package org.wso2.carbon.identity.oauth2.validators;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.oauth2.model.BearerTokenValidationDO;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/BearerTokenValidator.class */
public class BearerTokenValidator implements OAuth2TokenValidator {
    private static Log log = LogFactory.getLog(BearerTokenValidator.class);
    private TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
    public static final String TOKEN_TYPE = "bearer";

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public OAuth2TokenValidationResponseDTO validate(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) throws IdentityOAuth2Exception {
        OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
        String accessToken = oAuth2TokenValidationRequestDTO.getAccessToken();
        String clientId = oAuth2TokenValidationRequestDTO.getClientId();
        if (clientId == null || accessToken == null) {
            log.warn("Client Id or Access Token is not present in the validation request.");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Client Id or Access Token is not present in the validation request.");
            return oAuth2TokenValidationResponseDTO;
        }
        BearerTokenValidationDO validateBearerToken = this.tokenMgtDAO.validateBearerToken(clientId, accessToken);
        if (validateBearerToken == null) {
            log.warn("Invalid Access Token or Client Id. Access Token : " + accessToken + ", Client id : " + clientId);
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Invalid Access Token or Client Id.");
            return oAuth2TokenValidationResponseDTO;
        }
        long time = validateBearerToken.getIssuedTime().getTime();
        long validityPeriod = validateBearerToken.getValidityPeriod();
        long defaultTimeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getDefaultTimeStampSkewInSeconds() * 1000;
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - defaultTimeStampSkewInSeconds <= time + validityPeriod) {
            oAuth2TokenValidationResponseDTO.setValid(true);
            oAuth2TokenValidationResponseDTO.setAuthorizedUser(validateBearerToken.getAuthzUser());
            oAuth2TokenValidationResponseDTO.setExpiryTime(validityPeriod / 1000);
            oAuth2TokenValidationResponseDTO.setScope(validateBearerToken.getScope());
            return oAuth2TokenValidationResponseDTO;
        }
        log.warn("Access Token is expired. Client Id : " + clientId);
        if (log.isDebugEnabled()) {
            log.debug("Access Token : " + accessToken + " is expired. Issued Time(ms) : " + time + ", Validity Period : " + validityPeriod + ", Timestamp Skew : " + defaultTimeStampSkewInSeconds + ", Current Time : " + currentTimeMillis);
        }
        oAuth2TokenValidationResponseDTO.setValid(false);
        oAuth2TokenValidationResponseDTO.setErrorMsg("Access Token is expired");
        return oAuth2TokenValidationResponseDTO;
    }
}
