package org.wso2.carbon.device.mgt.oauth.extensions.handlers;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.ResourceScopeCacheEntry;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;

/* loaded from: input_file:org/wso2/carbon/device/mgt/oauth/extensions/handlers/ScopeValidationHandler.class */
public class ScopeValidationHandler extends OAuth2ScopeValidator {
    private static final Log log = LogFactory.getLog(ScopeValidationHandler.class);
    private final String DEFAULT_PREFIX = "default";
    private Map<String, OAuth2ScopeValidator> scopeValidators = OAuthExtensionsDataHolder.getInstance().getScopeValidators();

    public boolean validateScope(AccessTokenDO accessTokenDO, String str) throws IdentityOAuth2Exception {
        if (this.scopeValidators == null || this.scopeValidators.isEmpty()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("OAuth2 scope validators are not loaded");
            return true;
        }
        String resourceScope = getResourceScope(str);
        if (resourceScope == null) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Resource '" + str + "' is not protected with a scope");
            return true;
        }
        String str2 = resourceScope.split(":")[0];
        OAuth2ScopeValidator oAuth2ScopeValidator = this.scopeValidators.get(str2);
        if (oAuth2ScopeValidator == null) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth2 scope validator cannot be identified for '" + str2 + "' scope prefix");
            }
            oAuth2ScopeValidator = this.scopeValidators.get("default");
            if (log.isDebugEnabled()) {
                log.debug("Loading default scope validator");
            }
            if (oAuth2ScopeValidator == null) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("Default scope validator is not available");
                return true;
            }
        }
        return oAuth2ScopeValidator.validateScope(accessTokenDO, str);
    }

    private String getResourceScope(String str) {
        String str2 = null;
        boolean z = false;
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            ResourceScopeCacheEntry resourceScopeCacheEntry = (CacheEntry) OAuthCache.getInstance().getValueFromCache(new OAuthCacheKey(str));
            if (resourceScopeCacheEntry instanceof ResourceScopeCacheEntry) {
                str2 = resourceScopeCacheEntry.getScope();
                z = true;
            }
        }
        TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
        if (!z) {
            try {
                str2 = tokenMgtDAO.findScopeOfResource(str);
            } catch (IdentityOAuth2Exception e) {
                log.error("Error occurred while retrieving scope for resource '" + str + "'");
            }
            if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
                OAuthCache.getInstance().addToCache(new OAuthCacheKey(str), new ResourceScopeCacheEntry(str2));
            }
        }
        return str2;
    }
}
