package org.wso2.carbon.identity.oauth2.validators;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/RoleBasedInternalScopeValidator.class */
public class RoleBasedInternalScopeValidator {
    private static final Log log = LogFactory.getLog(RoleBasedInternalScopeValidator.class);

    public String[] validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        String[] requestedScopes = getRequestedScopes(oAuthTokenReqMessageContext.getScope());
        if (ArrayUtils.isEmpty(requestedScopes)) {
            return requestedScopes;
        }
        List<String> removeInternalDomain = removeInternalDomain(getRolesOfTheUser(oAuthTokenReqMessageContext.getAuthorizedUser()));
        Map systemRolesWithScopes = IdentityUtil.getSystemRolesWithScopes();
        removeInternalDomain.retainAll(systemRolesWithScopes.keySet());
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = removeInternalDomain.iterator();
        while (it.hasNext()) {
            arrayList.addAll((Collection) systemRolesWithScopes.get(it.next()));
        }
        if (ArrayUtils.contains(requestedScopes, Oauth2ScopeConstants.SYSTEM_SCOPE)) {
            return (String[]) arrayList.toArray(new String[0]);
        }
        ArrayList arrayList2 = new ArrayList();
        for (String str : requestedScopes) {
            if (arrayList.contains(str)) {
                arrayList2.add(str);
            }
        }
        return (String[]) arrayList2.toArray(new String[0]);
    }

    public String[] validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        String[] requestedScopes = getRequestedScopes(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getScopes());
        if (ArrayUtils.isEmpty(requestedScopes)) {
            return requestedScopes;
        }
        List<String> removeInternalDomain = removeInternalDomain(getRolesOfTheUser(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser()));
        Map systemRolesWithScopes = IdentityUtil.getSystemRolesWithScopes();
        removeInternalDomain.retainAll(systemRolesWithScopes.keySet());
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = removeInternalDomain.iterator();
        while (it.hasNext()) {
            arrayList.addAll((Collection) systemRolesWithScopes.get(it.next()));
        }
        if (ArrayUtils.contains(requestedScopes, Oauth2ScopeConstants.SYSTEM_SCOPE)) {
            return (String[]) arrayList.toArray(new String[0]);
        }
        ArrayList arrayList2 = new ArrayList();
        for (String str : requestedScopes) {
            if (arrayList.contains(str)) {
                arrayList2.add(str);
            }
        }
        return (String[]) arrayList2.toArray(new String[0]);
    }

    private List<String> getRolesOfTheUser(AuthenticatedUser authenticatedUser) throws IdentityOAuth2Exception {
        try {
            return IdentityTenantUtil.getRealm(authenticatedUser.getTenantDomain(), authenticatedUser.toFullQualifiedUsername()).getUserStoreManager().getHybridRoleListOfUser(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain());
        } catch (UserStoreException | IdentityException e) {
            throw new IdentityOAuth2Exception("Error occurred while getting roles of the user: " + authenticatedUser.toFullQualifiedUsername(), (Throwable) e);
        }
    }

    private List<String> removeInternalDomain(List<String> list) {
        return (List) list.stream().map(this::removeInternalDomain).collect(Collectors.toList());
    }

    private String removeInternalDomain(String str) {
        return "Internal".equalsIgnoreCase(IdentityUtil.extractDomainFromName(str)) ? UserCoreUtil.removeDomainFromName(str) : str;
    }

    private String[] getRequestedScopes(String[] strArr) {
        if (strArr == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (str.startsWith(Oauth2ScopeConstants.CONSOLE_SCOPE_PREFIX) || str.equalsIgnoreCase(Oauth2ScopeConstants.SYSTEM_SCOPE)) {
                arrayList.add(str);
            }
        }
        return (String[]) arrayList.toArray(new String[0]);
    }
}
