package org.wso2.carbon.apimgt.keymgt.issuers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.cache.Caching;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.Assertion;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtDataHolder;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.common.GrantType;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/RoleBasedScopesIssuer.class */
public class RoleBasedScopesIssuer extends AbstractScopesIssuer {
    private static Log log = LogFactory.getLog(RoleBasedScopesIssuer.class);
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final String ISSUER_PREFIX = "default";

    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public String getPrefix() {
        return "default";
    }

    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list) {
        String[] scope = oAuthTokenReqMessageContext.getScope();
        ArrayList arrayList = new ArrayList();
        arrayList.add("default");
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String userName = oAuthTokenReqMessageContext.getAuthorizedUser().getUserName();
        String addDomainToName = UserCoreUtil.addDomainToName(userName, oAuthTokenReqMessageContext.getAuthorizedUser().getUserStoreDomain());
        List<String> asList = Arrays.asList(scope);
        try {
            Map scopeRolesOfApplication = ApiMgtDAO.getInstance().getScopeRolesOfApplication(clientId);
            String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
            Map map = (Map) Caching.getCacheManager("API_MANAGER_CACHE").getCache("REST_API_SCOPE_CACHE").get(tenantDomain);
            if (map != null) {
                scopeRolesOfApplication.putAll(map);
            } else {
                Map rESTAPIScopesFromConfig = APIUtil.getRESTAPIScopesFromConfig(APIUtil.getTenantRESTAPIScopesConfig(tenantDomain));
                scopeRolesOfApplication.putAll(rESTAPIScopesFromConfig);
                Caching.getCacheManager("API_MANAGER_CACHE").getCache("REST_API_SCOPE_CACHE").put(tenantDomain, rESTAPIScopesFromConfig);
            }
            if (scopeRolesOfApplication.isEmpty()) {
                if (log.isDebugEnabled()) {
                    log.debug("No scopes defined for the Application " + oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
                }
                return getAllowedScopes(list, asList);
            }
            RealmService realmService = APIKeyMgtDataHolder.getRealmService();
            try {
                int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                if (tenantId == 0 || tenantId == -1) {
                    tenantId = IdentityTenantUtil.getTenantIdOfUser(userName);
                }
                String[] rolesFromAssertion = (GrantType.SAML20_BEARER.toString().equals(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType()) && Boolean.parseBoolean(System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION))) ? APIKeyMgtUtil.getRolesFromAssertion((Assertion) oAuthTokenReqMessageContext.getProperty(ResourceConstants.SAML2_ASSERTION)) : realmService.getTenantUserRealm(tenantId).getUserStoreManager().getRoleListOfUser(addDomainToName);
                if (rolesFromAssertion == null || rolesFromAssertion.length == 0) {
                    if (log.isDebugEnabled()) {
                        log.debug("Could not find roles of the user.");
                    }
                    return arrayList;
                }
                ArrayList arrayList2 = new ArrayList();
                ArrayList arrayList3 = new ArrayList(Arrays.asList(rolesFromAssertion));
                for (String str : scope) {
                    String str2 = (String) scopeRolesOfApplication.get(str);
                    if (str2 != null && str2.length() != 0) {
                        ArrayList arrayList4 = new ArrayList(Arrays.asList(str2.replaceAll(" ", "").split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)));
                        arrayList4.retainAll(arrayList3);
                        if (!arrayList4.isEmpty()) {
                            arrayList2.add(str);
                        }
                    } else if (scopeRolesOfApplication.containsKey(str) || isWhiteListedScope(list, str)) {
                        arrayList2.add(str);
                    }
                }
                return !arrayList2.isEmpty() ? arrayList2 : arrayList;
            } catch (UserStoreException e) {
                log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
                return null;
            }
        } catch (APIManagementException e2) {
            log.error("Error while getting scopes of application " + e2.getMessage(), e2);
            return null;
        }
    }
}
