package org.wso2.carbon.identity.oauth2.authz.handlers;

import java.sql.Timestamp;
import java.util.Date;
import java.util.UUID;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.io.Charsets;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/authz/handlers/TokenResponseTypeHandler.class */
public class TokenResponseTypeHandler extends AbstractResponseTypeHandler {
    private static Log log = LogFactory.getLog(TokenResponseTypeHandler.class);

    @Override // org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler
    public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO = new OAuth2AuthorizeRespDTO();
        OAuth2AuthorizeReqDTO authorizationReqDTO = oAuthAuthzReqMessageContext.getAuthorizationReqDTO();
        String buildScopeString = OAuth2Util.buildScopeString(oAuthAuthzReqMessageContext.getApprovedScope());
        oAuth2AuthorizeRespDTO.setCallbackURI(authorizationReqDTO.getCallbackUrl());
        String consumerKey = authorizationReqDTO.getConsumerKey();
        String username = authorizationReqDTO.getUsername();
        OAuthCacheKey oAuthCacheKey = new OAuthCacheKey(OAuth2Util.isUsernameCaseSensitive(username) ? consumerKey + ":" + username + ":" + buildScopeString : consumerKey + ":" + username.toLowerCase() + ":" + buildScopeString);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            str = OAuth2Util.getUserStoreDomainFromUserId(username);
        }
        String str2 = null;
        Timestamp timestamp = null;
        long j = 0;
        synchronized ((consumerKey + ":" + username + ":" + buildScopeString).intern()) {
            if (this.cacheEnabled) {
                AccessTokenDO accessTokenDO = (AccessTokenDO) this.oauthCache.getValueFromCache(oAuthCacheKey);
                if (accessTokenDO != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Retrieved active Access Token : " + accessTokenDO.getAccessToken() + " for Client Id : " + consumerKey + ", User ID :" + username + " and Scope : " + buildScopeString + " from cache");
                    }
                    long tokenExpireTimeMillis = OAuth2Util.getTokenExpireTimeMillis(accessTokenDO);
                    if (tokenExpireTimeMillis > 0 || tokenExpireTimeMillis < 0) {
                        if (log.isDebugEnabled()) {
                            if (tokenExpireTimeMillis > 0) {
                                log.debug("Access Token " + accessTokenDO.getAccessToken() + " is valid for another " + tokenExpireTimeMillis + "ms");
                            } else {
                                log.debug("Infinite lifetime Access Token " + accessTokenDO.getAccessToken() + " found in cache");
                            }
                        }
                        oAuth2AuthorizeRespDTO.setAccessToken(accessTokenDO.getAccessToken());
                        if (tokenExpireTimeMillis > 0) {
                            oAuth2AuthorizeRespDTO.setValidityPeriod(tokenExpireTimeMillis / 1000);
                        } else {
                            oAuth2AuthorizeRespDTO.setValidityPeriod(9223372036854775L);
                        }
                        oAuth2AuthorizeRespDTO.setScope(oAuthAuthzReqMessageContext.getApprovedScope());
                        oAuth2AuthorizeRespDTO.setTokenType(accessTokenDO.getTokenType());
                        return oAuth2AuthorizeRespDTO;
                    }
                    long refreshTokenExpireTimeMillis = OAuth2Util.getRefreshTokenExpireTimeMillis(accessTokenDO);
                    if (refreshTokenExpireTimeMillis < 0 || refreshTokenExpireTimeMillis > 0) {
                        log.debug("Access token has expired, But refresh token is still valid. User existing refresh token.");
                        str2 = accessTokenDO.getRefreshToken();
                        timestamp = accessTokenDO.getRefreshTokenIssuedTime();
                        j = accessTokenDO.getRefreshTokenValidityPeriodInMillis();
                    }
                    this.oauthCache.clearCacheEntry(oAuthCacheKey);
                    if (log.isDebugEnabled()) {
                        log.debug("Access Token " + accessTokenDO.getAccessToken() + " is expired. Therefore cleared it from cache and marked it as expired in database");
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("No active access token found in cache for Client ID : " + consumerKey + ", User ID : " + username + " and Scope : " + buildScopeString);
                }
            }
            AccessTokenDO retrieveLatestAccessToken = this.tokenMgtDAO.retrieveLatestAccessToken(consumerKey, username, str, buildScopeString, false);
            if (retrieveLatestAccessToken != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Retrieved latest Access Token : " + retrieveLatestAccessToken.getAccessToken() + " for Client ID : " + consumerKey + ", User ID :" + username + " and Scope : " + buildScopeString + " from database");
                }
                long tokenExpireTimeMillis2 = OAuth2Util.getTokenExpireTimeMillis(retrieveLatestAccessToken);
                long refreshTokenExpireTimeMillis2 = OAuth2Util.getRefreshTokenExpireTimeMillis(retrieveLatestAccessToken);
                if ("ACTIVE".equals(retrieveLatestAccessToken.getTokenState()) && (tokenExpireTimeMillis2 > 0 || tokenExpireTimeMillis2 < 0)) {
                    if (log.isDebugEnabled()) {
                        if (tokenExpireTimeMillis2 > 0) {
                            log.debug("Access token : " + retrieveLatestAccessToken.getAccessToken() + " is valid for another " + tokenExpireTimeMillis2 + "ms");
                        } else {
                            log.debug("Infinite lifetime Access Token " + retrieveLatestAccessToken.getAccessToken() + " found in cache");
                        }
                    }
                    if (this.cacheEnabled) {
                        this.oauthCache.addToCache(oAuthCacheKey, retrieveLatestAccessToken);
                        if (log.isDebugEnabled()) {
                            log.debug("Access Token : " + retrieveLatestAccessToken.getAccessToken() + " was added to cache for cache key : " + oAuthCacheKey.getCacheKeyString());
                        }
                    }
                    oAuth2AuthorizeRespDTO.setAccessToken(retrieveLatestAccessToken.getAccessToken());
                    if (tokenExpireTimeMillis2 > 0) {
                        oAuth2AuthorizeRespDTO.setValidityPeriod(tokenExpireTimeMillis2 / 1000);
                    } else {
                        oAuth2AuthorizeRespDTO.setValidityPeriod(9223372036854775L);
                    }
                    oAuth2AuthorizeRespDTO.setScope(oAuthAuthzReqMessageContext.getApprovedScope());
                    oAuth2AuthorizeRespDTO.setTokenType(retrieveLatestAccessToken.getTokenType());
                    return oAuth2AuthorizeRespDTO;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Access Token " + retrieveLatestAccessToken.getAccessToken() + " is " + retrieveLatestAccessToken.getTokenState());
                }
                if ("ACTIVE".equals(retrieveLatestAccessToken.getTokenState())) {
                    if (refreshTokenExpireTimeMillis2 > 0 || refreshTokenExpireTimeMillis2 < 0) {
                        log.debug("Access token has expired, But refresh token is still valid. User existing refresh token.");
                        str2 = retrieveLatestAccessToken.getRefreshToken();
                        timestamp = retrieveLatestAccessToken.getRefreshTokenIssuedTime();
                        j = retrieveLatestAccessToken.getRefreshTokenValidityPeriodInMillis();
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Marked Access Token " + retrieveLatestAccessToken.getAccessToken() + " as expired");
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Access Token " + retrieveLatestAccessToken.getAccessToken() + " is " + retrieveLatestAccessToken.getTokenState());
                }
            } else if (log.isDebugEnabled()) {
                log.debug("No access token found in database for Client ID : " + consumerKey + ", User ID : " + username + " and Scope : " + buildScopeString + ". Therefore issuing new access token");
            }
            try {
                String accessToken = this.oauthIssuerImpl.accessToken();
                if (str2 == null) {
                    str2 = this.oauthIssuerImpl.refreshToken();
                }
                if (OAuth2Util.checkUserNameAssertionEnabled()) {
                    String username2 = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUsername();
                    accessToken = Base64Utils.encode((accessToken + ":" + username2).getBytes(Charsets.UTF_8));
                    str2 = Base64Utils.encode((str2 + ":" + username2).getBytes(Charsets.UTF_8));
                }
                Timestamp timestamp2 = new Timestamp(new Date().getTime());
                if (timestamp == null) {
                    timestamp = timestamp2;
                }
                long userAccessTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds() * 1000;
                long validityPeriod = oAuthAuthzReqMessageContext.getValidityPeriod();
                if (validityPeriod != -1 && validityPeriod > 0) {
                    userAccessTokenValidityPeriodInSeconds = validityPeriod * 1000;
                }
                if (j == 0) {
                    j = OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds() * 1000;
                }
                AccessTokenDO accessTokenDO2 = new AccessTokenDO(consumerKey, authorizationReqDTO.getUsername(), oAuthAuthzReqMessageContext.getApprovedScope(), timestamp2, timestamp, userAccessTokenValidityPeriodInSeconds, j, OAuthConstants.USER_TYPE_FOR_USER_TOKEN);
                accessTokenDO2.setAccessToken(accessToken);
                accessTokenDO2.setRefreshToken(str2);
                accessTokenDO2.setTokenState("ACTIVE");
                accessTokenDO2.setTokenId(UUID.randomUUID().toString());
                try {
                    this.tokenMgtDAO.storeAccessToken(accessToken, authorizationReqDTO.getConsumerKey(), accessTokenDO2, retrieveLatestAccessToken, str);
                    if (log.isDebugEnabled()) {
                        log.debug("Persisted Access Token : " + accessToken + " for Client ID : " + authorizationReqDTO.getConsumerKey() + ", Authorized User : " + authorizationReqDTO.getUsername() + ", Timestamp : " + timestamp2 + ", Validity period (s) : " + accessTokenDO2.getValidityPeriod() + ", Scope : " + OAuth2Util.buildScopeString(oAuthAuthzReqMessageContext.getApprovedScope()) + ", Callback URL : " + authorizationReqDTO.getCallbackUrl() + ", Token State : ACTIVE and User Type : " + OAuthConstants.USER_TYPE_FOR_USER_TOKEN);
                    }
                    if (this.cacheEnabled) {
                        this.oauthCache.addToCache(oAuthCacheKey, accessTokenDO2);
                        if (log.isDebugEnabled()) {
                            log.debug("Access Token : " + accessToken + " was added to OAuthCache for cache key : " + oAuthCacheKey.getCacheKeyString());
                        }
                    }
                    oAuth2AuthorizeRespDTO.setAccessToken(accessToken);
                    if (userAccessTokenValidityPeriodInSeconds > 0) {
                        oAuth2AuthorizeRespDTO.setValidityPeriod(accessTokenDO2.getValidityPeriod());
                    } else {
                        oAuth2AuthorizeRespDTO.setValidityPeriod(9223372036854775L);
                    }
                    oAuth2AuthorizeRespDTO.setScope(accessTokenDO2.getScope());
                    oAuth2AuthorizeRespDTO.setTokenType(accessTokenDO2.getTokenType());
                    return oAuth2AuthorizeRespDTO;
                } catch (IdentityException e) {
                    throw new IdentityOAuth2Exception("Error occurred while storing new access token : " + accessToken, e);
                }
            } catch (OAuthSystemException e2) {
                throw new IdentityOAuth2Exception("Error occurred while generating access token and refresh token", e2);
            }
        }
    }
}
