package org.wso2.carbon.identity.oauth;

import com.google.gdata.client.authn.oauth.GoogleOAuthParameters;
import com.google.gdata.client.authn.oauth.OAuthException;
import com.google.gdata.client.authn.oauth.OAuthHmacSha1Signer;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.ServiceContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.OAuthAppDO;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthConsumerDAO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerDTO;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthService.class */
public class OAuthService {
    private static final String OAUTH_LATEST_TIMESTAMP = "OAUTH_LATEST_TIMESTAMP";
    private static final String OAUTH_NONCE_STORE = "OAUTH_NONCE_STORE";
    private static Log log = LogFactory.getLog(OAuthService.class);

    public boolean isOAuthConsumerValid(OAuthConsumerDTO oAuthConsumerDTO) throws IdentityException {
        String oAuthSecretKey = getOAuthSecretKey(oAuthConsumerDTO.getOauthConsumerKey());
        if (oAuthSecretKey == null) {
            log.debug("Invalid Consumer Key.");
            throw new IdentityException("Invalid Consumer Key");
        }
        try {
            return validateOauthSignature(oAuthConsumerDTO, oAuthSecretKey);
        } catch (AuthenticationException e) {
            throw new IdentityException(e.getMessage(), e);
        }
    }

    public Parameters getOauthRequestToken(Parameters parameters) throws AuthenticationException, IdentityOAuthAdminException {
        validateTimestampAndNonce(parameters.getOauthTimeStamp(), parameters.getOauthNonce());
        String oAuthConsumerSecret = new OAuthConsumerDAO().getOAuthConsumerSecret(parameters.getOauthConsumerKey());
        if (oAuthConsumerSecret == null) {
            log.debug("Invalid Credentials.");
            throw new AuthenticationException("Invalid Credentials.");
        }
        if (validateOauthSignature(parameters, oAuthConsumerSecret, null)) {
            return generateOauthToken(parameters);
        }
        throw new AuthenticationException("Invalid Signature");
    }

    public Parameters authorizeOauthRequestToken(Parameters parameters) throws IdentityException, AuthenticationException {
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(parameters.getAuthorizedbyUserName());
        try {
            if (!IdentityTenantUtil.getRealm(MultitenantUtils.getTenantDomain(parameters.getAuthorizedbyUserName()), parameters.getAuthorizedbyUserName()).getUserStoreManager().authenticate(tenantAwareUsername, parameters.getAuthorizedbyUserPassword())) {
                throw new AuthenticationException("User Authentication Failed");
            }
            OAuthConsumerDAO oAuthConsumerDAO = new OAuthConsumerDAO();
            String randomNumber = OAuthUtil.getRandomNumber();
            Parameters authorizeOAuthToken = oAuthConsumerDAO.authorizeOAuthToken(parameters.getOauthToken(), tenantAwareUsername, randomNumber);
            authorizeOAuthToken.setOauthToken(parameters.getOauthToken());
            authorizeOAuthToken.setOauthTokenVerifier(randomNumber);
            return authorizeOAuthToken;
        } catch (UserStoreException e) {
            log.error("Error while authenticating the user", e);
            throw new IdentityException("Error while authenticating the user", e);
        }
    }

    public Parameters getAccessToken(Parameters parameters) throws IdentityOAuthAdminException, AuthenticationException {
        OAuthConsumerDAO oAuthConsumerDAO = new OAuthConsumerDAO();
        String oAuthConsumerSecret = oAuthConsumerDAO.getOAuthConsumerSecret(parameters.getOauthConsumerKey());
        if (oAuthConsumerSecret == null) {
            log.debug("Invalid Credentials.");
            throw new AuthenticationException("Invalid Credentials.");
        }
        if (!validateOauthSignature(parameters, oAuthConsumerSecret, oAuthConsumerDAO.getOAuthTokenSecret(parameters.getOauthToken(), false))) {
            throw new AuthenticationException("Invalid Signature");
        }
        Parameters requestToken = oAuthConsumerDAO.getRequestToken(parameters.getOauthToken());
        if (requestToken.getOauthTokenVerifier() == null || !requestToken.getOauthTokenVerifier().equals(parameters.getOauthTokenVerifier()) || requestToken.getAuthorizedbyUserName() == null) {
            throw new AuthenticationException("Invalid request for OAuth access token");
        }
        String randomNumber = OAuthUtil.getRandomNumber();
        String randomNumber2 = OAuthUtil.getRandomNumber();
        oAuthConsumerDAO.issueAccessToken(parameters.getOauthConsumerKey(), randomNumber, randomNumber2, parameters.getOauthToken(), requestToken.getAuthorizedbyUserName(), requestToken.getScope());
        requestToken.setOauthToken(randomNumber);
        requestToken.setOauthTokenSecret(randomNumber2);
        return requestToken;
    }

    public Parameters getScopeAndAppName(String str) throws Exception {
        Parameters requestToken = new OAuthConsumerDAO().getRequestToken(str);
        OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(requestToken.getOauthConsumerKey());
        Parameters parameters = new Parameters();
        parameters.setScope(requestToken.getScope());
        parameters.setAppName(appInformation.getApplicationName());
        return parameters;
    }

    public Parameters validateAuthenticationRequest(Parameters parameters) throws AuthenticationException, IdentityException {
        validateTimestampAndNonce(parameters.getOauthTimeStamp(), parameters.getOauthNonce());
        OAuthConsumerDAO oAuthConsumerDAO = new OAuthConsumerDAO();
        String oAuthConsumerSecret = oAuthConsumerDAO.getOAuthConsumerSecret(parameters.getOauthConsumerKey());
        if (oAuthConsumerSecret == null) {
            log.debug("Invalid Credentials.");
            throw new AuthenticationException("Invalid Credentials.");
        }
        if (!validateOauthSignature(parameters, oAuthConsumerSecret, oAuthConsumerDAO.getOAuthTokenSecret(parameters.getOauthToken(), true))) {
            throw new AuthenticationException("Invalid Signature.");
        }
        String validateAccessToken = oAuthConsumerDAO.validateAccessToken(parameters.getOauthConsumerKey(), parameters.getOauthToken(), parameters.getScope());
        Parameters parameters2 = new Parameters();
        parameters2.setAuthorizedbyUserName(validateAccessToken);
        parameters2.setScope(parameters.getScope());
        return parameters2;
    }

    private Parameters generateOauthToken(Parameters parameters) throws IdentityOAuthAdminException {
        OAuthConsumerDAO oAuthConsumerDAO = new OAuthConsumerDAO();
        String randomNumber = OAuthUtil.getRandomNumber();
        String randomNumber2 = OAuthUtil.getRandomNumber();
        oAuthConsumerDAO.createOAuthRequestToken(parameters.getOauthConsumerKey(), randomNumber, randomNumber2, parameters.getOauthCallback(), parameters.getScope());
        Parameters parameters2 = new Parameters();
        parameters2.setOauthConsumerKey(parameters.getOauthConsumerKey());
        parameters2.setOauthToken(randomNumber);
        parameters2.setOauthTokenSecret(randomNumber2);
        return parameters2;
    }

    private boolean validateOauthSignature(OAuthConsumerDTO oAuthConsumerDTO, String str) throws AuthenticationException {
        GoogleOAuthParameters googleOAuthParameters = new GoogleOAuthParameters();
        googleOAuthParameters.setOAuthConsumerKey(oAuthConsumerDTO.getOauthConsumerKey());
        googleOAuthParameters.setOAuthConsumerSecret(str);
        googleOAuthParameters.setOAuthNonce(oAuthConsumerDTO.getOauthNonce());
        googleOAuthParameters.setOAuthTimestamp(oAuthConsumerDTO.getOauthTimeStamp());
        googleOAuthParameters.setOAuthSignatureMethod(oAuthConsumerDTO.getOauthSignatureMethod());
        validateTimestampAndNonce(oAuthConsumerDTO.getOauthTimeStamp(), oAuthConsumerDTO.getOauthNonce());
        try {
            String signature = new OAuthHmacSha1Signer().getSignature(com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(oAuthConsumerDTO.getBaseString(), oAuthConsumerDTO.getHttpMethod(), googleOAuthParameters.getBaseParameters()), googleOAuthParameters);
            if (signature == null || !URLEncoder.encode(signature).equals(oAuthConsumerDTO.getOauthSignature())) {
                return signature != null && signature.equals(oAuthConsumerDTO.getOauthSignature());
            }
            return true;
        } catch (OAuthException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private boolean validateOauthSignature(Parameters parameters, String str, String str2) throws AuthenticationException {
        GoogleOAuthParameters googleOAuthParameters = new GoogleOAuthParameters();
        googleOAuthParameters.setOAuthConsumerKey(parameters.getOauthConsumerKey());
        googleOAuthParameters.setOAuthConsumerSecret(str);
        googleOAuthParameters.setOAuthNonce(parameters.getOauthNonce());
        googleOAuthParameters.setOAuthTimestamp(parameters.getOauthTimeStamp());
        googleOAuthParameters.setOAuthSignatureMethod(parameters.getOauthSignatureMethod());
        if (parameters.getOauthToken() != null) {
            googleOAuthParameters.setOAuthToken(parameters.getOauthToken());
        }
        if (parameters.getOauthTokenVerifier() != null) {
            googleOAuthParameters.setOAuthVerifier(parameters.getOauthTokenVerifier());
        }
        if (str2 != null) {
            googleOAuthParameters.setOAuthTokenSecret(str2);
        }
        try {
            String signature = new OAuthHmacSha1Signer().getSignature(com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(parameters.getBaseString(), parameters.getHttpMethod(), googleOAuthParameters.getBaseParameters()), googleOAuthParameters);
            if (signature == null || !URLEncoder.encode(signature).equals(parameters.getOauthSignature())) {
                return signature != null && signature.equals(parameters.getOauthSignature());
            }
            return true;
        } catch (OAuthException e) {
            throw new AuthenticationException("Error while validating signature");
        }
    }

    private void validateTimestampAndNonce(String str, String str2) throws AuthenticationException {
        if (str == null || str2 == null || str2.trim().length() == 0) {
            throw new AuthenticationException("Invalid request for OAuth access token");
        }
        long parseLong = Long.parseLong(str);
        synchronized (this) {
            long j = 0;
            ServiceContext serviceContext = MessageContext.getCurrentMessageContext().getServiceContext();
            String str3 = (String) serviceContext.getProperty(OAUTH_LATEST_TIMESTAMP);
            if (str3 != null) {
                j = Long.parseLong(str3);
            }
            if (parseLong < 0 || parseLong < j) {
                throw new AuthenticationException("Invalid timestamp");
            }
            serviceContext.setProperty(OAUTH_LATEST_TIMESTAMP, String.valueOf(parseLong));
            List list = (List) serviceContext.getProperty(OAUTH_NONCE_STORE);
            if (list == null) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str2);
                serviceContext.setProperty(OAUTH_NONCE_STORE, arrayList);
            } else {
                if (list.contains(str2)) {
                    throw new AuthenticationException("Invalid request for OAuth access token");
                }
                list.add(str2);
            }
        }
    }

    private String getOAuthSecretKey(String str) throws IdentityOAuthAdminException {
        return new OAuthConsumerDAO().getOAuthConsumerSecret(str);
    }
}
