package org.wso2.carbon.identity.oauth2.token.handlers.grant;

import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Date;
import java.util.UUID;
import org.apache.amber.oauth2.common.exception.OAuthSystemException;
import org.apache.amber.oauth2.common.message.types.GrantType;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.CacheKey;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.class */
public class RefreshGrantHandler extends AbstractAuthorizationGrantHandler {
    private static Log log = LogFactory.getLog(RefreshGrantHandler.class);
    private static final String PREV_ACCESS_TOKEN = "previousAccessToken";

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        RefreshTokenValidationDataDO validateRefreshToken = this.tokenMgtDAO.validateRefreshToken(oauth2AccessTokenReqDTO.getClientId(), oauth2AccessTokenReqDTO.getRefreshToken());
        if (validateRefreshToken.getAccessToken() == null) {
            log.debug("Invalid Refresh Token provided for Client with Client Id : " + oauth2AccessTokenReqDTO.getClientId());
            return false;
        }
        if (validateRefreshToken.getRefreshTokenState() != null && !validateRefreshToken.getRefreshTokenState().equals(OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE) && !validateRefreshToken.getRefreshTokenState().equals(OAuthConstants.TokenStates.TOKEN_STATE_EXPIRED)) {
            log.debug("Refresh Token is not in 'ACTIVE' or 'EXPIRED' state for Client with Client Id : " + oauth2AccessTokenReqDTO.getClientId() + " Refresh Token: " + oauth2AccessTokenReqDTO.getRefreshToken());
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Refresh token validation successful for Client id : " + oauth2AccessTokenReqDTO.getClientId() + ", Authorized User : " + validateRefreshToken.getAuthorizedUser() + ", Token Scope : " + OAuth2Util.buildScopeString(validateRefreshToken.getScope()));
        }
        oAuthTokenReqMessageContext.setAuthorizedUser(validateRefreshToken.getAuthorizedUser());
        oAuthTokenReqMessageContext.setScope(validateRefreshToken.getScope());
        oAuthTokenReqMessageContext.addProperty(PREV_ACCESS_TOKEN, validateRefreshToken.getAccessToken());
        return true;
    }

    @Override // org.wso2.carbon.identity.oauth2.token.handlers.grant.AbstractAuthorizationGrantHandler, org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler
    public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO = new OAuth2AccessTokenRespDTO();
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String str = null;
        try {
            String accessToken = this.oauthIssuerImpl.accessToken();
            String refreshToken = this.oauthIssuerImpl.refreshToken();
            if (OAuth2Util.checkUserNameAssertionEnabled()) {
                String authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
                accessToken = Base64Utils.encode((accessToken + ":" + authorizedUser).getBytes());
                refreshToken = Base64Utils.encode((refreshToken + ":" + authorizedUser).getBytes());
                if (OAuth2Util.checkAccessTokenPartitioningEnabled()) {
                    str = OAuth2Util.getUserStoreDomainFromUserId(authorizedUser);
                }
            }
            if (!validateGrant(oAuthTokenReqMessageContext)) {
                throw new IdentityOAuth2Exception("Provided refresh token is invalid: " + oauth2AccessTokenReqDTO.getRefreshToken());
            }
            Timestamp timestamp = new Timestamp(new Date().getTime());
            long userAccessTokenValidityPeriodInSeconds = OAuthServerConfiguration.getInstance().getUserAccessTokenValidityPeriodInSeconds();
            long validityPeriod = oAuthTokenReqMessageContext.getValidityPeriod();
            if (validityPeriod != -1 && validityPeriod > 0) {
                userAccessTokenValidityPeriodInSeconds = validityPeriod;
            }
            String str2 = GrantType.CLIENT_CREDENTIALS.toString().equals(oauth2AccessTokenReqDTO.getGrantType()) ? OAuthConstants.USER_TYPE_FOR_APPLICATION_TOKEN : OAuthConstants.USER_TYPE_FOR_USER_TOKEN;
            AccessTokenDO accessTokenDO = new AccessTokenDO(oauth2AccessTokenReqDTO.getClientId(), oAuthTokenReqMessageContext.getAuthorizedUser(), oAuthTokenReqMessageContext.getScope(), timestamp, userAccessTokenValidityPeriodInSeconds, str2);
            accessTokenDO.setTokenState(OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE);
            accessTokenDO.setRefreshToken(refreshToken);
            accessTokenDO.setAccessToken(accessToken);
            String clientId = oauth2AccessTokenReqDTO.getClientId();
            String str3 = (String) oAuthTokenReqMessageContext.getProperty(PREV_ACCESS_TOKEN);
            String clientId2 = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
            String authorizedUser2 = oAuthTokenReqMessageContext.getAuthorizedUser();
            this.tokenMgtDAO.setAccessTokenState(clientId2, authorizedUser2, "INACTIVE", UUID.randomUUID().toString(), str);
            this.tokenMgtDAO.storeAccessToken(accessToken, clientId, accessTokenDO, str);
            if (this.cacheEnabled) {
                OAuthCacheKey oAuthCacheKey = new OAuthCacheKey(clientId2 + ":" + authorizedUser2);
                this.oauthCache.clearCacheEntry((CacheKey) oAuthCacheKey);
                this.oauthCache.addToCache((CacheKey) oAuthCacheKey, (CacheEntry) accessTokenDO);
                if (log.isDebugEnabled()) {
                    log.debug("Access Token info for the refresh token was added to the cache for the client id : " + clientId + ". Old access token entry was also removed from the cache.");
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Persisted an access token for the refresh token, Client ID : " + clientId + "authorized user : " + oAuthTokenReqMessageContext.getAuthorizedUser() + "timestamp : " + timestamp + "validity period : " + userAccessTokenValidityPeriodInSeconds + "scope : " + OAuth2Util.buildScopeString(oAuthTokenReqMessageContext.getScope()) + "Token State : " + OAuthConstants.TokenStates.TOKEN_STATE_ACTIVE + "User Type : " + str2);
            }
            oAuth2AccessTokenRespDTO.setAccessToken(accessToken);
            oAuth2AccessTokenRespDTO.setRefreshToken(refreshToken);
            oAuth2AccessTokenRespDTO.setExpiresIn(userAccessTokenValidityPeriodInSeconds);
            ArrayList arrayList = new ArrayList();
            ResponseHeader responseHeader = new ResponseHeader();
            responseHeader.setKey("DeactivatedAccessToken");
            responseHeader.setValue(str3);
            arrayList.add(responseHeader);
            oAuthTokenReqMessageContext.addProperty("RESPONSE_HEADERS", arrayList.toArray(new ResponseHeader[arrayList.size()]));
            return oAuth2AccessTokenRespDTO;
        } catch (OAuthSystemException e) {
            throw new IdentityOAuth2Exception("Error when generating the tokens.", e);
        }
    }
}
