package org.wso2.carbon.identity.user.profile.mgt.association.federation;

import java.util.ArrayList;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.user.profile.mgt.AssociatedAccountDTO;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileException;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.constant.FederatedAssociationConstants;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerClientException;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerServerException;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.model.FederatedAssociation;
import org.wso2.carbon.identity.user.profile.mgt.dao.UserProfileMgtDAO;
import org.wso2.carbon.identity.user.profile.mgt.internal.IdentityUserProfileServiceDataHolder;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdpManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/user/profile/mgt/association/federation/FederatedAssociationManagerImpl.class */
public class FederatedAssociationManagerImpl implements FederatedAssociationManager {
    private static final Log log = LogFactory.getLog(FederatedAssociationManagerImpl.class);

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public void createFederatedAssociation(User user, String str, String str2) throws FederatedAssociationManagerException {
        validateUserObject(user);
        int validatedTenantId = getValidatedTenantId(user);
        validateUserExistence(user, validatedTenantId);
        validateIfFederatedUserAccountAlreadyAssociated(user.getTenantDomain(), str, str2);
        try {
            UserProfileMgtDAO.getInstance().createAssociation(validatedTenantId, user.getUserStoreDomain(), user.getUserName(), str, str2);
        } catch (UserProfileException e) {
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_CREATING_FEDERATED_ASSOCIATION_OF_USER, e, false);
        }
    }

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public String getUserForFederatedAssociation(String str, String str2, String str3) throws FederatedAssociationManagerException {
        try {
            return UserProfileMgtDAO.getInstance().getUserAssociatedFor(getValidatedTenantIdFromDomain(str), str2, str3);
        } catch (UserProfileException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while retrieving user associated for federated IdP: " + str2 + ", with federation identifier: " + str3 + ", in tenant: " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_GETTING_USER_FOR_FEDERATED_ASSOCIATION, e, true);
        }
    }

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public FederatedAssociation[] getFederatedAssociationsOfUser(User user) throws FederatedAssociationManagerException {
        validateUserObject(user);
        int validatedTenantId = getValidatedTenantId(user);
        validateUserExistence(user, validatedTenantId);
        try {
            ArrayList arrayList = new ArrayList();
            for (AssociatedAccountDTO associatedAccountDTO : UserProfileMgtDAO.getInstance().getAssociatedFederatedAccountsForUser(validatedTenantId, user.getUserStoreDomain(), user.getUserName())) {
                arrayList.add(new FederatedAssociation(associatedAccountDTO.getId(), getIdentityProviderId(user.getTenantDomain(), associatedAccountDTO.getIdentityProviderName()), associatedAccountDTO.getUsername()));
            }
            return (FederatedAssociation[]) arrayList.toArray(new FederatedAssociation[0]);
        } catch (UserProfileException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while retrieving federated account associations of user: " + user.toFullQualifiedUsername());
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_RETRIEVING_FEDERATED_ASSOCIATION_OF_USER, e, true);
        }
    }

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public void deleteFederatedAssociation(User user, String str, String str2) throws FederatedAssociationManagerException {
        validateUserObject(user);
        int validatedTenantId = getValidatedTenantId(user);
        validateFederatedAssociation(user, str, str2);
        try {
            UserProfileMgtDAO.getInstance().deleteAssociation(validatedTenantId, user.getUserStoreDomain(), user.getUserName(), str, str2);
        } catch (UserProfileException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while removing the federated association with idpId: " + str + ", and federatedUserId: " + str2 + ", for user: " + user.toFullQualifiedUsername());
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER, e, true);
        }
    }

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public void deleteFederatedAssociation(User user, String str) throws FederatedAssociationManagerException {
        validateUserObject(user);
        validateFederatedAssociation(user, str);
        try {
            UserProfileMgtDAO.getInstance().deleteFederatedAssociation(user.getUserStoreDomain(), user.getUserName(), str);
        } catch (UserProfileException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while removing the federated association: " + str + ", for user: " + user.toFullQualifiedUsername(), e);
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER, e, true);
        }
    }

    @Override // org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager
    public void deleteFederatedAssociation(User user) throws FederatedAssociationManagerException {
        validateUserObject(user);
        int validatedTenantId = getValidatedTenantId(user);
        validateExistenceOfFederatedAssociations(user);
        try {
            UserProfileMgtDAO.getInstance().deleteFederatedAssociation(validatedTenantId, user.getUserStoreDomain(), user.getUserName());
        } catch (UserProfileException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while removing the federated associations of user: " + user.toFullQualifiedUsername(), e);
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER, e, true);
        }
    }

    private void validateUserObject(User user) throws FederatedAssociationManagerException {
        if (user != null && isRequiredUserParametersPresent(user)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Either provided user is null or missing user parameters.");
        }
        throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_USER_IDENTIFIER_PROVIDED, null, true);
    }

    private boolean isRequiredUserParametersPresent(User user) {
        return (StringUtils.isEmpty(user.getTenantDomain()) || StringUtils.isEmpty(user.getUserStoreDomain()) || StringUtils.isEmpty(user.getUserName())) ? false : true;
    }

    private void validateExistenceOfFederatedAssociations(User user) throws FederatedAssociationManagerException {
        if (isValidFederatedAssociationsExist(user)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Valid federated associations does not exist for the user: " + user.toFullQualifiedUsername());
        }
        throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.FEDERATED_ASSOCIATION_DOES_NOT_EXISTS, null, true);
    }

    private boolean isValidFederatedAssociationsExist(User user) throws FederatedAssociationManagerException {
        return !ArrayUtils.isEmpty(getFederatedAssociationsOfUser(user));
    }

    private void validateFederatedAssociation(User user, String str) throws FederatedAssociationManagerException {
        if (StringUtils.isEmpty(str) || !isValidFederatedAssociation(user, str)) {
            if (log.isDebugEnabled()) {
                log.debug("A valid federated association does not exist for the Id: " + str + ", of the user: " + user.toFullQualifiedUsername());
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_FEDERATED_ASSOCIATION, null, true);
        }
    }

    private boolean isValidFederatedAssociation(User user, String str) throws FederatedAssociationManagerException {
        FederatedAssociation[] federatedAssociationsOfUser = getFederatedAssociationsOfUser(user);
        if (federatedAssociationsOfUser == null) {
            return false;
        }
        for (FederatedAssociation federatedAssociation : federatedAssociationsOfUser) {
            if (str.equals(federatedAssociation.getId())) {
                return true;
            }
        }
        return false;
    }

    private int getValidatedTenantId(User user) throws FederatedAssociationManagerException {
        try {
            int tenantId = IdentityUserProfileServiceDataHolder.getInstance().getRealmService().getTenantManager().getTenantId(user.getTenantDomain());
            if (-1 != tenantId) {
                return tenantId;
            }
            if (log.isDebugEnabled()) {
                log.debug("Invalid tenant id is resolved for the tenant domain: " + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_TENANT_DOMAIN_PROVIDED, null, true);
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting the tenant Id for the tenant domain: " + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_WORKING_WITH_FEDERATED_ASSOCIATIONS, e, false);
        }
    }

    private int getValidatedTenantIdFromDomain(String str) throws FederatedAssociationManagerException {
        try {
            int tenantId = IdentityUserProfileServiceDataHolder.getInstance().getRealmService().getTenantManager().getTenantId(str);
            if (-1 != tenantId) {
                return tenantId;
            }
            if (log.isDebugEnabled()) {
                log.debug("Invalid tenant id is resolved for the tenant domain: " + str);
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_TENANT_DOMAIN_PROVIDED, null, true);
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting the tenant Id for the tenant domain: " + str);
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_WORKING_WITH_FEDERATED_ASSOCIATIONS, e, false);
        }
    }

    private void validateIfFederatedUserAccountAlreadyAssociated(String str, String str2, String str3) throws FederatedAssociationManagerException {
        String userForFederatedAssociation = getUserForFederatedAssociation(str, str2, str3);
        if (userForFederatedAssociation != null) {
            if (log.isDebugEnabled()) {
                log.debug("Federated ID: " + str3 + ", for IdP: " + str2 + ", is already associated with the local user account: " + userForFederatedAssociation + "@" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain() + ".");
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.FEDERATED_ASSOCIATION_ALREADY_EXISTS, null, true);
        }
    }

    private void validateFederatedAssociation(User user, String str, String str2) throws FederatedAssociationManagerException {
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2) || !isValidFederatedAssociation(user, str, str2)) {
            if (log.isDebugEnabled()) {
                log.debug("A valid federated association does not exist for the idpName: " + str + ", and federatedUserId: " + str2 + ", of the user: " + user.toFullQualifiedUsername());
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_FEDERATED_ASSOCIATION, null, true);
        }
    }

    private boolean isValidFederatedAssociation(User user, String str, String str2) throws FederatedAssociationManagerException {
        FederatedAssociation[] federatedAssociationsOfUser = getFederatedAssociationsOfUser(user);
        if (federatedAssociationsOfUser == null) {
            return false;
        }
        for (FederatedAssociation federatedAssociation : federatedAssociationsOfUser) {
            if (str.equals(getResolvedIdPName(user, federatedAssociation.getIdpId())) && str2.equals(federatedAssociation.getFederatedUserId())) {
                return true;
            }
        }
        return false;
    }

    private String getResolvedIdPName(User user, String str) throws FederatedAssociationManagerException {
        return getIdentityProviderName(user.getTenantDomain(), str);
    }

    private void validateUserExistence(User user, int i) throws FederatedAssociationManagerException {
        try {
            if (IdentityUserProfileServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager().isExistingUser(UserCoreUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()))) {
                return;
            }
            if (log.isDebugEnabled()) {
                log.error("UserNotFound: userName: " + user.getUserName() + ", in the domain: " + user.getUserStoreDomain() + ", and in the tenant: " + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages.INVALID_USER_IDENTIFIER_PROVIDED, null, true);
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error occurred while verifying the existence of the userName: " + user.getUserName() + ", in the domain: " + user.getUserStoreDomain() + ", and in the tenant: " + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_GETTING_THE_USER, e, true);
        }
    }

    private FederatedAssociationManagerClientException handleFederatedAssociationManagerClientException(FederatedAssociationConstants.ErrorMessages errorMessages, Throwable th, boolean z) {
        String errorMessages2 = z ? errorMessages.toString() : errorMessages.getDescription();
        return th == null ? new FederatedAssociationManagerClientException(String.valueOf(errorMessages.getCode()), errorMessages2) : new FederatedAssociationManagerClientException(String.valueOf(errorMessages.getCode()), errorMessages2, th);
    }

    private FederatedAssociationManagerServerException handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages errorMessages, Throwable th, boolean z) {
        String errorMessages2 = z ? errorMessages.toString() : errorMessages.getDescription();
        return th == null ? new FederatedAssociationManagerServerException(String.valueOf(errorMessages.getCode()), errorMessages2) : new FederatedAssociationManagerServerException(String.valueOf(errorMessages.getCode()), errorMessages2, th);
    }

    private String getIdentityProviderId(String str, String str2) throws FederatedAssociationManagerServerException {
        try {
            IdpManager idpManager = IdentityUserProfileServiceDataHolder.getInstance().getIdpManager();
            if (idpManager != null) {
                return idpManager.getIdPByName(str2, str).getResourceId();
            }
            if (log.isDebugEnabled()) {
                log.debug("The IdpManager service is not available in the runtime");
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_RESOLVING_IDENTITY_PROVIDERS, null, true);
        } catch (IdentityProviderManagementException e) {
            if (log.isDebugEnabled()) {
                log.debug("Could not resolve the identity provider for the name: " + str2 + ", in the tenant domain: " + str);
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_RESOLVING_IDENTITY_PROVIDERS, null, true);
        }
    }

    private String getIdentityProviderName(String str, String str2) throws FederatedAssociationManagerException {
        try {
            IdpManager idpManager = IdentityUserProfileServiceDataHolder.getInstance().getIdpManager();
            if (idpManager != null) {
                return idpManager.getIdPByResourceId(str2, str, false).getIdentityProviderName();
            }
            if (log.isDebugEnabled()) {
                log.debug("The IdpManager service is not available in the runtime");
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_RESOLVING_IDENTITY_PROVIDERS, null, true);
        } catch (IdentityProviderManagementException e) {
            if (log.isDebugEnabled()) {
                log.debug("Could not resolve the identity provider for the id: " + str2 + ", in the tenant domain: " + str);
            }
            throw handleFederatedAssociationManagerServerException(FederatedAssociationConstants.ErrorMessages.ERROR_WHILE_RESOLVING_IDENTITY_PROVIDERS, null, true);
        }
    }
}
