package org.wso2.carbon.apimgt.keymgt.issuers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/PermissionBasedScopeIssuer.class */
public class PermissionBasedScopeIssuer extends AbstractScopesIssuer {
    private static Log log = LogFactory.getLog(PermissionBasedScopeIssuer.class);
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final String ISSUER_PREFIX = "perm";
    private static final String UI_EXECUTE = "ui.execute";
    private static final String REST_API_SCOPE_CACHE = "REST_API_SCOPE_CACHE";

    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public String getPrefix() {
        return ISSUER_PREFIX;
    }

    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list) {
        String[] scope = oAuthTokenReqMessageContext.getScope();
        ArrayList arrayList = new ArrayList();
        arrayList.add(DEFAULT_SCOPE_NAME);
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        List<String> asList = Arrays.asList(scope);
        try {
            Map<String, String> scopeRolesOfApplication = getApiMgtDAOInstance().getScopeRolesOfApplication(clientId);
            String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
            Map<? extends String, ? extends String> map = (Map) getCacheManager("API_MANAGER_CACHE").getCache(REST_API_SCOPE_CACHE).get(tenantDomain);
            if (map != null) {
                scopeRolesOfApplication.putAll(map);
            } else {
                Map<String, String> rESTAPIScopesFromConfig = getRESTAPIScopesFromConfig(getTenantRESTAPIScopesConfig(tenantDomain));
                scopeRolesOfApplication.putAll(rESTAPIScopesFromConfig);
                getCacheManager("API_MANAGER_CACHE").getCache(REST_API_SCOPE_CACHE).put(tenantDomain, rESTAPIScopesFromConfig);
            }
            if (!scopeRolesOfApplication.isEmpty()) {
                List<String> authorizedScopes = getAuthorizedScopes(oAuthTokenReqMessageContext, asList, scopeRolesOfApplication, list);
                return !authorizedScopes.isEmpty() ? authorizedScopes : arrayList;
            }
            if (log.isDebugEnabled()) {
                log.debug("No scopes defined for the Application " + oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
            }
            return getAllowedScopes(list, asList);
        } catch (APIManagementException e) {
            log.error("Error while getting scopes of application " + e.getMessage());
            return null;
        }
    }

    private List<String> getAuthorizedScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list, Map<String, String> map, List<String> list2) {
        ArrayList arrayList = new ArrayList();
        String userName = oAuthTokenReqMessageContext.getAuthorizedUser().getUserName();
        String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
        RealmService realmService = getRealmService();
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (tenantId == 0 || tenantId == -1) {
                tenantId = getTenantIdOfUser(userName);
            }
            UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
            for (String str : list) {
                boolean z = false;
                String str2 = map.get(str);
                if (str2 != null && str2.length() != 0) {
                    ArrayList<String> arrayList2 = new ArrayList(Arrays.asList(str2.replaceAll(" ", "").split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)));
                    if (!arrayList2.isEmpty()) {
                        for (String str3 : arrayList2) {
                            if (tenantUserRealm != null && tenantUserRealm.getAuthorizationManager() != null) {
                                String userStoreDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getUserStoreDomain();
                                userName = MultitenantUtils.getTenantAwareUsername(userName);
                                z = userStoreDomain != null ? tenantUserRealm.getAuthorizationManager().isUserAuthorized(userStoreDomain + "/" + userName, str3, UI_EXECUTE) : tenantUserRealm.getAuthorizationManager().isUserAuthorized(userName, str3, UI_EXECUTE);
                                if (z) {
                                    break;
                                }
                            }
                        }
                        if (z) {
                            arrayList.add(str);
                        }
                    }
                } else if (map.containsKey(str) || isWhiteListedScope(list2, str)) {
                    arrayList.add(str);
                }
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while initializing user store.", e);
        }
        return arrayList;
    }
}
