package org.wso2.carbon.apimgt.keymgt.handlers;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.cache.Cache;
import javax.cache.Caching;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/ScopesIssuer.class */
public class ScopesIssuer {
    private static Log log = LogFactory.getLog(ScopesIssuer.class);

    public boolean setScopes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        Map scopeRolesOfApplication;
        String[] scope = oAuthTokenReqMessageContext.getScope();
        String[] strArr = {"default"};
        if (scope == null || scope.length == 0) {
            oAuthTokenReqMessageContext.setScope(strArr);
            return true;
        }
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
        String appUserScopeCacheKey = getAppUserScopeCacheKey(clientId, authorizedUser, scope);
        Cache cache = Caching.getCacheManager("API_MANAGER_CACHE").getCache("appUserScopeCache");
        if (cache.containsKey(appUserScopeCacheKey)) {
            oAuthTokenReqMessageContext.setScope((String[]) cache.get(appUserScopeCacheKey));
            return true;
        }
        List<String> asList = Arrays.asList(scope);
        try {
            Cache cache2 = Caching.getCacheManager("API_MANAGER_CACHE").getCache("appScopeCache");
            if (cache2.containsKey(clientId)) {
                scopeRolesOfApplication = (Map) cache2.get(clientId);
            } else {
                scopeRolesOfApplication = new ApiMgtDAO().getScopeRolesOfApplication(clientId);
                if (scopeRolesOfApplication == null) {
                    scopeRolesOfApplication = new HashMap();
                }
                cache2.put(clientId, scopeRolesOfApplication);
            }
            if (scopeRolesOfApplication.isEmpty()) {
                if (log.isDebugEnabled()) {
                    log.debug("No scopes defined for the Application " + oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId());
                }
                oAuthTokenReqMessageContext.setScope(strArr);
                cache.put(appUserScopeCacheKey, strArr);
                return true;
            }
            try {
                String[] roleListOfUser = OAuthComponentServiceHolder.getRealmService().getTenantUserRealm(IdentityUtil.getTenantIdOFUser(authorizedUser)).getUserStoreManager().getRoleListOfUser(MultitenantUtils.getTenantAwareUsername(authorizedUser));
                if (roleListOfUser == null || roleListOfUser.length == 0) {
                    if (log.isDebugEnabled()) {
                        log.debug("Could not find roles of the user.");
                    }
                    oAuthTokenReqMessageContext.setScope(strArr);
                    cache.put(appUserScopeCacheKey, strArr);
                    return true;
                }
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList(Arrays.asList(roleListOfUser));
                for (String str : asList) {
                    String str2 = (String) scopeRolesOfApplication.get(str);
                    if (str2 != null && str2.length() != 0) {
                        ArrayList arrayList3 = new ArrayList(Arrays.asList(str2.replaceAll(" ", "").split(",")));
                        arrayList3.retainAll(arrayList2);
                        if (!arrayList3.isEmpty()) {
                            arrayList.add(str);
                        }
                    } else if (scopeRolesOfApplication.containsKey(str) || str.startsWith("device_")) {
                        arrayList.add(str);
                    }
                }
                if (arrayList.isEmpty()) {
                    cache.put(appUserScopeCacheKey, strArr);
                    oAuthTokenReqMessageContext.setScope(strArr);
                } else {
                    String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
                    cache.put(appUserScopeCacheKey, strArr2);
                    oAuthTokenReqMessageContext.setScope(strArr2);
                }
                return true;
            } catch (UserStoreException e) {
                log.error("Error when getting the tenant's UserStoreManager or when getting roles of user ", e);
                return false;
            } catch (IdentityException e2) {
                log.error("Error when obtaining tenant Id of user " + authorizedUser, e2);
                return false;
            }
        } catch (APIManagementException e3) {
            log.error("Error while getting scopes of application " + e3.getMessage());
            return false;
        }
    }

    private String getAppUserScopeCacheKey(String str, String str2, String[] strArr) {
        StringBuilder sb = new StringBuilder("");
        for (String str3 : strArr) {
            sb.append(str3);
        }
        return "" + str + ":" + str2 + ":" + sb.toString().hashCode();
    }
}
