package org.wso2.am.choreo.extensions.token.handler;

import choreo.apis.Types;
import com.nimbusds.jwt.JWTClaimsSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.am.choreo.extensions.token.handler.internal.ServiceReferenceHolder;
import org.wso2.am.choreo.extensions.token.handler.utils.ChoreoScopeIssuerUtils;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClient;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClientException;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.ApplicationInfo;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;

/* loaded from: input_file:org/wso2/am/choreo/extensions/token/handler/ChoreoJWTTokenIssuer.class */
public class ChoreoJWTTokenIssuer extends JWTTokenIssuer {
    private static final Log log = LogFactory.getLog(ChoreoJWTTokenIssuer.class);
    private static final String choreoControlPlaneOrgUuid = getChoreoControlPlaneOrgUuid();

    protected JWTClaimsSet createJWTClaimSet(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str) throws IdentityOAuth2Exception {
        JWTClaimsSet createJWTClaimSet = super.createJWTClaimSet(oAuthAuthzReqMessageContext, oAuthTokenReqMessageContext, str);
        String subject = createJWTClaimSet.getSubject();
        try {
            ApplicationInfo lightweightApplicationByConsumerKey = ApiMgtDAO.getInstance().getLightweightApplicationByConsumerKey(str);
            if (choreoControlPlaneOrgUuid == null || lightweightApplicationByConsumerKey == null || !choreoControlPlaneOrgUuid.equals(lightweightApplicationByConsumerKey.getOrganizationId())) {
                log.debug("Consumer key does not belong to control plane organization :" + str);
                return createJWTClaimSet;
            }
            log.debug("Consumer key belongs to control plane organization :" + str);
            JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(createJWTClaimSet);
            builder.claim("organizations", getOrganizationsOfUser(subject));
            if (ChoreoScopeIssuerUtils.isOrgIdRequestParamPresent(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO())) {
                if (log.isDebugEnabled()) {
                    log.debug("orgId request param is present. Hence adding org to jwt claims");
                }
                Optional<RequestParameter> orgIdFromTokenRequest = ChoreoScopeIssuerUtils.getOrgIdFromTokenRequest(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO());
                if (orgIdFromTokenRequest.isPresent() && orgIdFromTokenRequest.get().getValue().length > 0) {
                    builder.claim("organization", orgIdFromTokenRequest.get().getValue()[0]);
                }
            }
            return builder.build();
        } catch (APIManagementException e) {
            throw new IdentityOAuth2Exception("Error while fetching org details of consumer key :" + str, e);
        } catch (GrpcClientException e2) {
            throw new IdentityOAuth2Exception("Error while fetching org details via grpc service for user :" + subject, e2);
        }
    }

    private String[] getOrganizationsOfUser(String str) throws GrpcClientException {
        List<Types.Group> findUserGroupsByIdpId = GrpcClient.findUserGroupsByIdpId(str);
        HashSet hashSet = new HashSet();
        Iterator<Types.Group> it = findUserGroupsByIdpId.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getOrgUuid());
        }
        return (String[]) hashSet.stream().toArray(i -> {
            return new String[i];
        });
    }

    private static String getChoreoControlPlaneOrgUuid() {
        return ServiceReferenceHolder.getInstance().getChoreoExtensionConfiguration().getTokenHandlerConfiguration().getChoreoControlPlaneOrgUuid();
    }
}
