package org.wso2.carbon.appmgt.oauth.handlers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.ListUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/appmgt/oauth/handlers/PasswordGrantHandler.class */
public class PasswordGrantHandler extends org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler {
    private static final Log log = LogFactory.getLog(PasswordGrantHandler.class);

    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        oAuthTokenReqMessageContext.setScope(getAuthorizedScopes(oAuthTokenReqMessageContext.getAuthorizedUser(), oAuthTokenReqMessageContext.getScope(), ScopesRetriever.getScopeRoleMapping(oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain())));
        return super.validateScope(oAuthTokenReqMessageContext);
    }

    private String[] getAuthorizedScopes(AuthenticatedUser authenticatedUser, String[] strArr, Map<String, String> map) {
        String[] strArr2 = new String[0];
        String[] userRoles = getUserRoles(authenticatedUser);
        Map<String, Set<String>> roleScopeMapping = getRoleScopeMapping(map);
        HashSet hashSet = new HashSet();
        for (String str : userRoles) {
            Set<String> set = roleScopeMapping.get(str);
            if (set != null) {
                hashSet.addAll(set);
            }
        }
        if (strArr.length > 0 && hashSet.size() > 0) {
            strArr2 = (String[]) ListUtils.intersection(Arrays.asList(strArr), new ArrayList(hashSet)).toArray(new String[0]);
        }
        return strArr2;
    }

    private Map<String, Set<String>> getRoleScopeMapping(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            for (String str : entry.getValue().split(",")) {
                Set set = (Set) hashMap.get(str);
                if (set == null) {
                    set = new HashSet();
                    hashMap.put(str, set);
                }
                set.add(entry.getKey());
            }
        }
        return hashMap;
    }

    private String[] getUserRoles(AuthenticatedUser authenticatedUser) {
        String[] strArr = new String[0];
        String addDomainToName = UserCoreUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain());
        RealmService realmService = (RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class, (Hashtable) null);
        try {
            strArr = realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(authenticatedUser.getTenantDomain())).getUserStoreManager().getRoleListOfUser(MultitenantUtils.getTenantAwareUsername(addDomainToName));
        } catch (UserStoreException e) {
            log.error(String.format("Can't get the roles list for the user '%s'", MultitenantUtils.getTenantAwareUsername(addDomainToName)));
        }
        return strArr;
    }
}
