package org.wso2.carbon.auth.token.introspection.impl;

import java.util.HashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.core.api.UserNameMapper;
import org.wso2.carbon.auth.core.exception.AuthException;
import org.wso2.carbon.auth.core.impl.UserNameMapperFactory;
import org.wso2.carbon.auth.oauth.dao.impl.DAOFactory;
import org.wso2.carbon.auth.oauth.dto.AccessTokenDTO;
import org.wso2.carbon.auth.oauth.exception.OAuthDAOException;
import org.wso2.carbon.auth.token.introspection.IntrospectionException;
import org.wso2.carbon.auth.token.introspection.TokenValidatorHandler;
import org.wso2.carbon.auth.token.introspection.dto.IntrospectionContext;
import org.wso2.carbon.auth.token.introspection.dto.IntrospectionResponse;

/* loaded from: input_file:org/wso2/carbon/auth/token/introspection/impl/TokenValidatorHandlerImpl.class */
public class TokenValidatorHandlerImpl implements TokenValidatorHandler {
    private static final Logger log = LoggerFactory.getLogger(TokenValidatorHandlerImpl.class);

    @Override // org.wso2.carbon.auth.token.introspection.TokenValidatorHandler
    public void validate(IntrospectionContext introspectionContext) throws IntrospectionException {
        OAuth2TokenValidator oAuth2TokenValidator = new OAuth2TokenValidator();
        UserNameMapper userNameMapper = UserNameMapperFactory.getInstance().getUserNameMapper();
        if (!oAuth2TokenValidator.validateAccessToken(introspectionContext)) {
            buildIntrospectionError(introspectionContext, "Access token validation failed");
            return;
        }
        AccessTokenDTO findAccessToken = findAccessToken(introspectionContext.getAccessToken());
        if (findAccessToken == null) {
            throw new IntrospectionException("accessTokenDO is 'NULL'");
        }
        if (hasAccessTokenExpired(findAccessToken)) {
            buildIntrospectionError(introspectionContext, "Access token expired");
            return;
        }
        IntrospectionResponse introspectionResponse = new IntrospectionResponse();
        introspectionResponse.setExp(((findAccessToken.getValidityPeriod() * 1000) + findAccessToken.getTimeCreated()) / 1000);
        introspectionResponse.setIat(findAccessToken.getTimeCreated() / 1000);
        introspectionResponse.setScope(findAccessToken.getScopes());
        try {
            introspectionResponse.setUsername(userNameMapper.getLoggedInUserIDFromPseudoName(findAccessToken.getAuthUser()));
        } catch (AuthException e) {
            String str = "Access token validation failed" + findAccessToken.getAuthUser();
            log.error(str, e);
            buildIntrospectionError(introspectionContext, str);
        }
        introspectionResponse.setClientId(findAccessToken.getConsumerKey());
        introspectionResponse.setTokenType("user and application");
        introspectionResponse.setNbf(1L);
        introspectionResponse.setAud("audience");
        introspectionResponse.setIss("Issuer");
        introspectionResponse.setJti("JTI");
        introspectionResponse.setSub("SUB");
        introspectionResponse.setUserContext("context");
        introspectionResponse.setProperties(new HashMap());
        introspectionContext.setIntrospectionResponse(introspectionResponse);
        if (!oAuth2TokenValidator.validateAccessDelegation(introspectionContext)) {
            buildIntrospectionError(introspectionContext, "Invalid access delegation");
        } else if (oAuth2TokenValidator.validateScope(introspectionContext)) {
            introspectionContext.getIntrospectionResponse().setActive(true);
        } else {
            buildIntrospectionError(introspectionContext, "Scope validation failed");
        }
    }

    private void buildIntrospectionError(IntrospectionContext introspectionContext, String str) {
        if (log.isDebugEnabled()) {
            log.debug(str);
        }
        IntrospectionResponse introspectionResponse = new IntrospectionResponse();
        introspectionResponse.setActive(false);
        introspectionResponse.setError(str);
        introspectionContext.setIntrospectionResponse(introspectionResponse);
    }

    private AccessTokenDTO findAccessToken(String str) throws IntrospectionException {
        try {
            return DAOFactory.getClientDAO().getTokenInfo(str);
        } catch (OAuthDAOException e) {
            throw new IntrospectionException("Error occurred while getting token information", e);
        }
    }

    private boolean hasAccessTokenExpired(AccessTokenDTO accessTokenDTO) {
        if (accessTokenDTO.getValidityPeriod() < 0) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Access Token has infinite lifetime");
            return false;
        }
        if (getAccessTokenExpireMillis(accessTokenDTO) != 0) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("Access Token has expired");
        return true;
    }

    public static long getAccessTokenExpireMillis(AccessTokenDTO accessTokenDTO) {
        long calculateValidityInMillis = calculateValidityInMillis(accessTokenDTO.getTimeCreated(), accessTokenDTO.getValidityPeriod() * 1000);
        if (calculateValidityInMillis > 1000) {
            return calculateValidityInMillis;
        }
        return 0L;
    }

    public static long calculateValidityInMillis(long j, long j2) {
        return (j + j2) - (System.currentTimeMillis() - 5000);
    }
}
