package org.wso2.carbon.identity.oauth2.token.handlers.grant;

import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.callback.OAuthCallback;
import org.wso2.carbon.identity.oauth.callback.OAuthCallbackManager;
import org.wso2.carbon.identity.oauth.common.GrantType;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.OAuth2Service;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oauth2.util.Oauth2ScopeUtils;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeHandler;
import org.wso2.carbon.identity.oauth2.validators.RefreshTokenValidator;
import org.wso2.carbon.identity.oauth2.validators.scope.ScopeValidator;
import org.wso2.carbon.identity.openidconnect.OIDCClaimUtil;
import org.wso2.carbon.identity.openidconnect.model.Constants;
import org.wso2.carbon.utils.DiagnosticLog;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.class */
public abstract class AbstractAuthorizationGrantHandler implements AuthorizationGrantHandler {
    private static final Log log = LogFactory.getLog(AbstractAuthorizationGrantHandler.class);
    protected OAuthCallbackManager callbackManager;
    protected boolean cacheEnabled;
    protected OAuthCache oauthCache;
    protected static final String EXISTING_TOKEN_ISSUED = "existingTokenUsed";
    protected static final int SECONDS_TO_MILISECONDS_FACTOR = 1000;
    protected OauthTokenIssuer oauthIssuerImpl = OAuthServerConfiguration.getInstance().getIdentityOauthTokenIssuer();
    private boolean isHashDisabled = OAuth2Util.isHashDisabled();

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public void init() throws IdentityOAuth2Exception {
        this.callbackManager = new OAuthCallbackManager();
        if (OAuthCache.getInstance().isEnabled()) {
            this.cacheEnabled = true;
            this.oauthCache = OAuthCache.getInstance();
        }
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean isConfidentialClient() throws IdentityOAuth2Exception {
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean issueRefreshToken() throws IdentityOAuth2Exception {
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean isOfTypeApplicationUser() throws IdentityOAuth2Exception {
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        if (oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO() != null) {
            return true;
        }
        throw new IdentityOAuth2Exception("Token request data not found in the request message context");
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        String buildScopeString = OAuth2Util.buildScopeString(oAuthTokenReqMessageContext.getScope());
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        try {
            String userId = oAuthTokenReqMessageContext.getAuthorizedUser().getUserId();
            String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(oAuthTokenReqMessageContext.getAuthorizedUser());
            String tokenBindingReference = getTokenBindingReference(oAuthTokenReqMessageContext);
            String authorizedOrganization = getAuthorizedOrganization(oAuthTokenReqMessageContext);
            try {
                OauthTokenIssuer oAuthTokenIssuerForOAuthApp = OAuth2Util.getOAuthTokenIssuerForOAuthApp(clientId);
                synchronized ((clientId + ":" + userId + ":" + buildScopeString + ":" + tokenBindingReference).intern()) {
                    AccessTokenDO accessTokenDO = null;
                    if (this.isHashDisabled) {
                        accessTokenDO = getExistingToken(oAuthTokenReqMessageContext, getOAuthCacheKey(buildScopeString, clientId, userId, authenticatedIDP, tokenBindingReference, authorizedOrganization));
                    }
                    if (accessTokenDO != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Latest access token is found in the OAuthCache for the app: " + clientId);
                        }
                        if (accessTokenRenewedPerRequest(oAuthTokenIssuerForOAuthApp, oAuthTokenReqMessageContext)) {
                            if (log.isDebugEnabled()) {
                                log.debug("TokenRenewalPerRequest is enabled. Proceeding to revoke any existing active tokens and issue new token for client Id: " + clientId + ", user: " + userId + " and scope: " + buildScopeString + Constants.FULL_STOP_DELIMITER);
                            }
                            return renewAccessToken(oAuthTokenReqMessageContext, buildScopeString, clientId, accessTokenDO, oAuthTokenIssuerForOAuthApp);
                        }
                        long accessTokenExpiryTimeMillis = getAccessTokenExpiryTimeMillis(accessTokenDO);
                        if (isExistingTokenValid(accessTokenDO, accessTokenExpiryTimeMillis)) {
                            if (log.isDebugEnabled()) {
                                log.debug("Existing token is active for client Id: " + clientId + ", user: " + userId + " and scope: " + buildScopeString + ". Therefore issuing the same token.");
                            }
                            return issueExistingAccessToken(oAuthTokenReqMessageContext, buildScopeString, accessTokenExpiryTimeMillis, accessTokenDO);
                        }
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("No active access token found for client Id: " + clientId + ", user: " + userId + " and scope: " + buildScopeString + ". Therefore issuing new token.");
                    }
                    return generateNewAccessToken(oAuthTokenReqMessageContext, buildScopeString, clientId, accessTokenDO, true, oAuthTokenIssuerForOAuthApp);
                }
            } catch (InvalidOAuthClientException e) {
                throw new IdentityOAuth2Exception("Error while retrieving oauth issuer for the app with clientId: " + clientId, (Throwable) e);
            }
        } catch (UserIdNotFoundException e2) {
            throw new IdentityOAuth2Exception("User id is not available for user: " + oAuthTokenReqMessageContext.getAuthorizedUser().getLoggableMaskedUserId(), (Throwable) e2);
        }
    }

    private void setDetailsToMessageContext(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, AccessTokenDO accessTokenDO) {
        if (accessTokenDO.getIssuedTime() != null) {
            oAuthTokenReqMessageContext.setAccessTokenIssuedTime(accessTokenDO.getIssuedTime().getTime());
        }
        if (accessTokenDO.getRefreshTokenIssuedTime() != null) {
            oAuthTokenReqMessageContext.setRefreshTokenIssuedTime(accessTokenDO.getRefreshTokenIssuedTime().getTime());
        }
        oAuthTokenReqMessageContext.setRefreshTokenvalidityPeriod(accessTokenDO.getRefreshTokenValidityPeriodInMillis());
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean isAuthorizedClient(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String grantType = oauth2AccessTokenReqDTO.getGrantType();
        OAuthAppDO oAuthAppDO = (OAuthAppDO) oAuthTokenReqMessageContext.getProperty("OAuthAppDO");
        if (oAuthAppDO == null) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("OAuthAppDO is not available in OAuthTokenReqMessageContext for client id: " + oauth2AccessTokenReqDTO.getClientId());
            return false;
        }
        if (StringUtils.isBlank(oAuthAppDO.getGrantTypes())) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Could not find authorized grant types for client id: " + oauth2AccessTokenReqDTO.getClientId());
            return false;
        }
        if (oAuthAppDO.getGrantTypes().contains(grantType)) {
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Unsupported Grant Type : " + grantType + " for client id : " + oauth2AccessTokenReqDTO.getClientId());
        return false;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        if (hasValidationByApplicationScopeValidatorsFailed(oAuthTokenReqMessageContext)) {
            return false;
        }
        OAuthCallback oAuthCallback = new OAuthCallback(oAuthTokenReqMessageContext.getAuthorizedUser(), oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId(), OAuthCallback.OAuthCallbackType.SCOPE_VALIDATION_TOKEN);
        oAuthCallback.setRequestedScope(oAuthTokenReqMessageContext.getScope());
        if (oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType().equals(GrantType.SAML20_BEARER.toString())) {
            oAuthCallback.setCarbonGrantType(GrantType.valueOf("SAML20_BEARER".toString()));
        } else if (oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType().equals(GrantType.IWA_NTLM.toString())) {
            oAuthCallback.setCarbonGrantType(GrantType.valueOf("IWA_NTLM".toString()));
        } else {
            oAuthCallback.setGrantType(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType());
        }
        this.callbackManager.handleCallback(oAuthCallback);
        oAuthTokenReqMessageContext.setValidityPeriod(oAuthCallback.getValidityPeriod());
        oAuthTokenReqMessageContext.setScope(oAuthCallback.getApprovedScope());
        boolean z = true;
        Iterator<OAuth2ScopeHandler> it = OAuthServerConfiguration.getInstance().getOAuth2ScopeHandlers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            OAuth2ScopeHandler next = it.next();
            if (next != null && next.canHandle(oAuthTokenReqMessageContext)) {
                z = next.validateScope(oAuthTokenReqMessageContext);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("ScopeHandler: %s validated to: %s", next.getClass().getCanonicalName(), Boolean.valueOf(z)));
                }
                if (!z) {
                    if (LoggerUtils.isDiagnosticLogsEnabled()) {
                        DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder("oauth-inbound-service", "validate-scope");
                        diagnosticLogBuilder.configParam("scope validator", next.getClass().getCanonicalName()).inputParam("client id", oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId()).resultMessage("Scope validation failed against the configured scope validator.").logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.FAILED);
                        if (ArrayUtils.isNotEmpty(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getScope())) {
                            diagnosticLogBuilder.inputParam("scopes", Arrays.asList(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getScope()));
                        }
                        LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
                    }
                }
            }
        }
        for (ScopeValidator scopeValidator : OAuthComponentServiceHolder.getInstance().getScopeValidators()) {
            if (log.isDebugEnabled()) {
                log.debug("Engaging global scope validator in token issuer flow : " + scopeValidator.getName());
            }
            boolean validateScope = scopeValidator.validateScope(oAuthTokenReqMessageContext);
            if (log.isDebugEnabled()) {
                log.debug("Scope Validation was" + validateScope + "at the global level by : " + scopeValidator.getName());
            }
        }
        return z && oAuthCallback.isValidScope();
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuthCallback oAuthCallback = new OAuthCallback(oAuthTokenReqMessageContext.getAuthorizedUser(), oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId(), OAuthCallback.OAuthCallbackType.ACCESS_DELEGATION_TOKEN);
        oAuthCallback.setRequestedScope(oAuthTokenReqMessageContext.getScope());
        if (oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType().equals(GrantType.SAML20_BEARER.toString())) {
            oAuthCallback.setCarbonGrantType(GrantType.valueOf("SAML20_BEARER"));
        } else if (oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType().equals(GrantType.IWA_NTLM.toString())) {
            oAuthCallback.setCarbonGrantType(GrantType.valueOf("IWA_NTLM"));
        } else {
            oAuthCallback.setGrantType(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType());
        }
        this.callbackManager.handleCallback(oAuthCallback);
        oAuthTokenReqMessageContext.setValidityPeriod(oAuthCallback.getValidityPeriod());
        return oAuthCallback.isAuthorized();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTokenType() throws IdentityOAuth2Exception {
        return isOfTypeApplicationUser() ? "APPLICATION_USER" : "APPLICATION";
    }

    protected void storeAccessToken(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, String str, AccessTokenDO accessTokenDO, String str2, AccessTokenDO accessTokenDO2) throws IdentityOAuth2Exception {
        try {
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().insertAccessToken(str2, oAuth2AccessTokenReqDTO.getClientId(), accessTokenDO, accessTokenDO2, str);
        } catch (IdentityException e) {
            throw new IdentityOAuth2Exception("Error occurred while storing new access token : " + (LoggerUtils.isLogMaskingEnable ? LoggerUtils.getMaskedContent(str2) : str2), (Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUserStoreDomain(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str = OAuth2Util.getUserStoreForFederatedUser(authenticatedUser);
            } catch (IdentityOAuth2Exception e) {
                String str2 = "Error occurred while getting user store domain for User ID : " + authenticatedUser;
                if (log.isDebugEnabled()) {
                    log.debug(str2, e);
                }
                throw new IdentityOAuth2Exception(str2, (Throwable) e);
            }
        }
        return str;
    }

    private OAuth2AccessTokenRespDTO renewAccessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str, String str2, AccessTokenDO accessTokenDO, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        OAuthUtil.invokePreRevocationBySystemListeners(accessTokenDO, (Map<String, Object>) Collections.emptyMap());
        OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().updateAccessTokenState(accessTokenDO.getTokenId(), "REVOKED", accessTokenDO.getGrantType());
        clearExistingTokenFromCache(oAuthTokenReqMessageContext, accessTokenDO);
        OAuthUtil.invokePostRevocationBySystemListeners(accessTokenDO, (Map<String, Object>) Collections.emptyMap());
        return generateNewAccessToken(oAuthTokenReqMessageContext, str, str2, accessTokenDO, false, oauthTokenIssuer);
    }

    private OAuth2AccessTokenRespDTO issueExistingAccessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str, long j, AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception {
        oAuthTokenReqMessageContext.addProperty(EXISTING_TOKEN_ISSUED, true);
        if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType()) && !accessTokenDO.isConsentedToken()) {
            accessTokenDO.setIsConsentedToken(true);
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().updateTokenIsConsented(accessTokenDO.getTokenId(), true);
        }
        setDetailsToMessageContext(oAuthTokenReqMessageContext, accessTokenDO);
        return createResponseWithTokenBean(accessTokenDO, j, str);
    }

    private OAuth2AccessTokenRespDTO generateNewAccessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str, String str2, AccessTokenDO accessTokenDO, boolean z, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        OAuthAppDO oAuthAppDO = getoAuthApp(str2);
        Timestamp timestamp = new Timestamp(new Date().getTime());
        long configuredExpiryTimeForApplication = getConfiguredExpiryTimeForApplication(oAuthTokenReqMessageContext, str2, oAuthAppDO);
        AccessTokenDO createNewTokenBean = createNewTokenBean(oAuthTokenReqMessageContext, oAuthAppDO, accessTokenDO, timestamp, configuredExpiryTimeForApplication, oauthTokenIssuer);
        setDetailsToMessageContext(oAuthTokenReqMessageContext, configuredExpiryTimeForApplication, createNewTokenBean, timestamp);
        if (z) {
            persistAccessTokenInDB(oAuthTokenReqMessageContext, accessTokenDO, createNewTokenBean, timestamp, createNewTokenBean.getAccessToken());
        } else {
            persistAccessTokenInDB(oAuthTokenReqMessageContext, null, createNewTokenBean, timestamp, createNewTokenBean.getAccessToken());
        }
        updateCacheIfEnabled(createNewTokenBean, OAuth2Util.buildScopeString(oAuthTokenReqMessageContext.getScope()), oauthTokenIssuer);
        return createResponseWithTokenBean(createNewTokenBean, configuredExpiryTimeForApplication, str);
    }

    private boolean isExistingTokenValid(AccessTokenDO accessTokenDO, long j) {
        if ("ACTIVE".equals(accessTokenDO.getTokenState()) && j != 0) {
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        if (IdentityUtil.isTokenLoggable("AccessToken")) {
            log.debug("Access token(hashed) " + DigestUtils.sha256Hex(accessTokenDO.getAccessToken()) + " is not valid anymore");
            return false;
        }
        log.debug("Latest access token in the database for client: " + accessTokenDO.getConsumerKey() + " is not valid anymore");
        return false;
    }

    private AccessTokenDO createNewTokenBean(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuthAppDO oAuthAppDO, AccessTokenDO accessTokenDO, Timestamp timestamp, long j, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        String tenantDomain = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getTenantDomain();
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        validateGrantTypeParam(oauth2AccessTokenReqDTO);
        AccessTokenDO accessTokenDO2 = new AccessTokenDO();
        accessTokenDO2.setTokenState("ACTIVE");
        accessTokenDO2.setConsumerKey(oauth2AccessTokenReqDTO.getClientId());
        accessTokenDO2.setAuthzUser(oAuthTokenReqMessageContext.getAuthorizedUser());
        accessTokenDO2.setScope(oAuthTokenReqMessageContext.getScope());
        accessTokenDO2.setTenantID(OAuth2Util.getTenantId(tenantDomain));
        accessTokenDO2.setTokenId(UUID.randomUUID().toString());
        accessTokenDO2.setGrantType(oauth2AccessTokenReqDTO.getGrantType());
        if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) {
            if (accessTokenDO != null) {
                accessTokenDO2.setIsConsentedToken(accessTokenDO.isConsentedToken());
            } else if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(oauth2AccessTokenReqDTO.getGrantType())) {
                accessTokenDO2.setIsConsentedToken(true);
            }
            oAuthTokenReqMessageContext.setConsentedToken(accessTokenDO2.isConsentedToken());
        }
        accessTokenDO2.setTokenType(getTokenType());
        accessTokenDO2.setIssuedTime(timestamp);
        accessTokenDO2.setAccessToken(getNewAccessToken(oAuthTokenReqMessageContext, oauthTokenIssuer));
        accessTokenDO2.setValidityPeriodInMillis(j);
        accessTokenDO2.setValidityPeriod(j / 1000);
        accessTokenDO2.setTokenBinding(oAuthTokenReqMessageContext.getTokenBinding());
        accessTokenDO2.setAccessTokenExtendedAttributes(oauth2AccessTokenReqDTO.getAccessTokenExtendedAttributes());
        setRefreshTokenDetails(oAuthTokenReqMessageContext, oAuthAppDO, accessTokenDO, timestamp, j, oauth2AccessTokenReqDTO, accessTokenDO2, oauthTokenIssuer);
        return accessTokenDO2;
    }

    private void setRefreshTokenDetails(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuthAppDO oAuthAppDO, AccessTokenDO accessTokenDO, Timestamp timestamp, long j, OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, AccessTokenDO accessTokenDO2, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        boolean z = accessTokenDO2.getAccessTokenExtendedAttributes() != null && accessTokenDO2.getAccessTokenExtendedAttributes().getRefreshTokenValidityPeriod() > -2;
        if (!isTokenRenewalPerRequestConfigured() && isRefreshTokenValid(accessTokenDO, j, oAuth2AccessTokenReqDTO.getClientId()) && !z) {
            setRefreshTokenDetailsFromExistingToken(accessTokenDO, accessTokenDO2);
            return;
        }
        accessTokenDO2.setRefreshTokenIssuedTime(timestamp);
        accessTokenDO2.setRefreshTokenValidityPeriodInMillis(getRefreshTokenValidityPeriod(oAuth2AccessTokenReqDTO.getClientId(), oAuthAppDO, oAuthTokenReqMessageContext));
        accessTokenDO2.setRefreshToken(getRefreshToken(oAuthTokenReqMessageContext, oauthTokenIssuer));
    }

    private void persistAccessTokenInDB(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, AccessTokenDO accessTokenDO, AccessTokenDO accessTokenDO2, Timestamp timestamp, String str) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        if (log.isDebugEnabled()) {
            log.debug("Persisting Access Token for Client ID: " + oauth2AccessTokenReqDTO.getClientId() + ", Authorized User: " + oAuthTokenReqMessageContext.getAuthorizedUser() + ", Is Federated User: " + isFederatedUser(oAuthTokenReqMessageContext) + ", Timestamp: " + timestamp + ", Validity period: " + accessTokenDO2.getValidityPeriod() + "s, Scope: " + OAuth2Util.buildScopeString(oAuthTokenReqMessageContext.getScope()) + ", Token State: ACTIVE, accessTokenId for token binding: " + getTokenIdForTokenBinding(oAuthTokenReqMessageContext) + ", bindingType: " + getTokenBindingType(oAuthTokenReqMessageContext) + " and bindingRef: " + getTokenBindingReference(oAuthTokenReqMessageContext) + " and authorized organization: " + getAuthorizedOrganization(oAuthTokenReqMessageContext));
        }
        storeAccessToken(oauth2AccessTokenReqDTO, getUserStoreDomain(oAuthTokenReqMessageContext.getAuthorizedUser()), accessTokenDO2, str, accessTokenDO);
    }

    private void updateCacheIfEnabled(AccessTokenDO accessTokenDO, String str, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        if (this.isHashDisabled && this.cacheEnabled) {
            if (OAuth2Util.isTokenPersistenceEnabled()) {
                AccessTokenDO clone = AccessTokenDO.clone(accessTokenDO);
                if (oauthTokenIssuer.usePersistedAccessTokenAlias()) {
                    try {
                        clone.setAccessToken(oauthTokenIssuer.getAccessTokenHash(accessTokenDO.getAccessToken()));
                    } catch (OAuthSystemException e) {
                        if (log.isDebugEnabled()) {
                            if (IdentityUtil.isTokenLoggable("AccessToken")) {
                                log.debug("Token issuer: " + oauthTokenIssuer.getClass() + " was tried and failed to parse the received token: " + clone.getAccessToken(), e);
                            } else {
                                log.debug("Token issuer: " + oauthTokenIssuer.getClass() + " was tried and failed to parse the received token.", e);
                            }
                        }
                    }
                }
                try {
                    String userId = clone.getAuthzUser().getUserId();
                    String accessingOrganization = clone.getAuthzUser().getAccessingOrganization();
                    if (StringUtils.isBlank(accessingOrganization)) {
                        accessingOrganization = "NONE";
                    }
                    OAuthCacheKey oAuthCacheKey = getOAuthCacheKey(str, clone.getConsumerKey(), userId, OAuth2Util.getAuthenticatedIDP(clone.getAuthzUser()), getTokenBindingReference(clone), accessingOrganization);
                    this.oauthCache.addToCache(oAuthCacheKey, clone);
                    if (log.isDebugEnabled()) {
                        log.debug("Access token was added to OAuthCache with cache key : " + oAuthCacheKey.getCacheKeyString());
                    }
                } catch (UserIdNotFoundException e2) {
                    throw new IdentityOAuth2Exception("User id is not available for user: " + clone.getAuthzUser().getLoggableMaskedUserId(), (Throwable) e2);
                }
            }
            OAuth2Util.addTokenDOtoCache(accessTokenDO);
        }
    }

    private void setDetailsToMessageContext(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, long j, AccessTokenDO accessTokenDO, Timestamp timestamp) {
        oAuthTokenReqMessageContext.setValidityPeriod(j);
        oAuthTokenReqMessageContext.setRefreshTokenvalidityPeriod(accessTokenDO.getRefreshTokenValidityPeriodInMillis());
        oAuthTokenReqMessageContext.setAccessTokenIssuedTime(timestamp.getTime());
        oAuthTokenReqMessageContext.setRefreshTokenIssuedTime(accessTokenDO.getRefreshTokenIssuedTime().getTime());
    }

    private String getNewAccessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        try {
            String accessToken = oauthTokenIssuer.accessToken(oAuthTokenReqMessageContext);
            if (OAuth2Util.checkUserNameAssertionEnabled()) {
                accessToken = OAuth2Util.addUsernameToToken(oAuthTokenReqMessageContext.getAuthorizedUser(), accessToken);
            }
            return accessToken;
        } catch (OAuthSystemException e) {
            if (e.getCause() instanceof IdentityOAuth2ClientException) {
                throw ((IdentityOAuth2ClientException) e.getCause());
            }
            throw new IdentityOAuth2Exception("Error while generating access token", (Throwable) e);
        }
    }

    private String getRefreshToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OauthTokenIssuer oauthTokenIssuer) throws IdentityOAuth2Exception {
        try {
            String refreshToken = oauthTokenIssuer.refreshToken(oAuthTokenReqMessageContext);
            if (OAuth2Util.checkUserNameAssertionEnabled()) {
                refreshToken = OAuth2Util.addUsernameToToken(oAuthTokenReqMessageContext.getAuthorizedUser(), refreshToken);
            }
            return refreshToken;
        } catch (OAuthSystemException e) {
            throw new IdentityOAuth2Exception("Error while issueing refresh token", (Throwable) e);
        }
    }

    private void setRefreshTokenDetailsFromExistingToken(AccessTokenDO accessTokenDO, AccessTokenDO accessTokenDO2) {
        accessTokenDO2.setRefreshToken(accessTokenDO.getRefreshToken());
        accessTokenDO2.setRefreshTokenIssuedTime(accessTokenDO.getRefreshTokenIssuedTime());
        accessTokenDO2.setRefreshTokenValidityPeriodInMillis(accessTokenDO.getRefreshTokenValidityPeriodInMillis());
    }

    private void validateGrantTypeParam(OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO) throws IdentityOAuth2Exception {
        if (oAuth2AccessTokenReqDTO.getGrantType() == null) {
            throw new IdentityOAuth2Exception("Grant type not found in the token request");
        }
    }

    private long getRefreshTokenValidityPeriod(String str, OAuthAppDO oAuthAppDO, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        long refreshTokenValidityPeriodInSeconds;
        long refreshTokenvalidityPeriod = oAuthTokenReqMessageContext.getRefreshTokenvalidityPeriod();
        if (refreshTokenvalidityPeriod != -1 && refreshTokenvalidityPeriod > 0) {
            refreshTokenValidityPeriodInSeconds = refreshTokenvalidityPeriod * 1000;
            if (log.isDebugEnabled()) {
                log.debug("OAuth application id : " + oAuthAppDO.getOauthConsumerKey() + ", using refresh token validity period configured from OAuthTokenReqMessageContext: " + refreshTokenValidityPeriodInSeconds + " ms");
            }
        } else if (oAuthAppDO.getRefreshTokenExpiryTime() != 0) {
            refreshTokenValidityPeriodInSeconds = oAuthAppDO.getRefreshTokenExpiryTime() * 1000;
            if (log.isDebugEnabled()) {
                log.debug("OAuth application id : " + str + ", refresh token validity time " + refreshTokenValidityPeriodInSeconds + "ms");
            }
        } else {
            refreshTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds() * 1000;
        }
        return refreshTokenValidityPeriodInSeconds;
    }

    private void addTokenToCache(OAuthCacheKey oAuthCacheKey, AccessTokenDO accessTokenDO) {
        if (this.isHashDisabled && this.cacheEnabled) {
            this.oauthCache.addToCache(oAuthCacheKey, accessTokenDO);
            OAuthCacheKey oAuthCacheKey2 = new OAuthCacheKey(accessTokenDO.getAccessToken());
            this.oauthCache.addToCache(oAuthCacheKey2, accessTokenDO);
            if (log.isDebugEnabled()) {
                log.debug("Access Token info was added to the cache for the cache key : " + oAuthCacheKey.getCacheKeyString());
                if (IdentityUtil.isTokenLoggable("AccessToken")) {
                    log.debug("Access token was added to OAuthCache for cache key : " + oAuthCacheKey2.getCacheKeyString());
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v35, types: [java.util.List] */
    private OAuth2AccessTokenRespDTO createResponseWithTokenBean(AccessTokenDO accessTokenDO, long j, String str) throws IdentityOAuth2Exception {
        OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO = new OAuth2AccessTokenRespDTO();
        oAuth2AccessTokenRespDTO.setAccessToken(accessTokenDO.getAccessToken());
        oAuth2AccessTokenRespDTO.setTokenId(accessTokenDO.getTokenId());
        String consumerKey = accessTokenDO.getConsumerKey();
        try {
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(consumerKey);
            if (issueRefreshToken() && OAuthServerConfiguration.getInstance().getSupportedGrantTypes().containsKey(org.apache.oltu.oauth2.common.message.types.GrantType.REFRESH_TOKEN.toString())) {
                String grantTypes = appInformationByClientId.getGrantTypes();
                ArrayList arrayList = new ArrayList();
                if (StringUtils.isNotEmpty(grantTypes)) {
                    arrayList = Arrays.asList(grantTypes.split(org.wso2.carbon.identity.oauth2.device.constants.Constants.SEPARATED_WITH_SPACE));
                }
                if (arrayList.contains(RefreshTokenValidator.TOKEN_TYPE)) {
                    oAuth2AccessTokenRespDTO.setRefreshToken(accessTokenDO.getRefreshToken());
                } else if (log.isDebugEnabled()) {
                    log.debug("Refresh grant is not allowed for client_id : " + consumerKey + ", therefore not issuing a refresh token.");
                }
            }
            if (j > 0) {
                oAuth2AccessTokenRespDTO.setExpiresIn(j / 1000);
                oAuth2AccessTokenRespDTO.setExpiresInMillis(j);
            } else {
                oAuth2AccessTokenRespDTO.setExpiresIn(9223372036854775L);
                oAuth2AccessTokenRespDTO.setExpiresInMillis(Long.MAX_VALUE);
            }
            oAuth2AccessTokenRespDTO.setAuthorizedScopes(str);
            oAuth2AccessTokenRespDTO.setIsConsentedToken(accessTokenDO.isConsentedToken());
            return oAuth2AccessTokenRespDTO;
        } catch (InvalidOAuthClientException e) {
            throw new IdentityOAuth2Exception("Error while retrieving app information for client_id : " + consumerKey, (Throwable) e);
        }
    }

    private OAuthCacheKey getOAuthCacheKey(String str, String str2, String str3, String str4, String str5, String str6) {
        return new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForTokenWithUserIdOrgId(str2, str, str3, str4, str5, str6));
    }

    private OAuthAppDO getoAuthApp(String str) throws IdentityOAuth2Exception {
        try {
            OAuthAppDO appInformationByClientId = OAuth2Util.getAppInformationByClientId(str);
            if (log.isDebugEnabled()) {
                log.debug("Service Provider specific expiry time enabled for application : " + str + ". Application access token expiry time : " + appInformationByClientId.getApplicationAccessTokenExpiryTime() + ", User access token expiry time : " + appInformationByClientId.getUserAccessTokenExpiryTime() + ", Refresh token expiry time : " + appInformationByClientId.getRefreshTokenExpiryTime());
            }
            return appInformationByClientId;
        } catch (InvalidOAuthClientException e) {
            throw new IdentityOAuth2Exception("Error while retrieving app information for clientId: " + str, (Throwable) e);
        }
    }

    private long getAccessTokenExpiryTimeMillis(AccessTokenDO accessTokenDO) throws IdentityOAuth2Exception {
        long tokenExpireTimeMillis = issueRefreshToken() ? OAuth2Util.getTokenExpireTimeMillis(accessTokenDO, false) : OAuth2Util.getAccessTokenExpireMillis(accessTokenDO, false);
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AccessToken")) {
                if (tokenExpireTimeMillis > 0) {
                    log.debug("Access Token(hashed): " + DigestUtils.sha256Hex(accessTokenDO.getAccessToken()) + " is still valid. Remaining time: " + tokenExpireTimeMillis + "ms");
                } else {
                    log.debug("Infinite lifetime Access Token(hashed) " + DigestUtils.sha256Hex(accessTokenDO.getAccessToken()) + " found");
                }
            } else if (tokenExpireTimeMillis > 0) {
                log.debug("Valid access token is found in cache for client: " + accessTokenDO.getConsumerKey() + ". Remaining time: " + tokenExpireTimeMillis + "ms");
            } else {
                log.debug("Infinite lifetime Access Token found in cache for client: " + accessTokenDO.getConsumerKey());
            }
        }
        return tokenExpireTimeMillis;
    }

    private long getConfiguredExpiryTimeForApplication(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str, OAuthAppDO oAuthAppDO) throws IdentityOAuth2Exception {
        long validityPeriodFromCallback = getValidityPeriodFromCallback(oAuthTokenReqMessageContext, str, isOfTypeApplicationUser() ? getValidityPeriodForApplicationUser(str, oAuthAppDO) : getValidityPeriodForApplication(str, oAuthAppDO));
        if (log.isDebugEnabled()) {
            log.debug("OAuth application id : " + str + ", access token validity time in milliseconds : " + validityPeriodFromCallback);
        }
        return validityPeriodFromCallback;
    }

    private long getValidityPeriodFromCallback(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str, long j) {
        long validityPeriod = oAuthTokenReqMessageContext.getValidityPeriod();
        if (validityPeriod != -1) {
            j = validityPeriod * 1000;
            if (log.isDebugEnabled()) {
                log.debug("OAuth application id : " + str + ", callback access token validity time in milliseconds : " + j);
            }
        }
        return j;
    }

    private long getValidityPeriodForApplication(String str, OAuthAppDO oAuthAppDO) {
        long applicationAccessTokenValidityPeriodInSeconds;
        if (oAuthAppDO.getApplicationAccessTokenExpiryTime() != 0) {
            applicationAccessTokenValidityPeriodInSeconds = oAuthAppDO.getApplicationAccessTokenExpiryTime() * 1000;
            if (log.isDebugEnabled()) {
                log.debug("OAuth application id : " + str + ", application access token validity time in milliseconds : " + applicationAccessTokenValidityPeriodInSeconds);
            }
        } else {
            applicationAccessTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getApplicationAccessTokenValidityPeriodInSeconds() * 1000;
        }
        return applicationAccessTokenValidityPeriodInSeconds;
    }

    private long getValidityPeriodForApplicationUser(String str, OAuthAppDO oAuthAppDO) {
        long userAccessTokenValidityPeriodInSeconds;
        if (oAuthAppDO.getUserAccessTokenExpiryTime() != 0) {
            userAccessTokenValidityPeriodInSeconds = oAuthAppDO.getUserAccessTokenExpiryTime() * 1000;
            if (log.isDebugEnabled()) {
                log.debug("OAuth application id: " + str + ", user access token validity time " + userAccessTokenValidityPeriodInSeconds + "ms");
            }
        } else {
            userAccessTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds() * 1000;
        }
        return userAccessTokenValidityPeriodInSeconds;
    }

    private AccessTokenDO getExistingToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuthCacheKey oAuthCacheKey) throws IdentityOAuth2Exception {
        AccessTokenDO accessTokenDO = null;
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String buildScopeString = OAuth2Util.buildScopeString(oAuthTokenReqMessageContext.getScope());
        String tokenBindingReference = getTokenBindingReference(oAuthTokenReqMessageContext);
        String authorizedOrganization = getAuthorizedOrganization(oAuthTokenReqMessageContext);
        if (this.cacheEnabled && OAuth2Util.isTokenPersistenceEnabled()) {
            accessTokenDO = getExistingTokenFromCache(oAuthCacheKey, oauth2AccessTokenReqDTO.getClientId(), oAuthTokenReqMessageContext.getAuthorizedUser().getLoggableUserId(), buildScopeString, tokenBindingReference, authorizedOrganization, oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain());
        }
        if (accessTokenDO == null) {
            accessTokenDO = getExistingTokenFromDB(oAuthTokenReqMessageContext, oauth2AccessTokenReqDTO, buildScopeString, oAuthCacheKey);
        }
        return accessTokenDO;
    }

    private AccessTokenDO getExistingTokenFromDB(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenReqDTO oAuth2AccessTokenReqDTO, String str, OAuthCacheKey oAuthCacheKey) throws IdentityOAuth2Exception {
        AccessTokenDO latestAccessToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(oAuth2AccessTokenReqDTO.getClientId(), oAuthTokenReqMessageContext.getAuthorizedUser(), getUserStoreDomain(oAuthTokenReqMessageContext.getAuthorizedUser()), str, getTokenBindingReference(oAuthTokenReqMessageContext), false);
        if (latestAccessToken != null) {
            if (log.isDebugEnabled()) {
                if (IdentityUtil.isTokenLoggable("AccessToken")) {
                    log.debug("Retrieved latest access token(hashed): " + DigestUtils.sha256Hex(latestAccessToken.getAccessToken()) + " in the state: " + latestAccessToken.getTokenState() + " for client Id: " + oAuth2AccessTokenReqDTO.getClientId() + " user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " and scope: " + str + " from db");
                } else {
                    log.debug("Retrieved latest access token for client Id: " + oAuth2AccessTokenReqDTO.getClientId() + " user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " and scope: " + str + " from db");
                }
            }
            long accessTokenExpiryTimeMillis = getAccessTokenExpiryTimeMillis(latestAccessToken);
            if ("ACTIVE".equals(latestAccessToken.getTokenState()) && accessTokenExpiryTimeMillis != 0) {
                addTokenToCache(oAuthCacheKey, latestAccessToken);
            }
        }
        return latestAccessToken;
    }

    private AccessTokenDO getExistingTokenFromCache(OAuthCacheKey oAuthCacheKey, String str, String str2, String str3, String str4, String str5, String str6) throws IdentityOAuth2Exception {
        CacheEntry valueFromCache = this.oauthCache.getValueFromCache(oAuthCacheKey, str6);
        if (!(valueFromCache instanceof AccessTokenDO)) {
            if (0 != 0 && log.isDebugEnabled()) {
                log.debug("Retrieved active access token from OAuthCache for the cachekey: " + oAuthCacheKey);
            }
            return null;
        }
        AccessTokenDO accessTokenDO = (AccessTokenDO) valueFromCache;
        if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("AccessToken")) {
            log.debug("Retrieved active access token(hashed): " + DigestUtils.sha256Hex(accessTokenDO.getAccessToken()) + " in the state: " + accessTokenDO.getTokenState() + " for client Id: " + str + ", user: " + str2 + " ,scope: " + str3 + " and token binding reference: " + str4 + " and authorized organization: " + str5 + " from cache");
        }
        if (getAccessTokenExpiryTimeMillis(accessTokenDO) != 0) {
            return accessTokenDO;
        }
        removeFromCache(oAuthCacheKey, str, accessTokenDO);
        return null;
    }

    private void removeFromCache(OAuthCacheKey oAuthCacheKey, String str, AccessTokenDO accessTokenDO) {
        this.oauthCache.clearCacheEntry(oAuthCacheKey, accessTokenDO.getAuthzUser().getTenantDomain());
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AccessToken")) {
                log.debug("Access token(hashed) " + DigestUtils.sha256Hex(accessTokenDO.getAccessToken()) + " is expired. Therefore cleared it from cache and marked it as expired in database");
            } else {
                log.debug("Existing access token for client: " + str + " is expired. Therefore cleared it from cache and marked it as expired in database");
            }
        }
    }

    private boolean isRefreshTokenValid(AccessTokenDO accessTokenDO, long j, String str) {
        if (!this.isHashDisabled || accessTokenDO == null) {
            return false;
        }
        long refreshTokenExpireTimeMillis = OAuth2Util.getRefreshTokenExpireTimeMillis(accessTokenDO);
        if (!"ACTIVE".equals(accessTokenDO.getTokenState()) || isRefreshTokenExpired(j, refreshTokenExpireTimeMillis)) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        if (IdentityUtil.isTokenLoggable("AccessToken")) {
            log.debug("Existing access token: " + accessTokenDO.getAccessToken() + " has expired, but refresh token:" + accessTokenDO.getRefreshToken() + " is still valid for client: " + str + ". Remaining time: " + refreshTokenExpireTimeMillis + "ms. Using existing refresh token.");
            return true;
        }
        log.debug("Existing access token has expired, but refresh token is still valid for client: " + str + ". Remaining time: " + refreshTokenExpireTimeMillis + "ms. Using existing refresh token.");
        return true;
    }

    private boolean isRefreshTokenExpired(long j, long j2) {
        if (j2 < 0) {
            return false;
        }
        return j2 <= 0 || j2 <= j;
    }

    private boolean accessTokenRenewedPerRequest(OauthTokenIssuer oauthTokenIssuer, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        boolean renewAccessTokenPerRequest = oauthTokenIssuer.renewAccessTokenPerRequest();
        boolean renewAccessTokenPerRequest2 = this.oauthIssuerImpl.renewAccessTokenPerRequest(oAuthTokenReqMessageContext);
        boolean isTokenRenewalPerRequestConfigured = isTokenRenewalPerRequestConfigured();
        if (log.isDebugEnabled()) {
            log.debug("Access token renew per request: OauthTokenIssuer: " + renewAccessTokenPerRequest + ", OAuthTokenReqMessageContext: " + renewAccessTokenPerRequest2 + ", Configuration: " + isTokenRenewalPerRequestConfigured);
        }
        return renewAccessTokenPerRequest || renewAccessTokenPerRequest2 || isTokenRenewalPerRequestConfigured;
    }

    private boolean isTokenRenewalPerRequestConfigured() {
        return OAuthServerConfiguration.getInstance().isTokenRenewalPerRequestEnabled();
    }

    private void clearExistingTokenFromCache(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, AccessTokenDO accessTokenDO) {
        if (this.cacheEnabled) {
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()), getTokenBindingReference(oAuthTokenReqMessageContext), getAuthorizedOrganization(oAuthTokenReqMessageContext));
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
            OAuthUtil.clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser());
            OAuthUtil.clearOAuthCache(accessTokenDO);
        }
    }

    private OAuth2Service getOauth2Service() {
        return (OAuth2Service) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(OAuth2Service.class, (Hashtable) null);
    }

    private boolean hasValidationByApplicationScopeValidatorsFailed(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        return !Oauth2ScopeUtils.validateByApplicationScopeValidator(oAuthTokenReqMessageContext, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getTokenBindingReference(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        if (oAuthTokenReqMessageContext.getTokenBinding() != null) {
            return StringUtils.isBlank(oAuthTokenReqMessageContext.getTokenBinding().getBindingReference()) ? "NONE" : oAuthTokenReqMessageContext.getTokenBinding().getBindingReference();
        }
        if (!log.isDebugEnabled()) {
            return "NONE";
        }
        log.debug("Token binding data is null.");
        return "NONE";
    }

    private String getAuthorizedOrganization(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        return StringUtils.isEmpty(oAuthTokenReqMessageContext.getAuthorizedUser().getAccessingOrganization()) ? "NONE" : oAuthTokenReqMessageContext.getAuthorizedUser().getAccessingOrganization();
    }

    private String getTokenBindingReference(AccessTokenDO accessTokenDO) {
        return (accessTokenDO.getTokenBinding() == null || StringUtils.isBlank(accessTokenDO.getTokenBinding().getBindingReference())) ? "NONE" : accessTokenDO.getTokenBinding().getBindingReference();
    }

    private String getTokenBindingType(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        if (oAuthTokenReqMessageContext.getTokenBinding() != null) {
            return oAuthTokenReqMessageContext.getTokenBinding().getBindingType();
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Token binding data is null.");
        return null;
    }

    private String getTokenIdForTokenBinding(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        if (oAuthTokenReqMessageContext.getTokenBinding() != null) {
            return oAuthTokenReqMessageContext.getTokenBinding().getTokenId();
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Token binding data is null.");
        return null;
    }

    private boolean isFederatedUser(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        if (oAuthTokenReqMessageContext.getAuthorizedUser() != null) {
            return oAuthTokenReqMessageContext.getAuthorizedUser().isFederatedUser();
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Authorized user is null hence returning false.");
        return false;
    }
}
