package org.wso2.carbon.user.mgt;

import java.io.IOException;
import java.util.ArrayList;
import javax.activation.DataHandler;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.user.mgt.common.ClaimValue;
import org.wso2.carbon.user.mgt.common.FlaggedName;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import org.wso2.carbon.user.mgt.common.UserRealmInfo;
import org.wso2.carbon.user.mgt.internal.UserMgtDSComponent;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/user/mgt/UserAdmin.class */
public class UserAdmin {
    private static final Log log = LogFactory.getLog(UserAdmin.class);

    public String[] listUsers(String str, int i) throws UserAdminException {
        return getUserAdminProxy().listUsers(str, i);
    }

    public FlaggedName[] listAllUsers(String str, int i) throws UserAdminException {
        return getUserAdminProxy().listAllUsers(str, i);
    }

    public FlaggedName[] listAllUsersWithPermission(String str, String str2, int i) throws UserAdminException {
        ArrayList arrayList = new ArrayList();
        try {
            AuthorizationManager authorizationManager = UserMgtDSComponent.getRealmService().getTenantUserRealm(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).getAuthorizationManager();
            FlaggedName[] listAllUsers = getUserAdminProxy().listAllUsers(str, i);
            for (int i2 = 0; i2 < listAllUsers.length - 1; i2++) {
                if (authorizationManager.isUserAuthorized(listAllUsers[i2].getItemName(), str2, UserMgtConstants.EXECUTE_ACTION)) {
                    arrayList.add(listAllUsers[i2]);
                }
            }
            arrayList.add(listAllUsers[listAllUsers.length - 1]);
            return (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size()]);
        } catch (UserStoreException e) {
            throw new UserAdminException("Error while filtering authorized users.", e);
        }
    }

    public FlaggedName[] getAllRolesNames(String str, int i) throws UserAdminException {
        return getUserAdminProxy().getAllRolesNames(str, i);
    }

    public FlaggedName[] getAllPermittedRoleNames(String str, String str2, int i) throws UserAdminException {
        FlaggedName[] allRolesNames = getUserAdminProxy().getAllRolesNames(str, i);
        ArrayList arrayList = new ArrayList();
        try {
            AuthorizationManager authorizationManager = UserMgtDSComponent.getRealmService().getTenantUserRealm(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).getAuthorizationManager();
            for (int i2 = 0; i2 < allRolesNames.length - 1; i2++) {
                if (authorizationManager.isRoleAuthorized(allRolesNames[i2].getItemName(), str2, UserMgtConstants.EXECUTE_ACTION)) {
                    arrayList.add(allRolesNames[i2]);
                }
            }
            arrayList.add(allRolesNames[allRolesNames.length - 1]);
            return (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size()]);
        } catch (UserStoreException e) {
            throw new UserAdminException("Error while filtering authorized roles.", e);
        }
    }

    public FlaggedName[] getAllSharedRoleNames(String str, int i) throws UserAdminException {
        return getUserAdminProxy().getAllRolesNames(str, i);
    }

    public UserRealmInfo getUserRealmInfo() throws UserAdminException {
        return getUserAdminProxy().getUserRealmInfo();
    }

    public void addUser(String str, String str2, String[] strArr, ClaimValue[] claimValueArr, String str3) throws UserAdminException {
        try {
            getUserAdminProxy().addUser(str, str2, strArr, claimValueArr, str3);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public void changePassword(String str, String str2) throws UserAdminException {
        try {
            getUserAdminProxy().changePassword(str, str2);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public void deleteUser(String str) throws UserAdminException {
        try {
            getUserAdminProxy().deleteUser(str, CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_CONFIGURATION));
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public void addRole(String str, String[] strArr, String[] strArr2, boolean z) throws UserAdminException {
        addUserRole(str, strArr, strArr2, z, false);
    }

    private void addUserRole(String str, String[] strArr, String[] strArr2, boolean z, boolean z2) throws UserAdminException {
        if (strArr2 == null) {
            strArr2 = new String[0];
        }
        if (!isAllowedRoleName(str, (UserRealm) CarbonContext.getThreadLocalCarbonContext().getUserRealm())) {
            throw new UserAdminException("Role name is reserved by the system.");
        }
        if (z2) {
            getUserAdminProxy().addInternalRole(str, strArr, strArr2);
            return;
        }
        if (getUserAdminProxy().isRoleAndGroupSeparationEnabled() && ArrayUtils.isNotEmpty(strArr2)) {
            addInternalSystemRole(str, strArr2);
            strArr2 = new String[0];
        }
        getUserAdminProxy().addRole(str, strArr, strArr2, z);
    }

    public void addInternalRole(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        if (getUserAdminProxy().isRoleAndGroupSeparationEnabled() && StringUtils.startsWithIgnoreCase(str, "system_")) {
            throw new UserAdminException(String.format("Invalid role name: %s. Role names with the prefix: %s, is not allowed to be created from externally in the system.", str, "system_"));
        }
        addUserRole(str, strArr, strArr2, false, true);
    }

    private boolean isAllowedRoleName(String str, UserRealm userRealm) throws UserAdminException {
        if (str == null) {
            return false;
        }
        int indexOf = str.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
        if (indexOf > 0) {
            str = str.substring(indexOf + 1);
        }
        try {
            return !userRealm.getRealmConfiguration().isReservedRoleName(str);
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        }
    }

    public void deleteRole(String str) throws UserAdminException {
        getUserAdminProxy().deleteRole(str);
        if (getUserAdminProxy().isRoleAndGroupSeparationEnabled()) {
            getUserAdminProxy().deleteRole(appendInternalDomain("system_" + UserCoreUtil.extractDomainFromName(str).toLowerCase() + "_" + UserCoreUtil.removeDomainFromName(str)));
        }
    }

    public void updateRoleName(String str, String str2) throws UserAdminException {
        try {
            getUserAdminProxy().updateRoleName(str, str2);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public boolean hasMultipleUserStores() throws UserAdminException {
        return getUserAdminProxy().hasMultipleUserStores();
    }

    public FlaggedName[] getUsersOfRole(String str, String str2, int i) throws UserAdminException {
        return getUserAdminProxy().getUsersOfRole(str, str2, i);
    }

    public void updateUsersOfRole(String str, FlaggedName[] flaggedNameArr) throws UserAdminException {
        try {
            getUserAdminProxy().updateUsersOfRole(str, flaggedNameArr);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public FlaggedName[] getRolesOfUser(String str, String str2, int i) throws UserAdminException {
        return getUserAdminProxy().getRolesOfUser(str, str2, i);
    }

    public FlaggedName[] getRolesOfCurrentUser() throws UserAdminException {
        return getRolesOfUser(CarbonContext.getThreadLocalCarbonContext().getUsername(), "*", -1);
    }

    public void updateRolesOfUser(String str, String[] strArr) throws UserAdminException {
        try {
            getUserAdminProxy().updateRolesOfUser(str, strArr);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public UIPermissionNode getAllUIPermissions() throws UserAdminException {
        return getUserAdminProxy().getAllUIPermissions(CarbonContext.getThreadLocalCarbonContext().getTenantId());
    }

    public UIPermissionNode getRolePermissions(String str) throws UserAdminException {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        if (!getUserAdminProxy().isRoleAndGroupSeparationEnabled() || isInternalRole(str)) {
            return getUserAdminProxy().getRolePermissions(str, tenantId);
        }
        return getUserAdminProxy().getRolePermissions(getUserAdminProxy().getHybridRoleListOfGroup(UserCoreUtil.removeDomainFromName(str), UserCoreUtil.extractDomainFromName(str)), tenantId);
    }

    public void setRoleUIPermission(String str, String[] strArr) throws UserAdminException {
        if (!getUserAdminProxy().isRoleAndGroupSeparationEnabled() || isInternalRole(str)) {
            getUserAdminProxy().setRoleUIPermission(str, strArr);
        } else {
            addInternalSystemRole(str, strArr);
        }
    }

    private void addInternalSystemRole(String str, String[] strArr) throws UserAdminException {
        String str2 = "system_" + UserCoreUtil.extractDomainFromName(str).toLowerCase() + "_" + UserCoreUtil.removeDomainFromName(str);
        if (getUserAdminProxy().isExistingHybridRole(str2)) {
            getUserAdminProxy().setRoleUIPermission(appendInternalDomain(str2), strArr);
        } else {
            getUserAdminProxy().addInternalRole(str2, new String[0], strArr);
            getUserAdminProxy().updateGroupListOfHybridRole(str2, null, new String[]{str});
        }
    }

    private String appendInternalDomain(String str) {
        return !str.contains(UserCoreConstants.DOMAIN_SEPARATOR) ? UserMgtConstants.INTERNAL_ROLE + UserCoreConstants.DOMAIN_SEPARATOR + str : str;
    }

    private boolean isInternalRole(String str) {
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(str);
        return UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(extractDomainFromName) || "Workflow".equalsIgnoreCase(extractDomainFromName) || UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(extractDomainFromName) || "SYSTEM".equalsIgnoreCase(extractDomainFromName);
    }

    public void bulkImportUsers(String str, String str2, DataHandler dataHandler, String str3) throws UserAdminException {
        if (str2 == null || dataHandler == null) {
            throw new UserAdminException("Required data not provided");
        }
        if (StringUtils.isEmpty(str)) {
            str = IdentityUtil.getPrimaryDomainName();
        }
        try {
            getUserAdminProxy().bulkImportUsers(str, str2, dataHandler.getInputStream(), str3);
        } catch (IOException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        }
    }

    public void changePasswordByUser(String str, String str2, String str3) throws UserAdminException {
        try {
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            RealmService realmService = UserMgtDSComponent.getRealmService();
            org.wso2.carbon.user.api.UserRealm tenantUserRealm = realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(tenantDomain));
            if (!tenantUserRealm.getUserStoreManager().authenticate(MultitenantUtils.getTenantAwareUsername(str), str2)) {
                throw new UserAdminException("The current password you entered is incorrect. ");
            }
            getUserAdminProxy().changePasswordByUser(str, str2, str3);
        } catch (UserAdminException e) {
            throw e;
        } catch (UserStoreException e2) {
            throw new UserAdminException("Error while updating password. Please enter tenant unaware username", e2);
        }
    }

    public void addRemoveUsersOfRole(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        try {
            getUserAdminProxy().updateUsersOfRole(str, strArr, strArr2);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public void addRemoveRolesOfUser(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        try {
            getUserAdminProxy().updateRolesOfUser(str, strArr, strArr2);
        } catch (UserAdminException e) {
            throw e;
        }
    }

    public FlaggedName[] listUserByClaim(ClaimValue claimValue, String str, int i) throws UserAdminException {
        return getUserAdminProxy().listUsers(claimValue, str, i);
    }

    public FlaggedName[] listUserByClaimWithPermission(ClaimValue claimValue, String str, String str2, int i) throws UserAdminException {
        ArrayList arrayList = new ArrayList();
        try {
            AuthorizationManager authorizationManager = UserMgtDSComponent.getRealmService().getTenantUserRealm(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).getAuthorizationManager();
            FlaggedName[] listUsers = getUserAdminProxy().listUsers(claimValue, str, i);
            for (int i2 = 0; i2 < listUsers.length - 1; i2++) {
                if (authorizationManager.isUserAuthorized(listUsers[i2].getItemName(), str2, UserMgtConstants.EXECUTE_ACTION)) {
                    arrayList.add(listUsers[i2]);
                }
            }
            return (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size()]);
        } catch (UserStoreException e) {
            throw new UserAdminException("Error while filtering authorized users.", e);
        }
    }

    private UserRealmProxy getUserAdminProxy() {
        return new UserRealmProxy(CarbonContext.getThreadLocalCarbonContext().getUserRealm());
    }

    public boolean isSharedRolesEnabled() throws UserAdminException {
        return getUserAdminProxy().isSharedRolesEnabled();
    }
}
