package org.wso2.carbon.identity.oauth;

import com.google.gdata.client.authn.oauth.GoogleOAuthParameters;
import com.google.gdata.client.authn.oauth.OAuthHmacSha1Signer;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.llom.util.AXIOMUtil;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.ServiceContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.identity.core.model.OAuthAppDO;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.entitlement.EntitlementService;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth.dao.OAuthConsumerDAO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerDTO;
import org.wso2.carbon.identity.oauth.internal.OAuthServiceComponent;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthService.class */
public class OAuthService {
    private static final String OAUTH_LATEST_TIMESTAMP = "OAUTH_LATEST_TIMESTAMP";
    private static final String OAUTH_NONCE_STORE = "OAUTH_NONCE_STORE";

    public boolean isOAuthConsumerValid(OAuthConsumerDTO oAuthConsumerDTO) throws Exception {
        return validateOauthSignature(oAuthConsumerDTO, getOAuthSecretKey(oAuthConsumerDTO.getOauthConsumerKey()));
    }

    public Parameters getOauthRequestToken(Parameters parameters) throws Exception {
        validateTimestampAndNonce(parameters.getOauthTimeStamp(), parameters.getOauthNonce());
        if (validateOauthSignature(parameters, new OAuthAppDAO(getConfigSystemRegistry()).getOauthConsumerSecret(parameters.getOauthConsumerKey()))) {
            return generateOauthToken(parameters);
        }
        throw new Exception("Invalid Signature");
    }

    public Parameters authorizeOauthRequestToken(Parameters parameters) throws Exception {
        String tenantLessUsername = UserCoreUtil.getTenantLessUsername(parameters.getAuthorizedbyUserName());
        if (!IdentityTenantUtil.getRealm(UserCoreUtil.getTenantDomain(OAuthServiceComponent.getRealmService(), parameters.getAuthorizedbyUserName()), parameters.getAuthorizedbyUserName()).getUserStoreManager().authenticate(tenantLessUsername, parameters.getAuthorizedbyUserPassword())) {
            throw new Exception("User Authentication Failed");
        }
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO(getConfigSystemRegistry());
        String randomNumber = OAuthUtil.getRandomNumber();
        Parameters authorizeOAuthToken = oAuthAppDAO.authorizeOAuthToken(parameters.getOauthToken(), tenantLessUsername, randomNumber);
        Parameters parameters2 = new Parameters();
        parameters2.setOauthToken(parameters.getOauthToken());
        parameters2.setOauthTokenVerifier(randomNumber);
        parameters2.setOauthCallback(authorizeOAuthToken.getOauthCallback());
        return parameters2;
    }

    public Parameters getAccessToken(Parameters parameters) throws Exception {
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO(getConfigSystemRegistry());
        if (!validateOauthSignature(parameters, oAuthAppDAO.getOauthConsumerSecret(parameters.getOauthConsumerKey()))) {
            throw new Exception("Invalid Signature");
        }
        Parameters oAuthToken = oAuthAppDAO.getOAuthToken(parameters.getOauthToken());
        if (oAuthToken.getOauthTokenVerifier() == null || !oAuthToken.getOauthTokenVerifier().equals(parameters.getOauthTokenVerifier()) || oAuthToken.getAuthorizedbyUserName() == null || oAuthToken.isAccessTokenIssued()) {
            throw new Exception("Invalid request for OAuth access token");
        }
        String randomNumber = OAuthUtil.getRandomNumber();
        String randomNumber2 = OAuthUtil.getRandomNumber();
        oAuthAppDAO.replaceOAuthToken(parameters.getOauthConsumerKey(), randomNumber, randomNumber2, parameters.getOauthToken());
        oAuthToken.setOauthToken(randomNumber);
        oAuthToken.setOauthTokenSecret(randomNumber2);
        return oAuthToken;
    }

    public Parameters getScopeAndAppName(String str) throws Exception {
        Parameters oAuthToken = new OAuthAppDAO(getConfigSystemRegistry()).getOAuthToken(str);
        Parameters parameters = new Parameters();
        parameters.setScope(oAuthToken.getScope());
        parameters.setAppName(oAuthToken.getAppName());
        return parameters;
    }

    public boolean validateAuthenticationRequest(Parameters parameters) throws Exception {
        String validateAccessToken;
        validateTimestampAndNonce(parameters.getOauthTimeStamp(), parameters.getOauthNonce());
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO(getConfigSystemRegistry());
        if (!validateOauthSignature(parameters, oAuthAppDAO.getOauthConsumerSecret(parameters.getOauthConsumerKey())) || (validateAccessToken = oAuthAppDAO.validateAccessToken(parameters.getOauthConsumerKey(), parameters.getOauthToken(), parameters.getScope())) == null) {
            return false;
        }
        OAuthAppDO oAuthApp = oAuthAppDAO.getOAuthApp(parameters.getOauthConsumerKey());
        HttpSession session = ((HttpServletRequest) MessageContext.getCurrentMessageContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        RealmService realmService = OAuthServiceComponent.getRealmService();
        String tenantDomain = UserCoreUtil.getTenantDomain(realmService, oAuthApp.getUserName());
        CarbonAuthenticationUtil.onSuccessAdminLogin(session, oAuthApp.getUserName(), realmService.getTenantManager().getTenantId(tenantDomain), tenantDomain, "oauth_delegation");
        return "permit".equalsIgnoreCase(getStatus(new EntitlementService().getDecisionByAttributes(validateAccessToken, parameters.getScope(), "oauth_delegate", (String[]) null)));
    }

    private String getStatus(String str) throws Exception {
        OMElement firstChildWithName;
        OMElement firstChildWithName2 = AXIOMUtil.stringToOM(str).getFirstChildWithName(new QName("Result"));
        return (firstChildWithName2 == null || (firstChildWithName = firstChildWithName2.getFirstChildWithName(new QName("Decision"))) == null) ? "Invalid Status" : firstChildWithName.getText();
    }

    private Parameters generateOauthToken(Parameters parameters) throws Exception {
        OAuthAppDAO oAuthAppDAO = new OAuthAppDAO(getConfigSystemRegistry());
        String randomNumber = OAuthUtil.getRandomNumber();
        String randomNumber2 = OAuthUtil.getRandomNumber();
        oAuthAppDAO.createOAuthToken(parameters.getOauthConsumerKey(), randomNumber, randomNumber2, parameters.getOauthCallback(), parameters.getScope());
        Parameters parameters2 = new Parameters();
        parameters2.setOauthConsumerKey(parameters.getOauthConsumerKey());
        parameters2.setOauthToken(randomNumber);
        parameters2.setOauthTokenSecret(randomNumber2);
        parameters2.setOauthCallback(parameters.getOauthCallback());
        parameters2.setScope(parameters.getScope());
        return parameters2;
    }

    private boolean validateOauthSignature(OAuthConsumerDTO oAuthConsumerDTO, String str) throws Exception {
        GoogleOAuthParameters googleOAuthParameters = new GoogleOAuthParameters();
        googleOAuthParameters.setOAuthConsumerKey(oAuthConsumerDTO.getOauthConsumerKey());
        googleOAuthParameters.setOAuthConsumerSecret(str);
        googleOAuthParameters.setOAuthNonce(oAuthConsumerDTO.getOauthNonce());
        googleOAuthParameters.setOAuthTimestamp(oAuthConsumerDTO.getOauthTimeStamp());
        googleOAuthParameters.setOAuthSignatureMethod(oAuthConsumerDTO.getOauthSignatureMethod());
        validateTimestampAndNonce(oAuthConsumerDTO.getOauthTimeStamp(), oAuthConsumerDTO.getOauthNonce());
        String signature = new OAuthHmacSha1Signer().getSignature(com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(oAuthConsumerDTO.getBaseString(), oAuthConsumerDTO.getHttpMethod(), googleOAuthParameters.getBaseParameters()), googleOAuthParameters);
        if (signature == null || !URLEncoder.encode(signature).equals(oAuthConsumerDTO.getOauthSignature())) {
            return signature != null && signature.equals(oAuthConsumerDTO.getOauthSignature());
        }
        return true;
    }

    private boolean validateOauthSignature(Parameters parameters, String str) throws Exception {
        GoogleOAuthParameters googleOAuthParameters = new GoogleOAuthParameters();
        googleOAuthParameters.setOAuthConsumerKey(parameters.getOauthConsumerKey());
        googleOAuthParameters.setOAuthConsumerSecret(str);
        googleOAuthParameters.setOAuthNonce(parameters.getOauthNonce());
        googleOAuthParameters.setOAuthTimestamp(parameters.getOauthTimeStamp());
        googleOAuthParameters.setOAuthSignatureMethod(parameters.getOauthSignatureMethod());
        if (parameters.getOauthToken() != null) {
            googleOAuthParameters.setOAuthToken(parameters.getOauthToken());
        }
        if (parameters.getOauthTokenVerifier() != null) {
            googleOAuthParameters.setOAuthVerifier(parameters.getOauthTokenVerifier());
        }
        if (parameters.getOauthTokenSecret() != null) {
            googleOAuthParameters.setOAuthTokenSecret(parameters.getOauthTokenSecret());
        }
        String signature = new OAuthHmacSha1Signer().getSignature(com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(parameters.getBaseString(), parameters.getHttpMethod(), googleOAuthParameters.getBaseParameters()), googleOAuthParameters);
        if (signature == null || !URLEncoder.encode(signature).equals(parameters.getOauthSignature())) {
            return signature != null && signature.equals(parameters.getOauthSignature());
        }
        return true;
    }

    private void validateTimestampAndNonce(String str, String str2) throws Exception {
        if (str == null || str2 == null || str2.trim().length() == 0) {
            throw new Exception("Invalid request for OAuth access token");
        }
        long parseLong = Long.parseLong(str);
        synchronized (this) {
            long j = 0;
            ServiceContext serviceContext = MessageContext.getCurrentMessageContext().getServiceContext();
            String str3 = (String) serviceContext.getProperty(OAUTH_LATEST_TIMESTAMP);
            if (str3 != null) {
                j = Long.parseLong(str3);
            }
            if (parseLong < 0 || parseLong < j) {
                throw new Exception("Invalid timestamp");
            }
            serviceContext.setProperty(OAUTH_LATEST_TIMESTAMP, String.valueOf(parseLong));
            List list = (List) serviceContext.getProperty(OAUTH_NONCE_STORE);
            if (list == null) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(str2);
                serviceContext.setProperty(OAUTH_NONCE_STORE, arrayList);
            } else {
                if (list.contains(str2)) {
                    throw new Exception("Invalid request for OAuth access token");
                }
                list.add(str2);
            }
        }
    }

    private String getOAuthSecretKey(String str) throws Exception {
        Registry configSystemRegistry = getConfigSystemRegistry();
        return new OAuthConsumerDAO(configSystemRegistry).getOAuthConsumerSecret(UserCoreUtil.getTenantLessUsername(str));
    }

    private Registry getConfigSystemRegistry() throws RegistryException {
        return OAuthServiceComponent.getRegistryService().getConfigSystemRegistry();
    }
}
