package org.wso2.carbon.identity.scim.provider.auth;

import java.util.ArrayList;
import java.util.Map;
import java.util.TreeMap;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.wso2.carbon.identity.application.common.model.ProvisioningServiceProviderType;
import org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientApplicationDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.scim.provider.util.SCIMProviderConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/scim/provider/auth/OAuthHandler.class */
public class OAuthHandler implements SCIMAuthenticationHandler {
    private static Log log = LogFactory.getLog(BasicAuthHandler.class);
    private Map<String, String> properties;
    private String remoteServiceURL;
    private int priority;
    private String userName;
    private String password;
    private final String BEARER_AUTH_HEADER = "Bearer";
    private final String LOCAL_PREFIX = "local";
    private final int DEFAULT_PRIORITY = 10;
    private final String LOCAL_AUTH_SERVER = "local://services";

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public int getPriority() {
        return this.priority;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setPriority(int i) {
        this.priority = i;
    }

    public void setDefaultPriority() {
        this.priority = 10;
    }

    public void setDefaultAuthzServer() {
        this.remoteServiceURL = "local://services";
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean canHandle(Message message, ClassResourceInfo classResourceInfo) {
        String str;
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        return (arrayList == null || (str = (String) arrayList.get(0)) == null || !str.contains("Bearer")) ? false : true;
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public boolean isAuthenticated(Message message, ClassResourceInfo classResourceInfo) {
        ArrayList arrayList = (ArrayList) ((TreeMap) message.get(Message.PROTOCOL_HEADERS)).get("Authorization");
        if (arrayList == null) {
            return false;
        }
        try {
            OAuth2ClientApplicationDTO validateAccessToken = validateAccessToken(((String) arrayList.get(0)).trim().substring(7).trim());
            OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = null;
            if (validateAccessToken != null) {
                oAuth2TokenValidationResponseDTO = validateAccessToken.getAccessTokenValidationResponse();
            }
            if (oAuth2TokenValidationResponseDTO == null || !oAuth2TokenValidationResponseDTO.isValid()) {
                return false;
            }
            String authorizedUser = oAuth2TokenValidationResponseDTO.getAuthorizedUser();
            arrayList.set(0, authorizedUser);
            ThreadLocalProvisioningServiceProvider threadLocalProvisioningServiceProvider = new ThreadLocalProvisioningServiceProvider();
            threadLocalProvisioningServiceProvider.setServiceProviderName(validateAccessToken.getConsumerKey());
            threadLocalProvisioningServiceProvider.setServiceProviderType(ProvisioningServiceProviderType.OAUTH);
            threadLocalProvisioningServiceProvider.setClaimDialect(SCIMProviderConstants.DEFAULT_SCIM_DIALECT);
            threadLocalProvisioningServiceProvider.setTenantDomain(MultitenantUtils.getTenantDomain(authorizedUser));
            IdentityApplicationManagementUtil.setThreadLocalProvisioningServiceProvider(threadLocalProvisioningServiceProvider);
            return true;
        } catch (Exception e) {
            log.error("Error in validating OAuth access token.", e);
            return false;
        }
    }

    @Override // org.wso2.carbon.identity.scim.provider.auth.SCIMAuthenticationHandler
    public void setProperties(Map<String, String> map) {
        this.properties = map;
        String str = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PRIORITY);
        if (str != null) {
            this.priority = Integer.parseInt(str);
        } else {
            this.priority = 10;
        }
        String str2 = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_AUTH_SERVER);
        if (str2 != null) {
            this.remoteServiceURL = str2;
        } else {
            this.remoteServiceURL = "local://services";
        }
        this.userName = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_USERNAME);
        this.password = this.properties.get(SCIMProviderConstants.PROPERTY_NAME_PASSWORD);
    }

    private String getOAuthAuthzServerURL() {
        if (this.remoteServiceURL != null && !this.remoteServiceURL.endsWith("/")) {
            this.remoteServiceURL += "/";
        }
        return this.remoteServiceURL;
    }

    private OAuth2ClientApplicationDTO validateAccessToken(String str) throws Exception {
        if (this.remoteServiceURL.startsWith("local")) {
            OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO = new OAuth2TokenValidationRequestDTO();
            oAuth2TokenValidationRequestDTO.getClass();
            OAuth2TokenValidationRequestDTO.OAuth2AccessToken oAuth2AccessToken = new OAuth2TokenValidationRequestDTO.OAuth2AccessToken(oAuth2TokenValidationRequestDTO);
            oAuth2AccessToken.setTokenType(OAuthServiceClient.BEARER_TOKEN_TYPE);
            oAuth2AccessToken.setIdentifier(str);
            oAuth2TokenValidationRequestDTO.setAccessToken(oAuth2AccessToken);
            return new OAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(oAuth2TokenValidationRequestDTO);
        }
        try {
            org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO findOAuthConsumerIfTokenIsValid = new OAuthServiceClient(getOAuthAuthzServerURL(), this.userName, this.password, ConfigurationContextFactory.createConfigurationContextFromFileSystem((String) null, (String) null)).findOAuthConsumerIfTokenIsValid(str);
            OAuth2ClientApplicationDTO oAuth2ClientApplicationDTO = new OAuth2ClientApplicationDTO();
            oAuth2ClientApplicationDTO.setConsumerKey(findOAuthConsumerIfTokenIsValid.getConsumerKey());
            OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
            oAuth2TokenValidationResponseDTO.setAuthorizedUser(findOAuthConsumerIfTokenIsValid.getAccessTokenValidationResponse().getAuthorizedUser());
            oAuth2TokenValidationResponseDTO.setValid(findOAuthConsumerIfTokenIsValid.getAccessTokenValidationResponse().getValid());
            oAuth2ClientApplicationDTO.setAccessTokenValidationResponse(oAuth2TokenValidationResponseDTO);
            return oAuth2ClientApplicationDTO;
        } catch (Exception e) {
            throw e;
        } catch (AxisFault e2) {
            throw e2;
        }
    }
}
