package org.wso2.carbon.identity.application.mgt;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.io.StringReader;
import java.io.StringWriter;
import java.lang.reflect.Field;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.UnmarshallerHandler;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.axiom.om.OMElement;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementServerException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementValidationException;
import org.wso2.carbon.identity.application.common.IdentityApplicationRegistrationFailureException;
import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.DefaultAuthenticationSequence;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.ImportResponse;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.SpFileContent;
import org.wso2.carbon.identity.application.common.model.SpTemplate;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.application.common.model.script.AuthenticationScriptConfig;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCache;
import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCacheKey;
import org.wso2.carbon.identity.application.mgt.cache.ServiceProviderTemplateCache;
import org.wso2.carbon.identity.application.mgt.cache.ServiceProviderTemplateCacheKey;
import org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO;
import org.wso2.carbon.identity.application.mgt.dao.PaginatableFilterableApplicationDAO;
import org.wso2.carbon.identity.application.mgt.dao.impl.AbstractApplicationDAOImpl;
import org.wso2.carbon.identity.application.mgt.dao.impl.FileBasedApplicationDAO;
import org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtException;
import org.wso2.carbon.identity.application.mgt.defaultsequence.DefaultAuthSeqMgtServiceImpl;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponent;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationMgtListenerServiceComponent;
import org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener;
import org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener;
import org.wso2.carbon.identity.application.mgt.listener.ApplicationResourceManagementListener;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.class */
public class ApplicationManagementServiceImpl extends ApplicationManagementService {
    private static final Log log = LogFactory.getLog(ApplicationManagementServiceImpl.class);
    private static volatile ApplicationManagementServiceImpl appMgtService;
    private ApplicationMgtValidator applicationMgtValidator = new ApplicationMgtValidator();

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl$ApplicationPersistFunction.class */
    public interface ApplicationPersistFunction<S extends ServiceProvider, T> {
        T persistApplication(S s, String str) throws IdentityApplicationManagementException;
    }

    private ApplicationManagementServiceImpl() {
    }

    public static ApplicationManagementServiceImpl getInstance() {
        if (appMgtService == null) {
            synchronized (ApplicationManagementServiceImpl.class) {
                if (appMgtService == null) {
                    appMgtService = new ApplicationManagementServiceImpl();
                }
            }
        }
        return appMgtService;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider addApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        return createApplicationWithTemplate(serviceProvider, str, str2, null);
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider createApplicationWithTemplate(ServiceProvider serviceProvider, String str, String str2, String str3) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreCreateApplication(serviceProvider, str, str2)) {
                throw buildServerException("Pre create application operation of listener: " + getName(applicationMgtListener) + " failed for application: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str);
            }
        }
        doPreAddApplicationChecks(serviceProvider, str, str2);
        ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
        serviceProvider.setOwner(getUser(str, str2));
        applicationDAO.getClass();
        serviceProvider.setApplicationID(((Integer) doAddApplication(serviceProvider, str, str2, applicationDAO::createApplication)).intValue());
        SpTemplate applicationTemplate = getApplicationTemplate(str3, str);
        if (applicationTemplate != null) {
            updateSpFromTemplate(serviceProvider, str, applicationTemplate);
            applicationDAO.updateApplication(serviceProvider, str);
        }
        Iterator<ApplicationMgtListener> it = applicationMgtListeners.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ApplicationMgtListener next = it.next();
            if (next.isEnable() && !next.doPostCreateApplication(serviceProvider, str, str2)) {
                log.error("Post create application operation of listener:" + getName(next) + " failed for application: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str);
                break;
            }
        }
        return serviceProvider;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider getApplicationExcludingFileBasedSPs(String str, String str2) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetApplicationExcludingFileBasedSPs(str, str2)) {
                return null;
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str2);
            ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(str, str2);
            ApplicationMgtUtil.endTenantFlow();
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetApplicationExcludingFileBasedSPs(application, str, str2)) {
                    return null;
                }
            }
            return application;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ApplicationBasicInfo[] getAllApplicationBasicInfo(String str, String str2) throws IdentityApplicationManagementException {
        return getApplicationBasicInfo(str, str2, "*");
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService, org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public ApplicationBasicInfo[] getApplicationBasicInfo(String str, String str2, String str3) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetApplicationBasicInfo(str, str2, str3)) {
                return new ApplicationBasicInfo[0];
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            ApplicationMgtUtil.endTenantFlow();
            if (!(applicationDAO instanceof AbstractApplicationDAOImpl)) {
                log.error("Get application basic info service is not supported.");
                throw new IdentityApplicationManagementException("This service is not supported.");
            }
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetApplicationBasicInfo(applicationDAO, str, str2, str3)) {
                    return new ApplicationBasicInfo[0];
                }
            }
            return ((AbstractApplicationDAOImpl) applicationDAO).getApplicationBasicInfo(str3);
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public ApplicationBasicInfo[] getAllPaginatedApplicationBasicInfo(String str, String str2, int i) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application pagination is not supported. Tenant domain: " + str);
            }
            Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
            for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
                if (applicationMgtListener.isEnable() && (applicationMgtListener instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener).doPreGetPaginatedApplicationBasicInfo(str, str2, i)) {
                    ApplicationBasicInfo[] applicationBasicInfoArr = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr;
                }
            }
            ApplicationBasicInfo[] allPaginatedApplicationBasicInfo = ((PaginatableFilterableApplicationDAO) applicationDAO).getAllPaginatedApplicationBasicInfo(i);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && (applicationMgtListener2 instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener2).doPostGetPaginatedApplicationBasicInfo(str, str2, i, allPaginatedApplicationBasicInfo)) {
                    ApplicationBasicInfo[] applicationBasicInfoArr2 = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr2;
                }
            }
            ApplicationMgtUtil.endTenantFlow();
            return allPaginatedApplicationBasicInfo;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService, org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public ApplicationBasicInfo[] getApplicationBasicInfo(String str, String str2, int i, int i2) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application pagination is not supported in " + applicationDAO.getClass().getName() + " with tenant domain: " + str);
            }
            Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
            for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
                if (applicationMgtListener.isEnable() && (applicationMgtListener instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener).doPreGetApplicationBasicInfo(str, str2, i, i2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Invoking pre listener: " + applicationMgtListener.getClass().getName());
                    }
                    ApplicationBasicInfo[] applicationBasicInfoArr = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr;
                }
            }
            ApplicationBasicInfo[] applicationBasicInfo = ((PaginatableFilterableApplicationDAO) applicationDAO).getApplicationBasicInfo(i, i2);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && (applicationMgtListener2 instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener2).doPostGetApplicationBasicInfo(str, str2, i, i2, applicationBasicInfo)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Invoking post listener: " + applicationMgtListener2.getClass().getName());
                    }
                    ApplicationBasicInfo[] applicationBasicInfoArr2 = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr2;
                }
            }
            ApplicationMgtUtil.endTenantFlow();
            return applicationBasicInfo;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public ApplicationBasicInfo[] getPaginatedApplicationBasicInfo(String str, String str2, int i, String str3) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application filtering and pagination not supported. Tenant domain: " + str);
            }
            Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
            for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
                if (applicationMgtListener.isEnable() && (applicationMgtListener instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener).doPreGetPaginatedApplicationBasicInfo(str, str2, i, str3)) {
                    ApplicationBasicInfo[] applicationBasicInfoArr = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr;
                }
            }
            ApplicationBasicInfo[] paginatedApplicationBasicInfo = ((PaginatableFilterableApplicationDAO) applicationDAO).getPaginatedApplicationBasicInfo(i, str3);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && (applicationMgtListener2 instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener2).doPostGetPaginatedApplicationBasicInfo(str, str2, i, str3, paginatedApplicationBasicInfo)) {
                    ApplicationBasicInfo[] applicationBasicInfoArr2 = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr2;
                }
            }
            ApplicationMgtUtil.endTenantFlow();
            return paginatedApplicationBasicInfo;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService, org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public ApplicationBasicInfo[] getApplicationBasicInfo(String str, String str2, String str3, int i, int i2) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application filtering and pagination not supported in " + applicationDAO.getClass().getName() + " with tenant domain: " + str);
            }
            Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
            for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
                if (applicationMgtListener.isEnable() && (applicationMgtListener instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener).doPreGetApplicationBasicInfo(str, str2, str3, i, i2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Invoking pre listener: " + applicationMgtListener.getClass().getName());
                    }
                    ApplicationBasicInfo[] applicationBasicInfoArr = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr;
                }
            }
            ApplicationBasicInfo[] applicationBasicInfo = ((PaginatableFilterableApplicationDAO) applicationDAO).getApplicationBasicInfo(str3, i, i2);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && (applicationMgtListener2 instanceof AbstractApplicationMgtListener) && !((AbstractApplicationMgtListener) applicationMgtListener2).doPostGetApplicationBasicInfo(str, str2, str3, i, i2, applicationBasicInfo)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Invoking post listener: " + applicationMgtListener2.getClass().getName());
                    }
                    ApplicationBasicInfo[] applicationBasicInfoArr2 = new ApplicationBasicInfo[0];
                    ApplicationMgtUtil.endTenantFlow();
                    return applicationBasicInfoArr2;
                }
            }
            ApplicationMgtUtil.endTenantFlow();
            return applicationBasicInfo;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public int getCountOfAllApplications(String str, String str2) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application count is not supported. Tenant domain: " + str);
            }
            int countOfAllApplications = ((PaginatableFilterableApplicationDAO) applicationDAO).getCountOfAllApplications();
            ApplicationMgtUtil.endTenantFlow();
            return countOfAllApplications;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationPaginationAndSearching
    public int getCountOfApplications(String str, String str2, String str3) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            if (!(applicationDAO instanceof PaginatableFilterableApplicationDAO)) {
                throw new UnsupportedOperationException("Application count is not supported. Tenant domain: " + str);
            }
            int countOfApplications = ((PaginatableFilterableApplicationDAO) applicationDAO).getCountOfApplications(str3);
            ApplicationMgtUtil.endTenantFlow();
            return countOfApplications;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void updateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        validateApplicationConfigurations(serviceProvider, str, str2);
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreUpdateApplication(serviceProvider, str, str2)) {
                throw buildServerException("Pre Update application failed");
            }
        }
        String applicationName = serviceProvider.getApplicationName();
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str, str2);
                ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
                String applicationName2 = applicationDAO.getApplicationName(serviceProvider.getApplicationID());
                if (StringUtils.isBlank(applicationName2)) {
                    throw buildClientException(IdentityApplicationConstants.Error.APPLICATION_NOT_FOUND, "Cannot find application with id: " + serviceProvider.getApplicationID() + " in tenantDomain: " + str);
                }
                doPreUpdateChecks(applicationName2, serviceProvider, str, str2);
                applicationDAO.updateApplication(serviceProvider, str);
                if (isOwnerUpdatedInRequest(serviceProvider)) {
                    assignApplicationRole(serviceProvider.getApplicationName(), MultitenantUtils.getTenantAwareUsername(serviceProvider.getOwner().toFullQualifiedUsername()));
                }
                updateApplicationPermissions(serviceProvider, applicationName, applicationName2);
                ApplicationMgtUtil.endTenantFlow();
                for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                    if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostUpdateApplication(serviceProvider, str, str2)) {
                        return;
                    }
                }
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error occurred while updating the application: " + applicationName + ". " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void deleteApplication(String str, String str2, String str3) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            try {
                if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreDeleteApplication(str, str2, str3)) {
                    throw buildServerException("Pre Delete application operation of listener: " + getName(applicationMgtListener) + " failed for application: " + str + " of tenantDomain: " + str2);
                }
            } finally {
                ApplicationMgtUtil.endTenantFlow();
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str2, str3);
            doPreDeleteChecks(str, str2, str3);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            ServiceProvider application = applicationDAO.getApplication(str, str2);
            if (application == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Application cannot be found for name: " + str + " in tenantDomain: " + str2);
                }
                return;
            }
            ApplicationMgtUtil.deleteAppRole(str);
            ApplicationMgtUtil.deletePermissions(str);
            applicationDAO.deleteApplication(str);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostDeleteApplication(application, str2, str3)) {
                    log.error("Post Delete application operation of listener: " + getName(applicationMgtListener2) + " failed for application with name: " + str + " of tenantDomain: " + str2);
                    return;
                }
            }
        } catch (Exception e) {
            throw buildServerException("Error occurred while deleting the application: " + str + ". " + e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void deleteApplications(int i) throws IdentityApplicationManagementException {
        String tenantDomain = IdentityTenantUtil.getTenantDomain(i);
        ApplicationBasicInfo[] allApplicationBasicInfo = getAllApplicationBasicInfo(tenantDomain, CarbonContext.getThreadLocalCarbonContext().getUsername());
        ApplicationMgtSystemConfig.getInstance().getApplicationDAO().deleteApplications(i);
        if (log.isDebugEnabled()) {
            log.debug("Clearing the cache entries of all SP applications of the tenant: " + tenantDomain);
        }
        try {
            ApplicationMgtUtil.startTenantFlow("carbon.super");
            for (ApplicationBasicInfo applicationBasicInfo : allApplicationBasicInfo) {
                IdentityServiceProviderCache.getInstance().clearCacheEntry(new IdentityServiceProviderCacheKey(applicationBasicInfo.getApplicationName(), tenantDomain));
            }
        } finally {
            ApplicationMgtUtil.endTenantFlow();
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public IdentityProvider getIdentityProvider(String str, String str2) throws IdentityApplicationManagementException {
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str2);
                IdentityProvider identityProvider = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO().getIdentityProvider(str);
                ApplicationMgtUtil.endTenantFlow();
                return identityProvider;
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error occurred while retrieving Identity Provider: " + str + ". " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public IdentityProvider[] getAllIdentityProviders(String str) throws IdentityApplicationManagementException {
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str);
                List<IdentityProvider> allIdentityProviders = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO().getAllIdentityProviders();
                if (allIdentityProviders != null) {
                    IdentityProvider[] identityProviderArr = (IdentityProvider[]) allIdentityProviders.toArray(new IdentityProvider[allIdentityProviders.size()]);
                    ApplicationMgtUtil.endTenantFlow();
                    return identityProviderArr;
                }
                IdentityProvider[] identityProviderArr2 = new IdentityProvider[0];
                ApplicationMgtUtil.endTenantFlow();
                return identityProviderArr2;
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error occurred while retrieving all Identity Providers. " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public LocalAuthenticatorConfig[] getAllLocalAuthenticators(String str) throws IdentityApplicationManagementException {
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str);
                List<LocalAuthenticatorConfig> allLocalAuthenticators = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO().getAllLocalAuthenticators();
                if (allLocalAuthenticators != null) {
                    LocalAuthenticatorConfig[] localAuthenticatorConfigArr = (LocalAuthenticatorConfig[]) allLocalAuthenticators.toArray(new LocalAuthenticatorConfig[allLocalAuthenticators.size()]);
                    ApplicationMgtUtil.endTenantFlow();
                    return localAuthenticatorConfigArr;
                }
                LocalAuthenticatorConfig[] localAuthenticatorConfigArr2 = new LocalAuthenticatorConfig[0];
                ApplicationMgtUtil.endTenantFlow();
                return localAuthenticatorConfigArr2;
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error occurred while retrieving all Local Authenticators. " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public RequestPathAuthenticatorConfig[] getAllRequestPathAuthenticators(String str) throws IdentityApplicationManagementException {
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str);
                List<RequestPathAuthenticatorConfig> allRequestPathAuthenticators = ApplicationMgtSystemConfig.getInstance().getIdentityProviderDAO().getAllRequestPathAuthenticators();
                if (allRequestPathAuthenticators != null) {
                    RequestPathAuthenticatorConfig[] requestPathAuthenticatorConfigArr = (RequestPathAuthenticatorConfig[]) allRequestPathAuthenticators.toArray(new RequestPathAuthenticatorConfig[allRequestPathAuthenticators.size()]);
                    ApplicationMgtUtil.endTenantFlow();
                    return requestPathAuthenticatorConfigArr;
                }
                RequestPathAuthenticatorConfig[] requestPathAuthenticatorConfigArr2 = new RequestPathAuthenticatorConfig[0];
                ApplicationMgtUtil.endTenantFlow();
                return requestPathAuthenticatorConfigArr2;
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error occurred while retrieving all Request Path Authenticators. " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public String[] getAllLocalClaimUris(String str) throws IdentityApplicationManagementException {
        try {
            try {
                ApplicationMgtUtil.startTenantFlow(str);
                ClaimMapping[] allClaimMappings = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getClaimManager().getAllClaimMappings(ApplicationMgtSystemConfig.getInstance().getClaimDialect());
                ArrayList arrayList = new ArrayList();
                for (ClaimMapping claimMapping : allClaimMappings) {
                    arrayList.add(claimMapping.getClaim().getClaimUri());
                }
                String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
                if (ArrayUtils.isNotEmpty(strArr)) {
                    Arrays.sort(strArr);
                }
                ApplicationMgtUtil.endTenantFlow();
                return strArr;
            } catch (Exception e) {
                throw new IdentityApplicationManagementException("Error while reading system claims. " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public String getServiceProviderNameByClientIdExcludingFileBasedSPs(String str, String str2, String str3) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetServiceProviderNameByClientIdExcludingFileBasedSPs(null, str, str2, str3)) {
                return null;
            }
        }
        try {
            String serviceProviderNameByClientId = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getServiceProviderNameByClientId(str, str2, str3);
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetServiceProviderNameByClientIdExcludingFileBasedSPs(serviceProviderNameByClientId, str, str2, str3)) {
                    return null;
                }
            }
            return serviceProviderNameByClientId;
        } catch (Exception e) {
            throw new IdentityApplicationManagementException("Error occurred while retrieving the service provider for client id :  " + str + ". " + e.getMessage(), e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public Map<String, String> getServiceProviderToLocalIdPClaimMapping(String str, String str2) throws IdentityApplicationManagementException {
        Map<String, String> serviceProviderToLocalIdPClaimMapping = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getServiceProviderToLocalIdPClaimMapping(str, str2);
        return (serviceProviderToLocalIdPClaimMapping == null || (serviceProviderToLocalIdPClaimMapping.isEmpty() && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(str))) ? new FileBasedApplicationDAO().getServiceProviderToLocalIdPClaimMapping(str, str2) : serviceProviderToLocalIdPClaimMapping;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public Map<String, String> getLocalIdPToServiceProviderClaimMapping(String str, String str2) throws IdentityApplicationManagementException {
        Map<String, String> localIdPToServiceProviderClaimMapping = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getLocalIdPToServiceProviderClaimMapping(str, str2);
        return (localIdPToServiceProviderClaimMapping == null || (localIdPToServiceProviderClaimMapping.isEmpty() && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(str))) ? new FileBasedApplicationDAO().getLocalIdPToServiceProviderClaimMapping(str, str2) : localIdPToServiceProviderClaimMapping;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public List<String> getAllRequestedClaimsByServiceProvider(String str, String str2) throws IdentityApplicationManagementException {
        List<String> allRequestedClaimsByServiceProvider = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getAllRequestedClaimsByServiceProvider(str, str2);
        return (allRequestedClaimsByServiceProvider == null || (allRequestedClaimsByServiceProvider.isEmpty() && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(str))) ? new FileBasedApplicationDAO().getAllRequestedClaimsByServiceProvider(str, str2) : allRequestedClaimsByServiceProvider;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public String getServiceProviderNameByClientId(String str, String str2, String str3) throws IdentityApplicationManagementException {
        String str4 = null;
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetServiceProviderNameByClientId(str, str2, str3)) {
                return null;
            }
        }
        if (StringUtils.isNotEmpty(str)) {
            str4 = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getServiceProviderNameByClientId(str, str2, str3);
            if (str4 == null) {
                str4 = new FileBasedApplicationDAO().getServiceProviderNameByClientId(str, str2, str3);
            }
        }
        if (str4 == null) {
            str4 = ApplicationManagementServiceComponent.getFileBasedSPs().get("default").getApplicationName();
        }
        for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
            if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetServiceProviderNameByClientId(str4, str, str2, str3)) {
                return null;
            }
        }
        return str4;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider getServiceProvider(String str, String str2) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetServiceProvider(str, str2)) {
                return null;
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str2);
            ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(str, str2);
            if (application == null && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(str)) {
                application = ApplicationManagementServiceComponent.getFileBasedSPs().get(str);
            }
            ApplicationMgtUtil.endTenantFlow();
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetServiceProvider(application, str, str2)) {
                    return null;
                }
            }
            return application;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider getServiceProvider(int i) throws IdentityApplicationManagementException {
        ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(i);
        String applicationName = application.getApplicationName();
        String tenantDomain = application.getOwner().getTenantDomain();
        for (ApplicationMgtListener applicationMgtListener : getApplicationMgtListeners()) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPostGetServiceProvider(application, applicationName, tenantDomain)) {
                return null;
            }
        }
        return application;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ServiceProvider getServiceProviderByClientId(String str, String str2, String str3) throws IdentityApplicationManagementException {
        AuthenticationStep[] authenticationSteps;
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable() && !applicationMgtListener.doPreGetServiceProviderByClientId(str, str2, str3)) {
                return null;
            }
        }
        if (str != null && str.contains("@")) {
            str = str.split("@")[0];
        }
        String serviceProviderNameByClientId = getServiceProviderNameByClientId(str, str2, str3);
        try {
            ApplicationMgtUtil.startTenantFlow(str3);
            ServiceProvider application = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplication(serviceProviderNameByClientId, str3);
            if (application != null && ((authenticationSteps = application.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps()) == null || authenticationSteps.length == 0)) {
                ServiceProvider serviceProvider = ApplicationManagementServiceComponent.getFileBasedSPs().get("default");
                AuthenticationStep[] authenticationSteps2 = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps();
                AuthenticationScriptConfig authenticationScriptConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationScriptConfig();
                application.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(authenticationSteps2);
                if (authenticationScriptConfig != null) {
                    application.getLocalAndOutBoundAuthenticationConfig().setAuthenticationScriptConfig(authenticationScriptConfig);
                    application.getLocalAndOutBoundAuthenticationConfig().setAuthenticationType(ApplicationConstants.AUTH_TYPE_FLOW);
                }
            }
            ApplicationMgtUtil.endTenantFlow();
            if (application == null && serviceProviderNameByClientId != null && ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(serviceProviderNameByClientId)) {
                application = ApplicationManagementServiceComponent.getFileBasedSPs().get(serviceProviderNameByClientId);
            }
            for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
                if (applicationMgtListener2.isEnable() && !applicationMgtListener2.doPostGetServiceProviderByClientId(application, str, str2, str3)) {
                    return null;
                }
            }
            return application;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ImportResponse importSPApplication(SpFileContent spFileContent, String str, String str2, boolean z) throws IdentityApplicationManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Importing service provider from file " + spFileContent.getFileName());
        }
        ServiceProvider unmarshalSP = unmarshalSP(spFileContent, str);
        ImportResponse importSPApplication = importSPApplication(unmarshalSP, str, str2, z);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Service provider %s@%s created successfully from file %s", unmarshalSP.getApplicationName(), str, spFileContent.getFileName()));
        }
        return importSPApplication;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public ImportResponse importSPApplication(ServiceProvider serviceProvider, String str, String str2, boolean z) throws IdentityApplicationManagementException {
        if (log.isDebugEnabled()) {
            log.debug("Importing service provider from object " + serviceProvider.getApplicationName());
        }
        ImportResponse importApplication = importApplication(serviceProvider, str, str2, z);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Service provider %s@%s created successfully from object", serviceProvider.getApplicationName(), str));
        }
        return importApplication;
    }

    private ImportResponse importApplication(ServiceProvider serviceProvider, String str, String str2, boolean z) throws IdentityApplicationManagementException {
        Collection<ApplicationMgtListener> applicationMgtListeners = getApplicationMgtListeners();
        ServiceProvider serviceProvider2 = null;
        String applicationName = serviceProvider.getApplicationName();
        if (z) {
            try {
                serviceProvider2 = getApplicationExcludingFileBasedSPs(applicationName, str);
                if (serviceProvider2 == null) {
                    throw new IdentityApplicationManagementClientException(IdentityApplicationConstants.Error.APPLICATION_NOT_FOUND.getCode(), String.format("Service provider %s@%s is not found", applicationName, str));
                }
            } catch (IdentityApplicationManagementException e) {
                deleteCreatedSP(null, str, str2, z);
                throw new IdentityApplicationManagementException(String.format("Error in importing provided service provider %s@%s from file ", applicationName, str), e);
            } catch (IdentityApplicationManagementClientException e2) {
                deleteCreatedSP(null, str, str2, z);
                return buildImportErrorResponse(e2);
            }
        }
        if (!z) {
            ServiceProvider serviceProvider3 = new ServiceProvider();
            serviceProvider3.setApplicationName(serviceProvider.getApplicationName());
            serviceProvider3.setDescription(serviceProvider.getDescription());
            serviceProvider2 = getApplicationByResourceId(createApplication(serviceProvider3, str, str2), str);
        }
        serviceProvider.setApplicationResourceId(serviceProvider2.getApplicationResourceId());
        serviceProvider.setApplicationID(serviceProvider2.getApplicationID());
        serviceProvider.setOwner(getUser(str, str2));
        for (ApplicationMgtListener applicationMgtListener : applicationMgtListeners) {
            if (applicationMgtListener.isEnable()) {
                applicationMgtListener.onPreCreateInbound(serviceProvider, z);
            }
        }
        updateApplication(serviceProvider, str, str2);
        for (ApplicationMgtListener applicationMgtListener2 : applicationMgtListeners) {
            if (applicationMgtListener2.isEnable()) {
                applicationMgtListener2.doImportServiceProvider(serviceProvider);
            }
        }
        ImportResponse importResponse = new ImportResponse();
        if (z) {
            importResponse.setResponseCode(200);
        } else {
            importResponse.setResponseCode(201);
        }
        importResponse.setApplicationName(applicationName);
        importResponse.setApplicationResourceId(serviceProvider.getApplicationResourceId());
        importResponse.setErrors(new String[0]);
        return importResponse;
    }

    private ImportResponse buildImportErrorResponse(IdentityApplicationManagementClientException identityApplicationManagementClientException) {
        ImportResponse importResponse = new ImportResponse();
        importResponse.setResponseCode(400);
        importResponse.setApplicationName((String) null);
        importResponse.setErrorCode(identityApplicationManagementClientException.getErrorCode() != null ? identityApplicationManagementClientException.getErrorCode() : IdentityApplicationConstants.Error.INVALID_REQUEST.getCode());
        if (identityApplicationManagementClientException instanceof IdentityApplicationManagementValidationException) {
            importResponse.setErrors(((IdentityApplicationManagementValidationException) identityApplicationManagementClientException).getValidationMsg());
        } else if (StringUtils.isNotBlank(identityApplicationManagementClientException.getMessage())) {
            importResponse.setErrors(new String[]{identityApplicationManagementClientException.getMessage()});
        }
        return importResponse;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public String exportSPApplicationFromAppID(String str, boolean z, String str2) throws IdentityApplicationManagementException {
        ApplicationBasicInfo applicationBasicInfoByResourceId = getApplicationBasicInfoByResourceId(str, str2);
        if (applicationBasicInfoByResourceId == null) {
            throw buildClientException(IdentityApplicationConstants.Error.APPLICATION_NOT_FOUND, "Application could not be found for the provided resourceId: " + str);
        }
        String applicationName = applicationBasicInfoByResourceId.getApplicationName();
        try {
            ApplicationMgtUtil.startTenantFlow(str2);
            String exportSPApplication = exportSPApplication(applicationName, z, str2);
            ApplicationMgtUtil.endTenantFlow();
            return exportSPApplication;
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public String exportSPApplication(String str, boolean z, String str2) throws IdentityApplicationManagementException {
        ServiceProvider applicationExcludingFileBasedSPs = getApplicationExcludingFileBasedSPs(str, str2);
        for (ApplicationMgtListener applicationMgtListener : getApplicationMgtListeners()) {
            if (applicationMgtListener.isEnable()) {
                applicationMgtListener.doExportServiceProvider(applicationExcludingFileBasedSPs, Boolean.valueOf(z));
            }
        }
        return marshalSP(applicationExcludingFileBasedSPs, str2);
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void createApplicationTemplate(SpTemplate spTemplate, String str) throws IdentityApplicationManagementException {
        try {
            ServiceProvider unmarshalSPTemplate = unmarshalSPTemplate(spTemplate.getContent());
            validateSPTemplateExists(spTemplate, str);
            validateUnsupportedTemplateConfigs(unmarshalSPTemplate);
            this.applicationMgtValidator.validateSPConfigurations(unmarshalSPTemplate, str, CarbonContext.getThreadLocalCarbonContext().getUsername());
            for (ApplicationMgtListener applicationMgtListener : getApplicationMgtListeners()) {
                if (applicationMgtListener.isEnable()) {
                    applicationMgtListener.doPreCreateApplicationTemplate(unmarshalSPTemplate, str);
                }
            }
            doAddApplicationTemplate(spTemplate, str);
        } catch (IdentityApplicationManagementException e) {
            throw new IdentityApplicationManagementException(String.format("Error when creating the application template: %s in tenant: %s", spTemplate.getName(), str), e);
        } catch (IdentityApplicationManagementValidationException e2) {
            log.error("Validation error when creating the application template: " + spTemplate.getName() + " in:" + str);
            logValidationErrorMessages(e2);
            throw new IdentityApplicationManagementClientException(e2.getValidationMsg());
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void createApplicationTemplateFromSP(ServiceProvider serviceProvider, SpTemplate spTemplate, String str) throws IdentityApplicationManagementException {
        if (serviceProvider == null) {
            createApplicationTemplate(spTemplate, str);
            return;
        }
        try {
            validateSPTemplateExists(spTemplate, str);
            ServiceProvider removeUnsupportedTemplateConfigs = removeUnsupportedTemplateConfigs(serviceProvider);
            this.applicationMgtValidator.validateSPConfigurations(removeUnsupportedTemplateConfigs, str, CarbonContext.getThreadLocalCarbonContext().getUsername());
            for (ApplicationMgtListener applicationMgtListener : getApplicationMgtListeners()) {
                if (applicationMgtListener.isEnable()) {
                    applicationMgtListener.doPreCreateApplicationTemplate(serviceProvider, str);
                }
            }
            spTemplate.setContent(marshalSPTemplate(removeUnsupportedTemplateConfigs, str));
            doAddApplicationTemplate(spTemplate, str);
        } catch (IdentityApplicationManagementValidationException e) {
            log.error("Validation error when creating the application template:" + spTemplate.getName() + "from service provider: " + serviceProvider.getApplicationName() + " in:" + str);
            logValidationErrorMessages(e);
            throw new IdentityApplicationManagementClientException(e.getValidationMsg());
        } catch (IdentityApplicationManagementException e2) {
            throw new IdentityApplicationManagementException(String.format("Error when creating the application template: %s from service provider: %s in: ", spTemplate.getName(), serviceProvider.getApplicationName(), str), e2);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public SpTemplate getApplicationTemplate(String str, String str2) throws IdentityApplicationManagementException {
        String str3 = str;
        if (StringUtils.isBlank(str3)) {
            str3 = "default";
        }
        SpTemplate doGetApplicationTemplate = doGetApplicationTemplate(str3, str2);
        if (doGetApplicationTemplate != null) {
            return doGetApplicationTemplate;
        }
        if (StringUtils.isBlank(str)) {
            return null;
        }
        throw new IdentityApplicationManagementClientException(new String[]{String.format("Template with name: %s is not registered for tenant: %s.", str, str2)});
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void deleteApplicationTemplate(String str, String str2) throws IdentityApplicationManagementException {
        doDeleteApplicationTemplate(str, str2);
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public void updateApplicationTemplate(String str, SpTemplate spTemplate, String str2) throws IdentityApplicationManagementException {
        try {
            validateSPTemplateExists(str, spTemplate, str2);
            ServiceProvider unmarshalSPTemplate = unmarshalSPTemplate(spTemplate.getContent());
            validateUnsupportedTemplateConfigs(unmarshalSPTemplate);
            this.applicationMgtValidator.validateSPConfigurations(unmarshalSPTemplate, str2, CarbonContext.getThreadLocalCarbonContext().getUsername());
            for (ApplicationMgtListener applicationMgtListener : getApplicationMgtListeners()) {
                if (applicationMgtListener.isEnable()) {
                    applicationMgtListener.doPreUpdateApplicationTemplate(unmarshalSPTemplate, str2);
                }
            }
            doUpdateApplicationTemplate(str, spTemplate, str2);
        } catch (IdentityApplicationManagementValidationException e) {
            log.error("Validation error when updating the application template: " + str + " in:" + str2);
            logValidationErrorMessages(e);
            throw new IdentityApplicationManagementClientException(e.getValidationMsg());
        } catch (IdentityApplicationManagementException e2) {
            throw new IdentityApplicationManagementException(String.format("Error in updating the application template: %s in tenant: %s", str, str2), e2);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public boolean isExistingApplicationTemplate(String str, String str2) throws IdentityApplicationManagementException {
        return doCheckApplicationTemplateExistence(str, str2);
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public List<SpTemplate> getAllApplicationTemplateInfo(String str) throws IdentityApplicationManagementException {
        return doGetAllApplicationTemplateInfo(str);
    }

    private void doAddApplicationTemplate(SpTemplate spTemplate, String str) throws IdentityApplicationManagementException {
        ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().createApplicationTemplate(spTemplate, str);
        ServiceProviderTemplateCache.getInstance().addToCache(new ServiceProviderTemplateCacheKey(spTemplate.getName(), str), spTemplate);
    }

    private SpTemplate doGetApplicationTemplate(String str, String str2) throws IdentityApplicationManagementException {
        ServiceProviderTemplateCacheKey serviceProviderTemplateCacheKey = new ServiceProviderTemplateCacheKey(str, str2);
        SpTemplate spTemplateFromCache = getSpTemplateFromCache(serviceProviderTemplateCacheKey);
        if (spTemplateFromCache == null) {
            spTemplateFromCache = getSpTemplateFromDB(str, str2, serviceProviderTemplateCacheKey);
        }
        return spTemplateFromCache;
    }

    private void doDeleteApplicationTemplate(String str, String str2) throws IdentityApplicationManagementException {
        ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().deleteApplicationTemplate(str, str2);
        ServiceProviderTemplateCache.getInstance().clearCacheEntry(new ServiceProviderTemplateCacheKey(str, str2));
    }

    private void doUpdateApplicationTemplate(String str, SpTemplate spTemplate, String str2) throws IdentityApplicationManagementException {
        ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().updateApplicationTemplate(str, spTemplate, str2);
        if (!str.equals(spTemplate.getName())) {
            ServiceProviderTemplateCache.getInstance().clearCacheEntry(new ServiceProviderTemplateCacheKey(str, str2));
        }
        ServiceProviderTemplateCache.getInstance().addToCache(new ServiceProviderTemplateCacheKey(spTemplate.getName(), str2), spTemplate);
    }

    private boolean doCheckApplicationTemplateExistence(String str, String str2) throws IdentityApplicationManagementException {
        if (getSpTemplateFromCache(new ServiceProviderTemplateCacheKey(str, str2)) == null) {
            return ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().isExistingTemplate(str, str2);
        }
        return true;
    }

    private List<SpTemplate> doGetAllApplicationTemplateInfo(String str) throws IdentityApplicationManagementException {
        return ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().getAllApplicationTemplateInfo(str);
    }

    private void validateUnsupportedTemplateConfigs(ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        ArrayList arrayList = new ArrayList();
        if (serviceProvider.getInboundAuthenticationConfig() != null) {
            arrayList.add("Inbound configurations are not supported.");
        }
        if (serviceProvider.getApplicationID() != 0) {
            arrayList.add("Application ID is not supported.");
        }
        if (serviceProvider.getApplicationName() != null) {
            arrayList.add("Application name is not supported.");
        }
        if (serviceProvider.getDescription() != null) {
            arrayList.add("Application description is not supported.");
        }
        if (serviceProvider.getCertificateContent() != null) {
            arrayList.add("Application certificate is not supported.");
        }
        if (!arrayList.isEmpty()) {
            throw new IdentityApplicationManagementValidationException((String[]) arrayList.toArray(new String[0]));
        }
    }

    private void validateSPTemplateExists(SpTemplate spTemplate, String str) throws IdentityApplicationManagementException {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isNotBlank(spTemplate.getName()) && isExistingApplicationTemplate(spTemplate.getName(), str)) {
            arrayList.add(String.format("Template with name: %s is already configured for tenant: %s.", spTemplate.getName(), str));
            throw new IdentityApplicationManagementValidationException((String[]) arrayList.toArray(new String[0]));
        }
    }

    private void validateSPTemplateExists(String str, SpTemplate spTemplate, String str2) throws IdentityApplicationManagementException {
        if (str.equals(spTemplate.getName())) {
            return;
        }
        validateSPTemplateExists(spTemplate, str2);
    }

    private SpTemplate getSpTemplateFromDB(String str, String str2, ServiceProviderTemplateCacheKey serviceProviderTemplateCacheKey) throws IdentityApplicationManagementException {
        Serializable applicationTemplate = ApplicationMgtSystemConfig.getInstance().getApplicationTemplateDAO().getApplicationTemplate(str, str2);
        if (applicationTemplate == null) {
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Template with name: %s is taken from database for tenant: %s ", str, str2));
        }
        ServiceProviderTemplateCache.getInstance().addToCache(serviceProviderTemplateCacheKey, applicationTemplate);
        return applicationTemplate;
    }

    private SpTemplate getSpTemplateFromCache(ServiceProviderTemplateCacheKey serviceProviderTemplateCacheKey) {
        SpTemplate valueFromCache = ServiceProviderTemplateCache.getInstance().getValueFromCache(serviceProviderTemplateCacheKey);
        if (valueFromCache == null) {
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Template with name: %s is taken from cache of tenant: %s ", serviceProviderTemplateCacheKey.getTemplateName(), serviceProviderTemplateCacheKey.getTenantDomain()));
        }
        return valueFromCache;
    }

    private ServiceProvider unmarshalSPTemplate(String str) throws IdentityApplicationManagementValidationException {
        if (StringUtils.isEmpty(str)) {
            throw new IdentityApplicationManagementValidationException(new String[]{"Empty SP template configuration is provided."});
        }
        try {
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setXIncludeAware(false);
            try {
                newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
                newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
                newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
                newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            } catch (ParserConfigurationException | SAXException e) {
                log.error("Failed to load XML Processor Feature external-general-entities or external-parameter-entities or nonvalidating/load-external-dtd or secure-processing.");
            }
            UnmarshallerHandler unmarshallerHandler = JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createUnmarshaller().getUnmarshallerHandler();
            XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
            xMLReader.setContentHandler(unmarshallerHandler);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
            xMLReader.parse(new InputSource(byteArrayInputStream));
            byteArrayInputStream.close();
            return (ServiceProvider) unmarshallerHandler.getResult();
        } catch (JAXBException | IOException | ParserConfigurationException | SAXException e2) {
            log.error("Error in reading Service Provider template configuration.", e2);
            throw new IdentityApplicationManagementValidationException(new String[]{"Error in reading Service Provider template configuration."});
        }
    }

    private String marshalSPTemplate(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createMarshaller();
            Document newDocument = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder().newDocument();
            createMarshaller.marshal(serviceProvider, newDocument);
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("indent", "yes");
            newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
            newTransformer.setOutputProperty("cdata-section-elements", "AuthenticationScript inboundConfiguration");
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(newDocument), new StreamResult(stringWriter));
            return stringWriter.getBuffer().toString();
        } catch (JAXBException | ParserConfigurationException | TransformerException e) {
            throw new IdentityApplicationManagementException(String.format("Error in exporting Service Provider template from SP %s@%s", serviceProvider.getApplicationName(), str), e);
        }
    }

    private ServiceProvider removeUnsupportedTemplateConfigs(ServiceProvider serviceProvider) {
        if (serviceProvider != null) {
            serviceProvider.setApplicationName((String) null);
            serviceProvider.setDescription((String) null);
            serviceProvider.setApplicationID(0);
            serviceProvider.setCertificateContent((String) null);
            serviceProvider.setInboundAuthenticationConfig((InboundAuthenticationConfig) null);
        }
        return serviceProvider;
    }

    private void updateSpFromTemplate(ServiceProvider serviceProvider, String str, SpTemplate spTemplate) throws IdentityApplicationManagementException {
        if (spTemplate == null || spTemplate.getContent() == null) {
            return;
        }
        ServiceProvider unmarshalSP = unmarshalSP(spTemplate.getContent(), str);
        for (Field field : unmarshalSP.getClass().getDeclaredFields()) {
            try {
                Field declaredField = unmarshalSP.getClass().getDeclaredField(field.getName());
                declaredField.setAccessible(true);
                Object obj = declaredField.get(unmarshalSP);
                if (obj != null && declaredField.getAnnotation(XmlElement.class) != null) {
                    Field declaredField2 = serviceProvider.getClass().getDeclaredField(field.getName());
                    declaredField2.setAccessible(true);
                    declaredField2.set(serviceProvider, obj);
                }
            } catch (IllegalAccessException | NoSuchFieldException e) {
                throw new IdentityApplicationManagementException("Error when updating SP template configurationsinto the actual service provider");
            }
        }
    }

    private ServiceProvider unmarshalSP(String str, String str2) throws IdentityApplicationManagementException {
        if (StringUtils.isEmpty(str)) {
            throw new IdentityApplicationManagementException("Empty SP template configuration is provided to unmarshal");
        }
        try {
            return (ServiceProvider) JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createUnmarshaller().unmarshal(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        } catch (JAXBException e) {
            throw new IdentityApplicationManagementException("Error in reading Service Provider template configuration ", e);
        }
    }

    private void deleteApplicationPermission(String str) {
        try {
            ApplicationMgtUtil.deletePermissions(str);
        } catch (IdentityApplicationManagementException e) {
            log.error("Failed to delete the permissions for: " + str, e);
        }
    }

    private void deleteApplicationRole(String str) {
        try {
            ApplicationMgtUtil.deleteAppRole(str);
        } catch (IdentityApplicationManagementException e) {
            log.error("Failed to delete the application role for: " + str, e);
        }
    }

    private void doPreAddApplicationChecks(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        String applicationName = serviceProvider.getApplicationName();
        if (StringUtils.isBlank(applicationName)) {
            throw buildClientException(IdentityApplicationConstants.Error.INVALID_REQUEST, "Application name cannot be empty.");
        }
        if (ApplicationMgtSystemConfig.getInstance().getApplicationDAO().isApplicationExists(applicationName, str)) {
            throw new IdentityApplicationRegistrationFailureException(IdentityApplicationConstants.Error.APPLICATION_ALREADY_EXISTS.getCode(), "An application with name: '" + applicationName + "' already exists in tenantDomain: " + str);
        }
        if (ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(applicationName)) {
            throw buildClientException(IdentityApplicationConstants.Error.APPLICATION_ALREADY_EXISTS, "Application with name: '" + applicationName + "' already loaded from the file system.");
        }
        if (ApplicationMgtUtil.isRegexValidated(applicationName)) {
            validateApplicationConfigurations(serviceProvider, str, str2);
        } else {
            throw buildClientException(IdentityApplicationConstants.Error.INVALID_REQUEST, "The Application name: '" + applicationName + "' is not valid! It is not adhering to the regex: " + ApplicationMgtUtil.getSPValidatorRegex());
        }
    }

    private <T> T doAddApplication(ServiceProvider serviceProvider, String str, String str2, ApplicationPersistFunction<ServiceProvider, T> applicationPersistFunction) throws IdentityApplicationManagementException {
        try {
            ApplicationMgtUtil.startTenantFlow(str, str2);
            String applicationName = serviceProvider.getApplicationName();
            ApplicationMgtUtil.createAppRole(applicationName, str2);
            try {
                ApplicationMgtUtil.storePermissions(applicationName, str2, serviceProvider.getPermissionAndRoleConfig());
                try {
                    T persistApplication = applicationPersistFunction.persistApplication(serviceProvider, str);
                    ApplicationMgtUtil.endTenantFlow();
                    return persistApplication;
                } catch (IdentityApplicationManagementException e) {
                    if (isRollbackRequired(e)) {
                        if (log.isDebugEnabled()) {
                            log.debug("Creating application: " + applicationName + " in tenantDomain: " + str + " failed. Rolling back by cleaning up partially created data.");
                        }
                        deleteApplicationRole(applicationName);
                        deleteApplicationPermission(applicationName);
                    }
                    throw e;
                }
            } catch (IdentityApplicationManagementException e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Creating application: " + applicationName + " in tenantDomain: " + str + " failed. Rolling back by cleaning up partially created data.");
                }
                deleteApplicationRole(applicationName);
                throw e2;
            }
        } catch (Throwable th) {
            ApplicationMgtUtil.endTenantFlow();
            throw th;
        }
    }

    private boolean isRollbackRequired(IdentityApplicationManagementException identityApplicationManagementException) {
        return !StringUtils.equals(identityApplicationManagementException.getErrorCode(), IdentityApplicationConstants.Error.APPLICATION_ALREADY_EXISTS.getCode());
    }

    private boolean isOwnerUpdatedInRequest(ServiceProvider serviceProvider) {
        return (serviceProvider.getOwner() == null || !StringUtils.isNotEmpty(serviceProvider.getOwner().getUserName()) || "wso2.system.user".equals(serviceProvider.getOwner().getUserName())) ? false : true;
    }

    private void assignApplicationRole(String str, String str2) throws IdentityApplicationManagementException {
        if (!ApplicationMgtUtil.validateRoles()) {
            if (log.isDebugEnabled()) {
                log.debug("Validating user with application roles is disabled. Therefore, the application role will not be assigned to user: " + str2);
                return;
            }
            return;
        }
        String appRoleName = getAppRoleName(str);
        String[] strArr = {appRoleName};
        try {
            UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (userRealm != null) {
                if (!userRealm.getUserStoreManager().isUserInRole(str2, appRoleName)) {
                    userRealm.getUserStoreManager().updateRoleListOfUser(str2, (String[]) null, strArr);
                    if (log.isDebugEnabled()) {
                        log.debug("Assigning application role : " + appRoleName + " to the user : " + str2);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("The user: " + str2 + " is already having the role: " + appRoleName);
                }
            }
        } catch (UserStoreException e) {
            throw new IdentityApplicationManagementException("Error while assigning application role: " + appRoleName + " to the user: " + str2, e);
        }
    }

    private static String getAppRoleName(String str) {
        return ApplicationConstants.APPLICATION_DOMAIN + UserCoreConstants.DOMAIN_SEPARATOR + str;
    }

    private ServiceProvider unmarshalSP(SpFileContent spFileContent, String str) throws IdentityApplicationManagementException {
        if (StringUtils.isEmpty(spFileContent.getContent())) {
            throw new IdentityApplicationManagementException(String.format("Empty Service Provider configuration file %s uploaded by tenant: %s", spFileContent.getFileName(), str));
        }
        try {
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setXIncludeAware(false);
            try {
                newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
                newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
                newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
                newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            } catch (ParserConfigurationException | SAXException e) {
                log.error("Failed to load XML Processor Feature external-general-entities or external-parameter-entities or nonvalidating/load-external-dtd or secure-processing.");
            }
            return (ServiceProvider) JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createUnmarshaller().unmarshal(new SAXSource(newInstance.newSAXParser().getXMLReader(), new InputSource(new StringReader(spFileContent.getContent()))));
        } catch (JAXBException | ParserConfigurationException | SAXException e2) {
            throw new IdentityApplicationManagementException(String.format("Error in reading Service Provider configuration file %s uploaded by tenant: %s", spFileContent.getFileName(), str), e2);
        }
    }

    private String marshalSP(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        try {
            Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{ServiceProvider.class}).createMarshaller();
            Document newDocument = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder().newDocument();
            createMarshaller.marshal(serviceProvider, newDocument);
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("indent", "yes");
            newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
            newTransformer.setOutputProperty("cdata-section-elements", "AuthenticationScript inboundConfiguration");
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(newDocument), new StreamResult(stringWriter));
            return stringWriter.getBuffer().toString();
        } catch (JAXBException | ParserConfigurationException | TransformerException e) {
            throw new IdentityApplicationManagementException(String.format("Error in exporting Service Provider %s@%s", serviceProvider.getApplicationName(), str), e);
        }
    }

    private User getUser(String str, String str2) {
        User user = new User();
        user.setUserName(UserCoreUtil.removeDomainFromName(str2));
        user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(str2));
        user.setTenantDomain(str);
        return user;
    }

    private void deleteCreatedSP(ServiceProvider serviceProvider, String str, String str2, boolean z) throws IdentityApplicationManagementException {
        if (serviceProvider == null || z) {
            return;
        }
        try {
            log.warn(String.format("Remove newly imported %s@%s application as error occurred ", serviceProvider.getApplicationName(), str));
            deleteApplication(serviceProvider.getApplicationName(), str, str2);
        } catch (IdentityApplicationManagementException e) {
            String format = String.format("Error occurred when removing newly imported service provider %s@%s", serviceProvider.getApplicationName(), str);
            log.error(format, e);
            throw new IdentityApplicationManagementException(format, e);
        }
    }

    private void setDefaultAuthenticationSeq(String str, String str2, ServiceProvider serviceProvider) throws IdentityApplicationManagementException {
        try {
            DefaultAuthenticationSequence defaultAuthenticationSeq = DefaultAuthSeqMgtServiceImpl.getInstance().getDefaultAuthenticationSeq(str, str2);
            if (defaultAuthenticationSeq != null && defaultAuthenticationSeq.getContent() != null) {
                serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(defaultAuthenticationSeq.getContent().getAuthenticationSteps());
                serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationScriptConfig(defaultAuthenticationSeq.getContent().getAuthenticationScriptConfig());
            } else {
                ServiceProvider serviceProvider2 = ApplicationManagementServiceComponent.getFileBasedSPs().get("default");
                serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(serviceProvider2.getLocalAndOutBoundAuthenticationConfig().getAuthenticationSteps());
                serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationScriptConfig(serviceProvider2.getLocalAndOutBoundAuthenticationConfig().getAuthenticationScriptConfig());
            }
        } catch (DefaultAuthSeqMgtException e) {
            throw new IdentityApplicationManagementException("Error when retrieving default authentication sequence in tenant: " + str2, e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationResourceManager
    public ApplicationBasicInfo getApplicationBasicInfoByResourceId(String str, String str2) throws IdentityApplicationManagementException {
        Collection<ApplicationResourceManagementListener> applicationResourceMgtListeners = ApplicationMgtListenerServiceComponent.getApplicationResourceMgtListeners();
        for (ApplicationResourceManagementListener applicationResourceManagementListener : applicationResourceMgtListeners) {
            if (applicationResourceManagementListener.isEnabled() && !applicationResourceManagementListener.doPreGetApplicationBasicInfoByResourceId(str, str2)) {
                throw buildServerException("Error executing doPreGetApplicationBasicInfoByResourceId operation of listener: " + getName(applicationResourceManagementListener) + " for application resourceId: " + str);
            }
        }
        ApplicationBasicInfo applicationBasicInfo = getApplicationBasicInfo(str, str2);
        for (ApplicationResourceManagementListener applicationResourceManagementListener2 : applicationResourceMgtListeners) {
            if (applicationResourceManagementListener2.isEnabled() && !applicationResourceManagementListener2.doPostGetApplicationBasicInfoByResourceId(applicationBasicInfo, str, str2)) {
                throw buildServerException("Error executing doPostGetApplicationBasicInfoByResourceId operation of listener: " + getName(applicationResourceManagementListener2) + " for application resourceId: " + str);
            }
        }
        return applicationBasicInfo;
    }

    private ApplicationBasicInfo getApplicationBasicInfo(String str, String str2) throws IdentityApplicationManagementException {
        return ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplicationBasicInfoByResourceId(str, str2);
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationResourceManager
    public String createApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        Collection<ApplicationResourceManagementListener> applicationResourceMgtListeners = ApplicationMgtListenerServiceComponent.getApplicationResourceMgtListeners();
        for (ApplicationResourceManagementListener applicationResourceManagementListener : applicationResourceMgtListeners) {
            if (applicationResourceManagementListener.isEnabled() && !applicationResourceManagementListener.doPreCreateApplication(serviceProvider, str, str2)) {
                throw buildServerException("Pre create application operation of listener: " + getName(applicationResourceManagementListener) + " failed for application: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str);
            }
        }
        doPreAddApplicationChecks(serviceProvider, str, str2);
        ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
        applicationDAO.getClass();
        String str3 = (String) doAddApplication(serviceProvider, str, str2, applicationDAO::addApplication);
        Iterator<ApplicationResourceManagementListener> it = applicationResourceMgtListeners.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ApplicationResourceManagementListener next = it.next();
            if (next.isEnabled() && !next.doPostCreateApplication(str3, serviceProvider, str, str2)) {
                log.error("Post create application operation of listener:" + getName(next) + " failed for application: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str);
                break;
            }
        }
        return str3;
    }

    private <T> String getName(T t) {
        return t.getClass().getName();
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationResourceManager
    public ServiceProvider getApplicationByResourceId(String str, String str2) throws IdentityApplicationManagementException {
        Collection<ApplicationResourceManagementListener> applicationResourceMgtListeners = ApplicationMgtListenerServiceComponent.getApplicationResourceMgtListeners();
        for (ApplicationResourceManagementListener applicationResourceManagementListener : applicationResourceMgtListeners) {
            if (applicationResourceManagementListener.isEnabled() && !applicationResourceManagementListener.doPreGetApplicationByResourceId(str, str2)) {
                throw buildServerException("Pre Get application operation of listener: " + getName(applicationResourceManagementListener) + " failed for application with resourceId: " + str);
            }
        }
        ServiceProvider applicationByResourceId = ApplicationMgtSystemConfig.getInstance().getApplicationDAO().getApplicationByResourceId(str, str2);
        if (applicationByResourceId == null) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Cannot find an application for resourceId: " + str + " in tenantDomain: " + str2);
            return null;
        }
        Iterator<ApplicationResourceManagementListener> it = applicationResourceMgtListeners.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ApplicationResourceManagementListener next = it.next();
            if (next.isEnabled() && !next.doPostGetApplicationByResourceId(applicationByResourceId, str, str2)) {
                log.error("Post Get application operation of listener: " + getName(next) + " failed for application with resourceId: " + str);
                break;
            }
        }
        return applicationByResourceId;
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationResourceManager
    public void updateApplicationByResourceId(String str, ServiceProvider serviceProvider, String str2, String str3) throws IdentityApplicationManagementException {
        validateApplicationConfigurations(serviceProvider, str2, str3);
        serviceProvider.setApplicationResourceId(str);
        Collection<ApplicationResourceManagementListener> applicationResourceMgtListeners = ApplicationMgtListenerServiceComponent.getApplicationResourceMgtListeners();
        for (ApplicationResourceManagementListener applicationResourceManagementListener : applicationResourceMgtListeners) {
            try {
                if (applicationResourceManagementListener.isEnabled() && !applicationResourceManagementListener.doPreUpdateApplicationByResourceId(serviceProvider, str, str2, str3)) {
                    throw buildServerException("Pre Update application operation of listener: " + getName(applicationResourceManagementListener) + " failed for application with resourceId: " + str);
                }
            } catch (Throwable th) {
                ApplicationMgtUtil.endTenantFlow();
                throw th;
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str2);
            ApplicationBasicInfo applicationBasicInfo = getApplicationBasicInfo(str, str2);
            if (applicationBasicInfo == null) {
                throw buildClientException(IdentityApplicationConstants.Error.APPLICATION_NOT_FOUND, "Cannot find an application for resourceId: " + str + " in tenantDomain: " + str2);
            }
            String applicationName = serviceProvider.getApplicationName();
            String applicationName2 = applicationBasicInfo.getApplicationName();
            doPreUpdateChecks(applicationName2, serviceProvider, str2, str3);
            ApplicationMgtSystemConfig.getInstance().getApplicationDAO().updateApplicationByResourceId(str, str2, serviceProvider);
            if (isOwnerUpdateRequest(applicationBasicInfo.getAppOwner(), serviceProvider.getOwner())) {
                assignApplicationRole(serviceProvider.getApplicationName(), serviceProvider.getOwner().getUserName());
            }
            updateApplicationPermissions(serviceProvider, applicationName, applicationName2);
            ApplicationMgtUtil.endTenantFlow();
            for (ApplicationResourceManagementListener applicationResourceManagementListener2 : applicationResourceMgtListeners) {
                if (applicationResourceManagementListener2.isEnabled() && !applicationResourceManagementListener2.doPostUpdateApplicationByResourceId(serviceProvider, str, str2, str3)) {
                    log.error("Post Update application operation of listener: " + getName(applicationResourceManagementListener2) + " failed for application with resourceId: " + str);
                    return;
                }
            }
        } catch (RegistryException e) {
            throw buildServerException("Error while updating application with resourceId: " + str + " in tenantDomain: " + str2, e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationManagementService
    public Set<String> getSystemApplications() {
        OMElement configElement = IdentityConfigParser.getInstance().getConfigElement(ApplicationConstants.SYSTEM_APPLICATIONS_CONFIG_ELEMENT);
        if (configElement == null) {
            if (log.isDebugEnabled()) {
                log.debug("'SystemApplications' config not found.");
            }
            return Collections.emptySet();
        }
        Iterator childrenWithLocalName = configElement.getChildrenWithLocalName(ApplicationConstants.APPLICATION_NAME_CONFIG_ELEMENT);
        if (childrenWithLocalName == null) {
            if (log.isDebugEnabled()) {
                log.debug("'ApplicationName' config not found.");
            }
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        while (childrenWithLocalName.hasNext()) {
            String text = ((OMElement) childrenWithLocalName.next()).getText();
            if (StringUtils.isNotBlank(text)) {
                hashSet.add(text.trim());
            }
        }
        return hashSet;
    }

    private void doPreUpdateChecks(String str, ServiceProvider serviceProvider, String str2, String str3) throws IdentityApplicationManagementException {
        validateAuthorization(serviceProvider.getApplicationName(), str, str3, str2);
        validateAppName(str, serviceProvider, str2);
        validateApplicationCertificate(serviceProvider, str2);
    }

    private void updateApplicationPermissions(ServiceProvider serviceProvider, String str, String str2) throws RegistryException, IdentityApplicationManagementException {
        if (CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.USER_GOVERNANCE).resourceExists(ApplicationMgtUtil.getApplicationPermissionPath() + ApplicationMgtUtil.PATH_CONSTANT + str2) && !StringUtils.equals(str2, str)) {
            ApplicationMgtUtil.renameAppPermissionPathNode(str2, str);
        }
        if (serviceProvider.getPermissionAndRoleConfig() == null || !ArrayUtils.isNotEmpty(serviceProvider.getPermissionAndRoleConfig().getPermissions())) {
            return;
        }
        ApplicationMgtUtil.updatePermissions(str, serviceProvider.getPermissionAndRoleConfig().getPermissions());
    }

    private void validateApplicationCertificate(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        if (!IdentityUtil.isValidPEMCertificate(serviceProvider.getCertificateContent())) {
            throw buildClientException(IdentityApplicationConstants.Error.INVALID_REQUEST, String.format("Provided application certificate for application with name: %s in tenantDomain: %s is malformed.", serviceProvider.getApplicationName(), str));
        }
    }

    private void validateApplicationConfigurations(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        try {
            this.applicationMgtValidator.validateSPConfigurations(serviceProvider, str, str2);
        } catch (IdentityApplicationManagementValidationException e) {
            throw new IdentityApplicationManagementValidationException(IdentityApplicationConstants.Error.INVALID_REQUEST.getCode(), "Invalid application configuration for application: '" + serviceProvider.getApplicationName() + "' of tenantDomain: " + str + ".", e.getValidationMsg());
        }
    }

    private void validateAuthorization(String str, String str2, String str3, String str4) throws IdentityApplicationManagementException {
        if (ApplicationConstants.LOCAL_SP.equals(str2) || ApplicationMgtUtil.isUserAuthorized(str2, str3)) {
            return;
        }
        throw buildClientException(IdentityApplicationConstants.Error.OPERATION_FORBIDDEN, "Illegal Access! User: " + str3 + " does not have access to update the application: '" + str + "' in tenantDomain: " + str4);
    }

    private boolean isOwnerUpdateRequest(User user, User user2) {
        if (user2 != null) {
            return (StringUtils.isNotEmpty(user2.getUserName()) && !"wso2.system.user".equals(user2.getUserName())) && (!user.equals(user2));
        }
        return false;
    }

    private void validateAppName(String str, ServiceProvider serviceProvider, String str2) throws IdentityApplicationManagementException {
        String applicationName = serviceProvider.getApplicationName();
        if (StringUtils.isBlank(applicationName)) {
            throw buildClientException(IdentityApplicationConstants.Error.INVALID_REQUEST, "Application name cannot be empty.");
        }
        if (!ApplicationMgtUtil.isRegexValidated(applicationName)) {
            throw buildClientException(IdentityApplicationConstants.Error.INVALID_REQUEST, "The Application name '" + applicationName + "' is not valid. Application name does not adhere to the regex " + ApplicationMgtUtil.getSPValidatorRegex());
        }
        if (isAppRenamed(str, applicationName) && ApplicationConstants.LOCAL_SP.equalsIgnoreCase(applicationName)) {
            throw buildClientException(IdentityApplicationConstants.Error.OPERATION_FORBIDDEN, String.format("Cannot update an application's name to tenant resident service provider's name '%s'", ApplicationConstants.LOCAL_SP));
        }
        if (isAppRenamed(str, applicationName) && isAnotherAppExistsWithUpdatedName(serviceProvider, str2)) {
            throw buildClientException(IdentityApplicationConstants.Error.APPLICATION_ALREADY_EXISTS, String.format("Updated application name '%s' already exists.", applicationName));
        }
    }

    private boolean isAnotherAppExistsWithUpdatedName(ServiceProvider serviceProvider, String str) throws IdentityApplicationManagementException {
        ServiceProvider serviceProvider2 = getServiceProvider(serviceProvider.getApplicationName(), str);
        return (serviceProvider2 == null || serviceProvider2.getApplicationID() == serviceProvider.getApplicationID()) ? false : true;
    }

    private boolean isAppRenamed(String str, String str2) {
        return !StringUtils.equals(str, str2);
    }

    private void logValidationErrorMessages(IdentityApplicationManagementValidationException identityApplicationManagementValidationException) {
        if (identityApplicationManagementValidationException.getValidationMsg() != null) {
            log.error(StringUtils.join(identityApplicationManagementValidationException.getValidationMsg(), "\n"));
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.ApplicationResourceManager
    public void deleteApplicationByResourceId(String str, String str2, String str3) throws IdentityApplicationManagementException {
        Collection<ApplicationResourceManagementListener> applicationResourceMgtListeners = ApplicationMgtListenerServiceComponent.getApplicationResourceMgtListeners();
        for (ApplicationResourceManagementListener applicationResourceManagementListener : applicationResourceMgtListeners) {
            if (applicationResourceManagementListener.isEnabled() && !applicationResourceManagementListener.doPreDeleteApplicationByResourceId(str, str2, str3)) {
                throw buildServerException("Pre Delete application operation of listener: " + getName(applicationResourceManagementListener) + " failed for application with resourceId: " + str);
            }
        }
        try {
            ApplicationMgtUtil.startTenantFlow(str2);
            ApplicationDAO applicationDAO = ApplicationMgtSystemConfig.getInstance().getApplicationDAO();
            ServiceProvider applicationByResourceId = applicationDAO.getApplicationByResourceId(str, str2);
            if (applicationByResourceId == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Application cannot be found for resourceId: " + str + " in tenantDomain: " + str2);
                }
                return;
            }
            String applicationName = applicationByResourceId.getApplicationName();
            doPreDeleteChecks(applicationName, str2, str3);
            ApplicationMgtUtil.deleteAppRole(applicationName);
            ApplicationMgtUtil.deletePermissions(applicationName);
            applicationDAO.deleteApplicationByResourceId(str, str2);
            for (ApplicationResourceManagementListener applicationResourceManagementListener2 : applicationResourceMgtListeners) {
                if (applicationResourceManagementListener2.isEnabled() && !applicationResourceManagementListener2.doPostDeleteApplicationByResourceId(applicationByResourceId, str, str2, str3)) {
                    log.error("Post Delete application operation of listener: " + getName(applicationResourceManagementListener2) + " failed for application with resourceId: " + str);
                    return;
                }
            }
        } finally {
            ApplicationMgtUtil.endTenantFlow();
        }
    }

    private void doPreDeleteChecks(String str, String str2, String str3) throws IdentityApplicationManagementException {
        if (ApplicationMgtUtil.isUserAuthorized(str, str3)) {
            if (StringUtils.equals(str, ApplicationConstants.LOCAL_SP)) {
                throw buildClientException(IdentityApplicationConstants.Error.OPERATION_FORBIDDEN, "Cannot delete tenant resident service provider: wso2carbon-local-sp");
            }
        } else {
            String str4 = "Illegal Access! User " + str3 + " does not have access to delete the application: '" + str + "' of tenantDomain: " + str2;
            log.warn(str4);
            throw buildClientException(IdentityApplicationConstants.Error.OPERATION_FORBIDDEN, str4);
        }
    }

    private IdentityApplicationManagementClientException buildClientException(IdentityApplicationConstants.Error error, String str) {
        return new IdentityApplicationManagementClientException(error.getCode(), str);
    }

    private IdentityApplicationManagementServerException buildServerException(String str, Throwable th) {
        return new IdentityApplicationManagementServerException(IdentityApplicationConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), str, th);
    }

    private IdentityApplicationManagementServerException buildServerException(String str) {
        return new IdentityApplicationManagementServerException(IdentityApplicationConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), str);
    }

    private Collection<ApplicationMgtListener> getApplicationMgtListeners() {
        return ApplicationMgtListenerServiceComponent.getApplicationMgtListeners();
    }
}
