package org.wso2.carbon.identity.oauth2.impersonation.validators;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.impersonation.models.ImpersonationContext;
import org.wso2.carbon.identity.oauth2.impersonation.utils.Constants;
import org.wso2.carbon.identity.oauth2.validators.DefaultOAuth2ScopeValidator;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/impersonation/validators/ImpersonatorPermissionValidator.class */
public class ImpersonatorPermissionValidator implements ImpersonationValidator {
    private static final String NAME = "ImpersonatorPermissionValidator";
    private static final Log LOG = LogFactory.getLog(ImpersonatorPermissionValidator.class);
    private DefaultOAuth2ScopeValidator scopeValidator = new DefaultOAuth2ScopeValidator();

    @Override // org.wso2.carbon.identity.oauth2.impersonation.validators.ImpersonationValidator
    public int getPriority() {
        return 100;
    }

    @Override // org.wso2.carbon.identity.oauth2.impersonation.validators.ImpersonationValidator
    public String getImpersonationValidatorName() {
        return NAME;
    }

    @Override // org.wso2.carbon.identity.oauth2.impersonation.validators.ImpersonationValidator
    public ImpersonationContext validateImpersonation(ImpersonationContext impersonationContext) throws IdentityOAuth2Exception {
        OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext = impersonationContext.getImpersonationRequestDTO().getoAuthAuthzReqMessageContext();
        String tenantDomain = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getTenantDomain();
        String consumerKey = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getConsumerKey();
        oAuthAuthzReqMessageContext.getAuthorizationReqDTO().setScopes(oAuthAuthzReqMessageContext.getRequestedScopes());
        if (this.scopeValidator.validateScope(oAuthAuthzReqMessageContext).contains(Constants.IMPERSONATION_SCOPE_NAME)) {
            impersonationContext.setValidated(true);
        } else {
            impersonationContext.setValidated(false);
            impersonationContext.setValidationFailureErrorMessage("Authenticated user : " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser().getLoggableMaskedUserId() + " doesn't have impersonation permission for client : " + consumerKey + " in the tenant : " + tenantDomain);
            LOG.error("Authenticated user : " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser().getLoggableMaskedUserId() + "doesn't have impersonation permission for client : " + consumerKey + " in the tenant : " + tenantDomain);
        }
        return impersonationContext;
    }
}
