package org.wso2.carbon.apimgt.keymgt.issuers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.axis2.util.JavaUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.Assertion;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.keymgt.handlers.ResourceConstants;
import org.wso2.carbon.apimgt.keymgt.util.APIKeyMgtUtil;
import org.wso2.carbon.identity.oauth.common.GrantType;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/issuers/RoleBasedScopesIssuer.class */
public class RoleBasedScopesIssuer extends AbstractScopesIssuer {
    private static Log log = LogFactory.getLog(RoleBasedScopesIssuer.class);
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive";
    private static final String ISSUER_PREFIX = "default";

    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public String getPrefix() {
        return "default";
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v128, types: [java.util.List] */
    @Override // org.wso2.carbon.apimgt.keymgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list) {
        ArrayList arrayList;
        String[] scope = oAuthTokenReqMessageContext.getScope();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("default");
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String userName = oAuthTokenReqMessageContext.getAuthorizedUser().getUserName();
        String addDomainToName = addDomainToName(userName, oAuthTokenReqMessageContext.getAuthorizedUser().getUserStoreDomain());
        List<String> asList = Arrays.asList(scope);
        try {
            Map scopeRolesOfApplication = getApiMgtDAOInstance().getScopeRolesOfApplication(clientId);
            String tenantDomain = oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain();
            Map map = (Map) getCacheManager("API_MANAGER_CACHE").getCache("REST_API_SCOPE_CACHE").get(tenantDomain);
            if (map != null) {
                scopeRolesOfApplication.putAll(map);
            } else {
                Map<String, String> rESTAPIScopesFromConfig = getRESTAPIScopesFromConfig(getTenantRESTAPIScopesConfig(tenantDomain));
                scopeRolesOfApplication.putAll(rESTAPIScopesFromConfig);
                getCacheManager("API_MANAGER_CACHE").getCache("REST_API_SCOPE_CACHE").put(tenantDomain, rESTAPIScopesFromConfig);
            }
            if (scopeRolesOfApplication.isEmpty()) {
                if (log.isDebugEnabled()) {
                    log.debug("No scopes defined for the Application " + oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
                }
                return getAllowedScopes(list, asList);
            }
            RealmService realmService = getRealmService();
            try {
                int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
                if (tenantId == 0 || tenantId == -1) {
                    tenantId = getTenantIdOfUser(userName);
                }
                String[] rolesFromAssertion = (GrantType.SAML20_BEARER.toString().equals(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType()) && Boolean.parseBoolean(System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION))) ? getRolesFromAssertion((Assertion) oAuthTokenReqMessageContext.getProperty(ResourceConstants.SAML2_ASSERTION)) : realmService.getTenantUserRealm(tenantId).getUserStoreManager().getRoleListOfUser(addDomainToName);
                if (rolesFromAssertion == null || rolesFromAssertion.length == 0) {
                    if (log.isDebugEnabled()) {
                        log.debug("Could not find roles of the user.");
                    }
                    return arrayList2;
                }
                ArrayList arrayList3 = new ArrayList();
                boolean isTrueExplicitly = JavaUtils.isTrueExplicitly(System.getProperty(PRESERVED_CASE_SENSITIVE_VARIABLE));
                if (isTrueExplicitly) {
                    arrayList = Arrays.asList(rolesFromAssertion);
                } else {
                    arrayList = new ArrayList();
                    for (String str : rolesFromAssertion) {
                        arrayList.add(str.toLowerCase());
                    }
                }
                for (String str2 : scope) {
                    String str3 = (String) scopeRolesOfApplication.get(str2);
                    if (str3 != null && str3.length() != 0) {
                        ArrayList arrayList4 = new ArrayList();
                        for (String str4 : str3.split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)) {
                            if (isTrueExplicitly) {
                                arrayList4.add(str4.trim());
                            } else {
                                arrayList4.add(str4.trim().toLowerCase());
                            }
                        }
                        arrayList4.retainAll(arrayList);
                        if (!arrayList4.isEmpty()) {
                            arrayList3.add(str2);
                        }
                    } else if (scopeRolesOfApplication.containsKey(str2) || isWhiteListedScope(list, str2)) {
                        arrayList3.add(str2);
                    }
                }
                return !arrayList3.isEmpty() ? arrayList3 : arrayList2;
            } catch (UserStoreException e) {
                log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
                return null;
            }
        } catch (APIManagementException e2) {
            log.error("Error while getting scopes of application " + e2.getMessage(), e2);
            return null;
        }
    }

    protected String addDomainToName(String str, String str2) {
        return UserCoreUtil.addDomainToName(str, str2);
    }

    protected String[] getRolesFromAssertion(Assertion assertion) {
        return APIKeyMgtUtil.getRolesFromAssertion(assertion);
    }
}
