package org.wso2.carbon.identity.application.authentication.framework.handler.approles.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver;
import org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants;
import org.wso2.carbon.identity.application.authentication.framework.handler.approles.exception.ApplicationRolesException;
import org.wso2.carbon.identity.application.authentication.framework.handler.approles.util.RoleResolverUtils;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.RoleV2;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.NotImplementedException;
import org.wso2.carbon.user.core.common.Group;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.class */
public class AppAssociatedRolesResolverImpl implements ApplicationRolesResolver {
    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver
    public int getPriority() {
        return 200;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver
    public String[] getRoles(AuthenticatedUser authenticatedUser, String str) throws ApplicationRolesException {
        if (authenticatedUser == null) {
            throw RoleResolverUtils.handleClientException(AppRolesConstants.ErrorMessages.ERROR_CODE_USER_NULL, new String[0]);
        }
        return CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue() ? new String[0] : authenticatedUser.isFederatedUser() ? getAppAssociatedRolesForFederatedUser(authenticatedUser, str) : getAppAssociatedRolesForLocalUser(authenticatedUser, str);
    }

    private String[] getAppAssociatedRolesForLocalUser(AuthenticatedUser authenticatedUser, String str) throws ApplicationRolesException {
        Set<String> allRolesOfLocalUser = getAllRolesOfLocalUser(authenticatedUser);
        return (String[]) getRolesAssociatedWithApplication(str, authenticatedUser.getTenantDomain()).stream().filter(roleV2 -> {
            return allRolesOfLocalUser.contains(roleV2.getId());
        }).map((v0) -> {
            return v0.getName();
        }).toArray(i -> {
            return new String[i];
        });
    }

    private String[] getAppAssociatedRolesForFederatedUser(AuthenticatedUser authenticatedUser, String str) throws ApplicationRolesException {
        Set<String> allRolesOfFederatedUser = getAllRolesOfFederatedUser(authenticatedUser);
        return (String[]) getRolesAssociatedWithApplication(str, authenticatedUser.getTenantDomain()).stream().filter(roleV2 -> {
            return allRolesOfFederatedUser.contains(roleV2.getId());
        }).map((v0) -> {
            return v0.getName();
        }).toArray(i -> {
            return new String[i];
        });
    }

    private Set<String> getAllRolesOfLocalUser(AuthenticatedUser authenticatedUser) throws ApplicationRolesException {
        try {
            return new HashSet(CollectionUtils.union(getRoleIdsOfGroups(getUserGroups(authenticatedUser), authenticatedUser.getTenantDomain()), getRoleIdsOfUser(authenticatedUser.getUserId(), authenticatedUser.getTenantDomain())));
        } catch (IdentityRoleManagementException | UserIdNotFoundException e) {
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_APP_ROLES, e, new String[0]);
        }
    }

    private Set<String> getAllRolesOfFederatedUser(AuthenticatedUser authenticatedUser) throws ApplicationRolesException {
        String tenantDomain = authenticatedUser.getTenantDomain();
        List<String> federatedUserIDPGroup = getFederatedUserIDPGroup(authenticatedUser);
        return CollectionUtils.isEmpty(federatedUserIDPGroup) ? Collections.emptySet() : new HashSet(getRoleIdsOfIdpGroups(federatedUserIDPGroup, tenantDomain));
    }

    private List<String> getRoleIdsOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2().getRoleIdListOfGroups(list, str);
    }

    private List<String> getRoleIdsOfUser(String str, String str2) throws IdentityRoleManagementException {
        return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2().getRoleIdListOfUser(str, str2);
    }

    private List<RoleV2> getRolesAssociatedWithApplication(String str, String str2) throws ApplicationRolesException {
        try {
            return FrameworkServiceDataHolder.getInstance().getApplicationManagementService().getAssociatedRolesOfApplication(str, str2);
        } catch (IdentityApplicationManagementException e) {
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_APP_ROLES, e, new String[0]);
        }
    }

    private List<String> getFederatedUserIDPGroup(AuthenticatedUser authenticatedUser) throws ApplicationRolesException {
        String str;
        String[] idPUserGroups;
        String federatedIdPName = authenticatedUser.getFederatedIdPName();
        String tenantDomain = authenticatedUser.getTenantDomain();
        try {
            IdentityProvider idPByName = FrameworkServiceDataHolder.getInstance().getIdentityProviderManager().getIdPByName(federatedIdPName, tenantDomain, true);
            return (idPByName == null || (str = (String) Arrays.stream(idPByName.getClaimConfig().getClaimMappings()).filter(claimMapping -> {
                return FrameworkConstants.GROUPS_CLAIM.equals(claimMapping.getLocalClaim().getClaimUri());
            }).map(claimMapping2 -> {
                return claimMapping2.getRemoteClaim().getClaimUri();
            }).findFirst().orElse(null)) == null || (idPUserGroups = getIdPUserGroups(authenticatedUser, str)) == null || idPUserGroups.length <= 0) ? Collections.emptyList() : Arrays.asList(idPUserGroups);
        } catch (IdentityProviderManagementException e) {
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_IDENTITY_PROVIDER, e, federatedIdPName, tenantDomain);
        }
    }

    private List<String> getUserGroups(AuthenticatedUser authenticatedUser) throws ApplicationRolesException {
        ArrayList arrayList = new ArrayList();
        try {
            for (Group group : UserCoreUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(authenticatedUser.getTenantDomain())).getUserStoreManager().getGroupListOfUser(authenticatedUser.getUserId(), (String) null, (String) null)) {
                String groupName = group.getGroupName();
                if (!StringUtils.containsIgnoreCase(groupName, "Internal") && !StringUtils.containsIgnoreCase(groupName, FrameworkConstants.InternalRoleDomains.APPLICATION_DOMAIN)) {
                    arrayList.add(group.getGroupID());
                }
            }
            return arrayList;
        } catch (UserIdNotFoundException e) {
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_LOCAL_USER_GROUPS, e, new String[0]);
        } catch (UserStoreException e2) {
            if (isDoGetGroupListOfUserNotImplemented(e2)) {
                return arrayList;
            }
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_LOCAL_USER_GROUPS, e2, new String[0]);
        }
    }

    private boolean isDoGetGroupListOfUserNotImplemented(UserStoreException userStoreException) {
        Throwable cause = userStoreException.getCause();
        while (true) {
            Throwable th = cause;
            if (th == null) {
                return false;
            }
            if (th instanceof NotImplementedException) {
                return true;
            }
            cause = th.getCause();
        }
    }

    private String[] getIdPUserGroups(AuthenticatedUser authenticatedUser, String str) {
        for (Map.Entry<ClaimMapping, String> entry : authenticatedUser.getUserAttributes().entrySet()) {
            if (str.equals(entry.getKey().getRemoteClaim().getClaimUri())) {
                String value = entry.getValue();
                if (StringUtils.isNotBlank(value)) {
                    return value.split(Pattern.quote(FrameworkUtils.getMultiAttributeSeparator()));
                }
                return null;
            }
        }
        return null;
    }

    private static List<String> getRoleIdsOfIdpGroups(List<String> list, String str) throws ApplicationRolesException {
        try {
            return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2().getRoleIdListOfIdpGroups(list, str);
        } catch (IdentityRoleManagementException e) {
            throw RoleResolverUtils.handleServerException(AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_APP_ROLES, e, new String[0]);
        }
    }
}
