package org.wso2.carbon.identity.application.mgt.listener;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AssociatedRolesConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/listener/AdminRolePermissionsUpdateListener.class */
public class AdminRolePermissionsUpdateListener extends AbstractApplicationMgtListener {
    private static final Log LOG = LogFactory.getLog(AdminRolePermissionsUpdateListener.class);

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean doPostCreateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue()) {
            return true;
        }
        if (!isEnable()) {
            LOG.debug("AdminRolePermissionUpdateListener is not enabled.");
            return true;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("AdminRolePermissionUpdateListener fired on tenant creation for Tenant: " + str);
        }
        if (!ApplicationConstants.CONSOLE_APPLICATION_NAME.equals(serviceProvider.getApplicationName())) {
            return true;
        }
        try {
            if (OrganizationManagementUtil.isOrganization(str)) {
                return true;
            }
            String adminRoleId = getAdminRoleId(str);
            addAdminRoleToConsoleAppAsAssociatedRole(adminRoleId, serviceProvider, str);
            updateAdminRolePermissions(adminRoleId, str);
            return true;
        } catch (OrganizationManagementException e) {
            LOG.error("Error while registering system API resources in tenant: " + str);
            return true;
        }
    }

    private void updateAdminRolePermissions(String str, String str2) throws IdentityApplicationManagementException {
        try {
            List<String> internalScopes = getInternalScopes(str2);
            ArrayList arrayList = new ArrayList();
            Iterator<String> it = internalScopes.iterator();
            while (it.hasNext()) {
                arrayList.add(new Permission(it.next()));
            }
            ApplicationManagementServiceComponentHolder.getInstance().getRoleManagementServiceV2().updatePermissionListOfRole(str, arrayList, new ArrayList(), str2);
            LOG.debug("Update admin role permissions successfully.");
        } catch (IdentityRoleManagementException e) {
            throw new IdentityApplicationManagementException("Error while update admin role permissions", e);
        }
    }

    private void addAdminRoleToConsoleAppAsAssociatedRole(String str, ServiceProvider serviceProvider, String str2) throws IdentityApplicationManagementException {
        AssociatedRolesConfig associatedRolesConfig = new AssociatedRolesConfig();
        associatedRolesConfig.setAllowedAudience("organization");
        serviceProvider.setAssociatedRolesConfig(associatedRolesConfig);
        ApplicationManagementServiceImpl.getInstance().addAssociatedRoleToApplication(serviceProvider, str, str2);
        LOG.debug("Create an association between admin role and an console successfully.");
    }

    private String getAdminRoleId(String str) throws IdentityApplicationManagementException {
        try {
            String resolveOrganizationId = ApplicationManagementServiceComponentHolder.getInstance().getOrganizationManager().resolveOrganizationId(str);
            if (StringUtils.isBlank(resolveOrganizationId)) {
                throw new IdentityApplicationManagementException("Error while retrieving organization id from tenant domain : " + str);
            }
            UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
            if (userRealm == null) {
                throw new IdentityApplicationManagementException("Error while retrieving user realm");
            }
            try {
                String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
                if (StringUtils.isBlank(adminRoleName)) {
                    throw new IdentityApplicationManagementException("Admin role name not found");
                }
                try {
                    return ApplicationManagementServiceComponentHolder.getInstance().getRoleManagementServiceV2().getRoleIdByName(UserCoreUtil.removeDomainFromName(adminRoleName), "organization", resolveOrganizationId, str);
                } catch (IdentityRoleManagementException e) {
                    throw new IdentityApplicationManagementException("Error while retrieving role id for admin role in tenant domain : " + str, e);
                }
            } catch (UserStoreException e2) {
                throw new IdentityApplicationManagementException("Error while retrieving admin role name");
            }
        } catch (OrganizationManagementException e3) {
            throw new IdentityApplicationManagementException("Error while retrieving organization id from tenant domain : " + str, e3);
        }
    }

    private List<String> getInternalScopes(String str) throws IdentityApplicationManagementException {
        try {
            return (List) ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getScopesByTenantDomain(str, "name sw internal_").stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toCollection(ArrayList::new));
        } catch (APIResourceMgtException e) {
            throw new IdentityApplicationManagementException("Error while retrieving internal scopes for tenant domain : " + str, e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public int getDefaultOrderId() {
        return 213;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean isEnable() {
        return true;
    }
}
