package org.wso2.carbon.identity.oauth2.authz;

import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import org.apache.amber.oauth2.common.message.types.ResponseType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.model.OAuthAppDO;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.cache.BaseCache;
import org.wso2.carbon.identity.oauth.common.OAuth2ErrorCodes;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDAO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.handlers.AuthorizationHandler;
import org.wso2.carbon.identity.oauth2.authz.handlers.CodeResponseTypeHandler;
import org.wso2.carbon.identity.oauth2.authz.handlers.TokenResponseTypeHandler;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/authz/AuthorizationHandlerManager.class */
public class AuthorizationHandlerManager {
    private static Log log = LogFactory.getLog(AuthorizationHandlerManager.class);
    private static AuthorizationHandlerManager instance;
    private Map<String, AuthorizationHandler> authzHandlers = new Hashtable();
    private List<String> supportedRespTypes = OAuthServerConfiguration.getInstance().getSupportedResponseTypes();
    private BaseCache<String, OAuthAppDO> appInfoCache;

    public static AuthorizationHandlerManager getInstance() throws IdentityOAuth2Exception {
        CarbonUtils.checkSecurity();
        if (instance == null) {
            synchronized (AuthorizationHandlerManager.class) {
                if (instance == null) {
                    instance = new AuthorizationHandlerManager();
                }
            }
        }
        return instance;
    }

    private AuthorizationHandlerManager() throws IdentityOAuth2Exception {
        this.authzHandlers.put(ResponseType.CODE.toString(), new CodeResponseTypeHandler());
        this.authzHandlers.put(ResponseType.TOKEN.toString(), new TokenResponseTypeHandler());
        this.appInfoCache = new BaseCache<>("AppInfoCache");
        if (this.appInfoCache == null) {
            log.error("Error while creating AppInfoCache");
        } else if (log.isDebugEnabled()) {
            log.debug("Successfully created AppInfoCache under OAuthCacheManager");
        }
    }

    public OAuth2AuthorizeRespDTO handleAuthorization(OAuth2AuthorizeReqDTO oAuth2AuthorizeReqDTO) throws IdentityOAuth2Exception, IdentityOAuthAdminException, InvalidOAuthClientException {
        String responseType = oAuth2AuthorizeReqDTO.getResponseType();
        OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO = new OAuth2AuthorizeRespDTO();
        if (!this.supportedRespTypes.contains(responseType)) {
            log.warn("Unsupported Response Type : " + responseType + " provided  for user : " + oAuth2AuthorizeReqDTO.getUsername());
            handleErrorRequest(oAuth2AuthorizeRespDTO, OAuth2ErrorCodes.UNSUPPORTED_RESP_TYPE, "Unsupported Response Type!");
            oAuth2AuthorizeRespDTO.setCallbackURI(oAuth2AuthorizeReqDTO.getCallbackUrl());
            return oAuth2AuthorizeRespDTO;
        }
        OAuthAppDO appInformation = getAppInformation(oAuth2AuthorizeReqDTO);
        if (appInformation.getGrantTypes() != null) {
            if (responseType.equals("code")) {
                if (!appInformation.getGrantTypes().contains("authorization_code")) {
                    log.debug("Unsupported Response Type : " + responseType + " for client id : " + oAuth2AuthorizeReqDTO.getConsumerKey());
                    handleErrorRequest(oAuth2AuthorizeRespDTO, "unsupported_grant_type", "Unsupported Response Type!");
                    return oAuth2AuthorizeRespDTO;
                }
            } else if (responseType.equals("token") && !appInformation.getGrantTypes().contains("implicit")) {
                log.debug("Unsupported Response Type : " + responseType + " for client id : " + oAuth2AuthorizeReqDTO.getConsumerKey());
                handleErrorRequest(oAuth2AuthorizeRespDTO, "unsupported_grant_type", "Unsupported Response Type!");
                return oAuth2AuthorizeRespDTO;
            }
        }
        AuthorizationHandler authorizationHandler = this.authzHandlers.get(responseType);
        OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext = new OAuthAuthzReqMessageContext(oAuth2AuthorizeReqDTO);
        if (!authorizationHandler.validateAccessDelegation(oAuthAuthzReqMessageContext)) {
            log.warn("User : " + oAuth2AuthorizeReqDTO.getUsername() + " doesn't have necessary rights to grant access to the resource(s) " + OAuth2Util.buildScopeString(oAuth2AuthorizeReqDTO.getScopes()));
            handleErrorRequest(oAuth2AuthorizeRespDTO, OAuth2ErrorCodes.UNAUTHORIZED_CLIENT, "Authorization Failure!");
            oAuth2AuthorizeRespDTO.setCallbackURI(oAuth2AuthorizeReqDTO.getCallbackUrl());
            oAuth2AuthorizeRespDTO.setAuthenticated(true);
            return oAuth2AuthorizeRespDTO;
        }
        if (authorizationHandler.validateScope(oAuthAuthzReqMessageContext)) {
            if (oAuthAuthzReqMessageContext.getApprovedScope() == null || oAuthAuthzReqMessageContext.getApprovedScope().length == 0) {
                oAuthAuthzReqMessageContext.setApprovedScope(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getScopes());
            }
            return authorizationHandler.issue(oAuthAuthzReqMessageContext);
        }
        log.warn("Scope validation failed for user : " + oAuth2AuthorizeReqDTO.getUsername() + ", for the scope : " + OAuth2Util.buildScopeString(oAuth2AuthorizeReqDTO.getScopes()));
        handleErrorRequest(oAuth2AuthorizeRespDTO, OAuth2ErrorCodes.INVALID_SCOPE, "Invalid Scope!");
        oAuth2AuthorizeRespDTO.setCallbackURI(oAuth2AuthorizeReqDTO.getCallbackUrl());
        oAuth2AuthorizeRespDTO.setAuthenticated(true);
        return oAuth2AuthorizeRespDTO;
    }

    private void handleErrorRequest(OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO, String str, String str2) {
        oAuth2AuthorizeRespDTO.setAuthorized(false);
        oAuth2AuthorizeRespDTO.setErrorCode(str);
        oAuth2AuthorizeRespDTO.setErrorMsg(str2);
    }

    private OAuthAppDO getAppInformation(OAuth2AuthorizeReqDTO oAuth2AuthorizeReqDTO) throws IdentityOAuth2Exception, InvalidOAuthClientException {
        OAuthAppDO valueFromCache = this.appInfoCache.getValueFromCache(oAuth2AuthorizeReqDTO.getConsumerKey());
        if (valueFromCache != null) {
            return valueFromCache;
        }
        OAuthAppDO appInformation = new OAuthAppDAO().getAppInformation(oAuth2AuthorizeReqDTO.getConsumerKey());
        this.appInfoCache.addToCache(oAuth2AuthorizeReqDTO.getConsumerKey(), appInformation);
        return appInformation;
    }
}
