package org.wso2.carbon.identity.oauth2.validators;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.caching.core.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dao.TokenMgtDAO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationRequestDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2TokenValidationResponseDTO;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/BearerTokenValidator.class */
public class BearerTokenValidator implements OAuth2TokenValidator {
    private static Log log = LogFactory.getLog(BearerTokenValidator.class);
    private TokenMgtDAO tokenMgtDAO = new TokenMgtDAO();
    public static final String TOKEN_TYPE = "bearer";

    @Override // org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidator
    public OAuth2TokenValidationResponseDTO validate(OAuth2TokenValidationRequestDTO oAuth2TokenValidationRequestDTO) throws IdentityOAuth2Exception {
        log.debug("Started processing token validation request of type : bearer");
        OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
        String accessToken = oAuth2TokenValidationRequestDTO.getAccessToken();
        if (accessToken == null) {
            log.warn("Access Token is not present in the validation request.");
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Client Id or Access Token is not present in the validation request.");
            return oAuth2TokenValidationResponseDTO;
        }
        AccessTokenDO accessTokenDO = null;
        boolean z = false;
        if (OAuthServerConfiguration.getInstance().isCacheEnabled()) {
            CacheEntry valueFromCache = OAuthCache.getInstance().getValueFromCache(new OAuthCacheKey(accessToken));
            if (valueFromCache instanceof AccessTokenDO) {
                accessTokenDO = (AccessTokenDO) valueFromCache;
                z = true;
            }
        }
        if (accessTokenDO == null) {
            accessTokenDO = this.tokenMgtDAO.validateBearerToken(accessToken);
        }
        if (accessTokenDO == null) {
            log.warn("Invalid Access Token or Client Id. Access Token : " + accessToken);
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Invalid Access Token or Client Id.");
            return oAuth2TokenValidationResponseDTO;
        }
        long time = accessTokenDO.getIssuedTime().getTime();
        long validityPeriod = accessTokenDO.getValidityPeriod();
        long defaultTimeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getDefaultTimeStampSkewInSeconds() * 1000;
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - defaultTimeStampSkewInSeconds > time + validityPeriod) {
            log.warn("Access Token is expired.");
            if (log.isDebugEnabled()) {
                log.debug("Access Token : " + accessToken + " is expired. Issued Time(ms) : " + time + ", Validity Period : " + validityPeriod + ", Timestamp Skew : " + defaultTimeStampSkewInSeconds + ", Current Time : " + currentTimeMillis);
            }
            oAuth2TokenValidationResponseDTO.setValid(false);
            oAuth2TokenValidationResponseDTO.setErrorMsg("Access Token is expired");
            return oAuth2TokenValidationResponseDTO;
        }
        oAuth2TokenValidationResponseDTO.setValid(true);
        oAuth2TokenValidationResponseDTO.setAuthorizedUser(accessTokenDO.getAuthzUser());
        oAuth2TokenValidationResponseDTO.setExpiryTime(validityPeriod / 1000);
        oAuth2TokenValidationResponseDTO.setScope(accessTokenDO.getScope());
        if (OAuthServerConfiguration.getInstance().isCacheEnabled() && !z) {
            OAuthCache.getInstance().addToCache(new OAuthCacheKey(accessToken), accessTokenDO);
            if (log.isDebugEnabled()) {
                log.debug("Access Token Info object was added back to the cache.");
            }
        }
        return oAuth2TokenValidationResponseDTO;
    }
}
