package org.wso2.carbon.apimgt.tokenmgt.issuers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.apache.axis2.util.JavaUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.opensaml.saml.saml2.core.Assertion;
import org.wso2.carbon.apimgt.tokenmgt.MethodStats;
import org.wso2.carbon.apimgt.tokenmgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.tokenmgt.handlers.ResourceConstants;
import org.wso2.carbon.apimgt.tokenmgt.util.TokenMgtUtil;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.oauth.callback.OAuthCallback;
import org.wso2.carbon.identity.oauth.common.GrantType;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer.class */
public class RoleBasedScopesIssuer extends AbstractScopesIssuer {
    private static Log log;
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive";
    private static final String ISSUER_PREFIX = "default";
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;
    private static final JoinPoint.StaticPart ajc$tjp_4 = null;
    private static final JoinPoint.StaticPart ajc$tjp_5 = null;
    private static final JoinPoint.StaticPart ajc$tjp_6 = null;
    private static final JoinPoint.StaticPart ajc$tjp_7 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getPrefix_aroundBody0((RoleBasedScopesIssuer) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure11.class */
    public class AjcClosure11 extends AroundClosure {
        public AjcClosure11(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getRolesFromUserAttribute_aroundBody10((RoleBasedScopesIssuer) objArr2[0], (Map) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure13.class */
    public class AjcClosure13 extends AroundClosure {
        public AjcClosure13(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.addDomainToName_aroundBody12((RoleBasedScopesIssuer) objArr2[0], (String) objArr2[1], (String) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure15.class */
    public class AjcClosure15 extends AroundClosure {
        public AjcClosure15(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getRolesFromAssertion_aroundBody14((RoleBasedScopesIssuer) objArr2[0], (Assertion) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getScopes_aroundBody2((RoleBasedScopesIssuer) objArr2[0], (OAuthCallback) objArr2[1], (List) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getScopes_aroundBody4((RoleBasedScopesIssuer) objArr2[0], (OAuthTokenReqMessageContext) objArr2[1], (List) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getUserRoles_aroundBody6((RoleBasedScopesIssuer) objArr2[0], (AuthenticatedUser) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/RoleBasedScopesIssuer$AjcClosure9.class */
    public class AjcClosure9 extends AroundClosure {
        public AjcClosure9(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return RoleBasedScopesIssuer.getAuthorizedScopes_aroundBody8((RoleBasedScopesIssuer) objArr2[0], (String[]) objArr2[1], (String[]) objArr2[2], (Map) objArr2[3], (List) objArr2[4], (JoinPoint) objArr2[5]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(RoleBasedScopesIssuer.class);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public String getPrefix() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getPrefix_aroundBody0(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthCallback oAuthCallback, List<String> list) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, oAuthCallback, list);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, oAuthCallback, list, makeJP}).linkClosureAndJoinPoint(69648)) : getScopes_aroundBody2(this, oAuthCallback, list, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, oAuthTokenReqMessageContext, list);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, oAuthTokenReqMessageContext, list, makeJP}).linkClosureAndJoinPoint(69648)) : getScopes_aroundBody4(this, oAuthTokenReqMessageContext, list, makeJP);
    }

    private String[] getUserRoles(AuthenticatedUser authenticatedUser) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, authenticatedUser);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String[]) MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, authenticatedUser, makeJP}).linkClosureAndJoinPoint(69648)) : getUserRoles_aroundBody6(this, authenticatedUser, makeJP);
    }

    private List<String> getAuthorizedScopes(String[] strArr, String[] strArr2, Map<String, String> map, List<String> list) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_4, this, this, new Object[]{strArr, strArr2, map, list});
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure9(new Object[]{this, strArr, strArr2, map, list, makeJP}).linkClosureAndJoinPoint(69648)) : getAuthorizedScopes_aroundBody8(this, strArr, strArr2, map, list, makeJP);
    }

    private String[] getRolesFromUserAttribute(Map<ClaimMapping, String> map, String str) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_5, this, this, map, str);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String[]) MethodTimeLogger.aspectOf().log(new AjcClosure11(new Object[]{this, map, str, makeJP}).linkClosureAndJoinPoint(69648)) : getRolesFromUserAttribute_aroundBody10(this, map, str, makeJP);
    }

    protected String addDomainToName(String str, String str2) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_6, this, this, str, str2);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure13(new Object[]{this, str, str2, makeJP}).linkClosureAndJoinPoint(69648)) : addDomainToName_aroundBody12(this, str, str2, makeJP);
    }

    protected String[] getRolesFromAssertion(Assertion assertion) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_7, this, this, assertion);
        return ((this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled()) || (MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll())) ? (String[]) MethodTimeLogger.aspectOf().log(new AjcClosure15(new Object[]{this, assertion, makeJP}).linkClosureAndJoinPoint(69648)) : getRolesFromAssertion_aroundBody14(this, assertion, makeJP);
    }

    static final String getPrefix_aroundBody0(RoleBasedScopesIssuer roleBasedScopesIssuer, JoinPoint joinPoint) {
        return "default";
    }

    static final List getScopes_aroundBody2(RoleBasedScopesIssuer roleBasedScopesIssuer, OAuthCallback oAuthCallback, List list, JoinPoint joinPoint) {
        List<String> list2 = null;
        String[] requestedScope = oAuthCallback.getRequestedScope();
        String client = oAuthCallback.getClient();
        AuthenticatedUser resourceOwner = oAuthCallback.getResourceOwner();
        Map<String, String> appScopes = roleBasedScopesIssuer.getAppScopes(client, resourceOwner);
        if (appScopes != null) {
            if (roleBasedScopesIssuer.isAppScopesEmpty(appScopes, client).booleanValue()) {
                return roleBasedScopesIssuer.getAllowedScopes(list, Arrays.asList(requestedScope));
            }
            list2 = roleBasedScopesIssuer.getAuthorizedScopes(roleBasedScopesIssuer.getUserRoles(resourceOwner), requestedScope, appScopes, list);
        }
        return list2;
    }

    static final List getScopes_aroundBody4(RoleBasedScopesIssuer roleBasedScopesIssuer, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List list, JoinPoint joinPoint) {
        List<String> list2 = null;
        String[] scope = oAuthTokenReqMessageContext.getScope();
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        AuthenticatedUser authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
        Map<String, String> appScopes = roleBasedScopesIssuer.getAppScopes(clientId, authorizedUser);
        if (appScopes != null) {
            if (roleBasedScopesIssuer.isAppScopesEmpty(appScopes, clientId).booleanValue()) {
                return roleBasedScopesIssuer.getAllowedScopes(list, Arrays.asList(scope));
            }
            String grantType = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType();
            String[] strArr = null;
            String property = System.getProperty(ResourceConstants.CHECK_ROLES_FROM_SAML_ASSERTION);
            String property2 = System.getProperty(ResourceConstants.RETRIEVE_ROLES_FROM_USERSTORE_FOR_SCOPE_VALIDATION);
            if (GrantType.SAML20_BEARER.toString().equals(grantType) && Boolean.parseBoolean(property)) {
                strArr = roleBasedScopesIssuer.getRolesFromAssertion((Assertion) oAuthTokenReqMessageContext.getProperty(ResourceConstants.SAML2_ASSERTION));
            } else if (!"urn:ietf:params:oauth:grant-type:jwt-bearer".equals(grantType) || Boolean.parseBoolean(property2)) {
                strArr = roleBasedScopesIssuer.getUserRoles(authorizedUser);
            } else {
                Map<ClaimMapping, String> userAttributes = oAuthTokenReqMessageContext.getAuthorizedUser().getUserAttributes();
                if (oAuthTokenReqMessageContext.getProperty(ResourceConstants.ROLE_CLAIM) != null) {
                    strArr = roleBasedScopesIssuer.getRolesFromUserAttribute(userAttributes, oAuthTokenReqMessageContext.getProperty(ResourceConstants.ROLE_CLAIM).toString());
                }
            }
            list2 = roleBasedScopesIssuer.getAuthorizedScopes(strArr, scope, appScopes, list);
        }
        return list2;
    }

    static final String[] getUserRoles_aroundBody6(RoleBasedScopesIssuer roleBasedScopesIssuer, AuthenticatedUser authenticatedUser, JoinPoint joinPoint) {
        String tenantDomain;
        String userName;
        String[] strArr = null;
        if (authenticatedUser.isFederatedUser()) {
            tenantDomain = MultitenantUtils.getTenantDomain(authenticatedUser.getAuthenticatedSubjectIdentifier());
            userName = MultitenantUtils.getTenantAwareUsername(authenticatedUser.getAuthenticatedSubjectIdentifier());
        } else {
            tenantDomain = authenticatedUser.getTenantDomain();
            userName = authenticatedUser.getUserName();
        }
        String userStoreDomain = authenticatedUser.getUserStoreDomain();
        RealmService realmService = roleBasedScopesIssuer.getRealmService();
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (tenantId == 0 || tenantId == -1) {
                tenantId = roleBasedScopesIssuer.getTenantIdOfUser(userName);
            }
            strArr = realmService.getTenantUserRealm(tenantId).getUserStoreManager().getRoleListOfUser(roleBasedScopesIssuer.addDomainToName(userName, userStoreDomain));
        } catch (UserStoreException e) {
            log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
        }
        return strArr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v63, types: [java.util.List] */
    static final List getAuthorizedScopes_aroundBody8(RoleBasedScopesIssuer roleBasedScopesIssuer, String[] strArr, String[] strArr2, Map map, List list, JoinPoint joinPoint) {
        ArrayList arrayList;
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("default");
        if (strArr == null || strArr.length == 0) {
            strArr = new String[0];
        }
        ArrayList arrayList3 = new ArrayList();
        boolean isTrueExplicitly = JavaUtils.isTrueExplicitly(System.getProperty(PRESERVED_CASE_SENSITIVE_VARIABLE));
        if (isTrueExplicitly) {
            arrayList = Arrays.asList(strArr);
        } else {
            arrayList = new ArrayList();
            for (String str : strArr) {
                arrayList.add(str.toLowerCase());
            }
        }
        for (String str2 : strArr2) {
            String str3 = (String) map.get(str2);
            if (str3 != null && str3.length() != 0) {
                ArrayList arrayList4 = new ArrayList();
                for (String str4 : str3.split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)) {
                    if (isTrueExplicitly) {
                        arrayList4.add(str4.trim());
                    } else {
                        arrayList4.add(str4.trim().toLowerCase());
                    }
                }
                arrayList4.retainAll(arrayList);
                if (!arrayList4.isEmpty()) {
                    arrayList3.add(str2);
                }
            } else if (map.containsKey(str2) || roleBasedScopesIssuer.isAllowedScope(list, str2)) {
                arrayList3.add(str2);
            }
        }
        return !arrayList3.isEmpty() ? arrayList3 : arrayList2;
    }

    static final String[] getRolesFromUserAttribute_aroundBody10(RoleBasedScopesIssuer roleBasedScopesIssuer, Map map, String str, JoinPoint joinPoint) {
        for (Map.Entry entry : map.entrySet()) {
            if (str.equals(((ClaimMapping) entry.getKey()).getLocalClaim().getClaimUri()) && StringUtils.isNotBlank((String) entry.getValue())) {
                return ((String) entry.getValue()).replace("\\/", "/").replace("[", "").replace("]", "").replace("\"", "").split(FrameworkUtils.getMultiAttributeSeparator());
            }
        }
        return null;
    }

    static final String addDomainToName_aroundBody12(RoleBasedScopesIssuer roleBasedScopesIssuer, String str, String str2, JoinPoint joinPoint) {
        return UserCoreUtil.addDomainToName(str, str2);
    }

    static final String[] getRolesFromAssertion_aroundBody14(RoleBasedScopesIssuer roleBasedScopesIssuer, Assertion assertion, JoinPoint joinPoint) {
        return TokenMgtUtil.getRolesFromAssertion(assertion);
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("RoleBasedScopesIssuer.java", RoleBasedScopesIssuer.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getPrefix", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "", "", "", "java.lang.String"), 60);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "org.wso2.carbon.identity.oauth.callback.OAuthCallback:java.util.List", "scopeValidationCallback:allowedScopes", "", "java.util.List"), 72);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext:java.util.List", "tokReqMsgCtx:allowedScopes", "", "java.util.List"), 99);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getUserRoles", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser", "authenticatedUser", "", "[Ljava.lang.String;"), 147);
        ajc$tjp_4 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getAuthorizedScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "[Ljava.lang.String;:[Ljava.lang.String;:java.util.Map:java.util.List", "userRoles:requestedScopes:appScopes:allowedScopes", "", "java.util.List"), 187);
        ajc$tjp_5 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getRolesFromUserAttribute", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "java.util.Map:java.lang.String", "userAttributes:roleClaim", "", "[Ljava.lang.String;"), 245);
        ajc$tjp_6 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "addDomainToName", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "java.lang.String:java.lang.String", "username:domainName", "", "java.lang.String"), 268);
        ajc$tjp_7 = factory.makeSJP("method-execution", factory.makeMethodSig("4", "getRolesFromAssertion", "org.wso2.carbon.apimgt.tokenmgt.issuers.RoleBasedScopesIssuer", "org.opensaml.saml.saml2.core.Assertion", "assertion", "", "[Ljava.lang.String;"), 278);
    }
}
