package org.wso2.am.choreo.extensions.token.handler;

import choreo.apis.Types;
import com.nimbusds.jwt.JWTClaimsSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.am.choreo.extensions.token.handler.internal.ServiceReferenceHolder;
import org.wso2.am.choreo.extensions.token.handler.utils.ChoreoScopeIssuerUtils;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClient;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClientException;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.ApplicationInfo;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
import org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;

/* loaded from: input_file:org/wso2/am/choreo/extensions/token/handler/ChoreoJWTTokenIssuer.class */
public class ChoreoJWTTokenIssuer extends JWTTokenIssuer {
    private static final Log log = LogFactory.getLog(ChoreoJWTTokenIssuer.class);
    private static final String choreoControlPlaneOrgUuid = getChoreoControlPlaneOrgUuid();

    protected JWTClaimsSet createJWTClaimSet(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, String str) throws IdentityOAuth2Exception {
        JWTClaimsSet createJWTClaimSet = super.createJWTClaimSet(oAuthAuthzReqMessageContext, oAuthTokenReqMessageContext, str);
        String subject = createJWTClaimSet.getSubject();
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(createJWTClaimSet);
        Object property = oAuthTokenReqMessageContext.getProperty(TokenHandlerConstants.IDP_CLAIMS_CLAIM_KEY);
        if (property != null) {
            builder.claim(TokenHandlerConstants.IDP_CLAIMS_CLAIM_KEY, property);
        }
        String orgUuidByConsumerKey = getOrgUuidByConsumerKey(str);
        if (orgUuidByConsumerKey != null) {
            builder.claim(TokenHandlerConstants.ORG_CLAIMS_CLAIM_KEY, Collections.singletonMap(TokenHandlerConstants.ORG_ID_CLAIMS_CLAIM_KEY, orgUuidByConsumerKey));
        }
        try {
            ApplicationInfo lightweightApplicationByConsumerKey = ApiMgtDAO.getInstance().getLightweightApplicationByConsumerKey(str);
            if (choreoControlPlaneOrgUuid != null && lightweightApplicationByConsumerKey != null && choreoControlPlaneOrgUuid.equals(lightweightApplicationByConsumerKey.getOrganizationId())) {
                log.debug("Consumer key belongs to control plane organization :" + str);
                List<Types.Organization> findUserOrganizationsByIdpId = GrpcClient.findUserOrganizationsByIdpId(subject);
                builder.claim("organizations", getOrganizationsOfUser(findUserOrganizationsByIdpId));
                if (ChoreoScopeIssuerUtils.isOrgHandleRequestParamPresent(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO())) {
                    if (log.isDebugEnabled()) {
                        log.debug("orgHandle request param is present. Hence adding org to jwt claims");
                    }
                    Optional<RequestParameter> orgHandleFromTokenRequest = ChoreoScopeIssuerUtils.getOrgHandleFromTokenRequest(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO());
                    if (orgHandleFromTokenRequest.isPresent() && orgHandleFromTokenRequest.get().getValue().length > 0) {
                        String str2 = orgHandleFromTokenRequest.get().getValue()[0];
                        HashMap hashMap = new HashMap();
                        hashMap.put("handle", str2);
                        Optional<String> organizationUuid = getOrganizationUuid(str2, findUserOrganizationsByIdpId);
                        if (organizationUuid.isPresent()) {
                            hashMap.put(TokenHandlerConstants.ORG_ID_CLAIMS_CLAIM_KEY, organizationUuid.get());
                        } else {
                            log.warn(String.format("Org UUID couldn't be found for orgHandle: %s, idpId: %s", str2, subject));
                        }
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("Adding organization claims to the JWT: %s", hashMap));
                        }
                        builder.claim(TokenHandlerConstants.ORG_CLAIMS_CLAIM_KEY, hashMap);
                    }
                }
            }
            return builder.build();
        } catch (APIManagementException e) {
            throw new IdentityOAuth2Exception("Error while fetching org details of consumer key :" + str, e);
        } catch (GrpcClientException e2) {
            throw new IdentityOAuth2Exception("Error while fetching org details via grpc service for user :" + subject, e2);
        }
    }

    private String[] getOrganizationsOfUser(List<Types.Organization> list) {
        return (String[]) list.stream().map((v0) -> {
            return v0.getUuid();
        }).toArray(i -> {
            return new String[i];
        });
    }

    private Optional<String> getOrganizationUuid(String str, List<Types.Organization> list) {
        return list.stream().filter(organization -> {
            return str.equals(organization.getHandle());
        }).findAny().map((v0) -> {
            return v0.getUuid();
        });
    }

    private static String getChoreoControlPlaneOrgUuid() {
        return ServiceReferenceHolder.getInstance().getChoreoExtensionConfiguration().getTokenHandlerConfiguration().getChoreoControlPlaneOrgUuid();
    }

    private String getOrgUuidByConsumerKey(String str) throws IdentityOAuth2Exception {
        try {
            ApplicationInfo lightweightApplicationByConsumerKey = ApiMgtDAO.getInstance().getLightweightApplicationByConsumerKey(str);
            if (lightweightApplicationByConsumerKey != null) {
                return lightweightApplicationByConsumerKey.getOrganizationId();
            }
            try {
                for (ServiceProviderProperty serviceProviderProperty : ApplicationManagementService.getInstance().getServiceProviderByClientId(str, "oauth2", "carbon.super").getSpProperties()) {
                    if (TokenHandlerConstants.APP_ORG_ID_NAME.equalsIgnoreCase(serviceProviderProperty.getName())) {
                        return serviceProviderProperty.getValue();
                    }
                }
                return null;
            } catch (IdentityApplicationManagementException e) {
                throw new IdentityOAuth2Exception("Error while fetching serviceProvider details for client :" + str, e);
            }
        } catch (APIManagementException e2) {
            throw new IdentityOAuth2Exception("Error while fetching org details of consumer key :" + str, e2);
        }
    }
}
