package org.wso2.carbon.identity.application.mgt;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ApplicationPermission;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.SpFileStream;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.registry.api.Collection;
import org.wso2.carbon.registry.api.Registry;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.utils.RegistryUtils;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.class */
public class ApplicationMgtUtil {
    public static final String APPLICATION_ROOT_PERMISSION = "applications";
    public static final String PATH_CONSTANT = "/";
    private static String applicationNode;
    private static boolean perSPCertificateSupportAvailable;
    private static final List<String> paths = new ArrayList();
    public static String APP_NAME_VALIDATING_REGEX = ApplicationConstants.APP_NAME_VALIDATING_REGEX;
    private static Log log = LogFactory.getLog(ApplicationMgtUtil.class);

    private ApplicationMgtUtil() {
    }

    public static Permission[] buildPermissions(String str, String[] strArr) {
        Permission[] permissionArr = null;
        if (strArr != null) {
            permissionArr = new Permission[strArr.length];
            for (String str2 : strArr) {
                permissionArr[0] = new Permission(str + "\\" + str2, "ui.execute");
            }
        }
        return permissionArr;
    }

    public static boolean isUserAuthorized(String str, String str2, int i) throws IdentityApplicationManagementException {
        if (isUserAuthorized(str, str2)) {
            return true;
        }
        return isUserAuthorized(ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplicationName(i), str2);
    }

    public static boolean isUserAuthorized(String str, String str2) throws IdentityApplicationManagementException {
        String appRoleName = getAppRoleName(str);
        try {
            if (log.isDebugEnabled()) {
                log.debug("Checking whether user has role : " + appRoleName + " by retrieving role list of user : " + str2);
            }
            AbstractUserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
            if (userStoreManager instanceof AbstractUserStoreManager) {
                return userStoreManager.isUserInRole(str2, appRoleName);
            }
            for (String str3 : userStoreManager.getRoleListOfUser(str2)) {
                if (appRoleName.equals(str3)) {
                    return true;
                }
            }
            return false;
        } catch (UserStoreException e) {
            throw new IdentityApplicationManagementException("Error while checking authorization for user: " + str2 + " for application: " + str, e);
        }
    }

    public static void createAppRole(String str, String str2) throws IdentityApplicationManagementException {
        String appRoleName = getAppRoleName(str);
        String[] strArr = {str2};
        try {
            if (log.isDebugEnabled()) {
                log.debug("Creating application role : " + appRoleName + " and assign the user : " + Arrays.toString(strArr) + " to that role");
            }
            CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().addRole(appRoleName, strArr, (Permission[]) null);
        } catch (UserStoreException e) {
            throw new IdentityApplicationManagementException("Error while creating application role: " + appRoleName + " with user " + str2, e);
        }
    }

    private static String getAppRoleName(String str) {
        return ApplicationConstants.APPLICATION_DOMAIN + UserCoreConstants.DOMAIN_SEPARATOR + str;
    }

    public static void deleteAppRole(String str) throws IdentityApplicationManagementException {
        String appRoleName = getAppRoleName(str);
        try {
            if (log.isDebugEnabled()) {
                log.debug("Deleting application role : " + appRoleName);
            }
            CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().deleteRole(appRoleName);
        } catch (UserStoreException e) {
            throw new IdentityApplicationManagementException("Error while creating application", e);
        }
    }

    public static void renameRole(String str, String str2) throws UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Renaming application role : " + UserCoreUtil.addInternalDomainName(str) + " to new role : " + UserCoreUtil.addInternalDomainName(str2));
        }
        CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().updateRoleName(UserCoreUtil.addInternalDomainName(str), UserCoreUtil.addInternalDomainName(str2));
    }

    public static void renameAppPermissionPathNode(String str, String str2) throws IdentityApplicationManagementException {
        List<ApplicationPermission> loadPermissions = loadPermissions(str);
        String str3 = getApplicationPermissionPath() + PATH_CONSTANT + str;
        Registry registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
        try {
            Iterator<ApplicationPermission> it = loadPermissions.iterator();
            while (it.hasNext()) {
                registry.delete(str3 + PATH_CONSTANT + it.next().getValue());
            }
            registry.delete(str3);
            Collection newCollection = registry.newCollection();
            newCollection.setProperty("name", str2);
            String str4 = getApplicationPermissionPath() + PATH_CONSTANT + str2;
            applicationNode = str4;
            registry.put(str4, newCollection);
            addPermission((ApplicationPermission[]) loadPermissions.toArray(new ApplicationPermission[loadPermissions.size()]), registry);
        } catch (RegistryException e) {
            throw new IdentityApplicationManagementException("Error while renaming permission node " + str + "to " + str2, e);
        }
    }

    public static void storePermissions(String str, String str2, PermissionsAndRoleConfig permissionsAndRoleConfig) throws IdentityApplicationManagementException {
        int i = -1;
        try {
            i = CarbonContext.getThreadLocalCarbonContext().getTenantId();
            RegistryUtils.initializeTenant(ApplicationManagementServiceComponentHolder.getInstance().getRegistryService(), i);
            Registry registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
            String applicationPermissionPath = getApplicationPermissionPath();
            try {
                if (!registry.resourceExists(applicationPermissionPath)) {
                    boolean z = false;
                    UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
                    if (!userRealm.getAuthorizationManager().isUserAuthorized(str2, applicationPermissionPath, "ui.execute")) {
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(userRealm.getRealmConfiguration().getAdminUserName());
                        registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
                        z = true;
                    }
                    Collection newCollection = registry.newCollection();
                    newCollection.setProperty("name", "Applications");
                    registry.put(applicationPermissionPath, newCollection);
                    if (z) {
                        PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(str2);
                    }
                }
                if (permissionsAndRoleConfig != null) {
                    ApplicationPermission[] permissions = permissionsAndRoleConfig.getPermissions();
                    if (permissions == null || permissions.length < 1) {
                        return;
                    }
                    String str3 = applicationPermissionPath + PATH_CONSTANT + str;
                    registry.put(str3, registry.newCollection());
                    for (ApplicationPermission applicationPermission : permissions) {
                        String str4 = str3 + PATH_CONSTANT + applicationPermission;
                        Resource newResource = registry.newResource();
                        newResource.setProperty("name", applicationPermission.getValue());
                        registry.put(str4, newResource);
                    }
                }
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error while storing permissions for application " + str, e);
            }
        } catch (RegistryException e2) {
            throw new IdentityApplicationManagementException("Error loading tenant registry for tenant domain: " + IdentityTenantUtil.getTenantDomain(i), e2);
        }
    }

    public static void updatePermissions(String str, ApplicationPermission[] applicationPermissionArr) throws IdentityApplicationManagementException {
        applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + str;
        Registry registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
        try {
            if (!registry.resourceExists(applicationNode)) {
                Collection newCollection = registry.newCollection();
                newCollection.setProperty("name", str);
                registry.put(applicationNode, newCollection);
            }
            Collection collection = registry.get(applicationNode);
            String[] children = collection.getChildren();
            if (children != null && children.length > 0 && (applicationPermissionArr == null || applicationPermissionArr.length == 0)) {
                registry.delete(applicationNode);
            }
            if (ArrayUtils.isEmpty(applicationPermissionArr)) {
                return;
            }
            if (children == null || collection.getChildCount() < 1) {
                addPermission(applicationPermissionArr, registry);
            } else {
                Iterator<ApplicationPermission> it = loadPermissions(str).iterator();
                while (it.hasNext()) {
                    registry.delete(applicationNode + PATH_CONSTANT + it.next().getValue());
                }
                addPermission(applicationPermissionArr, registry);
            }
        } catch (RegistryException e) {
            throw new IdentityApplicationManagementException("Error while storing permissions", e);
        }
    }

    private static void addPermission(ApplicationPermission[] applicationPermissionArr, Registry registry) throws RegistryException {
        for (ApplicationPermission applicationPermission : applicationPermissionArr) {
            String value = applicationPermission.getValue();
            if (PATH_CONSTANT.equals(value.substring(0, 1))) {
                value = value.substring(1);
            }
            String[] split = value.split(PATH_CONSTANT);
            String str = applicationNode + PATH_CONSTANT;
            for (int i = 0; i < split.length; i++) {
                str = str + split[i] + PATH_CONSTANT;
                Collection newCollection = registry.newCollection();
                newCollection.setProperty("name", split[i]);
                registry.put(str, newCollection);
            }
        }
    }

    public static List<ApplicationPermission> loadPermissions(String str) throws IdentityApplicationManagementException {
        applicationNode = getApplicationPermissionPath() + PATH_CONSTANT + str;
        Registry registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
        try {
            if (!registry.resourceExists(applicationNode)) {
                return Collections.emptyList();
            }
            boolean z = false;
            String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
            UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (username == null || !userRealm.getAuthorizationManager().isUserAuthorized(username, applicationNode, "ui.execute")) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(userRealm.getRealmConfiguration().getAdminUserName());
                registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
                z = true;
            }
            paths.clear();
            ArrayList arrayList = new ArrayList();
            permissionPath(registry, applicationNode);
            for (String str2 : paths) {
                ApplicationPermission applicationPermission = new ApplicationPermission();
                applicationPermission.setValue(str2);
                arrayList.add(applicationPermission);
            }
            if (z) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
            }
            return arrayList;
        } catch (RegistryException | org.wso2.carbon.user.core.UserStoreException e) {
            throw new IdentityApplicationManagementException("Error while reading permissions", e);
        }
    }

    private static void permissionPath(Registry registry, String str) throws RegistryException {
        String[] children = registry.get(str).getChildren();
        if (children == null || children.length == 0) {
            paths.add(str.replace(applicationNode, "").substring(2));
        }
        if (children == null || children.length == 0) {
            return;
        }
        for (String str2 : children) {
            permissionPath(registry, str2);
        }
    }

    public static void deletePermissions(String str) throws IdentityApplicationManagementException {
        String str2 = getApplicationPermissionPath() + PATH_CONSTANT + str;
        Registry registry = CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE);
        try {
            if (registry.resourceExists(str2)) {
                registry.delete(str2);
            }
        } catch (RegistryException e) {
            throw new IdentityApplicationManagementException("Error while storing permissions", e);
        }
    }

    public static Property[] concatArrays(Property[] propertyArr, Property[] propertyArr2) {
        Property[] propertyArr3 = new Property[propertyArr.length + propertyArr2.length];
        System.arraycopy(propertyArr, 0, propertyArr3, 0, propertyArr.length);
        System.arraycopy(propertyArr2, 0, propertyArr3, propertyArr.length, propertyArr2.length);
        return propertyArr3;
    }

    public static String getApplicationPermissionPath() {
        return "permission/applications";
    }

    public static boolean isRegexValidated(String str) {
        return Pattern.compile(APP_NAME_VALIDATING_REGEX).matcher(str).matches();
    }

    protected Map<String, String> getPropertyValues(String str, String str2, List<String> list) throws IdentityApplicationManagementException {
        ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(str2, str);
        if (application == null) {
            throw new IdentityApplicationManagementException("No service provider exists in the provided tenant, with the given issuer id " + str2);
        }
        HashMap hashMap = new HashMap();
        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = application.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
        if (inboundAuthenticationRequestConfigs != null && inboundAuthenticationRequestConfigs.length > 0) {
            for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationRequestConfigs) {
                for (Property property : inboundAuthenticationRequestConfig.getProperties()) {
                    if (list.contains(property.getName())) {
                        hashMap.put(property.getName(), property.getValue());
                    }
                }
            }
        }
        return hashMap;
    }

    public static boolean isValidApplicationOwner(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        try {
            String str = null;
            if (serviceProvider.getOwner() != null) {
                String userName = serviceProvider.getOwner().getUserName();
                if (StringUtils.isEmpty(userName) || "wso2.system.user".equals(userName)) {
                    return false;
                }
                str = IdentityUtil.addDomainToName(userName, serviceProvider.getOwner().getUserStoreDomain());
            }
            org.wso2.carbon.user.api.UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (userRealm == null) {
                return false;
            }
            if (userRealm.getUserStoreManager().isExistingUser(str)) {
                return true;
            }
            throw new IdentityApplicationManagementException("User validation failed for owner update in the application: " + serviceProvider.getApplicationName() + " as user is not existing.");
        } catch (UserStoreException | IdentityApplicationManagementException e) {
            throw new IdentityApplicationManagementException("User validation failed for owner update in the application: " + serviceProvider.getApplicationName(), e);
        }
    }

    public static ServiceProvider getApplicationFromSpFileStream(SpFileStream spFileStream, String str) throws IdentityApplicationManagementException {
        try {
            return (ServiceProvider) JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createUnmarshaller().unmarshal(spFileStream.getFileStream());
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException(String.format("Error in reading Service Provider configuration file %s uploaded by tenant: %s", spFileStream.getFileName(), str), e);
        }
    }
}
