package org.wso2.carbon.auth.oauth.impl;

import com.nimbusds.oauth2.sdk.OAuth2Error;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.token.BearerTokenError;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.client.registration.dao.ApplicationDAO;
import org.wso2.carbon.auth.core.api.UserNameMapper;
import org.wso2.carbon.auth.core.exception.AuthException;
import org.wso2.carbon.auth.oauth.ClientLookup;
import org.wso2.carbon.auth.oauth.GrantHandler;
import org.wso2.carbon.auth.oauth.OAuthConstants;
import org.wso2.carbon.auth.oauth.dao.OAuthDAO;
import org.wso2.carbon.auth.oauth.dto.AccessTokenContext;
import org.wso2.carbon.auth.oauth.dto.AccessTokenDTO;
import org.wso2.carbon.auth.oauth.dto.AccessTokenData;
import org.wso2.carbon.auth.oauth.exception.OAuthDAOException;
import org.wso2.carbon.auth.user.mgt.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/auth/oauth/impl/RefreshGrantHandler.class */
public class RefreshGrantHandler implements GrantHandler {
    private static final Logger log = LoggerFactory.getLogger(RefreshGrantHandler.class);
    public static final BearerTokenError MISSING_TOKEN = new BearerTokenError((String) null, (String) null, 401);
    public static final int ALLOWED_MINIMUM_VALIDITY_PERIOD_IN_MILI = 1000000;
    public static final String INVALID_GRANT_ERROR_CODE = "INVALID_GRANT";
    private OAuthDAO oauthDAO;
    private ApplicationDAO applicationDAO;
    private ClientLookup clientLookup;
    private UserNameMapper userNameMapper;

    @Override // org.wso2.carbon.auth.oauth.GrantHandler
    public void init(UserNameMapper userNameMapper, OAuthDAO oAuthDAO, UserStoreManager userStoreManager, ApplicationDAO applicationDAO) {
        this.userNameMapper = userNameMapper;
        this.oauthDAO = oAuthDAO;
        this.applicationDAO = applicationDAO;
        this.clientLookup = new ClientLookupImpl(oAuthDAO);
    }

    @Override // org.wso2.carbon.auth.oauth.GrantHandler
    public boolean validateGrant(String str, AccessTokenContext accessTokenContext, Map<String, String> map) throws AuthException {
        String str2 = (String) accessTokenContext.getParams().get(OAuthConstants.CLIENT_ID);
        String str3 = map.get(OAuthConstants.REFRESH_TOKEN_QUERY_PARAM);
        if (StringUtils.isEmpty(str3)) {
            log.error("valid refresh token is not found");
            accessTokenContext.setErrorObject(OAuth2Error.INVALID_REQUEST);
            return false;
        }
        try {
            AccessTokenDTO tokenInfo = this.oauthDAO.getTokenInfo(str3, str2);
            if (!validateGrant(tokenInfo)) {
                log.error("Invalid Grant provided by the client Id: ");
                accessTokenContext.setErrorObject(new BearerTokenError(INVALID_GRANT_ERROR_CODE, "Invalid Grant provided by the client Id: ", 401));
                return false;
            }
            if (isRefreshTokenExpired(tokenInfo)) {
                log.error("Refresh token is expired.");
                accessTokenContext.setErrorObject(new BearerTokenError(INVALID_GRANT_ERROR_CODE, "Refresh token is expired.", 401));
                return false;
            }
            accessTokenContext.getParams().put(OAuthConstants.AUTH_USER, this.userNameMapper.getLoggedInUserIDFromPseudoName(tokenInfo.getAuthUser()));
            String str4 = map.get(OAuthConstants.SCOPE_QUERY_PARAM);
            if (StringUtils.isNotEmpty(str4)) {
                accessTokenContext.getParams().put(OAuthConstants.SCOPE_QUERY_PARAM, str4);
                return true;
            }
            accessTokenContext.getParams().put(OAuthConstants.SCOPE_QUERY_PARAM, tokenInfo.getScopes());
            return true;
        } catch (OAuthDAOException e) {
            log.error("Error getting token information from the DB", e);
            throw new OAuthDAOException("Error getting token information from the DB", (Throwable) e);
        }
    }

    @Override // org.wso2.carbon.auth.oauth.GrantHandler
    public void process(String str, AccessTokenContext accessTokenContext, Map<String, String> map) throws AuthException {
        String str2 = (String) accessTokenContext.getParams().get(OAuthConstants.CLIENT_ID);
        String str3 = (String) accessTokenContext.getParams().get(OAuthConstants.AUTH_USER);
        TokenIssuer.generateAccessToken((Scope) accessTokenContext.getParams().get(OAuthConstants.FILTERED_SCOPES), accessTokenContext);
        AccessTokenData generateTokenData = TokenDataUtil.generateTokenData(accessTokenContext);
        generateTokenData.setAuthUser(this.userNameMapper.getLoggedInPseudoNameFromUserID(str3));
        generateTokenData.setClientId(str2);
        this.oauthDAO.addAccessTokenInfo(generateTokenData);
        generateTokenData.setAuthUser(str3);
    }

    private boolean isRefreshTokenExpired(AccessTokenDTO accessTokenDTO) {
        return calculateValidityInMillis(accessTokenDTO.getRefreshTokenCreatedTime(), accessTokenDTO.getRefreshTokenValidityPeriod() * 1000) < 1000000;
    }

    public static long calculateValidityInMillis(long j, long j2) {
        return (j + j2) - (System.currentTimeMillis() - 5000);
    }

    private boolean validateGrant(AccessTokenDTO accessTokenDTO) {
        return accessTokenDTO != null;
    }
}
