package org.wso2.carbon.identity.scim.provider.auth;

import java.util.ArrayList;
import java.util.Map;
import java.util.TreeMap;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.scim.provider.util.SCIMProviderConstants;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/scim/provider/auth/OAuthHandler.class */
public class OAuthHandler implements SCIMAuthenticationHandler {
    private static Log log = LogFactory.getLog(BasicAuthHandler.class);
    private Map<String, String> properties;
    private String remoteServiceURL;
    private int priority;
    private String userName;
    private String password;
    private final String BEARER_AUTH_HEADER = "Bearer";
    private final String LOCAL_PREFIX = "local";
    private final int DEFAULT_PRIORITY = 10;
    private final String LOCAL_AUTH_SERVER = "local://services";

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public int getPriority() {
        return this.priority;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setPriority(int i) {
        this.priority = i;
    }

    public void setDefaultPriority() {
        this.priority = 10;
    }

    public void setDefaultAuthzServer() {
        this.remoteServiceURL = "local://services";
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean canHandle(Message message, ClassResourceInfo classResourceInfo) {
        String str;
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        return (arrayList == null || (str = (String) arrayList.get(0)) == null || !str.contains("Bearer")) ? false : true;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean isAuthenticated(Message message, ClassResourceInfo classResourceInfo) {
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        if (arrayList == null) {
            return false;
        }
        try {
            OAuth2TokenValidationResponseDTO validateAccessToken = validateAccessToken(((String) arrayList.get(0)).substring(7).trim());
            if (validateAccessToken == null || !validateAccessToken.getValid()) {
                return false;
            }
            arrayList.set(0, validateAccessToken.getAuthorizedUser());
            return true;
        } catch (Exception e) {
            log.error("Error in validating OAuth access token.", e);
            return false;
        }
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setProperties(Map<String, String> map) {
        this.properties = map;
        String str = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PRIORITY);
        if (str != null) {
            this.priority = Integer.parseInt(str);
        } else {
            this.priority = 10;
        }
        String str2 = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_AUTH_SERVER);
        if (str2 != null) {
            this.remoteServiceURL = str2;
        } else {
            this.remoteServiceURL = "local://services";
        }
        this.userName = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_USERNAME);
        this.password = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PASSWORD);
    }

    private String getOAuthAuthzServerURL() {
        if (this.remoteServiceURL != null && !this.remoteServiceURL.endsWith("/")) {
            this.remoteServiceURL += "/";
        }
        return this.remoteServiceURL;
    }

    private OAuth2TokenValidationResponseDTO validateAccessToken(String str) throws Exception {
        if (!this.remoteServiceURL.startsWith("local")) {
            try {
                return new OAuthServiceClient(getOAuthAuthzServerURL(), this.userName, this.password, ConfigurationContextFactory.createConfigurationContextFromFileSystem((String) null, (String) null)).validateAccessToken(str);
            } catch (AxisFault e) {
                throw e;
            } catch (Exception e2) {
                throw e2;
            }
        }
        OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
        oAuth2TokenValidationRequestDTO.setAccessToken(str);
        oAuth2TokenValidationRequestDTO.setTokenType(OAuthServiceClient.BEARER_TOKEN_TYPE);
        org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO validate = new OAuth2TokenValidationService().validate(oAuth2TokenValidationRequestDTO);
        OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
        oAuth2TokenValidationResponseDTO.setAuthorizedUser(validate.getAuthorizedUser());
        oAuth2TokenValidationResponseDTO.setValid(validate.isValid());
        return oAuth2TokenValidationResponseDTO;
    }
}
