package org.wso2.carbon.identity.oauth2.device.grant;

import java.sql.Timestamp;
import java.util.Date;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;
import org.wso2.carbon.identity.oauth2.device.dao.DeviceFlowPersistenceFactory;
import org.wso2.carbon.identity.oauth2.device.errorcodes.DeviceErrorCodes;
import org.wso2.carbon.identity.oauth2.device.model.DeviceFlowDO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/device/grant/DeviceFlowGrant.class */
public class DeviceFlowGrant extends AbstractAuthorizationGrantHandler {
    private static Log log = LogFactory.getLog(DeviceFlowGrant.class);

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        super.validateGrant(oAuthTokenReqMessageContext);
        boolean z = false;
        RequestParameter[] requestParameters = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getRequestParameters();
        String str = null;
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        int length = requestParameters.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            RequestParameter requestParameter = requestParameters[i];
            if (Constants.DEVICE_CODE.equals(requestParameter.getKey()) && StringUtils.isNotBlank(requestParameter.getValue()[0])) {
                str = requestParameter.getValue()[0];
                break;
            }
            i++;
        }
        if (log.isDebugEnabled()) {
            log.debug("Getting ready to release token for device_code: " + str);
        }
        DeviceFlowDO authenticationDetails = DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().getAuthenticationDetails(str, clientId);
        Date date = new Date();
        String status = authenticationDetails.getStatus();
        authenticationDetails.setDeviceCode(str);
        if (Constants.NOT_EXIST.equals(status)) {
            throw new IdentityOAuth2Exception("invalid_request", "invalid_request");
        }
        Timestamp timestamp = new Timestamp(date.getTime());
        DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setLastPollTime(str, timestamp);
        if (!isWithinValidPollInterval(timestamp, authenticationDetails)) {
            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.SLOW_DOWN, "Forbidden");
        }
        if (Constants.EXPIRED.equals(status) || isExpiredDeviceCode(authenticationDetails, date)) {
            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.EXPIRED_TOKEN, "Forbidden");
        }
        if (Constants.AUTHORIZED.equals(status)) {
            z = true;
            DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setDeviceCodeExpired(str, Constants.EXPIRED);
            setPropertiesForTokenGeneration(oAuthTokenReqMessageContext, authenticationDetails);
        } else if (Constants.USED.equals(status) || Constants.PENDING.equals(status)) {
            throw new IdentityOAuth2Exception(DeviceErrorCodes.SubDeviceErrorCodes.AUTHORIZATION_PENDING, DeviceErrorCodes.SubDeviceErrorCodesDescriptions.AUTHORIZATION_PENDING);
        }
        return z;
    }

    private void setPropertiesForTokenGeneration(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, DeviceFlowDO deviceFlowDO) {
        AuthenticatedUser authorizedUser = deviceFlowDO.getAuthorizedUser();
        String[] strArr = (String[]) deviceFlowDO.getScopes().toArray(new String[0]);
        oAuthTokenReqMessageContext.setAuthorizedUser(authorizedUser);
        oAuthTokenReqMessageContext.setScope(strArr);
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        return super.issue(oAuthTokenReqMessageContext);
    }

    private static boolean isExpiredDeviceCode(DeviceFlowDO deviceFlowDO, Date date) throws IdentityOAuth2Exception {
        if (deviceFlowDO.getExpiryTime().getTime() >= date.getTime()) {
            return false;
        }
        DeviceFlowPersistenceFactory.getInstance().getDeviceFlowDAO().setDeviceCodeExpired(deviceFlowDO.getDeviceCode(), Constants.EXPIRED);
        return true;
    }

    private static boolean isWithinValidPollInterval(Timestamp timestamp, DeviceFlowDO deviceFlowDO) {
        return timestamp.getTime() - deviceFlowDO.getLastPollTime().getTime() > deviceFlowDO.getPollTime();
    }
}
