package org.wso2.carbon.identity.auth.service.handler.impl;

import javax.servlet.http.Cookie;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.auth.service.AuthenticationRequest;
import org.wso2.carbon.identity.auth.service.AuthenticationResult;
import org.wso2.carbon.identity.auth.service.AuthenticationStatus;
import org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler;
import org.wso2.carbon.identity.auth.service.util.AuthConfigurationUtil;
import org.wso2.carbon.identity.auth.service.util.Constants;
import org.wso2.carbon.identity.core.bean.context.MessageContext;
import org.wso2.carbon.identity.core.handler.InitConfig;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinding;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.class */
public class OAuth2AccessTokenHandler extends AuthenticationHandler {
    private static final Log log = LogFactory.getLog(OAuth2AccessTokenHandler.class);
    private final String OAUTH_HEADER = "Bearer";
    private final String CONSUMER_KEY = "consumer-key";

    @Override // org.wso2.carbon.identity.auth.service.handler.AuthenticationHandler
    protected AuthenticationResult doAuthenticate(MessageContext messageContext) {
        AuthenticationResult authenticationResult = new AuthenticationResult(AuthenticationStatus.FAILED);
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext;
        AuthenticationRequest authenticationRequest = authenticationContext.getAuthenticationRequest();
        if (authenticationRequest != null) {
            String header = authenticationRequest.getHeader("Authorization");
            if (StringUtils.isNotEmpty(header) && header.startsWith("Bearer")) {
                String str = null;
                String[] split = header.split(" ");
                if (split.length == 2) {
                    str = split[1];
                }
                OAuth2TokenValidationService oAuth2TokenValidationService = new OAuth2TokenValidationService();
                OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
                oAuth2TokenValidationRequestDTO.getClass();
                OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
                oAuth2AccessToken.setIdentifier(str);
                oAuth2AccessToken.setTokenType("Bearer");
                oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
                oAuth2TokenValidationRequestDTO.getClass();
                OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam = new OAuth2TokenValidationRequestDTO.TokenValidationContextParam(oAuth2TokenValidationRequestDTO);
                tokenValidationContextParam.setKey("dummy");
                tokenValidationContextParam.setValue("dummy");
                oAuth2TokenValidationRequestDTO.setContext(new OAuth2TokenValidationRequestDTO.TokenValidationContextParam[]{tokenValidationContextParam});
                OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid = oAuth2TokenValidationService.findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO);
                OAuth2TokenValidationResponseDTO accessTokenValidationResponse = findOAuthConsumerIfTokenIsValid.getAccessTokenValidationResponse();
                if (accessTokenValidationResponse.isValid() && isTokenBindingValid(messageContext, accessTokenValidationResponse.getTokenBinding())) {
                    authenticationResult.setAuthenticationStatus(AuthenticationStatus.SUCCESS);
                    if (StringUtils.isNotEmpty(accessTokenValidationResponse.getAuthorizedUser())) {
                        User user = new User();
                        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(accessTokenValidationResponse.getAuthorizedUser());
                        user.setUserName(UserCoreUtil.removeDomainFromName(tenantAwareUsername));
                        user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(tenantAwareUsername));
                        user.setTenantDomain(MultitenantUtils.getTenantDomain(accessTokenValidationResponse.getAuthorizedUser()));
                        authenticationContext.setUser(user);
                    }
                    authenticationContext.addParameter("consumer-key", findOAuthConsumerIfTokenIsValid.getConsumerKey());
                    authenticationContext.addParameter(Constants.OAUTH2_ALLOWED_SCOPES, accessTokenValidationResponse.getScope());
                    authenticationContext.addParameter(Constants.OAUTH2_VALIDATE_SCOPE, Boolean.valueOf(AuthConfigurationUtil.getInstance().isScopeValidationEnabled()));
                }
                return authenticationResult;
            }
        }
        return authenticationResult;
    }

    public void init(InitConfig initConfig) {
    }

    public String getName() {
        return "OAuthAuthentication";
    }

    public boolean isEnabled(MessageContext messageContext) {
        return true;
    }

    public int getPriority(MessageContext messageContext) {
        return getPriority(messageContext, 25);
    }

    public boolean canHandle(MessageContext messageContext) {
        return AuthConfigurationUtil.isAuthHeaderMatch(messageContext, "Bearer");
    }

    private boolean isTokenBindingValid(MessageContext messageContext, TokenBinding tokenBinding) {
        if (tokenBinding == null || StringUtils.isBlank(tokenBinding.getBindingReference())) {
            return true;
        }
        if (!Constants.COOKIE_BASED_TOKEN_BINDING.equals(tokenBinding.getBindingType())) {
            return false;
        }
        Cookie[] cookies = ((AuthenticationContext) messageContext).getAuthenticationRequest().getCookies();
        if (ArrayUtils.isEmpty(cookies)) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (Constants.COOKIE_BASED_TOKEN_BINDING_EXT_PARAM.equals(cookie.getName())) {
                return tokenBinding.getBindingReference().equals(OAuth2Util.getTokenBindingReference(cookie.getValue()));
            }
        }
        return false;
    }
}
