package org.wso2.carbon.identity.oauth2.token.bindings.impl;

import java.net.HttpCookie;
import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.model.HttpRequestHeader;
import org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oauth2.validators.RefreshTokenValidator;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/bindings/impl/AbstractTokenBinder.class */
public abstract class AbstractTokenBinder implements TokenBinder {
    @Override // org.wso2.carbon.identity.oauth2.token.bindings.TokenBinder
    public Optional<String> getTokenBindingValue(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO) {
        if (OAuthAdminServiceImpl.AUTHORIZATION_CODE.equals(oAuth2AccessTokenReqDTO.getGrantType()) && StringUtils.isNotBlank(oAuth2AccessTokenReqDTO.getAuthorizationCode())) {
            AuthorizationGrantCacheEntry valueFromCacheByCode = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(new AuthorizationGrantCacheKey(oAuth2AccessTokenReqDTO.getAuthorizationCode()));
            if (valueFromCacheByCode != null && StringUtils.isNotBlank(valueFromCacheByCode.getTokenBindingValue())) {
                return Optional.of(valueFromCacheByCode.getTokenBindingValue());
            }
        }
        return Optional.empty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidTokenBinding(Object obj, String str, String str2) {
        if (obj == null || StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return false;
        }
        if (obj instanceof HttpServletRequest) {
            return isValidTokenBinding((HttpServletRequest) obj, str, str2);
        }
        if (obj instanceof OAuth2AccessTokenReqDTO) {
            return isValidTokenBinding((OAuth2AccessTokenReqDTO) obj, str, str2);
        }
        throw new RuntimeException("Unsupported request type: " + obj.getClass().getName());
    }

    private boolean isValidTokenBinding(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, String str, String str2) {
        if (!RefreshTokenValidator.TOKEN_TYPE.equals(oAuth2AccessTokenReqDTO.getGrantType())) {
            throw new RuntimeException("Unsupported grant type: " + oAuth2AccessTokenReqDTO.getGrantType());
        }
        HttpRequestHeader[] httpRequestHeaders = oAuth2AccessTokenReqDTO.getHttpRequestHeaders();
        if (ArrayUtils.isEmpty(httpRequestHeaders)) {
            return false;
        }
        for (HttpRequestHeader httpRequestHeader : httpRequestHeaders) {
            if ("Cookie".equalsIgnoreCase(httpRequestHeader.getName())) {
                if (ArrayUtils.isEmpty(httpRequestHeader.getValue())) {
                    return false;
                }
                String[] split = httpRequestHeader.getValue()[0].split(";");
                String str3 = str2 + "=";
                for (String str4 : split) {
                    if (StringUtils.isNotBlank(str4) && str4.trim().startsWith(str3)) {
                        return str.equals(OAuth2Util.getTokenBindingReference(HttpCookie.parse(str4).get(0).getValue()));
                    }
                }
            }
        }
        return false;
    }

    private boolean isValidTokenBinding(HttpServletRequest httpServletRequest, String str, String str2) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (ArrayUtils.isEmpty(cookies)) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (str2.equals(cookie.getName())) {
                return str.equals(OAuth2Util.getTokenBindingReference(cookie.getValue()));
            }
        }
        return false;
    }
}
