package org.wso2.carbon.identity.oauth2.validators;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Set;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/DefaultOAuth2TokenValidator.class */
public class DefaultOAuth2TokenValidator implements OAuth2TokenValidator {
    public static final String TOKEN_TYPE = "bearer";
    private static final String ACCESS_TOKEN_DO = "AccessTokenDO";
    private static final String RESOURCE = "resource";
    private static final Log log = LogFactory.getLog(DefaultOAuth2TokenValidator.class);

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public boolean validateAccessDelegation(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public boolean validateScope(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception {
        AccessTokenDO accessTokenDO = (AccessTokenDO) oAuth2TokenValidationMessageContext.getProperty(ACCESS_TOKEN_DO);
        if (accessTokenDO == null) {
            return false;
        }
        try {
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(accessTokenDO.getConsumerKey());
            String[] scopeValidators = appInformationByClientId.getScopeValidators();
            if (ArrayUtils.isEmpty(scopeValidators)) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug(String.format("There is no scope validator registered for %s@%s", appInformationByClientId.getApplicationName(), OAuth2Util.getTenantDomainOfOauthApp(appInformationByClientId)));
                return true;
            }
            String resourceFromMessageContext = getResourceFromMessageContext(oAuth2TokenValidationMessageContext);
            Set<OAuth2ScopeValidator> oAuth2ScopeValidators = OAuthServerConfiguration.getInstance().getOAuth2ScopeValidators();
            ArrayList arrayList = new ArrayList(Arrays.asList(scopeValidators));
            for (OAuth2ScopeValidator oAuth2ScopeValidator : oAuth2ScopeValidators) {
                if (oAuth2ScopeValidator != null && arrayList.contains(oAuth2ScopeValidator.getValidatorName()) && oAuth2ScopeValidator.canHandle(oAuth2TokenValidationMessageContext)) {
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Validating scope of token %s using %s", accessTokenDO.getTokenId(), oAuth2ScopeValidator.getValidatorName()));
                    }
                    boolean validateScope = oAuth2ScopeValidator.validateScope(accessTokenDO, resourceFromMessageContext);
                    arrayList.remove(oAuth2ScopeValidator.getValidatorName());
                    if (!validateScope) {
                        return false;
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return true;
            }
            throw new IdentityOAuth2Exception(String.format("The scope validators %s registered for application %s@%s are not found in the server configuration ", StringUtils.join(arrayList, ", "), appInformationByClientId.getApplicationName(), OAuth2Util.getTenantDomainOfOauthApp(appInformationByClientId)));
        } catch (InvalidOAuthClientException e) {
            throw new IdentityOAuth2Exception(String.format("Exception occurred when getting app information for client id %s ", accessTokenDO.getConsumerKey()), (Throwable) e);
        }
    }

    private String getResourceFromMessageContext(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) {
        String str = null;
        if (oAuth2TokenValidationMessageContext.getRequestDTO().getContext() != null) {
            OAuth2TokenValidationRequestDTO.TokenValidationContextParam[] context = oAuth2TokenValidationMessageContext.getRequestDTO().getContext();
            int length = context.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    OAuth2TokenValidationRequestDTO.TokenValidationContextParam tokenValidationContextParam = context[i];
                    if (tokenValidationContextParam != null && RESOURCE.equals(tokenValidationContextParam.getKey())) {
                        str = tokenValidationContextParam.getValue();
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
        }
        return str;
    }

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public boolean validateAccessToken(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public String getTokenType() {
        return "Bearer";
    }
}
