package org.wso2.carbon.identity.application.mgt.listener;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
import org.wso2.carbon.identity.application.common.model.AuthorizedScopes;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementServiceImpl;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
import org.wso2.carbon.identity.application.mgt.internal.cache.ServiceProviderByResourceIdCache;
import org.wso2.carbon.identity.application.mgt.internal.cache.ServiceProviderResourceIdCacheKey;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementClientException;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementServerException;
import org.wso2.carbon.identity.role.v2.mgt.core.listener.RoleManagementListener;
import org.wso2.carbon.identity.role.v2.mgt.core.model.GroupBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/listener/DefaultRoleManagementListener.class */
public class DefaultRoleManagementListener extends AbstractApplicationMgtListener implements RoleManagementListener {
    private static final AuthorizedAPIManagementService authorizedAPIManagementService = new AuthorizedAPIManagementServiceImpl();

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public int getExecutionOrderId() {
        return 1;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public int getDefaultOrderId() {
        return 1;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean isEnable() {
        return true;
    }

    public boolean preAddRole(String str, List<String> list, List<String> list2, List<Permission> list3, String str2, String str3, String str4) throws IdentityRoleManagementException {
        if (!"application".equalsIgnoreCase(str2)) {
            return true;
        }
        validateApplicationRoleAudience(str3, str4);
        validatePermissionsForApplication(list3, str3, str4);
        return true;
    }

    public boolean postAddRole(RoleBasicInfo roleBasicInfo, String str, List<String> list, List<String> list2, List<Permission> list3, String str2, String str3, String str4) throws IdentityRoleManagementException {
        if (!"application".equalsIgnoreCase(str2)) {
            return true;
        }
        roleBasicInfo.setAudienceName(getApplicationName(str3, str4));
        ServiceProviderByResourceIdCache.getInstance().clearCacheEntry(new ServiceProviderResourceIdCacheKey(str3), str4);
        return true;
    }

    public boolean preGetRoles(Integer num, Integer num2, String str, String str2, String str3) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoles(List<RoleBasicInfo> list, Integer num, Integer num2, String str, String str2, String str3) throws IdentityRoleManagementException {
        Iterator<RoleBasicInfo> it = list.iterator();
        while (it.hasNext()) {
            RoleBasicInfo next = it.next();
            if ("application".equalsIgnoreCase(next.getAudience())) {
                String applicationName = getApplicationName(next.getAudienceId(), str3);
                if (applicationName == null) {
                    it.remove();
                }
                next.setAudienceName(applicationName);
            }
        }
        return true;
    }

    public boolean preGetRoles(String str, Integer num, Integer num2, String str2, String str3, String str4) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoles(List<RoleBasicInfo> list, String str, Integer num, Integer num2, String str2, String str3, String str4) throws IdentityRoleManagementException {
        for (RoleBasicInfo roleBasicInfo : list) {
            if ("application".equalsIgnoreCase(roleBasicInfo.getAudience())) {
                roleBasicInfo.setAudienceName(getApplicationName(roleBasicInfo.getAudienceId(), str4));
            }
        }
        return true;
    }

    public boolean preGetRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRole(Role role, String str, String str2) throws IdentityRoleManagementException {
        if (!"application".equalsIgnoreCase(role.getAudience())) {
            return true;
        }
        role.setAudienceName(getApplicationName(role.getAudienceId(), str2));
        return true;
    }

    public boolean preGetRoleBasicInfo(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleBasicInfo(RoleBasicInfo roleBasicInfo, String str, String str2) throws IdentityRoleManagementException {
        if (!"application".equalsIgnoreCase(roleBasicInfo.getAudience())) {
            return true;
        }
        roleBasicInfo.setAudienceName(getApplicationName(roleBasicInfo.getAudienceId(), str2));
        return true;
    }

    public boolean preUpdateRoleName(String str, String str2, String str3) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postUpdateRoleName(String str, String str2, String str3) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preDeleteRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postDeleteRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetUserListOfRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetUserListOfRole(List<UserBasicInfo> list, String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preUpdateUserListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postUpdateUserListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetGroupListOfRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetGroupListOfRole(List<GroupBasicInfo> list, String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preUpdateGroupListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postUpdateGroupListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetIdpGroupListOfRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetIdpGroupListOfRole(List<IdpGroup> list, String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preUpdateIdpGroupListOfRole(String str, List<IdpGroup> list, List<IdpGroup> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postUpdateIdpGroupListOfRole(String str, List<IdpGroup> list, List<IdpGroup> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetPermissionListOfRole(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetPermissionListOfRole(List<Permission> list, String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preUpdatePermissionsForRole(String str, List<Permission> list, List<Permission> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postUpdatePermissionsForRole(String str, List<Permission> list, List<Permission> list2, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetRolesCount(String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRolesCount(int i, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetRoleListOfUser(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleListOfUser(List<RoleBasicInfo> list, String str, String str2) throws IdentityRoleManagementException {
        for (RoleBasicInfo roleBasicInfo : list) {
            if ("application".equalsIgnoreCase(roleBasicInfo.getAudience())) {
                roleBasicInfo.setAudienceName(getApplicationName(roleBasicInfo.getAudienceId(), str2));
            }
        }
        return true;
    }

    public boolean preGetRoleListOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleListOfGroups(List<RoleBasicInfo> list, List<String> list2, String str) throws IdentityRoleManagementException {
        for (RoleBasicInfo roleBasicInfo : list) {
            if ("application".equalsIgnoreCase(roleBasicInfo.getAudience())) {
                roleBasicInfo.setAudienceName(getApplicationName(roleBasicInfo.getAudienceId(), str));
            }
        }
        return true;
    }

    public boolean preGetRoleListOfIdpGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleListOfIdpGroups(List<RoleBasicInfo> list, List<String> list2, String str) throws IdentityRoleManagementException {
        for (RoleBasicInfo roleBasicInfo : list) {
            if ("application".equalsIgnoreCase(roleBasicInfo.getAudience())) {
                roleBasicInfo.setAudienceName(getApplicationName(roleBasicInfo.getAudienceId(), str));
            }
        }
        return true;
    }

    public boolean preGetRoleIdListOfUser(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleIdListOfUser(List<String> list, String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetRoleIdListOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleIdListOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preGetRoleIdListOfIdpGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postGetRoleIdListOfIdpGroups(List<String> list, List<String> list2, String str) throws IdentityRoleManagementException {
        return true;
    }

    public boolean preDeleteRolesByApplication(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    public boolean postDeleteRolesByApplication(String str, String str2) throws IdentityRoleManagementException {
        return true;
    }

    private void validateApplicationRoleAudience(String str, String str2) throws IdentityRoleManagementException {
        try {
            ServiceProvider applicationByResourceId = ApplicationManagementService.getInstance().getApplicationByResourceId(str, str2);
            if (applicationByResourceId == null) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_AUDIENCE.getCode(), "Invalid audience. No application found with application id: " + str + " and tenant domain : " + str2);
            }
            if (!"application".equalsIgnoreCase(ApplicationManagementService.getInstance().getAllowedAudienceForRoleAssociation(applicationByResourceId.getApplicationResourceId(), str2).toLowerCase())) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_AUDIENCE.getCode(), "Application: " + str + " does not have Application role audience type");
            }
        } catch (IdentityApplicationManagementException e) {
            throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving the application for the given id: " + str, e);
        }
    }

    private void validatePermissionsForApplication(List<Permission> list, String str, String str2) throws IdentityRoleManagementException {
        List<String> authorizedScopes = getAuthorizedScopes(str, str2);
        for (Permission permission : list) {
            if (!authorizedScopes.contains(permission.getName())) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_PERMISSION.getCode(), "Permission : " + permission.getName() + " is not authorized for application with ID: " + str);
            }
        }
    }

    private List<String> getAuthorizedScopes(String str, String str2) throws IdentityRoleManagementException {
        try {
            List<AuthorizedScopes> authorizedScopes = authorizedAPIManagementService.getAuthorizedScopes(str, str2);
            if (authorizedScopes == null) {
                return new ArrayList();
            }
            ArrayList arrayList = new ArrayList();
            Iterator<AuthorizedScopes> it = authorizedScopes.iterator();
            while (it.hasNext()) {
                arrayList.addAll(it.next().getScopes());
            }
            return arrayList;
        } catch (IdentityApplicationManagementException e) {
            throw new IdentityRoleManagementException("Error while retrieving authorized scopes.", "Error while retrieving authorized scopes for app id : " + str, e);
        }
    }

    private String getApplicationName(String str, String str2) throws IdentityRoleManagementException {
        try {
            ApplicationBasicInfo applicationBasicInfoByResourceId = ApplicationManagementService.getInstance().getApplicationBasicInfoByResourceId(str, str2);
            if (applicationBasicInfoByResourceId != null) {
                return applicationBasicInfoByResourceId.getApplicationName();
            }
            return null;
        } catch (IdentityApplicationManagementException e) {
            throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving the application name for the given id: " + str, e);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean doPostDeleteApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        try {
            ApplicationManagementServiceComponentHolder.getInstance().getRoleManagementServiceV2().deleteRolesByApplication(serviceProvider.getApplicationResourceId(), str);
            return true;
        } catch (IdentityRoleManagementException e) {
            throw new IdentityApplicationManagementException(String.format("Error occurred while deleting roles created for the application: %s.", serviceProvider.getApplicationName()), e);
        }
    }
}
