package org.wso2.carbon.identity.oauth.uma.permission.endpoint;

import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.auth.service.AuthenticationContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.uma.common.HandleErrorResponseConstants;
import org.wso2.carbon.identity.oauth.uma.common.UMAConstants;
import org.wso2.carbon.identity.oauth.uma.common.exception.UMAException;
import org.wso2.carbon.identity.oauth.uma.common.exception.UMAServerException;
import org.wso2.carbon.identity.oauth.uma.permission.endpoint.dto.ErrorResponseDTO;
import org.wso2.carbon.identity.oauth.uma.permission.endpoint.dto.PermissionTicketResponseDTO;
import org.wso2.carbon.identity.oauth.uma.permission.endpoint.dto.ResourceModelDTO;
import org.wso2.carbon.identity.oauth.uma.permission.endpoint.exception.PermissionEndpointException;
import org.wso2.carbon.identity.oauth.uma.permission.service.PermissionService;
import org.wso2.carbon.identity.oauth.uma.permission.service.model.PermissionTicketModel;
import org.wso2.carbon.identity.oauth.uma.permission.service.model.Resource;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.oauth.uma.permission-1.3.5.jar:org/wso2/carbon/identity/oauth/uma/permission/endpoint/PermissionApiServiceImpl.class */
public class PermissionApiServiceImpl extends PermissionApiService {
    private static Log log = LogFactory.getLog(PermissionApiServiceImpl.class);
    public static final String PAT_SCOPE = "uma_protection";
    public static final String OAUTH2_ALLOWED_SCOPES = "oauth2-allowed-scopes";
    private static final String AUTH_CONTEXT = "auth-context";
    private static final String CONSUMER_KEY = "consumer-key";

    @Override // org.wso2.carbon.identity.oauth.uma.permission.endpoint.PermissionApiService
    public Response requestPermission(ResourceModelDTO resourceModelDTO, MessageContext messageContext) {
        String consumerKey = getConsumerKey(messageContext);
        String userNameWithDomain = getUserNameWithDomain(messageContext);
        String str = null;
        String str2 = null;
        if (userNameWithDomain != null) {
            str2 = UserCoreUtil.removeDomainFromName(userNameWithDomain);
            str = IdentityUtil.extractDomainFromName(userNameWithDomain);
        }
        if (!isValidTokenScope(messageContext) || str2 == null || consumerKey == null) {
            if (log.isDebugEnabled()) {
                log.debug("Required context information not available in the access token.");
            }
            return Response.status(Response.Status.UNAUTHORIZED).entity(getErrorResponseDTO("unauthorized", "Unauthorized user")).build();
        }
        if (resourceModelDTO == null) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid permission request with client: " + consumerKey + " resource owner: " + userNameWithDomain);
            }
            return Response.status(Response.Status.BAD_REQUEST).entity(getErrorResponseDTO("invalid_request", "Empty request body")).build();
        }
        PermissionTicketModel permissionTicketModel = null;
        try {
            permissionTicketModel = ((PermissionService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(PermissionService.class, (Hashtable) null)).issuePermissionTicket(getPermissionTicketRequest(resourceModelDTO), PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(), str2, consumerKey, str);
        } catch (UMAException e) {
            handleErrorResponse("Error when requesting permission for client: " + consumerKey + " resource owner: " + userNameWithDomain, e);
        }
        PermissionTicketResponseDTO permissionTicketResponseDTO = new PermissionTicketResponseDTO();
        if (permissionTicketModel != null) {
            permissionTicketResponseDTO.setTicket(permissionTicketModel.getTicket());
        } else {
            handleErrorResponse("Error when requesting permission for client: " + consumerKey + " resource owner: " + userNameWithDomain, new UMAServerException(UMAConstants.ErrorMessages.ERROR_UNEXPECTED));
        }
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("PermissionTicket")) {
                log.debug("Permission Ticket created: " + permissionTicketResponseDTO.getTicket() + " for client: " + consumerKey + " resource owner: " + userNameWithDomain);
            } else {
                log.debug("Permission Ticket created.");
            }
        }
        return Response.status(Response.Status.CREATED).entity(permissionTicketResponseDTO).build();
    }

    private boolean isValidTokenScope(MessageContext messageContext) {
        String[] strArr = null;
        if (messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext) {
            strArr = (String[]) ((AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT)).getParameter(OAUTH2_ALLOWED_SCOPES);
        }
        return ArrayUtils.contains(strArr, PAT_SCOPE);
    }

    private String getUserNameWithDomain(MessageContext messageContext) {
        if (!(messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext)) {
            return null;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT);
        if (authenticationContext.getUser() != null) {
            return authenticationContext.getUser().getUserName();
        }
        return null;
    }

    private String getConsumerKey(MessageContext messageContext) {
        if (!(messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT) instanceof AuthenticationContext)) {
            return null;
        }
        AuthenticationContext authenticationContext = (AuthenticationContext) messageContext.getHttpServletRequest().getAttribute(AUTH_CONTEXT);
        if (authenticationContext.getParameter(CONSUMER_KEY) != null) {
            return String.valueOf(authenticationContext.getParameter(CONSUMER_KEY));
        }
        return null;
    }

    private List<Resource> getPermissionTicketRequest(ResourceModelDTO resourceModelDTO) {
        ArrayList arrayList = new ArrayList();
        resourceModelDTO.forEach(resourceModelInnerDTO -> {
            Resource resource = new Resource();
            resource.setResourceId(resourceModelInnerDTO.getResourceId());
            ArrayList arrayList2 = new ArrayList();
            arrayList2.addAll(resourceModelInnerDTO.getResourceScopes());
            resource.setResourceScopes(arrayList2);
            arrayList.add(resource);
        });
        return arrayList;
    }

    private void handleErrorResponse(String str, UMAException uMAException) throws PermissionEndpointException {
        String code = uMAException.getCode();
        String str2 = null;
        Response.Status status = Response.Status.INTERNAL_SERVER_ERROR;
        boolean z = true;
        if (uMAException instanceof UMAServerException) {
            log.error(str, uMAException);
        } else {
            log.error(str + " - " + uMAException.getErrorLogMessage());
            if (log.isDebugEnabled()) {
                log.debug(str, uMAException);
            }
            if (HandleErrorResponseConstants.RESPONSE_DATA_MAP.containsKey(code)) {
                String str3 = ((String[]) HandleErrorResponseConstants.RESPONSE_DATA_MAP.get(code))[0];
                str2 = ((String[]) HandleErrorResponseConstants.RESPONSE_DATA_MAP.get(code))[1];
                status = Response.Status.fromStatusCode(Integer.parseInt(str3));
                z = false;
            }
        }
        throw buildPermissionEndpointException(status, str2, uMAException.getMessage(), z);
    }

    private PermissionEndpointException buildPermissionEndpointException(Response.Status status, String str, String str2, boolean z) {
        return z ? new PermissionEndpointException(status) : new PermissionEndpointException(status, getErrorResponseDTO(str, str2));
    }

    private ErrorResponseDTO getErrorResponseDTO(String str, String str2) {
        ErrorResponseDTO errorResponseDTO = new ErrorResponseDTO();
        errorResponseDTO.setError(str);
        errorResponseDTO.setErrorDescription(str2);
        return errorResponseDTO;
    }
}
