package org.wso2.carbon.identity.oauth2.util;

import java.sql.Timestamp;
import java.util.Arrays;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.cache.CacheEntry;
import org.wso2.carbon.identity.oauth.cache.CacheKey;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.common.OAuthConstants;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth.dao.OAuthConsumerDAO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.model.ClientCredentialDO;

/* loaded from: input_file:lib/org.wso2.carbon.identity.oauth-4.2.3.jar:org/wso2/carbon/identity/oauth2/util/OAuth2Util.class */
public class OAuth2Util {
    private static Log log = LogFactory.getLog(OAuth2Util.class);
    private static boolean cacheEnabled = OAuthServerConfiguration.getInstance().isCacheEnabled();
    private static OAuthCache cache = OAuthCache.getInstance();
    private static long timestampSkew = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
    private static ThreadLocal<Integer> clientTenatId = new ThreadLocal<>();

    public static int getClientTenatId() {
        if (clientTenatId.get() == null) {
            return -1;
        }
        return clientTenatId.get().intValue();
    }

    public static void setClientTenatId(int i) {
        clientTenatId.set(new Integer(i));
    }

    public static void clearClientTenantId() {
        clientTenatId.remove();
    }

    public static String buildScopeString(String[] strArr) {
        StringBuilder sb = new StringBuilder("");
        if (strArr != null) {
            Arrays.sort(strArr);
            for (int i = 0; i < strArr.length; i++) {
                sb.append(strArr[i].trim());
                if (i != strArr.length - 1) {
                    sb.append(" ");
                }
            }
        }
        return sb.toString();
    }

    public static String[] buildScopeArray(String str) {
        if (str != null) {
            return str.trim().split("\\s");
        }
        return null;
    }

    public static boolean authenticateClient(String str, String str2) throws IdentityOAuthAdminException {
        CacheEntry valueFromCache;
        boolean z = false;
        String str3 = null;
        if (cacheEnabled && (valueFromCache = cache.getValueFromCache((CacheKey) new OAuthCacheKey(str))) != null && (valueFromCache instanceof ClientCredentialDO)) {
            str3 = ((ClientCredentialDO) valueFromCache).getClientSecret();
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Client credentials were available in the cache for client id : " + str);
            }
        }
        if (str3 == null) {
            str3 = new OAuthConsumerDAO().getOAuthConsumerSecret(str);
            if (log.isDebugEnabled()) {
                log.debug("Client credentials were fetched from the database.");
            }
        }
        if (str3 == null) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Provided Client ID : " + str + "is not valid.");
            return false;
        }
        if (!str3.equals(str2)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Provided the Client ID : " + str + " and Client Secret do not match with the issued credentials.");
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Successfully authenticated the client with client id : " + str);
        }
        if (!cacheEnabled || z) {
            return true;
        }
        cache.addToCache((CacheKey) new OAuthCacheKey(str), (CacheEntry) new ClientCredentialDO(str3));
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("Client credentials were added to the cache for client id : " + str);
        return true;
    }

    public static String getAuthenticatedUsername(String str, String str2) throws IdentityOAuthAdminException {
        CacheEntry valueFromCache;
        boolean z = false;
        String str3 = null;
        if (authenticateClient(str, str2)) {
            if (cacheEnabled && (valueFromCache = cache.getValueFromCache((CacheKey) new OAuthCacheKey(str + ":" + ((String) null)))) != null && (valueFromCache instanceof ClientCredentialDO)) {
                str3 = ((ClientCredentialDO) valueFromCache).getClientSecret();
                z = true;
                if (log.isDebugEnabled()) {
                    log.debug("Username was available in the cache : " + str3);
                }
            }
            if (str3 == null) {
                str3 = new OAuthConsumerDAO().getAuthenticatedUsername(str, str2);
                log.debug("Username fetch from the database");
            }
            if (str3 != null && cacheEnabled && !z) {
                cache.addToCache((CacheKey) new OAuthCacheKey(str + ":" + str3), (CacheEntry) new ClientCredentialDO(str3));
                log.debug("Caching username : " + str3);
            }
        }
        return str3;
    }

    public static String buildCacheKeyStringForAuthzCode(String str, String str2) {
        return str + ":" + str2;
    }

    public static AccessTokenDO validateAccessTokenDO(AccessTokenDO accessTokenDO) {
        long validityPeriodInMillis = accessTokenDO.getValidityPeriodInMillis();
        long time = accessTokenDO.getIssuedTime().getTime();
        long currentTimeMillis = System.currentTimeMillis();
        long timeStampSkewInSeconds = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
        if ((time + validityPeriodInMillis) - (currentTimeMillis + timeStampSkewInSeconds) <= 1000 || ((time + (OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds() * 1000)) - currentTimeMillis) + timeStampSkewInSeconds <= 1000) {
            return null;
        }
        accessTokenDO.setValidityPeriod(((time + validityPeriodInMillis) - (currentTimeMillis + timeStampSkewInSeconds)) / 1000);
        accessTokenDO.setValidityPeriodInMillis((time + validityPeriodInMillis) - (currentTimeMillis + timeStampSkewInSeconds));
        accessTokenDO.setIssuedTime(new Timestamp(currentTimeMillis));
        return accessTokenDO;
    }

    public static boolean checkAccessTokenPartitioningEnabled() {
        return OAuthServerConfiguration.getInstance().isAccessTokenPartitioningEnabled();
    }

    public static boolean checkUserNameAssertionEnabled() {
        return OAuthServerConfiguration.getInstance().isUserNameAssertionEnabled();
    }

    public static String getAccessTokenPartitioningDomains() {
        return OAuthServerConfiguration.getInstance().getAccessTokenPartitioningDomains();
    }

    public static Map<String, String> getAvailableUserStoreDomainMappings() throws IdentityOAuth2Exception {
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        String accessTokenPartitioningDomains = getAccessTokenPartitioningDomains();
        if (accessTokenPartitioningDomains != null) {
            for (String str : accessTokenPartitioningDomains.split(",")) {
                String[] split = str.trim().split(":");
                if (split.length < 2) {
                    throw new IdentityOAuth2Exception("Domain mapping has not defined correctly");
                }
                treeMap.put(split[1].trim(), split[0].trim());
            }
        }
        return treeMap;
    }

    public static String getUserStoreDomainFromUserId(String str) throws IdentityOAuth2Exception {
        String[] split;
        String str2 = null;
        if (str != null && (split = str.split("/")) != null && split.length > 1) {
            str2 = split[0];
            Map<String, String> availableUserStoreDomainMappings = getAvailableUserStoreDomainMappings();
            if (availableUserStoreDomainMappings != null && availableUserStoreDomainMappings.containsKey(str2)) {
                str2 = getAvailableUserStoreDomainMappings().get(str2);
            }
        }
        return str2;
    }

    public static String getUserStoreDomainFromAccessToken(String str) throws IdentityOAuth2Exception {
        String str2;
        String str3 = null;
        String[] split = new String(Base64.decodeBase64(str.getBytes())).split(":");
        if (split != null && (str2 = split[1]) != null) {
            str3 = getUserStoreDomainFromUserId(str2);
        }
        return str3;
    }

    public static String getAccessTokenStoreTableFromUserId(String str) throws IdentityOAuth2Exception {
        String[] split;
        String str2 = OAuthConstants.ACCESS_TOKEN_STORE_TABLE;
        if (str != null && (split = str.split("/")) != null && split.length > 1) {
            String str3 = split[0];
            Map<String, String> availableUserStoreDomainMappings = getAvailableUserStoreDomainMappings();
            if (availableUserStoreDomainMappings != null && availableUserStoreDomainMappings.containsKey(str3)) {
                str2 = str2 + "_" + availableUserStoreDomainMappings.get(str3);
            }
        }
        return str2;
    }

    public static String getAccessTokenStoreTableFromAccessToken(String str) throws IdentityOAuth2Exception {
        return getAccessTokenStoreTableFromUserId(getUserIdFromAccessToken(str));
    }

    public static String getUserIdFromAccessToken(String str) {
        String str2 = null;
        String[] split = new String(Base64.decodeBase64(str.getBytes())).split(":");
        if (split != null) {
            str2 = split[1];
        }
        return str2;
    }

    public static String getSafeText(String str) {
        if (str == null) {
            return str;
        }
        String trim = str.trim();
        if (trim.indexOf(60) > -1) {
            trim = trim.replace("<", "&lt;");
        }
        if (trim.indexOf(62) > -1) {
            trim = trim.replace(">", "&gt;");
        }
        return trim;
    }

    public static long getTokenExpireTimeMillis(AccessTokenDO accessTokenDO) {
        long validityPeriodInMillis = accessTokenDO.getValidityPeriodInMillis();
        long time = accessTokenDO.getIssuedTime().getTime();
        long currentTimeMillis = System.currentTimeMillis();
        if ((time + validityPeriodInMillis) - (currentTimeMillis + timestampSkew) <= 1000 || (time + (OAuthServerConfiguration.getInstance().getRefreshTokenValidityPeriodInSeconds() * 1000)) - (currentTimeMillis + timestampSkew) <= 1000) {
            return -1L;
        }
        return (time + validityPeriodInMillis) - (currentTimeMillis + timestampSkew);
    }
}
