wso2.carbon.apimgt.gateway.utils.KeyManagerConstants;

/* loaded from: input_file:plugins/org.wso2.carbon.apimgt.gateway.extension-7.0.9.jar:org/wso2/carbon/apimgt/gateway/security/handlers/DefaultKeyValidationHandler.class */
public class DefaultKeyValidationHandler implements KeyValidationHandler {
    static final Logger LOG = LoggerFactory.getLogger(DefaultKeyValidationHandler.class);

    @Override // org.wso2.carbon.apimgt.gateway.security.handlers.KeyValidationHandler
    public boolean validateToken(TokenValidationContext tokenValidationContext) throws APIKeyMgtException {
        AccessTokenInfo tokenMetadata = getTokenMetadata(tokenValidationContext.getAccessToken());
        setValuesForOAuth2ValidationContext(tokenValidationContext, tokenMetadata);
        return tokenMetadata.isTokenValid();
    }

    @Override // org.wso2.carbon.apimgt.gateway.security.handlers.KeyValidationHandler
    public boolean validateScopes(TokenValidationContext tokenValidationContext) throws APIKeyMgtException {
        return false;
    }

    @Override // org.wso2.carbon.apimgt.gateway.security.handlers.KeyValidationHandler
    public boolean generateConsumerToken(TokenValidationContext tokenValidationContext) throws APIKeyMgtException {
        return false;
    }

    private AccessTokenInfo getTokenMetadata(String str) throws APIKeyMgtException {
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(System.getProperty("introspectEndpoint", "http://localhost:9763/oauth2/introspect")).openConnection();
                    httpURLConnection2.setDoOutput(true);
                    httpURLConnection2.setRequestMethod("POST");
                    httpURLConnection2.getOutputStream().write(("token=" + str).getBytes(APIConstants.DigestAuthConstants.CHARSET));
                    JsonObject asJsonObject = new JsonParser().parse(new String(IOUtils.toByteArray(httpURLConnection2.getInputStream()), APIConstants.DigestAuthConstants.CHARSET)).getAsJsonObject();
                    if (!asJsonObject.getAsJsonPrimitive("active").getAsBoolean()) {
                        accessTokenInfo.setTokenValid(false);
                        LOG.error("Invalid OAuth Token. ");
                        accessTokenInfo.setErrorcode(900901);
                        if (httpURLConnection2 != null) {
                            httpURLConnection2.disconnect();
                        }
                        return accessTokenInfo;
                    }
                    String asString = asJsonObject.getAsJsonPrimitive("client_id").getAsString();
                    String asString2 = asJsonObject.getAsJsonPrimitive("username").getAsString();
                    long asLong = asJsonObject.getAsJsonPrimitive(KeyManagerConstants.OAUTH2_TOKEN_EXP_TIME).getAsLong();
                    long asLong2 = asJsonObject.getAsJsonPrimitive(KeyManagerConstants.OAUTH2_TOKEN_ISSUED_TIME).getAsLong();
                    String asString3 = asJsonObject.getAsJsonPrimitive("scope").getAsString();
                    if (asString3 != null) {
                        accessTokenInfo.setScopes(asString3.split("\\s+"));
                    }
                    accessTokenInfo.setTokenValid(true);
                    accessTokenInfo.setAccessToken(str);
                    accessTokenInfo.setConsumerKey(asString);
                    accessTokenInfo.setEndUserName(asString2);
                    accessTokenInfo.setIssuedTime(asLong2);
                    if (asLong == Long.MAX_VALUE) {
                        accessTokenInfo.setValidityPeriod(Long.MAX_VALUE);
                    } else {
                        accessTokenInfo.setValidityPeriod(asLong * 1000);
                    }
                    if (httpURLConnection2 != null) {
                        httpURLConnection2.disconnect();
                    }
                    return accessTokenInfo;
                } catch (IOException e) {
                    LOG.error("Error while connecting to token introspect endpoint.", e);
                    throw new APIKeyMgtException("Error while connecting to token introspect endpoint.", e);
                }
            } catch (JsonSyntaxException e2) {
                LOG.error("Error while processing the response returned from token introspect endpoint.", e2);
                throw new APIKeyMgtException("Error while processing the response returned from token introspect endpoint.", (Throwable) e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private void setValuesForOAuth2ValidationContext(TokenValidationContext tokenValidationContext, AccessTokenInfo accessTokenInfo) {
        tokenValidationContext.setTokenInfo(accessTokenInfo);
        APIKeyValidationInfoDTO aPIKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
        if (!accessTokenInfo.isTokenValid()) {
            aPIKeyValidationInfoDTO.setAuthorized(false);
            if (accessTokenInfo.getErrorcode() > 0) {
                aPIKeyValidationInfoDTO.setValidationStatus(accessTokenInfo.getErrorcode());
            } else {
                aPIKeyValidationInfoDTO.setValidationStatus(900900);
            }
        }
        aPIKeyValidationInfoDTO.setAuthorized(accessTokenInfo.isTokenValid());
        aPIKeyValidationInfoDTO.setEndUserName(accessTokenInfo.getEndUserName());
        aPIKeyValidationInfoDTO.setConsumerKey(accessTokenInfo.getConsumerKey());
        aPIKeyValidationInfoDTO.setIssuedTime(accessTokenInfo.getIssuedTime());
        aPIKeyValidationInfoDTO.setValidityPeriod(accessTokenInfo.getValidityPeriod());
        aPIKeyValidationInfoDTO.setScopes(new HashSet(Arrays.asList(accessTokenInfo.getScopes())));
        tokenValidationContext.setValidationInfoDTO(aPIKeyValidationInfoDTO);
    }
}
