package com.wso2.openbanking.accelerator.identity.claims;

import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.identity.internal.IdentityExtensionsDataHolder;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.openidconnect.ClaimProvider;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/claims/RoleClaimProviderImpl.class */
public class RoleClaimProviderImpl implements ClaimProvider {
    private static final Log LOG = LogFactory.getLog(RoleClaimProviderImpl.class);
    private static final String USER_ROLE = "user_role";
    private static final String OPENID_SCOPE = "openid";
    private static final String CUSTOMER_CARE_OFFICER = "customerCareOfficer";
    private static final String CUSTOMER_CARE_OFFICER_ROLE = "Internal/CustomerCareOfficerRole";
    private static final String CUSTOMER_CARE_OFFICER_SCOPE = "consents:read_all";

    @Generated(message = "Do not contain logics")
    public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO) throws IdentityOAuth2Exception {
        return Collections.emptyMap();
    }

    public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO) throws IdentityOAuth2Exception {
        HashMap hashMap = new HashMap();
        List asList = Arrays.asList(oAuthTokenReqMessageContext.getScope());
        if (asList.contains(CUSTOMER_CARE_OFFICER_SCOPE) && asList.contains("openid")) {
            String userName = oAuthTokenReqMessageContext.getAuthorizedUser().getUserName();
            try {
                if (ArrayUtils.contains(IdentityExtensionsDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantIdOfUser(userName)).getUserStoreManager().getRoleListOfUser(userName), CUSTOMER_CARE_OFFICER_ROLE)) {
                    hashMap.put(USER_ROLE, CUSTOMER_CARE_OFFICER);
                }
            } catch (UserStoreException e) {
                LOG.error("Error in retrieving user role. Caused by,", e);
            } catch (IdentityRuntimeException e2) {
                LOG.error("Error in retrieving user tenant name for user: " + userName + ". Caused by,", e2);
            }
        }
        return hashMap;
    }
}
