package org.wso2.carbon.identity.oauth2.token.handlers.grant;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/PasswordGrantHandler.class */
public class PasswordGrantHandler extends AbstractAuthorizationGrantHandler {
    private static Log log = LogFactory.getLog(PasswordGrantHandler.class);

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        if (!super.validateGrant(oAuthTokenReqMessageContext)) {
            return false;
        }
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String resourceOwnerUsername = oauth2AccessTokenReqDTO.getResourceOwnerUsername();
        String tenantDomain = MultitenantUtils.getTenantDomain(resourceOwnerUsername);
        String clientId = oauth2AccessTokenReqDTO.getClientId();
        String tenantDomain2 = oauth2AccessTokenReqDTO.getTenantDomain();
        try {
            if (!OAuth2ServiceComponentHolder.getApplicationMgtService().getServiceProviderByClientId(clientId, "oauth2", tenantDomain2).isSaasApp() && !tenantDomain.equals(tenantDomain2)) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("Non-SaaS service provider tenant domain is not same as user tenant domain; " + tenantDomain2 + " != " + tenantDomain);
                return false;
            }
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(resourceOwnerUsername);
            String str = tenantAwareUsername + "@" + tenantDomain;
            try {
                int tenantIdOFUser = IdentityUtil.getTenantIdOFUser(str);
                if (tenantIdOFUser == -1) {
                    if (!log.isDebugEnabled()) {
                        return false;
                    }
                    log.debug("Token request with Password Grant Type for an invalid tenant : " + MultitenantUtils.getTenantDomain(str));
                    return false;
                }
                try {
                    boolean authenticate = OAuthComponentServiceHolder.getRealmService().getTenantUserRealm(tenantIdOFUser).getUserStoreManager().authenticate(tenantAwareUsername, oauth2AccessTokenReqDTO.getResourceOwnerPassword());
                    if (log.isDebugEnabled()) {
                        log.debug("Token request with Password Grant Type received. Username : " + str + "Scope : " + OAuth2Util.buildScopeString(oauth2AccessTokenReqDTO.getScope()) + ", Authentication State : " + authenticate);
                    }
                    if (authenticate) {
                        if (str.indexOf("/") < 0 && UserCoreUtil.getDomainFromThreadLocal() != null && !"".equals(UserCoreUtil.getDomainFromThreadLocal())) {
                            str = UserCoreUtil.getDomainFromThreadLocal() + "/" + str;
                        }
                        oAuthTokenReqMessageContext.setAuthorizedUser(OAuth2Util.getUserFromUserName(str));
                        oAuthTokenReqMessageContext.setScope(oauth2AccessTokenReqDTO.getScope());
                    }
                    return authenticate;
                } catch (UserStoreException e) {
                    log.error("Error when authenticating the user for OAuth Authorization.", e);
                    return false;
                }
            } catch (IdentityException e2) {
                throw new IdentityOAuth2Exception(e2.getMessage(), e2);
            }
        } catch (IdentityApplicationManagementException e3) {
            throw new IdentityOAuth2Exception("Error occurred while retrieving OAuth2 application data for client id " + clientId, e3);
        }
    }
}
