package org.wso2.am.choreo.extensions.token.handler;

import io.grpc.StatusRuntimeException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.am.choreo.extensions.token.handler.utils.ChoreoScopeIssuerUtils;
import org.wso2.am.choreo.extensions.token.handler.utils.GrpcClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext;
import org.wso2.carbon.identity.oauth2.validators.scope.ScopeValidator;

/* loaded from: input_file:org/wso2/am/choreo/extensions/token/handler/ChoreoScopeIssuer.class */
public class ChoreoScopeIssuer implements ScopeValidator {
    private static final Log log = LogFactory.getLog(ChoreoScopeIssuer.class);

    public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        log.info("Validating scope with Choreo Scope Issuer");
        if (!ChoreoScopeIssuerUtils.isConfigsSet()) {
            log.info("Choreo extension configuration is not set!");
            return true;
        }
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String authenticatedSubjectIdentifier = oAuthTokenReqMessageContext.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
        if (authenticatedSubjectIdentifier == null || !ChoreoScopeIssuerUtils.isClientIdMatching(clientId)) {
            return true;
        }
        try {
            String[] scope = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getScope();
            if (scope.length == 0) {
                return true;
            }
            List asList = Arrays.asList(ChoreoScopeIssuerUtils.getScopes(authenticatedSubjectIdentifier, clientId, scope));
            String[] strArr = new String[asList.size()];
            log.info("Requested scope list: " + String.join(", ", scope));
            log.info("Generated choreo portal scope list: " + String.join(", ", asList));
            oAuthTokenReqMessageContext.setScope((String[]) asList.toArray(strArr));
            return true;
        } catch (StatusRuntimeException | GrpcClientException e) {
            throw new IdentityOAuth2Exception("Failed to obtain user details", e);
        }
    }

    public boolean validateScope(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception {
        return true;
    }

    public String getName() {
        return "choreo scope issuer";
    }
}
