package org.wso2.am.choreo.extensions.token.handler;

import io.grpc.StatusRuntimeException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Optional;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.am.choreo.extensions.token.handler.utils.ChoreoScopeIssuerUtils;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext;
import org.wso2.carbon.identity.oauth2.validators.scope.ScopeValidator;

/* loaded from: input_file:org/wso2/am/choreo/extensions/token/handler/ChoreoScopeIssuer.class */
public class ChoreoScopeIssuer implements ScopeValidator {
    private static final Log log = LogFactory.getLog(ChoreoScopeIssuer.class);

    public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        ArrayList arrayList;
        if (log.isDebugEnabled()) {
            log.debug("Validating scope with Choreo Scope Issuer");
        }
        if (!ChoreoScopeIssuerUtils.isConfigsSet()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Choreo extension configuration is not set!");
            return true;
        }
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String authenticatedSubjectIdentifier = oAuthTokenReqMessageContext.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
        if (authenticatedSubjectIdentifier == null || !ChoreoScopeIssuerUtils.isClientIdMatching(clientId)) {
            return true;
        }
        try {
            String[] scope = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getScope();
            if (scope.length == 0) {
                return true;
            }
            if (ChoreoScopeIssuerUtils.isOrgBasedTokenFeatureEnabled()) {
                if (log.isDebugEnabled()) {
                    log.debug("$FEATURE_FLAG_ORG_BASED_TOKEN_ENABLED enabled. Hence issuing org based token.");
                }
                Optional<RequestParameter> orgIdFromTokenRequest = ChoreoScopeIssuerUtils.getOrgIdFromTokenRequest(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO());
                if (!orgIdFromTokenRequest.isPresent() || orgIdFromTokenRequest.get().getValue().length == 0) {
                    throw new IdentityOAuth2Exception("Org ID request param: orgId is not present in request");
                }
                arrayList = new ArrayList(ChoreoScopeIssuerUtils.getScopesForOrg(authenticatedSubjectIdentifier, orgIdFromTokenRequest.get().getValue()[0], scope));
            } else {
                arrayList = new ArrayList(Arrays.asList(ChoreoScopeIssuerUtils.getScopes(authenticatedSubjectIdentifier, clientId, scope)));
            }
            int length = scope.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (scope[i].equals(ChoreoScopeIssuerUtils.OPENID_SCOPE)) {
                    arrayList.add(ChoreoScopeIssuerUtils.OPENID_SCOPE);
                    break;
                }
                i++;
            }
            if (log.isDebugEnabled()) {
                log.debug("Requested scope list: " + String.join(", ", scope));
                log.debug("Generated choreo portal scope list: " + String.join(", ", arrayList));
            }
            oAuthTokenReqMessageContext.setScope((String[]) arrayList.toArray(new String[arrayList.size()]));
            return true;
        } catch (StatusRuntimeException | GrpcClientException e) {
            throw new IdentityOAuth2Exception("Failed to obtain user details", e);
        }
    }

    public boolean validateScope(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    public String getName() {
        return "choreo scope issuer";
    }
}
