package org.wso2.carbon.auth.oauth.impl;

import com.nimbusds.oauth2.sdk.Scope;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.oauth.OAuthConstants;
import org.wso2.carbon.auth.oauth.ScopeValidator;
import org.wso2.carbon.auth.oauth.callback.ScopeValidatorCallback;
import org.wso2.carbon.auth.oauth.configuration.models.OAuthConfiguration;
import org.wso2.carbon.auth.oauth.exception.OAuthScopeException;
import org.wso2.carbon.auth.oauth.internal.ServiceReferenceHolder;
import org.wso2.carbon.auth.scope.registration.dao.impl.DAOFactory;
import org.wso2.carbon.auth.scope.registration.exceptions.ScopeDAOException;
import org.wso2.carbon.auth.scope.registration.impl.ScopeManager;
import org.wso2.carbon.auth.scope.registration.impl.ScopeManagerImpl;
import org.wso2.carbon.auth.user.mgt.UserStoreException;
import org.wso2.carbon.auth.user.mgt.UserStoreManager;
import org.wso2.carbon.auth.user.mgt.UserStoreManagerFactory;

/* loaded from: input_file:org/wso2/carbon/auth/oauth/impl/RoleBasedScopeValidator.class */
public class RoleBasedScopeValidator implements ScopeValidator {
    private static final Logger log = LoggerFactory.getLogger(RoleBasedScopeValidator.class);
    private ScopeManager scopeManager;
    private UserStoreManager userStoreManager;
    private OAuthConfiguration oAuthConfiguration;

    protected RoleBasedScopeValidator(ScopeManager scopeManager, UserStoreManager userStoreManager, OAuthConfiguration oAuthConfiguration) {
        this.scopeManager = scopeManager;
        this.userStoreManager = userStoreManager;
        this.oAuthConfiguration = oAuthConfiguration;
    }

    public RoleBasedScopeValidator() throws OAuthScopeException {
        this.oAuthConfiguration = ServiceReferenceHolder.getInstance().getAuthConfigurations();
        try {
            this.scopeManager = new ScopeManagerImpl(DAOFactory.getScopeDAO());
            try {
                this.userStoreManager = UserStoreManagerFactory.getUserStoreManager();
            } catch (UserStoreException e) {
                throw new OAuthScopeException("User manager initialization failed");
            }
        } catch (ScopeDAOException e2) {
            log.error("Error while retrieving Data Access for Scopes", e2);
            throw new OAuthScopeException("Error while Initializing RoleBasedScopeValidator");
        }
    }

    @Override // org.wso2.carbon.auth.oauth.ScopeValidator
    public void process(ScopeValidatorCallback scopeValidatorCallback) throws OAuthScopeException {
        Scope requestedScopes = scopeValidatorCallback.getRequestedScopes();
        String authUser = scopeValidatorCallback.getAuthUser();
        List<String> list = null;
        Scope scope = new Scope();
        List<String> whiteListedScopes = this.oAuthConfiguration.getWhiteListedScopes();
        Map<String, List<String>> fileBaseScopes = this.oAuthConfiguration.getFileBaseScopes();
        List<String> stringList = requestedScopes.toStringList();
        Iterator it = stringList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Iterator<String> it2 = whiteListedScopes.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (str.matches(it2.next())) {
                    scope.add(str);
                    it.remove();
                    break;
                }
            }
            Iterator<String> it3 = this.oAuthConfiguration.getOidcScopes().iterator();
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                if (it3.next().equals(str)) {
                    scope.add(str);
                    it.remove();
                    break;
                }
            }
        }
        for (String str2 : stringList) {
            if (OAuthConstants.SCOPE_DEFAULT.equals(str2)) {
                scope.add(OAuthConstants.SCOPE_DEFAULT);
            } else if (fileBaseScopes.containsKey(str2)) {
                List<String> list2 = fileBaseScopes.get(str2);
                if (list2.isEmpty()) {
                    scope.add(str2);
                } else {
                    Iterator<String> it4 = list2.iterator();
                    while (true) {
                        if (it4.hasNext()) {
                            String next = it4.next();
                            list = initializeRolesList(list, authUser);
                            if (list.contains(next)) {
                                scope.add(str2);
                                break;
                            }
                        }
                    }
                }
            } else {
                try {
                    org.wso2.carbon.auth.scope.registration.dto.Scope scope2 = this.scopeManager.getScope(str2);
                    if (scope2 != null) {
                        if (!scope2.getBindings().isEmpty()) {
                            list = initializeRolesList(list, authUser);
                            Iterator it5 = scope2.getBindings().iterator();
                            while (true) {
                                if (it5.hasNext()) {
                                    if (list.contains((String) it5.next())) {
                                        scope.add(str2);
                                        break;
                                    }
                                } else {
                                    break;
                                }
                            }
                        } else {
                            scope.add(str2);
                        }
                    }
                } catch (ScopeDAOException e) {
                    throw new OAuthScopeException("Error while retrieving Scope Information", e);
                }
            }
        }
        if (scope.toStringList().isEmpty()) {
            scope.add(OAuthConstants.SCOPE_DEFAULT);
        }
        scopeValidatorCallback.setApprovedScope(scope);
    }

    private List<String> initializeRolesList(List<String> list, String str) throws OAuthScopeException {
        if (list != null) {
            return list;
        }
        try {
            return this.userStoreManager.getRoleListOfUser(str);
        } catch (UserStoreException e) {
            throw new OAuthScopeException("Error while retrieving user roles", e);
        }
    }
}
