package org.wso2.carbon.identity.oauth2.validators.scope;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.impl.XSAnyImpl;
import org.opensaml.saml.saml2.core.Assertion;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.oauth.callback.OAuthCallback;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException;
import org.wso2.carbon.identity.oauth2.OAuth2Constants;
import org.wso2.carbon.identity.oauth2.OAuth2ScopeService;
import org.wso2.carbon.identity.oauth2.bean.Scope;
import org.wso2.carbon.identity.oauth2.bean.ScopeBinding;
import org.wso2.carbon.identity.oauth2.device.constants.Constants;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/identity/oauth2/validators/scope/AbstractRoleBasedScopeIssuer.class */
public abstract class AbstractRoleBasedScopeIssuer {
    private static final String DEFAULT_SCOPE_NAME = "default";
    private static final Log log = LogFactory.getLog(AbstractRoleBasedScopeIssuer.class);

    public abstract List<String> getScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext);

    public abstract List<String> getScopes(OAuthCallback oAuthCallback);

    public abstract String getPrefix();

    public List<String> getAllowedScopes(List<String> list) {
        if (list.isEmpty()) {
            list.add("default");
        }
        return list;
    }

    public boolean isWhiteListedScope(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.matches(it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r15v1, types: [java.lang.Throwable, org.wso2.carbon.identity.oauth2.IdentityOAuth2ScopeServerException] */
    public Map<String, String> getAppScopes(String str, AuthenticatedUser authenticatedUser, List<String> list) {
        boolean z = false;
        Map<String, String> map = null;
        Set<Scope> set = null;
        String join = String.join(Constants.SEPARATED_WITH_SPACE, list);
        try {
            try {
                try {
                    String tenantDomain = authenticatedUser.isFederatedUser() ? OAuth2Util.getAppInformationByClientId(str).getAppOwner().getTenantDomain() : authenticatedUser.getTenantDomain();
                    if (!"carbon.super".equals(tenantDomain)) {
                        z = true;
                        PrivilegedCarbonContext.startTenantFlow();
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, true);
                        loadTenantConfigBlockingMode(tenantDomain);
                    }
                    set = getOAuth2ScopeService().getScopes(null, null, true, join);
                    if (z) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                } catch (IdentityOAuth2ScopeServerException e) {
                    log.error("Error while getting scopes " + e.getMessage(), e);
                    if (z) {
                        PrivilegedCarbonContext.endTenantFlow();
                    }
                }
            } catch (InvalidOAuthClientException | IdentityOAuth2Exception e2) {
                log.error("Error when retrieving the tenant domain " + e2.getMessage(), e2);
                if (z) {
                    PrivilegedCarbonContext.endTenantFlow();
                }
            }
            if (set != null) {
                map = getAppScopes(set);
            }
            return map;
        } catch (Throwable th) {
            if (z) {
                PrivilegedCarbonContext.endTenantFlow();
            }
            throw th;
        }
    }

    private Map<String, String> getAppScopes(Set<Scope> set) {
        HashMap hashMap = new HashMap();
        for (Scope scope : set) {
            ScopeBinding scopeBinding = getScopeBinding(scope.getScopeBindings());
            String str = "";
            if (scopeBinding != null) {
                str = String.join(OAuth2Constants.RoleBasedScope.ATTRIBUTE_VALUE_SEPERATER, scopeBinding.getBindings());
            }
            hashMap.put(scope.getName(), str);
        }
        return hashMap;
    }

    private ScopeBinding getScopeBinding(List<ScopeBinding> list) {
        for (ScopeBinding scopeBinding : list) {
            if ("default".equalsIgnoreCase(scopeBinding.getBindingType())) {
                return scopeBinding;
            }
        }
        return null;
    }

    public boolean isAppScopesEmpty(Map<String, String> map, String str) {
        if (!map.isEmpty()) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("No scopes defined for the Application " + str);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getTenantIdOfUser(String str) {
        return IdentityTenantUtil.getTenantIdOfUser(str);
    }

    public OAuth2ScopeService getOAuth2ScopeService() {
        return (OAuth2ScopeService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(OAuth2ScopeService.class, (Hashtable) null);
    }

    public String[] getRolesFromAssertion(Assertion assertion) {
        String roleClaim = getRoleClaim();
        List list = (List) assertion.getAttributeStatements().stream().flatMap(attributeStatement -> {
            return attributeStatement.getAttributes().stream();
        }).filter(attribute -> {
            return roleClaim.equals(attribute.getName());
        }).flatMap(attribute2 -> {
            List attributeValues = attribute2.getAttributeValues();
            if (attributeValues == null || attributeValues.size() != 1) {
                return (attributeValues == null || attributeValues.size() <= 1) ? Stream.empty() : attributeValues.stream().map(this::getAttributeValue).filter((v0) -> {
                    return Objects.nonNull(v0);
                });
            }
            String[] split = getAttributeValue((XMLObject) attributeValues.get(0)).split(getAttributeSeparator());
            if (log.isDebugEnabled()) {
                log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + attribute2.getName() + ", AttributeValue : " + Arrays.toString(split));
            }
            return Arrays.stream(split);
        }).collect(Collectors.toList());
        if (log.isDebugEnabled()) {
            log.debug("Role list found for assertion: " + assertion + ", roles: " + list);
        }
        return (String[]) list.toArray(new String[0]);
    }

    private String getAttributeValue(XMLObject xMLObject) {
        if (xMLObject == null) {
            return null;
        }
        return xMLObject instanceof XSString ? getStringAttributeValue((XSString) xMLObject) : xMLObject instanceof XSAnyImpl ? getAnyAttributeValue((XSAnyImpl) xMLObject) : xMLObject.toString();
    }

    private String getStringAttributeValue(XSString xSString) {
        return xSString.getValue();
    }

    private String getAnyAttributeValue(XSAnyImpl xSAnyImpl) {
        return xSAnyImpl.getTextContent();
    }

    private String getAttributeSeparator() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(OAuth2Constants.RoleBasedScope.SAML2_SSO_AUTHENTICATOR_NAME);
        if (authenticatorConfig == null) {
            return OAuth2Constants.RoleBasedScope.ATTRIBUTE_VALUE_SEPERATER;
        }
        Map parameters = authenticatorConfig.getParameters();
        return parameters.containsKey(OAuth2Constants.RoleBasedScope.ATTRIBUTE_VALUE_SEPARATOR) ? (String) parameters.get(OAuth2Constants.RoleBasedScope.ATTRIBUTE_VALUE_SEPARATOR) : OAuth2Constants.RoleBasedScope.ATTRIBUTE_VALUE_SEPERATER;
    }

    private String getRoleClaim() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(OAuth2Constants.RoleBasedScope.SAML2_SSO_AUTHENTICATOR_NAME);
        if (authenticatorConfig == null) {
            return OAuth2Constants.RoleBasedScope.ROLE_ATTRIBUTE_NAME;
        }
        Map parameters = authenticatorConfig.getParameters();
        return parameters.containsKey(OAuth2Constants.RoleBasedScope.ROLE_CLAIM_ATTRIBUTE) ? (String) parameters.get(OAuth2Constants.RoleBasedScope.ROLE_CLAIM_ATTRIBUTE) : OAuth2Constants.RoleBasedScope.ROLE_ATTRIBUTE_NAME;
    }

    public static void loadTenantConfigBlockingMode(String str) {
        try {
            TenantAxisUtils.getTenantAxisConfiguration(str, OAuth2ServiceComponentHolder.getConfigurationContextService().getServerConfigContext());
        } catch (Exception e) {
            log.error("Error while creating axis configuration for tenant " + str, e);
        }
    }
}
