package org.wso2.carbon.identity.oauth2.token.handlers.grant;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.CacheKey;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.model.AuthzCodeDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/AuthorizationCodeGrantHandler.class */
public class AuthorizationCodeGrantHandler extends AbstractAuthorizationGrantHandler {
    private static final String AUTHZ_CODE = "AuthorizationCode";
    private static Log log = LogFactory.getLog(AuthorizationCodeGrantHandler.class);

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String authorizationCode = oauth2AccessTokenReqDTO.getAuthorizationCode();
        String clientId = oauth2AccessTokenReqDTO.getClientId();
        AuthzCodeDO authzCodeDO = null;
        if (this.cacheEnabled) {
            authzCodeDO = (AuthzCodeDO) this.oauthCache.getValueFromCache((CacheKey) new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(clientId, authorizationCode)));
        }
        if (log.isDebugEnabled()) {
            if (authzCodeDO != null) {
                log.debug("Authorization Code Info was available in cache for client id : " + clientId);
            } else {
                log.debug("Authorization Code Info was not available in cache for client id : " + clientId);
            }
        }
        if (authzCodeDO == null) {
            authzCodeDO = this.tokenMgtDAO.validateAuthorizationCode(clientId, authorizationCode);
        }
        if (authzCodeDO == null) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Invalid access token request with Client Id : " + clientId + " , Authorization Code : " + oauth2AccessTokenReqDTO.getAuthorizationCode());
            return false;
        }
        if (authzCodeDO.getCallbackUrl() != null && !authzCodeDO.getCallbackUrl().equals("")) {
            if (oauth2AccessTokenReqDTO.getCallbackURI() == null) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("Invalid access token request with Client Id : " + clientId + " , Authorization Code : " + oauth2AccessTokenReqDTO.getAuthorizationCode() + " : redirect_uri not present in request");
                return false;
            }
            if (!oauth2AccessTokenReqDTO.getCallbackURI().equals(authzCodeDO.getCallbackUrl())) {
                if (!log.isDebugEnabled()) {
                    return false;
                }
                log.debug("Invalid access token request with Client Id : " + clientId + " , Authorization Code : " + oauth2AccessTokenReqDTO.getAuthorizationCode() + " : redirect_uri does not match previously presented redirect_uri to authorization endpoint");
                return false;
            }
        }
        long time = authzCodeDO.getIssuedTime().getTime();
        long validityPeriod = authzCodeDO.getValidityPeriod();
        long timeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - timeStampSkewInSeconds <= time + validityPeriod) {
            if (log.isDebugEnabled()) {
                log.debug("Found an Authorization Code, Client : " + clientId + " , Authorization Code : " + oauth2AccessTokenReqDTO.getAuthorizationCode() + ", authorized user : " + authzCodeDO.getAuthorizedUser() + ", scope : " + OAuth2Util.buildScopeString(authzCodeDO.getScope()));
            }
            oAuthTokenReqMessageContext.setAuthorizedUser(authzCodeDO.getAuthorizedUser());
            oAuthTokenReqMessageContext.setScope(authzCodeDO.getScope());
            oAuthTokenReqMessageContext.addProperty(AUTHZ_CODE, authorizationCode);
            return true;
        }
        if (log.isDebugEnabled()) {
            log.debug("Authorization Code : " + authorizationCode + " is expired. Issued Time(ms) : " + time + ", Validity Period : " + validityPeriod + ", Timestamp Skew : " + timeStampSkewInSeconds + ", Current Time : " + currentTimeMillis);
        }
        this.tokenMgtDAO.cleanUpAuthzCode(authorizationCode);
        if (log.isDebugEnabled()) {
            log.debug("Expired Authorization code : " + authorizationCode + " issued for client " + clientId + " was removed from the database.");
        }
        this.oauthCache.clearCacheEntry((CacheKey) new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(clientId, authorizationCode)));
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Expired Authorization code : " + authorizationCode + " issued for client " + clientId + " was removed from the cache.");
        return false;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenRespDTO issue = super.issue(oAuthTokenReqMessageContext);
        String str = (String) oAuthTokenReqMessageContext.getProperty(AUTHZ_CODE);
        if (str == null) {
            str = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getAuthorizationCode();
        }
        if (this.cacheEnabled) {
            String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
            this.oauthCache.clearCacheEntry((CacheKey) new OAuthCacheKey(OAuth2Util.buildCacheKeyStringForAuthzCode(clientId, str)));
            if (log.isDebugEnabled()) {
                log.debug("Cache was cleared for authorization code info for client id : " + clientId);
            }
        }
        this.tokenMgtDAO.cleanUpAuthzCode(str);
        if (log.isDebugEnabled()) {
            log.debug("Authorization Code clean up completed for request from the Client, Client Id: " + str);
        }
        return issue;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean authorizeAccessDelegation(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        return true;
    }
}
