package org.wso2.carbon.identity.oauth2;

import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.OAuthScopeCache;
import org.wso2.carbon.identity.oauth.cache.OAuthScopeCacheKey;
import org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants;
import org.wso2.carbon.identity.oauth2.bean.Scope;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;
import org.wso2.carbon.identity.oauth2.model.OAuth2ScopeConsentResponse;
import org.wso2.carbon.identity.oauth2.model.UserApplicationScopeConsentDO;
import org.wso2.carbon.identity.oauth2.util.Oauth2ScopeUtils;
import org.wso2.carbon.identity.openidconnect.cache.OIDCScopeClaimCache;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/OAuth2ScopeService.class */
public class OAuth2ScopeService {
    private static final Log log = LogFactory.getLog(OAuth2ScopeService.class);
    private static final String SCOPE_VALIDATION_REGEX = "^[^?#/()]*$";

    public Scope registerScope(Scope scope) throws IdentityOAuth2ScopeException {
        addScopePreValidation(scope);
        if (isScopeExists(scope.getName(), true)) {
            if (isScopeExists(scope.getName(), false)) {
                throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE, scope.getName());
            }
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_CONFLICT_REQUEST_EXISTING_SCOPE_OIDC, scope.getName());
        }
        int tenantID = Oauth2ScopeUtils.getTenantID();
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().addScope(scope, tenantID);
            if (log.isDebugEnabled()) {
                log.debug("Scope is added to the database. \n" + scope.toString());
            }
            OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(scope.getName()), scope, tenantID);
            return scope;
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_REGISTER_SCOPE, scope.toString(), e);
        }
    }

    public Set<Scope> getScopes(Integer num, Integer num2) throws IdentityOAuth2ScopeServerException {
        return getScopes(num, num2, false, null);
    }

    public Set<Scope> getScopes(Integer num, Integer num2, Boolean bool, String str) throws IdentityOAuth2ScopeServerException {
        Set<Scope> requestedScopesOnly;
        boolean isTrue = BooleanUtils.isTrue(bool);
        if (StringUtils.isNotBlank(str)) {
            try {
                requestedScopesOnly = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getRequestedScopesOnly(Oauth2ScopeUtils.getTenantID(), Boolean.valueOf(isTrue), str);
            } catch (IdentityOAuth2ScopeServerException e) {
                throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_REQUESTED_SCOPES, (Throwable) e);
            }
        } else if (num == null && num2 == null) {
            try {
                requestedScopesOnly = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getAllScopes(Oauth2ScopeUtils.getTenantID(), Boolean.valueOf(isTrue));
            } catch (IdentityOAuth2ScopeServerException e2) {
                throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_ALL_SCOPES, (Throwable) e2);
            }
        } else {
            requestedScopesOnly = listScopesWithPagination(num, num2, isTrue);
        }
        return requestedScopesOnly;
    }

    public Scope getScope(String str) throws IdentityOAuth2ScopeException {
        int tenantID = Oauth2ScopeUtils.getTenantID();
        validateScopeName(str);
        Scope valueFromCache = OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(str), tenantID);
        if (valueFromCache == null) {
            try {
                valueFromCache = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getScopeByName(str, tenantID);
                if (valueFromCache != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Scope is getting from the database. \n" + valueFromCache.toString());
                    }
                    OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(str), valueFromCache, tenantID);
                }
            } catch (IdentityOAuth2ScopeServerException e) {
                throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, str, e);
            }
        }
        if (valueFromCache == null) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, str);
        }
        return valueFromCache;
    }

    public boolean isScopeExists(String str) throws IdentityOAuth2ScopeException {
        boolean isScopeExists;
        int tenantID = Oauth2ScopeUtils.getTenantID();
        if (str == null) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED, null);
        }
        if (OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(str), tenantID) != null) {
            isScopeExists = true;
        } else {
            try {
                isScopeExists = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().isScopeExists(str, tenantID);
            } catch (IdentityOAuth2ScopeServerException e) {
                throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, str, e);
            }
        }
        return isScopeExists;
    }

    public boolean isScopeExists(String str, boolean z) throws IdentityOAuth2ScopeException {
        boolean isScopeExists;
        int tenantID = Oauth2ScopeUtils.getTenantID();
        if (str == null) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED, null);
        }
        if (OAuthScopeCache.getInstance().getValueFromCache(new OAuthScopeCacheKey(str), tenantID) != null) {
            isScopeExists = true;
        } else {
            try {
                isScopeExists = OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().isScopeExists(str, tenantID, Boolean.valueOf(z));
            } catch (IdentityOAuth2ScopeServerException e) {
                throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_SCOPE_BY_NAME, str, e);
            }
        }
        return isScopeExists;
    }

    public void deleteScope(String str) throws IdentityOAuth2ScopeException {
        validateScopeName(str);
        validateScopeExistence(str);
        int tenantID = Oauth2ScopeUtils.getTenantID();
        OAuthScopeCache.getInstance().clearCacheEntry(new OAuthScopeCacheKey(str), tenantID);
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().deleteScopeByName(str, tenantID);
            if (log.isDebugEnabled()) {
                log.debug("Scope: " + str + " is deleted from the database.");
            }
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_DELETE_SCOPE_BY_NAME, str, e);
        }
    }

    public Scope updateScope(Scope scope) throws IdentityOAuth2ScopeException {
        updateScopePreValidation(scope);
        validateScopeExistence(scope.getName());
        int tenantID = Oauth2ScopeUtils.getTenantID();
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().updateScopeByName(scope, tenantID);
            OAuthScopeCache.getInstance().addToCache(new OAuthScopeCacheKey(scope.getName()), scope, tenantID);
            OIDCScopeClaimCache.getInstance().clearScopeClaimMap(tenantID);
            return scope;
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_SCOPE_BY_NAME, scope.getName(), e);
        }
    }

    public OAuth2ScopeConsentResponse getUserConsentForApp(String str, String str2, int i) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            UserApplicationScopeConsentDO userConsentForApplication = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(str, str2, i);
            OAuth2ScopeConsentResponse oAuth2ScopeConsentResponse = new OAuth2ScopeConsentResponse(str, str2, i, userConsentForApplication.getApprovedScopes(), userConsentForApplication.getDeniedScopes());
            if (log.isDebugEnabled()) {
                log.debug("Successfully retrieved the user consent for userId : " + str + " and appId: " + str2 + " as approved scopes : " + ((String) userConsentForApplication.getApprovedScopes().stream().collect(Collectors.joining(Constants.SEPARATED_WITH_SPACE))) + " and denied scopes : " + ((String) userConsentForApplication.getDeniedScopes().stream().collect(Collectors.joining(Constants.SEPARATED_WITH_SPACE))));
            }
            return oAuth2ScopeConsentResponse;
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_RETRIEVE_USER_CONSENTS_FOR_APP;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    public List<OAuth2ScopeConsentResponse> getUserConsents(String str, int i) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        try {
            List<UserApplicationScopeConsentDO> userConsents = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsents(str, i);
            if (log.isDebugEnabled()) {
                log.debug("Successfully retrieved the user consents for userId : " + str);
            }
            return (List) userConsents.stream().map(userApplicationScopeConsentDO -> {
                return new OAuth2ScopeConsentResponse(str, userApplicationScopeConsentDO.getAppId(), i, userApplicationScopeConsentDO.getApprovedScopes(), userApplicationScopeConsentDO.getDeniedScopes());
            }).collect(Collectors.toList());
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_RETRIEVE_USER_CONSENTS;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, Integer.valueOf(i)), e);
        }
    }

    public void addUserConsentForApplication(String str, String str2, int i, List<String> list, List<String> list2) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().addUserConsentForApplication(str, i, new UserApplicationScopeConsentDO(str2, list, list2));
            if (log.isDebugEnabled()) {
                log.debug("Successfully added the user consent for OAuth scopes for user : " + str + " and application name : " + str2 + " in tenant with id : " + i);
            }
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_ADD_USER_CONSENT_FOR_APP;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    public void updateUserConsentForApplication(String str, String str2, int i, List<String> list, List<String> list2) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().updateExistingConsentForApplication(str, i, new UserApplicationScopeConsentDO(str2, list, list2));
            if (log.isDebugEnabled()) {
                log.debug("Successfully updated the user consent for OAuth scopes for user : " + str + " and application : " + str2 + " in tenant with Id : " + i);
            }
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_UPDATE_USER_CONSENT_FOR_APP;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    public void revokeUserConsentForApplication(String str, String str2, int i) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().deleteUserConsentOfApplication(str, str2, i);
            if (log.isDebugEnabled()) {
                log.debug("Successfully revoked the user consents for OAuth scopes for user : " + str + " and application : " + str2 + " for tenant with Id : " + i);
            }
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_REVOKE_USER_CONSENT_FOR_APP;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    public void revokeUserConsents(String str, int i) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        try {
            OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().deleteUserConsents(str, i);
            if (log.isDebugEnabled()) {
                log.debug("Successfully deleted the user consents OAuth scopes for user : " + str + " in tenant with Id : " + i);
            }
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_REVOKE_USER_CONSENT;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, Integer.valueOf(i)), e);
        }
    }

    public boolean hasUserProvidedConsentForAllRequestedScopes(String str, String str2, int i, List<String> list) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            if (!CollectionUtils.isNotEmpty(list)) {
                return true;
            }
            UserApplicationScopeConsentDO userConsentForApplication = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(str, str2, i);
            list.removeAll(userConsentForApplication.getApprovedScopes());
            list.removeAll(userConsentForApplication.getDeniedScopes());
            return list.isEmpty();
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_ALREADY_USER_CONSENTED;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    public boolean isUserHasAnExistingConsentForApp(String str, String str2, int i) throws IdentityOAuth2ScopeException {
        validateUserId(str);
        validateAppId(str2);
        try {
            boolean z = false;
            UserApplicationScopeConsentDO userConsentForApplication = OAuthTokenPersistenceFactory.getInstance().getOAuthUserConsentedScopesDAO().getUserConsentForApplication(str, str2, i);
            if (CollectionUtils.isNotEmpty(userConsentForApplication.getApprovedScopes()) || CollectionUtils.isNotEmpty(userConsentForApplication.getDeniedScopes())) {
                z = true;
            }
            if (log.isDebugEnabled()) {
                log.debug("Existing consent status : " + z + " for user : " + str + ", app : " + str2 + " in tenant with id : " + i);
            }
            return z;
        } catch (IdentityOAuth2ScopeConsentException e) {
            Oauth2ScopeConstants.ErrorMessages errorMessages = Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_CHECK_EXISTING_CONSENTS_FOR_USER;
            throw new IdentityOAuth2ScopeServerException(errorMessages.getCode(), String.format(errorMessages.getMessage(), str, str2, Integer.valueOf(i)), e);
        }
    }

    private void validateUserId(String str) throws IdentityOAuth2ScopeClientException {
        if (StringUtils.isBlank(str)) {
            throw new IdentityOAuth2ScopeClientException("User ID can't be null/empty.");
        }
    }

    private void validateAppId(String str) throws IdentityOAuth2ScopeClientException {
        if (StringUtils.isBlank(str)) {
            throw new IdentityOAuth2ScopeClientException("Application ID can't be null/empty.");
        }
    }

    private Set<Scope> listScopesWithPagination(Integer num, Integer num2, boolean z) throws IdentityOAuth2ScopeServerException {
        if (num2 == null || num2.intValue() < 0) {
            num2 = 30;
        }
        if (num == null || num.intValue() < 1) {
            num = 1;
        }
        if (num.intValue() > 0) {
            num = Integer.valueOf(num.intValue() - 1);
        }
        try {
            return OAuthTokenPersistenceFactory.getInstance().getOAuthScopeDAO().getScopesWithPagination(num, num2, Oauth2ScopeUtils.getTenantID(), Boolean.valueOf(z));
        } catch (IdentityOAuth2ScopeServerException e) {
            throw Oauth2ScopeUtils.generateServerException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_FAILED_TO_GET_ALL_SCOPES_PAGINATION, (Throwable) e);
        }
    }

    private void addScopePreValidation(Scope scope) throws IdentityOAuth2ScopeClientException {
        validateScopeName(scope.getName());
        validateRegex(scope.getName());
        validateDisplayName(scope.getDisplayName());
    }

    private void updateScopePreValidation(Scope scope) throws IdentityOAuth2ScopeClientException {
        validateScopeName(scope.getName());
        validateDisplayName(scope.getDisplayName());
    }

    private void validateScopeName(String str) throws IdentityOAuth2ScopeClientException {
        if (StringUtils.isBlank(str)) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SPECIFIED, null);
        }
        validateWhiteSpaces(str);
    }

    private void validateRegex(String str) throws IdentityOAuth2ScopeClientException {
        if (!Pattern.compile(SCOPE_VALIDATION_REGEX).matcher(str).matches()) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_NOT_SATIFIED_THE_REGEX, str);
        }
    }

    private void validateWhiteSpaces(String str) throws IdentityOAuth2ScopeClientException {
        if (Pattern.compile("\\s").matcher(str).find()) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_NAME_CONTAINS_WHITESPACES, str);
        }
    }

    private void validateDisplayName(String str) throws IdentityOAuth2ScopeClientException {
        if (StringUtils.isBlank(str)) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST_SCOPE_DISPLAY_NAME_NOT_SPECIFIED, null);
        }
    }

    private void validateScopeExistence(String str) throws IdentityOAuth2ScopeException {
        if (!isScopeExists(str)) {
            throw Oauth2ScopeUtils.generateClientException(Oauth2ScopeConstants.ErrorMessages.ERROR_CODE_NOT_FOUND_SCOPE, str);
        }
    }
}
