package org.wso2.carbon.identity.provisioning;

import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.cache.CacheKey;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig;
import org.wso2.carbon.identity.application.common.model.RoleMapping;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCache;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheKey;
import org.wso2.carbon.identity.provisioning.dao.CacheBackedProvisioningMgtDAO;
import org.wso2.carbon.identity.provisioning.dao.ProvisioningManagementDAO;
import org.wso2.carbon.identity.provisioning.internal.IdentityProvisionServiceComponent;
import org.wso2.carbon.identity.provisioning.rules.XACMLBasedRuleHandler;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.idp.mgt.util.IdPManagementUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.claim.Claim;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.class */
public class OutboundProvisioningManager {
    private static final Log log = LogFactory.getLog(OutboundProvisioningManager.class);
    private static CacheBackedProvisioningMgtDAO dao = new CacheBackedProvisioningMgtDAO(new ProvisioningManagementDAO());
    private static OutboundProvisioningManager provisioningManager = new OutboundProvisioningManager();

    private OutboundProvisioningManager() {
    }

    public static OutboundProvisioningManager getInstance() {
        return provisioningManager;
    }

    private static int getTenantIdOfDomain(String str) throws IdentityApplicationManagementException {
        try {
            return IdPManagementUtil.getTenantIdOfDomain(str);
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new IdentityApplicationManagementException("Error occurred while getting Tenant Id from Tenant domain " + str);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v35, types: [org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry, java.io.Serializable] */
    private Map<String, RuntimeProvisioningConfig> getOutboundProvisioningConnectors(ServiceProvider serviceProvider, String str) throws IdentityProvisioningException {
        HashMap hashMap = new HashMap();
        String str2 = null;
        int i = -1234;
        if (CarbonContext.getThreadLocalCarbonContext() != null) {
            str2 = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            i = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(-1234);
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            if (serviceProvider == null || str2 == null) {
                throw new IdentityProvisioningException("Error reading service provider from cache.");
            }
            CacheKey serviceProviderProvisioningConnectorCacheKey = new ServiceProviderProvisioningConnectorCacheKey(serviceProvider.getApplicationName(), str2);
            ServiceProviderProvisioningConnectorCacheEntry serviceProviderProvisioningConnectorCacheEntry = (ServiceProviderProvisioningConnectorCacheEntry) ServiceProviderProvisioningConnectorCache.getInstance().getValueFromCache(serviceProviderProvisioningConnectorCacheKey);
            if (serviceProviderProvisioningConnectorCacheEntry != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Provisioning cache HIT for " + serviceProvider + " of " + str);
                }
                Map<String, RuntimeProvisioningConfig> connectors = serviceProviderProvisioningConnectorCacheEntry.getConnectors();
                PrivilegedCarbonContext.endTenantFlow();
                if (str2 != null) {
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
                }
                return connectors;
            }
            PrivilegedCarbonContext.endTenantFlow();
            if (str2 != null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
            }
            Map<String, AbstractProvisioningConnectorFactory> connectorFactories = IdentityProvisionServiceComponent.getConnectorFactories();
            OutboundProvisioningConfig outboundProvisioningConfig = serviceProvider.getOutboundProvisioningConfig();
            if (outboundProvisioningConfig == null) {
                if (log.isDebugEnabled()) {
                    log.debug("No outbound provisioning configuration defined for local service provider.");
                }
                return new HashMap();
            }
            IdentityProvider[] provisioningIdentityProviders = outboundProvisioningConfig.getProvisioningIdentityProviders();
            if (provisioningIdentityProviders != null && provisioningIdentityProviders.length > 0) {
                for (IdentityProvider identityProvider : provisioningIdentityProviders) {
                    try {
                        ProvisioningConnectorConfig defaultProvisioningConnectorConfig = identityProvider.getDefaultProvisioningConnectorConfig();
                        if (defaultProvisioningConnectorConfig != null) {
                            String name = identityProvider.getDefaultProvisioningConnectorConfig().getName();
                            boolean z = false;
                            if (identityProvider.getJustInTimeProvisioningConfig() != null && identityProvider.getJustInTimeProvisioningConfig().isProvisioningEnabled()) {
                                z = true;
                            }
                            AbstractOutboundProvisioningConnector outboundProvisioningConnector = getOutboundProvisioningConnector(identityProvider, connectorFactories, str, z);
                            if (outboundProvisioningConnector != null) {
                                RuntimeProvisioningConfig runtimeProvisioningConfig = new RuntimeProvisioningConfig();
                                runtimeProvisioningConfig.setProvisioningConnectorEntry(new AbstractMap.SimpleEntry(name, outboundProvisioningConnector));
                                runtimeProvisioningConfig.setBlocking(defaultProvisioningConnectorConfig.isBlocking());
                                runtimeProvisioningConfig.setPolicyEnabled(defaultProvisioningConnectorConfig.isRulesEnabled());
                                hashMap.put(identityProvider.getIdentityProviderName(), runtimeProvisioningConfig);
                            }
                        }
                    } catch (IdentityProviderManagementException e) {
                        throw new IdentityProvisioningException("Error while retrieving idp configuration for " + identityProvider.getIdentityProviderName(), e);
                    }
                }
            }
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext2 = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext2.setTenantId(-1234);
                threadLocalCarbonContext2.setTenantDomain("carbon.super");
                ?? serviceProviderProvisioningConnectorCacheEntry2 = new ServiceProviderProvisioningConnectorCacheEntry();
                serviceProviderProvisioningConnectorCacheEntry2.setConnectors(hashMap);
                ServiceProviderProvisioningConnectorCache.getInstance().addToCache(serviceProviderProvisioningConnectorCacheKey, serviceProviderProvisioningConnectorCacheEntry2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
                if (log.isDebugEnabled()) {
                    log.debug("Entry added successfully ");
                }
                return hashMap;
            } catch (Throwable th) {
                PrivilegedCarbonContext.endTenantFlow();
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
                throw th;
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
            if (str2 != null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
            }
        }
    }

    private AbstractOutboundProvisioningConnector getOutboundProvisioningConnector(IdentityProvider identityProvider, Map<String, AbstractProvisioningConnectorFactory> map, String str, boolean z) throws IdentityProviderManagementException, IdentityProvisioningException {
        String identityProviderName = identityProvider.getIdentityProviderName();
        String name = identityProvider.getDefaultProvisioningConnectorConfig().getName();
        IdentityProvider enabledIdPByName = IdentityProviderManager.getInstance().getEnabledIdPByName(identityProviderName, str);
        if (enabledIdPByName == null) {
            throw new IdentityProvisioningException("Provisioning identity provider not available in the system. Idp Name : " + identityProviderName);
        }
        ProvisioningConnectorConfig[] provisioningConnectorConfigs = enabledIdPByName.getProvisioningConnectorConfigs();
        if (provisioningConnectorConfigs == null || provisioningConnectorConfigs.length <= 0) {
            return null;
        }
        for (ProvisioningConnectorConfig provisioningConnectorConfig : provisioningConnectorConfigs) {
            if (name.equals(provisioningConnectorConfig.getName()) && provisioningConnectorConfig.isEnabled()) {
                AbstractProvisioningConnectorFactory abstractProvisioningConnectorFactory = map.get(name);
                Property[] provisioningProperties = provisioningConnectorConfig.getProvisioningProperties();
                if (z) {
                    Property property = new Property();
                    property.setName(IdentityProvisioningConstants.JIT_PROVISIONING_ENABLED);
                    property.setValue(IdentityProvisioningConstants.IS_TRUE_VALUE);
                    provisioningProperties = IdentityApplicationManagementUtil.concatArrays(provisioningProperties, new Property[]{property});
                }
                Property property2 = new Property();
                property2.setName("userIdClaimUri");
                if (enabledIdPByName.getClaimConfig() == null || enabledIdPByName.getClaimConfig().getUserClaimURI() == null) {
                    property2.setValue("");
                } else {
                    property2.setValue(enabledIdPByName.getClaimConfig().getUserClaimURI());
                }
                ArrayList arrayList = new ArrayList(Arrays.asList(provisioningProperties));
                arrayList.add(property2);
                return abstractProvisioningConnectorFactory.getConnector(identityProviderName, (Property[]) arrayList.toArray(new Property[arrayList.size()]), str);
            }
        }
        return null;
    }

    public void provision(ProvisioningEntity provisioningEntity, String str, String str2, String str3, boolean z) throws IdentityProvisioningException {
        try {
            if (provisioningEntity.getEntityName() == null) {
                setProvisioningEntityName(provisioningEntity);
            }
            ServiceProvider serviceProvider = ApplicationManagementService.getInstance().getServiceProvider(str, str3);
            String str4 = str3;
            if (serviceProvider.isSaasApp() && ProvisioningUtil.isUserTenantBasedOutboundProvisioningEnabled()) {
                str4 = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            }
            if (serviceProvider == null) {
                throw new IdentityProvisioningException("Invalid service provider name : " + str);
            }
            ClaimMapping[] claimMappingArr = null;
            if (str2 == null && serviceProvider.getClaimConfig() != null) {
                claimMappingArr = serviceProvider.getClaimConfig().getClaimMappings();
            }
            Map<String, RuntimeProvisioningConfig> outboundProvisioningConnectors = getOutboundProvisioningConnectors(serviceProvider, str3);
            ExecutorService newFixedThreadPool = MapUtils.isNotEmpty(outboundProvisioningConnectors) ? Executors.newFixedThreadPool(outboundProvisioningConnectors.size()) : null;
            for (Map.Entry<String, RuntimeProvisioningConfig> entry : outboundProvisioningConnectors.entrySet()) {
                Map.Entry<String, AbstractOutboundProvisioningConnector> provisioningConnectorEntry = entry.getValue().getProvisioningConnectorEntry();
                AbstractOutboundProvisioningConnector value = provisioningConnectorEntry.getValue();
                String key = provisioningConnectorEntry.getKey();
                String key2 = entry.getKey();
                IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(key2, str3);
                if (idPByName == null) {
                    throw new IdentityProvisioningException("Invalid identity provider name : " + key2);
                }
                String claimDialectUri = value.getClaimDialectUri();
                if (claimDialectUri == null && (idPByName.getClaimConfig() == null || idPByName.getClaimConfig().isLocalClaimDialect())) {
                    claimDialectUri = "http://wso2.org/claims";
                }
                ClaimMapping[] claimMappings = idPByName.getClaimConfig() != null ? idPByName.getClaimConfig().getClaimMappings() : null;
                Map<ClaimMapping, List<String>> mappedClaims = getMappedClaims(str2, claimDialectUri, provisioningEntity, claimMappingArr, claimMappings, str3);
                if (idPByName.getPermissionAndRoleConfig() != null) {
                    updateProvisioningUserWithMappedRoles(provisioningEntity, idPByName.getPermissionAndRoleConfig().getRoleMappings());
                }
                ProvisionedIdentifier provisionedEntityIdentifier = getProvisionedEntityIdentifier(key2, key, provisioningEntity, str3);
                ProvisioningOperation operation = provisioningEntity.getOperation();
                if (ProvisioningOperation.DELETE.equals(operation) && (provisionedEntityIdentifier == null || provisionedEntityIdentifier.getIdentifier() == null)) {
                    return;
                }
                if (provisionedEntityIdentifier == null || provisionedEntityIdentifier.getIdentifier() == null) {
                    operation = ProvisioningOperation.POST;
                }
                String[] strArr = new String[0];
                if (idPByName.getProvisioningRole() != null) {
                    strArr = idPByName.getProvisioningRole().trim().split("\\s*,[,\\s]*");
                }
                if (provisioningEntity.getEntityType() == ProvisioningEntityType.GROUP && Arrays.asList(strArr).contains(provisioningEntity.getEntityName())) {
                    Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
                    List<String> list = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.NEW_USER_CLAIM_URI, (String) null, (String) null, false));
                    List<String> list2 = attributes.get(ClaimMapping.build(IdentityProvisioningConstants.DELETED_USER_CLAIM_URI, (String) null, (String) null, false));
                    for (String str5 : list) {
                        ProvisioningEntity inboundProvisioningEntity = getInboundProvisioningEntity(provisioningEntity, str4, ProvisioningOperation.POST, str5);
                        ProvisionedIdentifier provisionedEntityIdentifier2 = getProvisionedEntityIdentifier(key2, key, inboundProvisioningEntity, str3);
                        if (provisionedEntityIdentifier2 == null || provisionedEntityIdentifier2.getIdentifier() == null) {
                            ProvisioningEntity provisioningEntity2 = new ProvisioningEntity(ProvisioningEntityType.USER, str5, ProvisioningOperation.POST, getMappedClaims(str2, claimDialectUri, inboundProvisioningEntity, claimMappingArr, claimMappings, str3));
                            ProvisioningThread provisioningThread = new ProvisioningThread(provisioningEntity2, str3, str4, value, key, key2, dao);
                            provisioningEntity2.setIdentifier(provisionedEntityIdentifier);
                            provisioningEntity2.setJitProvisioning(z);
                            executeOutboundProvisioning(provisioningEntity, newFixedThreadPool, key, key2, provisioningThread, entry.getValue().isBlocking());
                        }
                    }
                    for (String str6 : list2) {
                        ProvisioningEntity inboundProvisioningEntity2 = getInboundProvisioningEntity(provisioningEntity, str4, ProvisioningOperation.DELETE, str6);
                        ProvisionedIdentifier provisionedEntityIdentifier3 = getProvisionedEntityIdentifier(key2, key, inboundProvisioningEntity2, str3);
                        if (provisionedEntityIdentifier3 != null && provisionedEntityIdentifier3.getIdentifier() != null) {
                            ProvisioningEntity provisioningEntity3 = new ProvisioningEntity(ProvisioningEntityType.USER, str6, ProvisioningOperation.DELETE, getMappedClaims(str2, claimDialectUri, inboundProvisioningEntity2, claimMappingArr, claimMappings, str3));
                            ProvisioningThread provisioningThread2 = new ProvisioningThread(provisioningEntity3, str3, str4, value, key, key2, dao);
                            provisioningEntity3.setIdentifier(provisionedEntityIdentifier3);
                            provisioningEntity3.setJitProvisioning(z);
                            executeOutboundProvisioning(provisioningEntity, newFixedThreadPool, key, key2, provisioningThread2, entry.getValue().isBlocking());
                        }
                    }
                } else {
                    if (!canUserBeProvisioned(provisioningEntity, strArr, str4)) {
                        if (canUserBeDeProvisioned(provisionedEntityIdentifier)) {
                            operation = ProvisioningOperation.DELETE;
                        }
                    }
                    if (!skipOutBoundProvisioning(operation, provisioningEntity, str2)) {
                        ProvisioningEntity provisioningEntity4 = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), operation, mappedClaims);
                        ProvisioningThread provisioningThread3 = new ProvisioningThread(provisioningEntity4, str3, str4, value, key, key2, dao);
                        provisioningEntity4.setIdentifier(provisionedEntityIdentifier);
                        provisioningEntity4.setJitProvisioning(z);
                        boolean isBlocking = entry.getValue().isBlocking();
                        if (entry.getValue().isPolicyEnabled() ? XACMLBasedRuleHandler.getInstance().isAllowedToProvision(str3, provisioningEntity, serviceProvider, key2, key) : true) {
                            executeOutboundProvisioning(provisioningEntity, newFixedThreadPool, key, key2, provisioningThread3, isBlocking);
                        }
                    }
                }
            }
            if (newFixedThreadPool != null) {
                newFixedThreadPool.shutdown();
            }
        } catch (CarbonException | IdentityApplicationManagementException | IdentityProviderManagementException | UserStoreException e) {
            throw new IdentityProvisioningException("Error occurred while checking for user provisioning", e);
        }
    }

    private void executeOutboundProvisioning(ProvisioningEntity provisioningEntity, ExecutorService executorService, String str, String str2, Callable<Boolean> callable, boolean z) throws IdentityProvisioningException {
        if (!z) {
            executorService.submit(callable);
            return;
        }
        try {
            if (callable.call().booleanValue()) {
                return;
            }
            if (executorService != null) {
                executorService.shutdown();
            }
            throw new IdentityProvisioningException(generateMessageOnFailureProvisioningOperation(str2, str, provisioningEntity));
        } catch (Exception e) {
            handleException(str2, str, provisioningEntity, executorService, e);
        }
    }

    private ProvisioningEntity getInboundProvisioningEntity(ProvisioningEntity provisioningEntity, String str, ProvisioningOperation provisioningOperation, String str2) throws CarbonException, UserStoreException {
        HashMap hashMap = new HashMap();
        if (str2 != null) {
            hashMap.put(ClaimMapping.build(IdentityProvisioningConstants.USERNAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(str2));
        }
        List<String> userRoles = getUserRoles(str2, str);
        if (userRoles != null) {
            hashMap.put(ClaimMapping.build(IdentityProvisioningConstants.GROUP_CLAIM_URI, (String) null, (String) null, false), userRoles);
        }
        String str3 = str2;
        String domainFromName = getDomainFromName(provisioningEntity.getEntityName());
        if (domainFromName != null && !domainFromName.equals("Internal")) {
            if (log.isDebugEnabled()) {
                log.debug("Adding domain name : " + domainFromName + " to user : " + str2);
            }
            str3 = UserCoreUtil.addDomainToName(str2, domainFromName);
        }
        ProvisioningEntity provisioningEntity2 = new ProvisioningEntity(ProvisioningEntityType.USER, str3, provisioningOperation, hashMap);
        provisioningEntity2.setInboundAttributes(getUserClaims(str2, str));
        return provisioningEntity2;
    }

    private String generateMessageOnFailureProvisioningOperation(String str, String str2, ProvisioningEntity provisioningEntity) {
        if (log.isDebugEnabled()) {
            log.error(("Provisioning failed for IDP = " + str + " Connector Type =" + str2 + " ") + " Provisioned entity name = " + provisioningEntity.getEntityName() + " For operation = " + provisioningEntity.getOperation() + " failed  ");
        }
        return "Provisioning failed for IDP = " + str + " with Entity name=" + provisioningEntity.getEntityName();
    }

    private void updateProvisioningUserWithMappedRoles(ProvisioningEntity provisioningEntity, RoleMapping[] roleMappingArr) {
        if (ArrayUtils.isEmpty(roleMappingArr)) {
            return;
        }
        updateMappedGroupForAttribute(provisioningEntity, roleMappingArr, IdentityProvisioningConstants.GROUP_CLAIM_URI);
        updateMappedGroupForAttribute(provisioningEntity, roleMappingArr, IdentityProvisioningConstants.NEW_GROUP_CLAIM_URI);
        updateMappedGroupForAttribute(provisioningEntity, roleMappingArr, IdentityProvisioningConstants.DELETED_GROUP_CLAIM_URI);
    }

    private List<String> getMappedGroups(List<String> list, RoleMapping[] roleMappingArr) {
        if (CollectionUtils.isEmpty(list)) {
            return new ArrayList();
        }
        HashMap hashMap = new HashMap();
        for (RoleMapping roleMapping : roleMappingArr) {
            hashMap.put(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getRemoteRole());
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String str = (String) hashMap.get(it.next());
            if (str != null) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private Map<ClaimMapping, List<String>> getMappedClaims(String str, String str2, ProvisioningEntity provisioningEntity, ClaimMapping[] claimMappingArr, ClaimMapping[] claimMappingArr2, String str3) throws IdentityApplicationManagementException {
        Map<String, String> inboundAttributes = provisioningEntity.getInboundAttributes();
        return str2 != null ? str == null ? ProvisioningUtil.getMappedClaims(str2, inboundAttributes, claimMappingArr, provisioningEntity.getAttributes(), str3) : ProvisioningUtil.getMappedClaims(str2, inboundAttributes, str, provisioningEntity.getAttributes(), str3) : str == null ? ProvisioningUtil.getMappedClaims(claimMappingArr2, inboundAttributes, claimMappingArr, provisioningEntity.getAttributes()) : ProvisioningUtil.getMappedClaims(claimMappingArr2, inboundAttributes, str, provisioningEntity.getAttributes(), str3);
    }

    protected List<String> getGroupNames(Map<ClaimMapping, List<String>> map) {
        return ProvisioningUtil.getClaimValues(map, IdentityProvisioningConstants.GROUP_CLAIM_URI, null);
    }

    private String getUserName(Map<ClaimMapping, List<String>> map) {
        List<String> claimValues = ProvisioningUtil.getClaimValues(map, IdentityProvisioningConstants.USERNAME_CLAIM_URI, null);
        if (CollectionUtils.isNotEmpty(claimValues)) {
            return claimValues.get(0);
        }
        return null;
    }

    protected boolean canUserBeProvisioned(ProvisioningEntity provisioningEntity, String[] strArr, String str) throws UserStoreException, CarbonException {
        if (provisioningEntity.getEntityType() != ProvisioningEntityType.USER || strArr == null || strArr.length == 0) {
            return true;
        }
        if (provisioningEntity.getAttributes() == null || !StringUtils.isNotBlank(provisioningEntity.getEntityName())) {
            return false;
        }
        String entityName = provisioningEntity.getEntityName();
        List<String> asList = Arrays.asList(strArr);
        return userHasProvisioningRoles(getUserRoles(entityName, str), asList, entityName) || userHasProvisioningRoles(provisioningEntity.getAttributes().get(ClaimMapping.build(IdentityProvisioningConstants.GROUP_CLAIM_URI, (String) null, (String) null, false)), asList, entityName);
    }

    protected boolean canUserBeDeProvisioned(ProvisionedIdentifier provisionedIdentifier) throws UserStoreException, CarbonException, IdentityApplicationManagementException {
        return (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) ? false : true;
    }

    private List<String> getUserRoles(String str, String str2) throws CarbonException, UserStoreException {
        return Arrays.asList(AnonymousSessionUtil.getRealmByTenantDomain(IdentityProvisionServiceComponent.getRegistryService(), IdentityProvisionServiceComponent.getRealmService(), str2).getUserStoreManager().getRoleListOfUser(str));
    }

    private Map<String, String> getUserClaims(String str, String str2) throws CarbonException, UserStoreException {
        HashMap hashMap = new HashMap();
        Claim[] claimArr = null;
        try {
            claimArr = AnonymousSessionUtil.getRealmByTenantDomain(IdentityProvisionServiceComponent.getRegistryService(), IdentityProvisionServiceComponent.getRealmService(), str2).getUserStoreManager().getUserClaimValues(str, (String) null);
        } catch (UserStoreException e) {
            if (!e.getMessage().contains("UserNotFound")) {
                throw e;
            }
            if (log.isDebugEnabled()) {
                log.debug("User " + str + " not found in user store");
            }
        }
        if (claimArr != null) {
            for (Claim claim : claimArr) {
                hashMap.put(claim.getClaimUri(), claim.getValue());
            }
        }
        return hashMap;
    }

    private String getUserIdClaimValue(String str, String str2) {
        return null;
    }

    private ProvisionedIdentifier getProvisionedEntityIdentifier(String str, String str2, ProvisioningEntity provisioningEntity, String str3) throws IdentityApplicationManagementException {
        return dao.getProvisionedIdentifier(str, str2, provisioningEntity, getTenantIdOfDomain(str3), str3);
    }

    private String getDomainFromName(String str) {
        int indexOf = str.indexOf("/");
        return indexOf > 0 ? str.substring(0, indexOf) : "PRIMARY";
    }

    protected void handleException(String str, String str2, ProvisioningEntity provisioningEntity, ExecutorService executorService, Exception exc) {
        if (log.isDebugEnabled()) {
            log.debug(generateMessageOnFailureProvisioningOperation(str, str2, provisioningEntity), exc);
        }
    }

    private ProvisioningEntity setProvisioningEntityName(ProvisioningEntity provisioningEntity) throws IdentityApplicationManagementException {
        String provisionedEntityNameByLocalId = dao.getProvisionedEntityNameByLocalId(ProvisioningUtil.getAttributeValue(provisioningEntity, IdentityProvisioningConstants.ID_CLAIM_URI));
        Map<ClaimMapping, List<String>> attributes = provisioningEntity.getAttributes();
        ProvisioningEntityType entityType = provisioningEntity.getEntityType();
        ProvisioningOperation operation = provisioningEntity.getOperation();
        if (ProvisioningEntityType.USER.equals(entityType)) {
            attributes.put(ClaimMapping.build(IdentityProvisioningConstants.USERNAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(provisionedEntityNameByLocalId));
        } else if (ProvisioningEntityType.GROUP.equals(entityType)) {
            if (ProvisioningOperation.PUT.equals(operation)) {
                String attributeValue = ProvisioningUtil.getAttributeValue(provisioningEntity, IdentityProvisioningConstants.GROUP_CLAIM_URI);
                if (!provisionedEntityNameByLocalId.equals(attributeValue)) {
                    attributes.put(ClaimMapping.build(IdentityProvisioningConstants.OLD_GROUP_NAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(provisionedEntityNameByLocalId));
                    attributes.put(ClaimMapping.build(IdentityProvisioningConstants.NEW_GROUP_NAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(attributeValue));
                }
            } else if (ProvisioningOperation.PATCH.equals(operation)) {
                String attributeValue2 = ProvisioningUtil.getAttributeValue(provisioningEntity, IdentityProvisioningConstants.GROUP_CLAIM_URI);
                if (attributeValue2 == null) {
                    attributeValue2 = provisionedEntityNameByLocalId;
                }
                if (!provisionedEntityNameByLocalId.equals(attributeValue2)) {
                    attributes.put(ClaimMapping.build(IdentityProvisioningConstants.OLD_GROUP_NAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(provisionedEntityNameByLocalId));
                    attributes.put(ClaimMapping.build(IdentityProvisioningConstants.NEW_GROUP_NAME_CLAIM_URI, (String) null, (String) null, false), Arrays.asList(attributeValue2));
                }
            }
        }
        String attributeValue3 = ProvisioningUtil.getAttributeValue(provisioningEntity, IdentityProvisioningConstants.USER_STORE_DOMAIN_CLAIM_URI);
        if (log.isDebugEnabled()) {
            log.debug("Adding domain name : " + attributeValue3 + " to name : " + provisionedEntityNameByLocalId);
        }
        provisioningEntity.setEntityName(UserCoreUtil.addDomainToName(provisionedEntityNameByLocalId, attributeValue3));
        return provisioningEntity;
    }

    private void updateMappedGroupForAttribute(ProvisioningEntity provisioningEntity, RoleMapping[] roleMappingArr, String str) {
        List<String> mappedGroups = getMappedGroups(ProvisioningUtil.getClaimValues(provisioningEntity.getAttributes(), str, null), roleMappingArr);
        if (mappedGroups == null || mappedGroups.isEmpty()) {
            return;
        }
        ProvisioningUtil.setClaimValue(str, provisioningEntity.getAttributes(), mappedGroups);
    }

    private boolean userHasProvisioningRoles(List<String> list, List<String> list2, String str) {
        if (!CollectionUtils.isNotEmpty(list) || !CollectionUtils.isNotEmpty(list2)) {
            return false;
        }
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                if (!log.isDebugEnabled()) {
                    return true;
                }
                log.debug("User with userName : " + str + " has provisioning role(s) assigned.");
                return true;
            }
        }
        return false;
    }

    private boolean skipOutBoundProvisioning(ProvisioningOperation provisioningOperation, ProvisioningEntity provisioningEntity, String str) {
        if (!ProvisioningOperation.PUT.equals(provisioningOperation) || !"http://wso2.org/claims".equals(str)) {
            return false;
        }
        if (provisioningEntity == null || provisioningEntity.getAttributes() == null) {
            return true;
        }
        for (ClaimMapping claimMapping : provisioningEntity.getAttributes().keySet()) {
            if (!IdentityProvisioningConstants.USERNAME_CLAIM_URI.equalsIgnoreCase(claimMapping.getLocalClaim().getClaimUri()) && !IdentityProvisioningConstants.LAST_MODIFIED_CLAIM.equalsIgnoreCase(claimMapping.getLocalClaim().getClaimUri())) {
                return false;
            }
        }
        return true;
    }
}
