package org.wso2.carbon.identity.application.mgt.listener;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.APIResource;
import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
import org.wso2.carbon.identity.application.common.model.AuthorizedAPI;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementServiceImpl;
import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/listener/AuthorizedAPIManagementListener.class */
public class AuthorizedAPIManagementListener extends AbstractApplicationMgtListener {
    private static final Log LOG = LogFactory.getLog(AuthorizedAPIManagementListener.class);

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean doPostCreateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        if (!isEnable()) {
            LOG.debug("Authorized API Management related AuthorizedAPIManagementListener is not enabled.");
            return true;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authorized API Management related AuthorizedAPIManagementListener fired for tenant creation for Tenant: " + str);
        }
        String applicationName = serviceProvider.getApplicationName();
        if (!isConsole(applicationName) && !isMyAccount(applicationName)) {
            return true;
        }
        try {
            if (OrganizationManagementUtil.isOrganization(str)) {
                return true;
            }
            if (isConsole(applicationName)) {
                authorizeSystemAPIToConsole(str);
            } else {
                authorizeMeAPIToMyAccount(str);
            }
            return true;
        } catch (OrganizationManagementException e) {
            LOG.error("Error while registering system API resources in tenant: " + str);
            return true;
        }
    }

    private boolean isConsole(String str) {
        return ApplicationConstants.CONSOLE_APPLICATION_NAME.equals(str);
    }

    private boolean isMyAccount(String str) {
        return ApplicationConstants.MY_ACCOUNT_APPLICATION_NAME.equals(str);
    }

    private void authorizeSystemAPIToConsole(String str) {
        try {
            ApplicationBasicInfo applicationBasicInfoByName = ApplicationManagementService.getInstance().getApplicationBasicInfoByName(ApplicationConstants.CONSOLE_APPLICATION_NAME, str);
            if (applicationBasicInfoByName == null) {
                LOG.error("Error while authorizing system API to the Console. Console application not found in tenant: " + str);
                return;
            }
            AuthorizedAPIManagementServiceImpl authorizedAPIManagementServiceImpl = new AuthorizedAPIManagementServiceImpl();
            if (!authorizedAPIManagementServiceImpl.getAuthorizedAPIs(applicationBasicInfoByName.getApplicationResourceId(), str).isEmpty()) {
                LOG.debug("System APIs are already authorized for the Console application in tenant: " + str);
                return;
            }
            List<APIResource> aPIResources = ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getAPIResources((String) null, (String) null, Integer.valueOf(ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getAPIResources((String) null, (String) null, 1, "type sw SYSTEM", "ASC", str).getTotalCount()), "type sw SYSTEM", "ASC", str).getAPIResources();
            if (aPIResources.isEmpty()) {
                LOG.error("Error while authorizing system APIs to the Console. System APIs not found in tenant: " + str);
                return;
            }
            for (APIResource aPIResource : aPIResources) {
                String str2 = "RBAC";
                if ("Me API".equals(aPIResource.getName())) {
                    str2 = "NO POLICY";
                }
                authorizedAPIManagementServiceImpl.addAuthorizedAPI(applicationBasicInfoByName.getApplicationResourceId(), new AuthorizedAPI.AuthorizedAPIBuilder().apiId(aPIResource.getId()).appId(applicationBasicInfoByName.getApplicationResourceId()).scopes(ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getAPIScopesById(aPIResource.getId(), str)).policyId(str2).build(), str);
            }
            LOG.debug("System APIs are authorized for the Console application in " + str);
        } catch (Throwable th) {
            LOG.error("Error while authorizing system APIs to the Console application.", th);
        }
    }

    private void authorizeMeAPIToMyAccount(String str) {
        try {
            ApplicationBasicInfo applicationBasicInfoByName = ApplicationManagementService.getInstance().getApplicationBasicInfoByName(ApplicationConstants.MY_ACCOUNT_APPLICATION_NAME, str);
            if (applicationBasicInfoByName == null) {
                LOG.error("Error while authorizing Me API to the My Account. My Account application not found in tenant: " + str);
                return;
            }
            AuthorizedAPIManagementServiceImpl authorizedAPIManagementServiceImpl = new AuthorizedAPIManagementServiceImpl();
            if (!authorizedAPIManagementServiceImpl.getAuthorizedAPIs(applicationBasicInfoByName.getApplicationResourceId(), str).isEmpty()) {
                LOG.debug("Me API is already authorized for the My Account application in tenant: " + str);
                return;
            }
            List<APIResource> aPIResources = ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getAPIResources((String) null, (String) null, 1, "name eq Me API and type sw SYSTEM", "ASC", str).getAPIResources();
            if (aPIResources.isEmpty()) {
                LOG.error("Error while authorizing Me API to the My Account. Me API not found in tenant: " + str);
                return;
            }
            for (APIResource aPIResource : aPIResources) {
                authorizedAPIManagementServiceImpl.addAuthorizedAPI(applicationBasicInfoByName.getApplicationResourceId(), new AuthorizedAPI.AuthorizedAPIBuilder().apiId(aPIResource.getId()).appId(applicationBasicInfoByName.getApplicationResourceId()).scopes(ApplicationManagementServiceComponentHolder.getInstance().getAPIResourceManager().getAPIScopesById(aPIResource.getId(), str)).policyId("NO POLICY").build(), str);
            }
            LOG.debug("Me API is authorized for the My Account application in " + str);
        } catch (Throwable th) {
            LOG.error("Error while authorizing Me API to the My Account application.", th);
        }
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public int getDefaultOrderId() {
        return 211;
    }

    @Override // org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener, org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener
    public boolean isEnable() {
        return true;
    }
}
