package org.wso2.carbon.apimgt.keymgt.handlers;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.impl.handlers.ScopesIssuer;
import org.wso2.carbon.base.ServerConfigurationException;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.BaseCache;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.ResponseHeader;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.PasswordGrantHandler;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.config.RealmConfiguration;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/apimgt/keymgt/handlers/ExtendedPasswordGrantHandler.class */
public class ExtendedPasswordGrantHandler extends PasswordGrantHandler {
    private static Log log = LogFactory.getLog(ExtendedPasswordGrantHandler.class);
    private static final String CONFIG_ELEM_OAUTH = "OAuth";
    private static final String REQUIRED_CLAIM_URIS = "RequiredRespHeaderClaimUris";
    private BaseCache<String, Claim[]> userClaimsCache;
    private static final String CLAIM_URI = "ClaimUri";
    private static final String LOGIN_CONFIG = "LoginConfig";
    private static final String USERID_LOGIN = "UserIdLogin";
    private static final String EMAIL_LOGIN = "EmailLogin";
    private static final String PRIMARY_LOGIN = "primary";
    private Map<String, Map<String, String>> loginConfiguration = new ConcurrentHashMap();
    private List<String> requiredHeaderClaimUris = new ArrayList();

    public void init() throws IdentityOAuth2Exception {
        super.init();
        try {
            OMElement configElement = IdentityConfigParser.getInstance().getConfigElement(CONFIG_ELEM_OAUTH);
            parseRequiredHeaderClaimUris(configElement.getFirstChildWithName(getQNameWithIdentityNS(REQUIRED_CLAIM_URIS)));
            parseLoginConfig(configElement);
            this.userClaimsCache = new BaseCache<>("UserClaimsCache");
            if (this.userClaimsCache == null) {
                log.error("Error while creating UserClaimsCache");
            } else if (log.isDebugEnabled()) {
                log.debug("Successfully created UserClaimsCache under OAuthCacheManager");
            }
        } catch (ServerConfigurationException e) {
            log.error("Error when reading the OAuth Configurations. OAuth related functionality might be affected.", e);
        }
    }

    public boolean validateGrant(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        OAuth2AccessTokenReqDTO oauth2AccessTokenReqDTO = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO();
        String resourceOwnerUsername = oauth2AccessTokenReqDTO.getResourceOwnerUsername();
        oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(getLoginUserName(resourceOwnerUsername));
        boolean validateGrant = super.validateGrant(oAuthTokenReqMessageContext);
        if (validateGrant) {
            try {
                try {
                    UserStoreManager userStoreManager = OAuthComponentServiceHolder.getRealmService().getTenantUserRealm(IdentityUtil.getTenantIdOFUser(resourceOwnerUsername)).getUserStoreManager();
                    ArrayList arrayList = new ArrayList();
                    if (oauth2AccessTokenReqDTO.getResourceOwnerUsername() != null) {
                        try {
                            if (this.requiredHeaderClaimUris != null && this.requiredHeaderClaimUris.size() > 0) {
                                String addDomainToName = UserCoreUtil.addDomainToName(oauth2AccessTokenReqDTO.getResourceOwnerUsername(), UserCoreUtil.extractDomainFromName(oAuthTokenReqMessageContext.getAuthorizedUser()));
                                Claim[] userClaimValues = getUserClaimValues(addDomainToName, userStoreManager);
                                if (userClaimValues != null && userClaimValues.length > 0) {
                                    for (String str : this.requiredHeaderClaimUris) {
                                        int i = 0;
                                        while (true) {
                                            if (i < userClaimValues.length) {
                                                Claim claim = userClaimValues[i];
                                                if (str.equals(claim.getClaimUri())) {
                                                    ResponseHeader responseHeader = new ResponseHeader();
                                                    responseHeader.setKey(claim.getDisplayTag());
                                                    responseHeader.setValue(claim.getValue());
                                                    arrayList.add(responseHeader);
                                                    break;
                                                }
                                                i++;
                                            }
                                        }
                                    }
                                } else if (log.isDebugEnabled()) {
                                    log.debug("No claim values for user : " + addDomainToName);
                                }
                            }
                        } catch (Exception e) {
                            throw new IdentityOAuth2Exception(e.getMessage(), e);
                        }
                    }
                    oAuthTokenReqMessageContext.addProperty("RESPONSE_HEADERS", arrayList.toArray(new ResponseHeader[arrayList.size()]));
                } catch (UserStoreException e2) {
                    log.error("Error when getting the tenant's UserStoreManager", e2);
                    return false;
                }
            } catch (IdentityException e3) {
                throw new IdentityOAuth2Exception(e3.getMessage(), e3);
            }
        }
        return validateGrant;
    }

    public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        return ScopesIssuer.getInstance().setScopes(oAuthTokenReqMessageContext);
    }

    private String getLoginUserName(String str) {
        String str2 = str;
        if (isSecondaryLogin(str)) {
            str2 = getPrimaryFromSecondary(str);
        }
        return str2;
    }

    private boolean isSecondaryLogin(String str) {
        if (this.loginConfiguration.get(EMAIL_LOGIN) != null) {
            Map<String, String> map = this.loginConfiguration.get(EMAIL_LOGIN);
            if ("true".equalsIgnoreCase(map.get(PRIMARY_LOGIN))) {
                return !isUserLoggedInEmail(str);
            }
            if ("false".equalsIgnoreCase(map.get(PRIMARY_LOGIN))) {
                return isUserLoggedInEmail(str);
            }
        }
        if (this.loginConfiguration.get(USERID_LOGIN) == null) {
            return false;
        }
        Map<String, String> map2 = this.loginConfiguration.get(USERID_LOGIN);
        return "true".equalsIgnoreCase(map2.get(PRIMARY_LOGIN)) ? isUserLoggedInEmail(str) : "false".equalsIgnoreCase(map2.get(PRIMARY_LOGIN)) && !isUserLoggedInEmail(str);
    }

    private boolean isUserLoggedInEmail(String str) {
        return str.contains("@");
    }

    private String getPrimaryFromSecondary(String str) {
        String str2 = null;
        try {
            String[] userList = OAuthComponentServiceHolder.getRealmService().getUserRealm(new RealmConfiguration()).getUserStoreManager().getUserList(isUserLoggedInEmail(str) ? this.loginConfiguration.get(EMAIL_LOGIN).get(CLAIM_URI) : this.loginConfiguration.get(USERID_LOGIN).get(CLAIM_URI), str, (String) null);
            if (userList.length > 0) {
                str2 = userList[0].toString();
            }
        } catch (UserStoreException e) {
            log.error("Error while retrieving the primaryLogin name using secondary login name : " + str, e);
        }
        return str2;
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [org.wso2.carbon.user.api.Claim[], java.io.Serializable] */
    private Claim[] getUserClaimValues(String str, UserStoreManager userStoreManager) throws UserStoreException {
        Claim[] claimArr = (Claim[]) this.userClaimsCache.getValueFromCache(str);
        if (claimArr != null) {
            return claimArr;
        }
        if (log.isDebugEnabled()) {
            log.debug("Cache miss for user claims. Username :" + str);
        }
        ?? userClaimValues = userStoreManager.getUserClaimValues(str, (String) null);
        this.userClaimsCache.addToCache(str, (Serializable) userClaimValues);
        return userClaimValues;
    }

    private void parseRequiredHeaderClaimUris(OMElement oMElement) {
        Iterator childrenWithLocalName;
        if (oMElement == null || (childrenWithLocalName = oMElement.getChildrenWithLocalName(CLAIM_URI)) == null) {
            return;
        }
        while (childrenWithLocalName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithLocalName.next();
            if (oMElement2 != null) {
                this.requiredHeaderClaimUris.add(oMElement2.getText());
            }
        }
    }

    private void parseLoginConfig(OMElement oMElement) {
        OMElement firstChildWithName = oMElement.getFirstChildWithName(getQNameWithIdentityNS(LOGIN_CONFIG));
        if (firstChildWithName != null) {
            if (log.isDebugEnabled()) {
                log.debug("Login configuration is set ");
            }
            OMElement firstChildWithName2 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(EMAIL_LOGIN));
            OMElement firstChildWithName3 = firstChildWithName.getFirstChildWithName(getQNameWithIdentityNS(USERID_LOGIN));
            HashMap hashMap = new HashMap(2);
            hashMap.put(PRIMARY_LOGIN, firstChildWithName2.getAttributeValue(new QName(PRIMARY_LOGIN)));
            hashMap.put(CLAIM_URI, firstChildWithName2.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI)).getText());
            HashMap hashMap2 = new HashMap(2);
            hashMap2.put(PRIMARY_LOGIN, firstChildWithName3.getAttributeValue(new QName(PRIMARY_LOGIN)));
            hashMap2.put(CLAIM_URI, firstChildWithName3.getFirstChildWithName(getQNameWithIdentityNS(CLAIM_URI)).getText());
            this.loginConfiguration.put(EMAIL_LOGIN, hashMap);
            this.loginConfiguration.put(USERID_LOGIN, hashMap2);
        }
    }

    private QName getQNameWithIdentityNS(String str) {
        return new QName("http://wso2.org/projects/carbon/carbon.xml", str);
    }
}
