package org.wso2.carbon.identity.oauth2.validators;

import java.util.Hashtable;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.CacheKey;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authcontext.AuthorizationContextTokenGenerator;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.class */
public class TokenValidationHandler {
    private static TokenValidationHandler instance = null;
    AuthorizationContextTokenGenerator tokenGenerator;
    private Log log = LogFactory.getLog(TokenValidationHandler.class);
    private Map<String, OAuth2TokenValidator> tokenValidators = new Hashtable();
    private TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();

    private TokenValidationHandler() {
        this.tokenGenerator = null;
        this.tokenValidators.put(DefaultOAuth2TokenValidator.TOKEN_TYPE, new DefaultOAuth2TokenValidator());
        for (Map.Entry<String, String> entry : OAuthServerConfiguration.getInstance().getTokenValidatorClassNames().entrySet()) {
            String str = null;
            try {
                String key = entry.getKey();
                str = entry.getValue();
                this.tokenValidators.put(key, (OAuth2TokenValidator) Thread.currentThread().getContextClassLoader().loadClass(entry.getValue()).newInstance());
            } catch (ClassNotFoundException e) {
                this.log.error("Class not in build path " + str, e);
            } catch (IllegalAccessException e2) {
                this.log.error("Class access error " + str, e2);
            } catch (InstantiationException e3) {
                this.log.error("Class initialization error " + str, e3);
            }
        }
        if (OAuthServerConfiguration.getInstance().isAuthContextTokGenEnabled()) {
            try {
                this.tokenGenerator = (AuthorizationContextTokenGenerator) getClass().getClassLoader().loadClass(OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass()).newInstance();
                this.tokenGenerator.init();
                if (this.log.isDebugEnabled()) {
                    this.log.debug("An instance of " + OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass() + " is created for OAuthServerConfiguration.");
                }
            } catch (ClassNotFoundException e4) {
                this.log.error("Class not found: " + OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass(), e4);
            } catch (IllegalAccessException e5) {
                this.log.error("Illegal access to: " + OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass(), e5);
            } catch (InstantiationException e6) {
                this.log.error("Error while instantiating: " + OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass(), e6);
            } catch (IdentityOAuth2Exception e7) {
                this.log.error("Error while initializing: " + OAuthServerConfiguration.getInstance().getTokenGeneratorImplClass(), e7);
            }
        }
    }

    public static TokenValidationHandler getInstance() {
        if (instance == null) {
            synchronized (TokenValidationHandler.class) {
                if (instance == null) {
                    instance = new TokenValidationHandler();
                }
            }
        }
        return instance;
    }

    public void addTokenValidator(String str, OAuth2TokenValidator oAuth2TokenValidator) {
        this.tokenValidators.put(str, oAuth2TokenValidator);
    }

    public OAuth2TokenValidationResponseDTO validate(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) throws IdentityOAuth2Exception {
        return findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO).getAccessTokenValidationResponse();
    }

    public OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) throws IdentityOAuth2Exception {
        OAuth2ClientApplicationDTO oAuth2ClientApplicationDTO = new OAuth2ClientApplicationDTO();
        OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
        OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext = new OAuth2TokenValidationMessageContext(oAuth2TokenValidationRequestDTO, oAuth2TokenValidationResponseDTO);
        OAuth2TokenValidationRequestDTO.OAuth2AccessToken accessToken = oAuth2TokenValidationRequestDTO.getAccessToken();
        if (accessToken == null) {
            this.log.debug("Access Token is not present in the validation request");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Access Token is not present in the validation request");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        String identifier = accessToken.getIdentifier();
        if (identifier == null) {
            this.log.debug("Access token identifier is not present in the validation request");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Access token identifier is not present in the validation request");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        OAuth2TokenValidator oAuth2TokenValidator = this.tokenValidators.get(oAuth2TokenValidationRequestDTO.getAccessToken().getTokenType());
        if (oAuth2TokenValidator == null) {
            this.log.debug("Unsupported access token type");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Unsupported access token type");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        AccessTokenDO accessTokenDO = null;
        boolean z = false;
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            CacheEntry valueFromCache = OAuthCache.getInstance().getValueFromCache((CacheKey) new OAuthCacheKey(oAuth2TokenValidationRequestDTO.getAccessToken().getIdentifier()));
            if (valueFromCache instanceof AccessTokenDO) {
                accessTokenDO = (AccessTokenDO) valueFromCache;
                z = true;
            }
        }
        if (accessTokenDO == null) {
            accessTokenDO = this.tokenMgtDAO.retrieveAccessToken(identifier);
            if (accessTokenDO == null) {
                oAuth2TokenValidationResponseDTO.setValid(false);
                oAuth2TokenValidationResponseDTO.setErrorMsg("Invalid input. Access token validation failed");
                oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
                return oAuth2ClientApplicationDTO;
            }
        }
        long time = accessTokenDO.getIssuedTime().getTime();
        long validityPeriod = accessTokenDO.getValidityPeriod();
        long timeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - timeStampSkewInSeconds > time + validityPeriod) {
            this.log.debug("Access token has expired");
            if (this.log.isDebugEnabled()) {
                this.log.debug("Access Token : " + identifier + " has expired. Issued Time(ms) : " + time + ", Validity Period : " + validityPeriod + ", Timestamp Skew : " + timeStampSkewInSeconds + ", Current Time : " + currentTimeMillis);
            }
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Access token has expired");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        if (OAuthServerConfiguration.getInstance().isCacheEnabled() && !z) {
            OAuthCache.getInstance().addToCache((CacheKey) new OAuthCacheKey(identifier), (CacheEntry) accessTokenDO);
            if (this.log.isDebugEnabled()) {
                this.log.debug("Access Token Info object was added back to the cache.");
            }
        }
        oAuth2TokenValidationResponseDTO.setExpiryTime(((time + validityPeriod) - (currentTimeMillis + timeStampSkewInSeconds)) / 1000);
        oAuth2TokenValidationMessageContext.addProperty("AccessTokenDO", accessTokenDO);
        boolean validateAccessDelegation = oAuth2TokenValidator.validateAccessDelegation(oAuth2TokenValidationMessageContext);
        boolean validateScope = oAuth2TokenValidator.validateScope(oAuth2TokenValidationMessageContext);
        boolean validateAccessToken = oAuth2TokenValidator.validateAccessToken(oAuth2TokenValidationMessageContext);
        if (!validateAccessDelegation) {
            this.log.debug("Invalid access delegation");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Invalid access delegation");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        if (!validateScope) {
            this.log.debug("Scope validation failed");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Scope validation failed");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        if (!validateAccessToken) {
            this.log.debug("OAuth2 access token validation failed");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("OAuth2 access token validation failed");
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        }
        if (oAuth2TokenValidationResponseDTO.getAuthorizedUser() == null || oAuth2TokenValidationResponseDTO.getAuthorizedUser().equals("")) {
            oAuth2TokenValidationResponseDTO.setAuthorizedUser(accessTokenDO.getAuthzUser());
        }
        if (oAuth2TokenValidationResponseDTO.getScope() == null || oAuth2TokenValidationResponseDTO.getScope().equals("")) {
            oAuth2TokenValidationResponseDTO.setScope(accessTokenDO.getScope());
        }
        oAuth2TokenValidationResponseDTO.setValid(true);
        if (this.tokenGenerator != null) {
            this.tokenGenerator.generateToken(oAuth2TokenValidationMessageContext);
            if (this.log.isDebugEnabled()) {
                this.log.debug(this.tokenGenerator.getClass().getName() + "generated token set to response : " + oAuth2TokenValidationResponseDTO.getAuthorizationContextToken().getTokenString());
            }
        }
        oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
        oAuth2ClientApplicationDTO.setConsumerKey(accessTokenDO.getConsumerKey());
        return oAuth2ClientApplicationDTO;
    }
}
