package org.wso2.carbon.apimgt.impl.utils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.cache.Caching;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.impl.XSAnyImpl;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder;
import org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/SystemScopeUtils.class */
public class SystemScopeUtils {
    private static final Log log = LogFactory.getLog(SystemScopeUtils.class);
    private static final String AUTHENTICATOR_NAME = "SAML2SSOAuthenticator";

    public static String[] getRolesFromAssertion(Assertion assertion) {
        ArrayList arrayList = new ArrayList();
        String roleClaim = getRoleClaim();
        List attributeStatements = assertion.getAttributeStatements();
        if (attributeStatements != null) {
            Iterator it = attributeStatements.iterator();
            while (it.hasNext()) {
                for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                    String name = attribute.getName();
                    if (name != null && roleClaim.equals(name)) {
                        List<XMLObject> attributeValues = attribute.getAttributeValues();
                        if (attributeValues != null && attributeValues.size() == 1) {
                            String[] split = getAttributeValue((XMLObject) attributeValues.get(0)).split(getAttributeSeparator());
                            if (log.isDebugEnabled()) {
                                log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + name + ", AttributeValue : " + Arrays.toString(split));
                            }
                            arrayList.addAll(Arrays.asList(split));
                        } else if (attributeValues != null && attributeValues.size() > 1) {
                            for (XMLObject xMLObject : attributeValues) {
                                String attributeValue = getAttributeValue(xMLObject);
                                if (log.isDebugEnabled()) {
                                    log.debug("Adding attributes for Assertion: " + assertion + " AttributeName : " + name + ", AttributeValue : " + xMLObject);
                                }
                                arrayList.add(attributeValue);
                            }
                        }
                    }
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Role list found for assertion: " + assertion + ", roles: " + arrayList);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private static String getAttributeValue(XMLObject xMLObject) {
        if (xMLObject == null) {
            return null;
        }
        return xMLObject instanceof XSString ? getStringAttributeValue((XSString) xMLObject) : xMLObject instanceof XSAnyImpl ? getAnyAttributeValue((XSAnyImpl) xMLObject) : xMLObject.toString();
    }

    private static String getStringAttributeValue(XSString xSString) {
        return xSString.getValue();
    }

    private static String getAnyAttributeValue(XSAnyImpl xSAnyImpl) {
        return xSAnyImpl.getTextContent();
    }

    private static String getAttributeSeparator() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig("SAML2SSOAuthenticator");
        if (authenticatorConfig == null) {
            return ",";
        }
        Map parameters = authenticatorConfig.getParameters();
        return parameters.containsKey(APIConstants.SystemScopeConstants.ATTRIBUTE_VALUE_SEPARATOR) ? (String) parameters.get(APIConstants.SystemScopeConstants.ATTRIBUTE_VALUE_SEPARATOR) : ",";
    }

    private static String getRoleClaim() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig("SAML2SSOAuthenticator");
        if (authenticatorConfig == null) {
            return APIConstants.SystemScopeConstants.ROLE_ATTRIBUTE_NAME;
        }
        Map parameters = authenticatorConfig.getParameters();
        return parameters.containsKey(APIConstants.SystemScopeConstants.ROLE_CLAIM_ATTRIBUTE) ? (String) parameters.get(APIConstants.SystemScopeConstants.ROLE_CLAIM_ATTRIBUTE) : APIConstants.SystemScopeConstants.ROLE_ATTRIBUTE_NAME;
    }

    public static Map<String, String> getRESTAPIScopesForTenant(String str) throws APIManagementException {
        Map<String, String> map = (Map) CacheProvider.getRESTAPIScopeCache().get(str);
        if (map == null) {
            map = getRESTAPIScopesFromConfig(getTenantRESTAPIScopesConfig(str), getTenantRESTAPIScopeRoleMappingsConfig(str));
            Caching.getCacheManager(APIConstants.SystemScopeConstants.EXTENTIONS_CACHE_MANAGER).getCache("REST_API_SCOPE_CACHE").put(str, map);
        }
        return map;
    }

    public static Map<String, String> getRESTAPIScopesFromConfig(JSONObject jSONObject, JSONObject jSONObject2) {
        HashMap hashMap = new HashMap();
        if (jSONObject != null) {
            Iterator it = ((JSONArray) jSONObject.get("Scope")).iterator();
            while (it.hasNext()) {
                JSONObject jSONObject3 = (JSONObject) it.next();
                String obj = jSONObject3.get("Name").toString();
                String obj2 = jSONObject3.get("Roles").toString();
                if (jSONObject2 != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("REST API scope role mappings exist. Hence proceeding to swap original scope roles for mapped scope roles.");
                    }
                    List<String> asList = Arrays.asList(obj2.split("\\s*,\\s*"));
                    ArrayList arrayList = new ArrayList();
                    for (String str : asList) {
                        String str2 = (String) jSONObject2.get(str);
                        if (str2 != null) {
                            if (log.isDebugEnabled()) {
                                log.debug(str + " was mapped to " + str2);
                            }
                            arrayList.add(str2);
                        } else {
                            arrayList.add(str);
                        }
                    }
                    obj2 = String.join(",", arrayList);
                }
                hashMap.put(obj, obj2);
            }
        }
        return hashMap;
    }

    public static JSONObject getTenantRESTAPIScopesConfig(String str) throws APIManagementException {
        JSONObject jSONObject = null;
        JSONObject tenantConfig = APIUtil.getTenantConfig(str);
        if (tenantConfig != null) {
            jSONObject = getRESTAPIScopesFromTenantConfig(tenantConfig);
            if (jSONObject == null) {
                throw new APIManagementException("RESTAPIScopes config does not exist for tenant " + str);
            }
        }
        return jSONObject;
    }

    public static JSONObject getTenantRESTAPIScopeRoleMappingsConfig(String str) throws APIManagementException {
        JSONObject jSONObject = null;
        JSONObject tenantConfig = APIUtil.getTenantConfig(str);
        if (tenantConfig != null) {
            jSONObject = getRESTAPIScopeRoleMappingsFromTenantConfig(tenantConfig);
            if (jSONObject == null && log.isDebugEnabled()) {
                log.debug("No REST API role mappings are defined for the tenant " + str);
            }
        }
        return jSONObject;
    }

    public static void loadTenantConfigBlockingMode(String str) {
        try {
            TenantAxisUtils.getTenantAxisConfiguration(str, ServiceReferenceHolder.getContextService().getServerConfigContext());
        } catch (Exception e) {
            log.error("Error while creating axis configuration for tenant " + str, e);
        }
    }

    public static int getTenantIdFromTenantDomain(String str) {
        RealmService realmService = ServiceReferenceHolder.getInstance().getRealmService();
        if (realmService == null || str == null) {
            return -1234;
        }
        try {
            return realmService.getTenantManager().getTenantId(str);
        } catch (UserStoreException e) {
            log.error("Failed to get the Tenant Id of the the Tenant Domain : " + str, e);
            return -1;
        }
    }

    private static JSONObject getRESTAPIScopesFromTenantConfig(JSONObject jSONObject) {
        return (JSONObject) jSONObject.get("RESTAPIScopes");
    }

    private static JSONObject getRESTAPIScopeRoleMappingsFromTenantConfig(JSONObject jSONObject) {
        return (JSONObject) jSONObject.get("RoleMappings");
    }
}
