package org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls.handlers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedList;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handler.clientauth.mutualtls.utils.CommonConstants;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/token/handler/clientauth/mutualtls/handlers/MTLSTokenBindingRefreshGrantHandler.class */
public class MTLSTokenBindingRefreshGrantHandler extends RefreshGrantHandler {
    private static final Log log = LogFactory.getLog(MTLSTokenBindingRefreshGrantHandler.class);

    public OAuth2AccessTokenRespDTO issue(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenRespDTO issue = super.issue(oAuthTokenReqMessageContext);
        oAuthTokenReqMessageContext.setScope(getReducedResponseScopes(oAuthTokenReqMessageContext.getScope()));
        return issue;
    }

    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        String[] scope = oAuthTokenReqMessageContext.getScope();
        if (!super.validateScope(oAuthTokenReqMessageContext)) {
            return false;
        }
        String[] scope2 = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getScope();
        if (!ArrayUtils.isNotEmpty(scope2)) {
            return true;
        }
        if (ArrayUtils.isEmpty(scope)) {
            return false;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(scope2));
        for (String str : scope) {
            if (isAllowedScope(str)) {
                if (log.isDebugEnabled()) {
                    log.debug("Adding custom scope " + str + " to the requested scopes.");
                }
                arrayList.add(str);
            }
        }
        oAuthTokenReqMessageContext.setScope((String[]) arrayList.toArray(new String[0]));
        return true;
    }

    private String[] getReducedResponseScopes(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return strArr;
        }
        LinkedList linkedList = new LinkedList(Arrays.asList(strArr));
        linkedList.removeIf(str -> {
            return str.startsWith("x5t#");
        });
        return (String[]) linkedList.toArray(new String[0]);
    }

    private boolean isAllowedScope(String str) {
        return str.startsWith("x5t#") || str.startsWith(CommonConstants.TIMESTAMP_SCOPE_PREFIX);
    }
}
