package org.wso2.carbon.identity.oauth2.authz.handlers;

import java.sql.Timestamp;
import java.util.Date;
import java.util.UUID;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.CacheKey;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/authz/handlers/TokenResponseTypeHandler.class */
public class TokenResponseTypeHandler extends AbstractResponseTypeHandler {
    private static Log log = LogFactory.getLog(TokenResponseTypeHandler.class);

    @Override // org.wso2.carbon.identity.oauth2.authz.handlers.ResponseTypeHandler
    public OAuth2AuthorizeRespDTO issue(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        AccessTokenDO validAccessTokenIfExist;
        AccessTokenDO accessTokenDO;
        OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO = new OAuth2AuthorizeRespDTO();
        OAuth2AuthorizeReqDTO authorizationReqDTO = oAuthAuthzReqMessageContext.getAuthorizationReqDTO();
        String buildScopeString = OAuth2Util.buildScopeString(oAuthAuthzReqMessageContext.getApprovedScope());
        oAuth2AuthorizeRespDTO.setCallbackURI(authorizationReqDTO.getCallbackUrl());
        String consumerKey = authorizationReqDTO.getConsumerKey();
        String username = authorizationReqDTO.getUsername();
        OAuthCacheKey oAuthCacheKey = new OAuthCacheKey(consumerKey + ":" + username + ":" + buildScopeString);
        String str = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            str = OAuth2Util.getUserStoreDomainFromUserId(username);
        }
        synchronized ((consumerKey + ":" + username + ":" + buildScopeString).intern()) {
            try {
                if (this.cacheEnabled && (accessTokenDO = (AccessTokenDO) this.oauthCache.getValueFromCache((CacheKey) oAuthCacheKey)) != null) {
                    if (OAuth2Util.getTokenExpireTimeMillis(accessTokenDO) > 0) {
                        oAuth2AuthorizeRespDTO.setAccessToken(accessTokenDO.getAccessToken());
                        oAuth2AuthorizeRespDTO.setValidityPeriod(accessTokenDO.getValidityPeriod());
                        if (log.isDebugEnabled()) {
                            log.debug("Access Token info retrieved from the cache and served to client with client id : " + consumerKey);
                        }
                        this.oauthCache.addToCache((CacheKey) oAuthCacheKey, (CacheEntry) accessTokenDO);
                        return oAuth2AuthorizeRespDTO;
                    }
                    this.oauthCache.clearCacheEntry((CacheKey) oAuthCacheKey);
                    this.tokenMgtDAO.setAccessTokenState(consumerKey, username, OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED, UUID.randomUUID().toString(), str, buildScopeString);
                }
                validAccessTokenIfExist = this.tokenMgtDAO.getValidAccessTokenIfExist(consumerKey, username, str, buildScopeString);
            } catch (Exception e) {
                if (log.isDebugEnabled()) {
                    log.debug("Error while getting existing token for client ID" + consumerKey);
                }
            }
            if (validAccessTokenIfExist != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Retrieving existing valid access token for client ID" + consumerKey);
                }
                if (this.cacheEnabled) {
                    if (log.isDebugEnabled()) {
                        log.debug("Access Token info was added to the cache for the client id : " + consumerKey);
                    }
                    this.oauthCache.addToCache((CacheKey) oAuthCacheKey, (CacheEntry) validAccessTokenIfExist);
                }
                oAuth2AuthorizeRespDTO.setAccessToken(validAccessTokenIfExist.getAccessToken());
                oAuth2AuthorizeRespDTO.setValidityPeriod(OAuth2Util.getTokenExpireTimeMillis(validAccessTokenIfExist) / 1000);
                return oAuth2AuthorizeRespDTO;
            }
            if (log.isDebugEnabled()) {
                log.debug("Marking old token as expired for client Id : " + consumerKey + " AuthorizedUser : " + username);
            }
            this.tokenMgtDAO.setAccessTokenState(consumerKey, username, OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED, UUID.randomUUID().toString(), str, buildScopeString);
            if (log.isDebugEnabled()) {
                log.debug("Issuing a new access token for " + consumerKey + " AuthorizedUser : " + username);
            }
            try {
                String accessToken = this.oauthIssuerImpl.accessToken();
                if (OAuth2Util.checkUserNameAssertionEnabled()) {
                    accessToken = Base64Utils.encode((accessToken + ":" + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUsername()).getBytes());
                }
                Timestamp timestamp = new Timestamp(new Date().getTime());
                long userAccessTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds();
                long validityPeriod = oAuthAuthzReqMessageContext.getValidityPeriod();
                if (validityPeriod != -1 && validityPeriod > 0) {
                    userAccessTokenValidityPeriodInSeconds = validityPeriod;
                }
                AccessTokenDO accessTokenDO2 = new AccessTokenDO(consumerKey, authorizationReqDTO.getUsername(), oAuthAuthzReqMessageContext.getApprovedScope(), timestamp, userAccessTokenValidityPeriodInSeconds, OAuthConstants.USER_TYPE_FOR_USER_TOKEN);
                accessTokenDO2.setTokenState(OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE);
                accessTokenDO2.setAccessToken(accessToken);
                this.tokenMgtDAO.storeAccessToken(accessToken, authorizationReqDTO.getConsumerKey(), accessTokenDO2, str);
                if (this.cacheEnabled) {
                    this.oauthCache.addToCache((CacheKey) oAuthCacheKey, (CacheEntry) accessTokenDO2);
                    if (log.isDebugEnabled()) {
                        log.debug("AccessTokenDO was added to the cache for client id : " + authorizationReqDTO.getConsumerKey());
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Persisted an access token with Client ID : " + authorizationReqDTO.getConsumerKey() + "authorized user : " + authorizationReqDTO.getUsername() + "timestamp : " + timestamp + "validity period : " + userAccessTokenValidityPeriodInSeconds + "scope : " + OAuth2Util.buildScopeString(oAuthAuthzReqMessageContext.getApprovedScope()) + "callback url : " + authorizationReqDTO.getCallbackUrl() + "Token State : " + OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE + "User Type : " + OAuthConstants.USER_TYPE_FOR_USER_TOKEN);
                }
                oAuth2AuthorizeRespDTO.setAccessToken(accessToken);
                oAuth2AuthorizeRespDTO.setValidityPeriod(userAccessTokenValidityPeriodInSeconds);
                return oAuth2AuthorizeRespDTO;
            } catch (OAuthSystemException e2) {
                throw new IdentityOAuth2Exception(e2.getMessage(), e2);
            }
        }
    }
}
