package org.wso2.carbon.apimgt.tokenmgt.issuers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.wso2.carbon.apimgt.tokenmgt.MethodStats;
import org.wso2.carbon.apimgt.tokenmgt.MethodTimeLogger;
import org.wso2.carbon.apimgt.tokenmgt.handlers.ResourceConstants;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth.callback.OAuthCallback;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/PermissionBasedScopeIssuer.class */
public class PermissionBasedScopeIssuer extends AbstractScopesIssuer {
    private static Log log;
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final String ISSUER_PREFIX = "perm";
    private static final String UI_EXECUTE = "ui.execute";
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final JoinPoint.StaticPart ajc$tjp_1 = null;
    private static final JoinPoint.StaticPart ajc$tjp_2 = null;
    private static final JoinPoint.StaticPart ajc$tjp_3 = null;

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/PermissionBasedScopeIssuer$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return PermissionBasedScopeIssuer.getPrefix_aroundBody0((PermissionBasedScopeIssuer) objArr2[0], (JoinPoint) objArr2[1]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/PermissionBasedScopeIssuer$AjcClosure3.class */
    public class AjcClosure3 extends AroundClosure {
        public AjcClosure3(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return PermissionBasedScopeIssuer.getScopes_aroundBody2((PermissionBasedScopeIssuer) objArr2[0], (OAuthTokenReqMessageContext) objArr2[1], (List) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/PermissionBasedScopeIssuer$AjcClosure5.class */
    public class AjcClosure5 extends AroundClosure {
        public AjcClosure5(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return PermissionBasedScopeIssuer.getScopes_aroundBody4((PermissionBasedScopeIssuer) objArr2[0], (OAuthCallback) objArr2[1], (List) objArr2[2], (JoinPoint) objArr2[3]);
        }
    }

    /* loaded from: input_file:org/wso2/carbon/apimgt/tokenmgt/issuers/PermissionBasedScopeIssuer$AjcClosure7.class */
    public class AjcClosure7 extends AroundClosure {
        public AjcClosure7(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return PermissionBasedScopeIssuer.getAuthorizedScopes_aroundBody6((PermissionBasedScopeIssuer) objArr2[0], (AuthenticatedUser) objArr2[1], (List) objArr2[2], (Map) objArr2[3], (List) objArr2[4], (JoinPoint) objArr2[5]);
        }
    }

    static {
        ajc$preClinit();
        log = LogFactory.getLog(PermissionBasedScopeIssuer.class);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public String getPrefix() {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (String) MethodTimeLogger.aspectOf().log(new AjcClosure1(new Object[]{this, makeJP}).linkClosureAndJoinPoint(69648)) : getPrefix_aroundBody0(this, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List<String> list) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_1, this, this, oAuthTokenReqMessageContext, list);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure3(new Object[]{this, oAuthTokenReqMessageContext, list, makeJP}).linkClosureAndJoinPoint(69648)) : getScopes_aroundBody2(this, oAuthTokenReqMessageContext, list, makeJP);
    }

    @Override // org.wso2.carbon.apimgt.tokenmgt.issuers.AbstractScopesIssuer
    public List<String> getScopes(OAuthCallback oAuthCallback, List<String> list) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_2, this, this, oAuthCallback, list);
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure5(new Object[]{this, oAuthCallback, list, makeJP}).linkClosureAndJoinPoint(69648)) : getScopes_aroundBody4(this, oAuthCallback, list, makeJP);
    }

    private List<String> getAuthorizedScopes(AuthenticatedUser authenticatedUser, List<String> list, Map<String, String> map, List<String> list2) {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_3, this, this, new Object[]{authenticatedUser, list, map, list2});
        return ((MethodTimeLogger.isConfigEnabled() && MethodTimeLogger.pointCutAll()) || (this != null && getClass().isAnnotationPresent(MethodStats.class) && MethodTimeLogger.isConfigEnabled())) ? (List) MethodTimeLogger.aspectOf().log(new AjcClosure7(new Object[]{this, authenticatedUser, list, map, list2, makeJP}).linkClosureAndJoinPoint(69648)) : getAuthorizedScopes_aroundBody6(this, authenticatedUser, list, map, list2, makeJP);
    }

    static final String getPrefix_aroundBody0(PermissionBasedScopeIssuer permissionBasedScopeIssuer, JoinPoint joinPoint) {
        return ISSUER_PREFIX;
    }

    static final List getScopes_aroundBody2(PermissionBasedScopeIssuer permissionBasedScopeIssuer, OAuthTokenReqMessageContext oAuthTokenReqMessageContext, List list, JoinPoint joinPoint) {
        List<String> list2 = null;
        List<String> asList = Arrays.asList(oAuthTokenReqMessageContext.getScope());
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        AuthenticatedUser authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
        Map<String, String> appScopes = permissionBasedScopeIssuer.getAppScopes(clientId, authorizedUser);
        if (appScopes != null) {
            if (permissionBasedScopeIssuer.isAppScopesEmpty(appScopes, clientId).booleanValue()) {
                return permissionBasedScopeIssuer.getAllowedScopes(list, asList);
            }
            list2 = permissionBasedScopeIssuer.getAuthorizedScopes(authorizedUser, asList, appScopes, list);
        }
        return list2;
    }

    static final List getScopes_aroundBody4(PermissionBasedScopeIssuer permissionBasedScopeIssuer, OAuthCallback oAuthCallback, List list, JoinPoint joinPoint) {
        List<String> list2 = null;
        List<String> asList = Arrays.asList(oAuthCallback.getRequestedScope());
        String client = oAuthCallback.getClient();
        AuthenticatedUser resourceOwner = oAuthCallback.getResourceOwner();
        Map<String, String> appScopes = permissionBasedScopeIssuer.getAppScopes(client, resourceOwner);
        if (appScopes != null) {
            if (permissionBasedScopeIssuer.isAppScopesEmpty(appScopes, client).booleanValue()) {
                return permissionBasedScopeIssuer.getAllowedScopes(list, asList);
            }
            list2 = permissionBasedScopeIssuer.getAuthorizedScopes(resourceOwner, asList, appScopes, list);
        }
        return list2;
    }

    static final List getAuthorizedScopes_aroundBody6(PermissionBasedScopeIssuer permissionBasedScopeIssuer, AuthenticatedUser authenticatedUser, List list, Map map, List list2, JoinPoint joinPoint) {
        ArrayList arrayList = new ArrayList();
        String userName = authenticatedUser.getUserName();
        String tenantDomain = authenticatedUser.getTenantDomain();
        RealmService realmService = permissionBasedScopeIssuer.getRealmService();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(DEFAULT_SCOPE_NAME);
        try {
            int tenantId = realmService.getTenantManager().getTenantId(tenantDomain);
            if (tenantId == 0 || tenantId == -1) {
                tenantId = permissionBasedScopeIssuer.getTenantIdOfUser(userName);
            }
            UserRealm tenantUserRealm = realmService.getTenantUserRealm(tenantId);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                boolean z = false;
                String str2 = (String) map.get(str);
                if (str2 != null && str2.length() != 0) {
                    ArrayList<String> arrayList3 = new ArrayList(Arrays.asList(str2.replaceAll(" ", "").split(ResourceConstants.ATTRIBUTE_VALUE_SEPERATER)));
                    if (!arrayList3.isEmpty()) {
                        for (String str3 : arrayList3) {
                            if (tenantUserRealm != null && tenantUserRealm.getAuthorizationManager() != null) {
                                String userStoreDomain = authenticatedUser.getUserStoreDomain();
                                userName = MultitenantUtils.getTenantAwareUsername(userName);
                                z = userStoreDomain != null ? tenantUserRealm.getAuthorizationManager().isUserAuthorized(String.valueOf(userStoreDomain) + "/" + userName, str3, UI_EXECUTE) : tenantUserRealm.getAuthorizationManager().isUserAuthorized(userName, str3, UI_EXECUTE);
                                if (z) {
                                    break;
                                }
                            }
                        }
                        if (z) {
                            arrayList.add(str);
                        }
                    }
                } else if (map.containsKey(str) || permissionBasedScopeIssuer.isWhiteListedScope(list2, str)) {
                    arrayList.add(str);
                }
            }
        } catch (UserStoreException e) {
            log.error("Error occurred while initializing user store.", e);
        }
        return !arrayList.isEmpty() ? arrayList : arrayList2;
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("PermissionBasedScopeIssuer.java", PermissionBasedScopeIssuer.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getPrefix", "org.wso2.carbon.apimgt.tokenmgt.issuers.PermissionBasedScopeIssuer", "", "", "", "java.lang.String"), 47);
        ajc$tjp_1 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.PermissionBasedScopeIssuer", "org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext:java.util.List", "tokReqMsgCtx:whiteListedScopes", "", "java.util.List"), 59);
        ajc$tjp_2 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "getScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.PermissionBasedScopeIssuer", "org.wso2.carbon.identity.oauth.callback.OAuthCallback:java.util.List", "scopeValidationCallback:whiteListedScopes", "", "java.util.List"), 84);
        ajc$tjp_3 = factory.makeSJP("method-execution", factory.makeMethodSig("2", "getAuthorizedScopes", "org.wso2.carbon.apimgt.tokenmgt.issuers.PermissionBasedScopeIssuer", "org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser:java.util.List:java.util.Map:java.util.List", "authenticatedUser:reqScopeList:appScopes:whiteListedScopes", "", "java.util.List"), 110);
    }
}
