package org.wso2.carbon.identity.application.mgt;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementServiceImpl;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/ApplicationMgtValidator.class */
public class ApplicationMgtValidator {
    private static Log log = LogFactory.getLog(ApplicationMgtValidator.class);
    private static final String AUTHENTICATOR_NOT_AVAILABLE = "Authenticator %s is not available in the server.";
    private static final String AUTHENTICATOR_NOT_CONFIGURED = "Authenticator %s is not configured for %s identity Provider.";
    private static final String PROVISIONING_CONNECTOR_NOT_CONFIGURED = "No Provisioning connector configured for %s.";
    private static final String FEDERATED_IDP_NOT_AVAILABLE = "Federated Identity Provider %s is not available in the server.";
    private static final String CLAIM_DIALECT_NOT_AVAILABLE = "Claim Dialect %s is not available in the server for tenantDomain:%s.";
    private static final String CLAIM_NOT_AVAILABLE = "Local claim %s is not available in the server for tenantDomain:%s.";
    private static final String ROLE_NOT_AVAILABLE = "Local Role %s is not available in the server.";
    public static final String IS_HANDLER = "IS_HANDLER";

    public void validateSPConfigurations(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        ArrayList arrayList = new ArrayList();
        validateDiscoverabilityConfigs(arrayList, serviceProvider);
        validateLocalAndOutBoundAuthenticationConfig(arrayList, serviceProvider.getLocalAndOutBoundAuthenticationConfig(), str);
        validateRequestPathAuthenticationConfig(arrayList, serviceProvider.getRequestPathAuthenticatorConfigs(), str);
        validateOutBoundProvisioning(arrayList, serviceProvider.getOutboundProvisioningConfig(), str);
        validateClaimsConfigs(arrayList, serviceProvider.getClaimConfig(), serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null ? serviceProvider.getLocalAndOutBoundAuthenticationConfig().getSubjectClaimUri() : null, str);
        validateRoleConfigs(arrayList, serviceProvider.getPermissionAndRoleConfig(), str);
        if (!arrayList.isEmpty()) {
            throw new IdentityApplicationManagementValidationException(IdentityApplicationConstants.Error.INVALID_REQUEST.getCode(), (String[]) arrayList.toArray(new String[0]));
        }
    }

    private void validateDiscoverabilityConfigs(List<String> list, ServiceProvider serviceProvider) {
        if (serviceProvider.isDiscoverable() && StringUtils.isBlank(serviceProvider.getAccessUrl())) {
            list.add("A valid accessURL needs to be defined if an application is marked as discoverable.");
        }
    }

    private void validateLocalAndOutBoundAuthenticationConfig(List<String> list, LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig, String str) throws IdentityApplicationManagementException {
        AuthenticationStep[] authenticationSteps;
        if (localAndOutboundAuthenticationConfig == null || (authenticationSteps = localAndOutboundAuthenticationConfig.getAuthenticationSteps()) == null || authenticationSteps.length == 0) {
            return;
        }
        Map map = (Map) Arrays.stream(ApplicationManagementService.getInstance().getAllLocalAuthenticators(str)).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getProperties();
        }));
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        for (AuthenticationStep authenticationStep : authenticationSteps) {
            for (IdentityProvider identityProvider : authenticationStep.getFederatedIdentityProviders()) {
                validateFederatedIdp(identityProvider, atomicBoolean, list, str);
            }
            for (LocalAuthenticatorConfig localAuthenticatorConfig : authenticationStep.getLocalAuthenticatorConfigs()) {
                if (!map.containsKey(localAuthenticatorConfig.getName())) {
                    list.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, localAuthenticatorConfig.getName()));
                } else if (!atomicBoolean.get()) {
                    Property[] propertyArr = (Property[]) map.get(localAuthenticatorConfig.getName());
                    if (propertyArr.length == 0) {
                        atomicBoolean.set(true);
                    } else {
                        for (Property property : propertyArr) {
                            if (!"IS_HANDLER".equals(property.getName()) || !Boolean.parseBoolean(property.getValue())) {
                                atomicBoolean.set(true);
                            }
                        }
                    }
                }
            }
        }
        if (atomicBoolean.get()) {
            return;
        }
        list.add("No authenticator have been registered in the authentication flow.");
    }

    private void validateRequestPathAuthenticationConfig(List<String> list, RequestPathAuthenticatorConfig[] requestPathAuthenticatorConfigArr, String str) throws IdentityApplicationManagementException {
        Map map = (Map) Arrays.stream(ApplicationManagementService.getInstance().getAllRequestPathAuthenticators(str)).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getProperties();
        }));
        if (requestPathAuthenticatorConfigArr != null) {
            for (RequestPathAuthenticatorConfig requestPathAuthenticatorConfig : requestPathAuthenticatorConfigArr) {
                if (!map.containsKey(requestPathAuthenticatorConfig.getName())) {
                    list.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, requestPathAuthenticatorConfig.getName()));
                }
            }
        }
    }

    private void validateFederatedIdp(IdentityProvider identityProvider, AtomicBoolean atomicBoolean, List<String> list, String str) {
        try {
            IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, false);
            if (idPByName.getId() == null) {
                list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
            } else if (idPByName.getFederatedAuthenticatorConfigs() != null) {
                atomicBoolean.set(true);
                List list2 = (List) Arrays.stream(idPByName.getFederatedAuthenticatorConfigs()).map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.toList());
                for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : identityProvider.getFederatedAuthenticatorConfigs()) {
                    if (!list2.contains(federatedAuthenticatorConfig.getName())) {
                        list.add(String.format(AUTHENTICATOR_NOT_CONFIGURED, federatedAuthenticatorConfig.getName(), identityProvider.getIdentityProviderName()));
                    }
                }
            } else {
                for (FederatedAuthenticatorConfig federatedAuthenticatorConfig2 : identityProvider.getFederatedAuthenticatorConfigs()) {
                    list.add(String.format(AUTHENTICATOR_NOT_CONFIGURED, federatedAuthenticatorConfig2.getName(), identityProvider.getIdentityProviderName()));
                }
            }
        } catch (IdentityProviderManagementException e) {
            String format = String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName());
            log.error(format, e);
            list.add(format);
        }
    }

    private void validateOutBoundProvisioning(List<String> list, OutboundProvisioningConfig outboundProvisioningConfig, String str) {
        if (outboundProvisioningConfig == null || outboundProvisioningConfig.getProvisioningIdentityProviders() == null) {
            return;
        }
        for (IdentityProvider identityProvider : outboundProvisioningConfig.getProvisioningIdentityProviders()) {
            try {
                IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, false);
                if (idPByName == null) {
                    list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
                } else if (idPByName.getDefaultProvisioningConnectorConfig() == null && idPByName.getProvisioningConnectorConfigs() == null) {
                    list.add(String.format(PROVISIONING_CONNECTOR_NOT_CONFIGURED, identityProvider.getIdentityProviderName()));
                }
            } catch (IdentityProviderManagementException e) {
                list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
            }
        }
    }

    private void validateClaimsConfigs(List<String> list, ClaimConfig claimConfig, String str, String str2) throws IdentityApplicationManagementException {
        if (claimConfig == null) {
            return;
        }
        String[] allLocalClaimUris = ApplicationManagementService.getInstance().getAllLocalClaimUris(str2);
        ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
        if (claimMappings != null) {
            for (ClaimMapping claimMapping : claimMappings) {
                String claimUri = claimMapping.getLocalClaim().getClaimUri();
                if (!Arrays.asList(allLocalClaimUris).contains(claimUri)) {
                    list.add(String.format(CLAIM_NOT_AVAILABLE, claimUri, str2));
                }
            }
        }
        if (claimConfig.isLocalClaimDialect()) {
            String roleClaimURI = claimConfig.getRoleClaimURI();
            String userClaimURI = claimConfig.getUserClaimURI();
            if (StringUtils.isNotBlank(roleClaimURI) && !Arrays.asList(allLocalClaimUris).contains(roleClaimURI)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, roleClaimURI, str2));
            }
            if (StringUtils.isNotBlank(userClaimURI) && !Arrays.asList(allLocalClaimUris).contains(userClaimURI)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, userClaimURI, str2));
            }
            if (StringUtils.isNotBlank(str) && !Arrays.asList(allLocalClaimUris).contains(str)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, str, str2));
            }
        }
        String[] spClaimDialects = claimConfig.getSpClaimDialects();
        if (spClaimDialects != null) {
            try {
                List claimDialects = new ClaimMetadataManagementServiceImpl().getClaimDialects(str2);
                if (claimDialects != null) {
                    List list2 = (List) claimDialects.stream().map((v0) -> {
                        return v0.getClaimDialectURI();
                    }).collect(Collectors.toList());
                    for (String str3 : spClaimDialects) {
                        if (!list2.contains(str3)) {
                            list.add(String.format(CLAIM_DIALECT_NOT_AVAILABLE, str3, str2));
                        }
                    }
                }
            } catch (ClaimMetadataException e) {
                list.add(String.format("Error in getting claim dialect for %s. ", str2));
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0047, code lost:
    
        r8.add(java.lang.String.format(org.wso2.carbon.identity.application.mgt.ApplicationMgtValidator.ROLE_NOT_AVAILABLE, r0.getLocalRole().getLocalRoleName()));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void validateRoleConfigs(java.util.List<java.lang.String> r8, org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig r9, java.lang.String r10) {
        /*
            r7 = this;
            r0 = r9
            if (r0 == 0) goto Lb
            r0 = r9
            org.wso2.carbon.identity.application.common.model.RoleMapping[] r0 = r0.getRoleMappings()
            if (r0 != 0) goto Lc
        Lb:
            return
        Lc:
            org.wso2.carbon.context.CarbonContext r0 = org.wso2.carbon.context.CarbonContext.getThreadLocalCarbonContext()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            org.wso2.carbon.user.api.UserRealm r0 = r0.getUserRealm()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            org.wso2.carbon.user.api.UserStoreManager r0 = r0.getUserStoreManager()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r11 = r0
            r0 = r9
            org.wso2.carbon.identity.application.common.model.RoleMapping[] r0 = r0.getRoleMappings()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r12 = r0
            r0 = r12
            int r0 = r0.length     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r13 = r0
            r0 = 0
            r14 = r0
        L27:
            r0 = r14
            r1 = r13
            if (r0 >= r1) goto L6b
            r0 = r12
            r1 = r14
            r0 = r0[r1]     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r15 = r0
            r0 = r11
            r1 = r15
            org.wso2.carbon.identity.application.common.model.LocalRole r1 = r1.getLocalRole()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            java.lang.String r1 = r1.getLocalRoleName()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            boolean r0 = r0.isExistingRole(r1)     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            if (r0 != 0) goto L65
            r0 = r8
            java.lang.String r1 = "Local Role %s is not available in the server."
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r3 = r2
            r4 = 0
            r5 = r15
            org.wso2.carbon.identity.application.common.model.LocalRole r5 = r5.getLocalRole()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            java.lang.String r5 = r5.getLocalRoleName()     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            r3[r4] = r5     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            java.lang.String r1 = java.lang.String.format(r1, r2)     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            boolean r0 = r0.add(r1)     // Catch: org.wso2.carbon.user.api.UserStoreException -> L6e
            goto L6b
        L65:
            int r14 = r14 + 1
            goto L27
        L6b:
            goto L84
        L6e:
            r11 = move-exception
            r0 = r8
            java.lang.String r1 = "Error when checking the existence of local roles in %s."
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]
            r3 = r2
            r4 = 0
            r5 = r10
            r3[r4] = r5
            java.lang.String r1 = java.lang.String.format(r1, r2)
            boolean r0 = r0.add(r1)
        L84:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.application.mgt.ApplicationMgtValidator.validateRoleConfigs(java.util.List, org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig, java.lang.String):void");
    }
}
