package org.wso2.carbon.device.mgt.oauth.extensions.validators;

import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
import org.wso2.carbon.device.mgt.oauth.extensions.internal.OAuthExtensionsDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.validators.OAuth2ScopeValidator;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator.class */
public class PermissionBasedScopeValidator extends OAuth2ScopeValidator {
    private static final String URL_PROPERTY = "URL";
    private static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
    private static final Log log = LogFactory.getLog(PermissionBasedScopeValidator.class);

    /* loaded from: input_file:org/wso2/carbon/device/mgt/oauth/extensions/validators/PermissionBasedScopeValidator$PermissionMethod.class */
    public static final class PermissionMethod {
        public static final String READ = "read";
        public static final String WRITE = "write";
        public static final String DELETE = "delete";
        public static final String ACTION = "action";
        public static final String UI_EXECUTE = "ui.execute";

        private PermissionMethod() {
            throw new AssertionError();
        }
    }

    public boolean validateScope(AccessTokenDO accessTokenDO, String str) throws IdentityOAuth2Exception {
        boolean z = false;
        int lastIndexOf = str.lastIndexOf(58);
        String substring = str.substring(0, lastIndexOf);
        String substring2 = str.substring(lastIndexOf + 1, str.length());
        int indexOf = substring.indexOf(63);
        if (indexOf > 0) {
            substring = substring.substring(0, indexOf);
        }
        Properties properties = new Properties();
        properties.put(URL_PROPERTY, substring.toLowerCase());
        properties.put(HTTP_METHOD_PROPERTY, substring2.toUpperCase());
        try {
            Permission permission = OAuthExtensionsDataHolder.getInstance().getPermissionManagerService().getPermission(properties);
            AuthenticatedUser authzUser = accessTokenDO.getAuthzUser();
            if (permission != null && authzUser != null) {
                String userName = authzUser.getUserName();
                String userStoreDomain = authzUser.getUserStoreDomain();
                UserRealm tenantUserRealm = OAuthExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(OAuthExtUtils.getTenantId(authzUser.getTenantDomain()));
                if (tenantUserRealm != null && tenantUserRealm.getAuthorizationManager() != null) {
                    z = tenantUserRealm.getAuthorizationManager().isUserAuthorized(userStoreDomain + "/" + userName, permission.getPath(), PermissionMethod.UI_EXECUTE);
                }
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while retrieving user store. " + e.getMessage());
        } catch (PermissionManagementException e2) {
            log.error("Error occurred while validating the resource scope for : " + str + ", Msg = " + e2.getMessage(), e2);
        }
        return z;
    }
}
