package org.wso2.carbon.user.mgt;

import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.registry.api.Registry;
import org.wso2.carbon.registry.api.RegistryException;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.Collection;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.AuthorizationManager;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.user.mgt.bulkimport.BulkImportConfig;
import org.wso2.carbon.user.mgt.bulkimport.CSVUserBulkImport;
import org.wso2.carbon.user.mgt.bulkimport.ExcelUserBulkImport;
import org.wso2.carbon.user.mgt.common.ClaimValue;
import org.wso2.carbon.user.mgt.common.FlaggedName;
import org.wso2.carbon.user.mgt.common.UIPermissionNode;
import org.wso2.carbon.user.mgt.common.UserAdminException;
import org.wso2.carbon.user.mgt.common.UserRealmInfo;
import org.wso2.carbon.user.mgt.common.UserStoreInfo;
import org.wso2.carbon.user.mgt.internal.UserMgtDSComponent;
import org.wso2.carbon.user.mgt.permission.ManagementPermissionUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/user/mgt/UserRealmProxy.class */
public class UserRealmProxy {
    private static final Log log = LogFactory.getLog(UserRealmProxy.class);
    private static final String APPLICATIONS_PATH = "/permission/applications";
    private static final String DISAPLAY_NAME_CLAIM = "http://wso2.org/claims/displayName";
    public static final String FALSE = "false";
    public static final String PERMISSION = "/permission";
    public static final String PERMISSION_ADMIN = "/permission/admin";
    private UserRealm realm;

    /* loaded from: input_file:org/wso2/carbon/user/mgt/UserRealmProxy$ClaimMappingsComparator.class */
    private class ClaimMappingsComparator implements Comparator<ClaimMapping> {
        private ClaimMappingsComparator() {
        }

        @Override // java.util.Comparator
        public int compare(ClaimMapping claimMapping, ClaimMapping claimMapping2) {
            return claimMapping.getClaim().getClaimUri().compareTo(claimMapping2.getClaim().getClaimUri());
        }
    }

    public UserRealmProxy(UserRealm userRealm) {
        this.realm = null;
        this.realm = userRealm;
    }

    public String[] listUsers(String str, int i) throws UserAdminException {
        try {
            return this.realm.getUserStoreManager().listUsers(str, i);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public FlaggedName[] listUsers(ClaimValue claimValue, String str, int i) throws UserAdminException {
        try {
            String[] strArr = null;
            if (claimValue.getClaimURI() != null && claimValue.getValue() != null) {
                strArr = this.realm.getUserStoreManager().getUserList(claimValue.getClaimURI(), claimValue.getValue(), (String) null);
            }
            int i2 = 0;
            FlaggedName[] flaggedNameArr = new FlaggedName[0];
            if (strArr != null) {
                flaggedNameArr = new FlaggedName[strArr.length + 1];
                Arrays.sort(strArr);
                for (String str2 : strArr) {
                    flaggedNameArr[i2] = new FlaggedName();
                    flaggedNameArr[i2].setItemName(str2);
                    if (Boolean.parseBoolean(IdentityUtil.getProperty("UserFiltering.ShowDisplayName"))) {
                        String userClaimValue = this.realm.getUserStoreManager().getUserClaimValue(str2, DISAPLAY_NAME_CLAIM, (String) null);
                        if (StringUtils.isNotBlank(userClaimValue)) {
                            int indexOf = str2.indexOf(UserCoreConstants.DOMAIN_SEPARATOR);
                            if (indexOf > 0) {
                                flaggedNameArr[i2].setItemDisplayName(str2.substring(0, indexOf + 1) + userClaimValue);
                            } else {
                                flaggedNameArr[i2].setItemDisplayName(userClaimValue);
                            }
                        } else {
                            flaggedNameArr[i2].setItemDisplayName(str2);
                        }
                    } else {
                        flaggedNameArr[i2].setItemDisplayName(str2);
                    }
                    int indexOf2 = flaggedNameArr[i2].getItemName() != null ? flaggedNameArr[i2].getItemName().indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
                    String substring = indexOf2 > 0 ? flaggedNameArr[i2].getItemName().substring(0, indexOf2) : null;
                    if (substring != null && !UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                        UserStoreManager secondaryUserStoreManager = this.realm.getUserStoreManager().getSecondaryUserStoreManager(substring);
                        if (secondaryUserStoreManager == null || !secondaryUserStoreManager.isReadOnly()) {
                            flaggedNameArr[i2].setEditable(true);
                        } else {
                            flaggedNameArr[i2].setEditable(false);
                        }
                    } else if (this.realm.getUserStoreManager().isReadOnly()) {
                        flaggedNameArr[i2].setEditable(false);
                    } else {
                        flaggedNameArr[i2].setEditable(true);
                    }
                    i2++;
                }
                if (strArr.length > 0) {
                    FlaggedName flaggedName = new FlaggedName();
                    flaggedName.setItemName(FALSE);
                    flaggedName.setDomainName("");
                    flaggedNameArr[flaggedNameArr.length - 1] = flaggedName;
                }
            }
            return flaggedNameArr;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public FlaggedName[] listAllUsers(String str, int i) throws UserAdminException {
        HashMap hashMap = new HashMap();
        try {
            String[] listUsers = this.realm.getUserStoreManager().listUsers(str, i);
            FlaggedName[] flaggedNameArr = new FlaggedName[listUsers.length + 1];
            int i2 = 0;
            for (String str2 : listUsers) {
                flaggedNameArr[i2] = new FlaggedName();
                int indexOf = str2.indexOf("$_USERNAME_SEPARATOR_$");
                if (indexOf > 0) {
                    flaggedNameArr[i2].setItemName(str2.substring(0, indexOf));
                    flaggedNameArr[i2].setItemDisplayName(str2.substring(indexOf + "$_USERNAME_SEPARATOR_$".length()));
                } else {
                    flaggedNameArr[i2].setItemName(str2);
                    flaggedNameArr[i2].setItemDisplayName(str2);
                }
                int indexOf2 = flaggedNameArr[i2].getItemName() != null ? flaggedNameArr[i2].getItemName().indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
                String substring = indexOf2 > 0 ? flaggedNameArr[i2].getItemName().substring(0, indexOf2) : null;
                if (substring != null && !UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                    UserStoreManager secondaryUserStoreManager = this.realm.getUserStoreManager().getSecondaryUserStoreManager(substring);
                    if (secondaryUserStoreManager == null || !secondaryUserStoreManager.isReadOnly()) {
                        flaggedNameArr[i2].setEditable(true);
                    } else {
                        flaggedNameArr[i2].setEditable(false);
                    }
                } else if (this.realm.getUserStoreManager().isReadOnly()) {
                    flaggedNameArr[i2].setEditable(false);
                } else {
                    flaggedNameArr[i2].setEditable(true);
                }
                if (substring != null) {
                    if (hashMap.containsKey(substring)) {
                        hashMap.put(substring, Integer.valueOf(((Integer) hashMap.get(substring)).intValue() + 1));
                    } else {
                        hashMap.put(substring, 1);
                    }
                } else if (hashMap.containsKey("PRIMARY")) {
                    hashMap.put("PRIMARY", Integer.valueOf(((Integer) hashMap.get("PRIMARY")).intValue() + 1));
                } else {
                    hashMap.put("PRIMARY", 1);
                }
                i2++;
            }
            Arrays.sort(flaggedNameArr, new Comparator<FlaggedName>() { // from class: org.wso2.carbon.user.mgt.UserRealmProxy.1
                @Override // java.util.Comparator
                public int compare(FlaggedName flaggedName, FlaggedName flaggedName2) {
                    if (flaggedName == null || flaggedName2 == null) {
                        return 0;
                    }
                    return flaggedName.getItemName().toLowerCase().compareTo(flaggedName2.getItemName().toLowerCase());
                }
            });
            String str3 = "";
            boolean z = false;
            try {
                Map maxListCount = this.realm.getUserStoreManager().getMaxListCount("MaxUserNameListLength");
                String[] strArr = (String[]) hashMap.keySet().toArray(new String[hashMap.keySet().size()]);
                for (int i3 = 0; i3 < strArr.length; i3++) {
                    if ("PRIMARY".equalsIgnoreCase(strArr[i3])) {
                        if (((Integer) hashMap.get("PRIMARY")).intValue() == ((Integer) maxListCount.get("PRIMARY")).intValue()) {
                            z = true;
                        }
                    } else if (((Integer) hashMap.get(strArr[i3])).equals(maxListCount.get(strArr[i3].toUpperCase()))) {
                        str3 = str3 + strArr[i3];
                        if (i3 != strArr.length - 1) {
                            str3 = str3 + ":";
                        }
                    }
                }
                FlaggedName flaggedName = new FlaggedName();
                if (z) {
                    flaggedName.setItemName("true");
                } else {
                    flaggedName.setItemName(FALSE);
                }
                flaggedName.setItemDisplayName(str3);
                flaggedNameArr[flaggedNameArr.length - 1] = flaggedName;
                return flaggedNameArr;
            } catch (UserStoreException e) {
                log.error(e.getMessage(), e);
                throw new UserAdminException(e.getMessage(), e);
            }
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            throw new UserAdminException(e3.getMessage(), e3);
        }
    }

    public FlaggedName[] getAllSharedRoleNames(String str, int i) throws UserAdminException {
        try {
            AbstractUserStoreManager userStoreManager = this.realm.getUserStoreManager();
            if (!(userStoreManager instanceof AbstractUserStoreManager)) {
                throw new UserAdminException("Initialized User Store Manager is not capable of getting the shared roles");
            }
            String[] sharedRoleNames = userStoreManager.getSharedRoleNames(str, i);
            ArrayList arrayList = new ArrayList();
            HashMap hashMap = new HashMap();
            int length = sharedRoleNames.length;
            for (int i2 = 0; i2 < length; i2++) {
                String str2 = sharedRoleNames[i2];
                FlaggedName flaggedName = new FlaggedName();
                mapEntityName(str2, flaggedName, userStoreManager);
                flaggedName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
                int indexOf = str2 != null ? str2.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
                String substring = indexOf > 0 ? str2.substring(0, indexOf) : null;
                UserStoreManager secondaryUserStoreManager = this.realm.getUserStoreManager().getSecondaryUserStoreManager(substring);
                if (substring != null && !UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                    if (secondaryUserStoreManager == null || (!secondaryUserStoreManager.isReadOnly() && (secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups") == null || !FALSE.equals(secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups"))))) {
                        flaggedName.setEditable(true);
                    } else {
                        flaggedName.setEditable(false);
                    }
                }
                if (substring != null) {
                    if (hashMap.containsKey(substring)) {
                        hashMap.put(substring, Integer.valueOf(((Integer) hashMap.get(substring)).intValue() + 1));
                    } else {
                        hashMap.put(substring, 1);
                    }
                } else if (hashMap.containsKey("PRIMARY")) {
                    hashMap.put("PRIMARY", Integer.valueOf(((Integer) hashMap.get("PRIMARY")).intValue() + 1));
                } else {
                    hashMap.put("PRIMARY", 1);
                }
                arrayList.add(flaggedName);
            }
            String str3 = "";
            boolean z = false;
            Map maxListCount = this.realm.getUserStoreManager().getMaxListCount("MaxRoleNameListLength");
            String[] strArr = (String[]) hashMap.keySet().toArray(new String[hashMap.keySet().size()]);
            for (int i3 = 0; i3 < strArr.length; i3++) {
                if ("PRIMARY".equals(strArr[i3])) {
                    if (((Integer) hashMap.get("PRIMARY")).equals(maxListCount.get("PRIMARY"))) {
                        z = true;
                    }
                } else if (((Integer) hashMap.get(strArr[i3])).equals(maxListCount.get(strArr[i3].toUpperCase()))) {
                    str3 = str3 + strArr[i3];
                    if (i3 != strArr.length - 1) {
                        str3 = str3 + ":";
                    }
                }
            }
            FlaggedName[] flaggedNameArr = (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size() + 1]);
            Arrays.sort(flaggedNameArr, new Comparator<FlaggedName>() { // from class: org.wso2.carbon.user.mgt.UserRealmProxy.2
                @Override // java.util.Comparator
                public int compare(FlaggedName flaggedName2, FlaggedName flaggedName3) {
                    if (flaggedName2 == null || flaggedName3 == null) {
                        return 0;
                    }
                    return flaggedName2.getItemName().toLowerCase().compareTo(flaggedName3.getItemName().toLowerCase());
                }
            });
            FlaggedName flaggedName2 = new FlaggedName();
            if (z) {
                flaggedName2.setItemName("true");
            } else {
                flaggedName2.setItemName(FALSE);
            }
            flaggedName2.setItemDisplayName(str3);
            flaggedNameArr[flaggedNameArr.length - 1] = flaggedName2;
            return flaggedNameArr;
        } catch (UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public FlaggedName[] getAllRolesNames(String str, int i) throws UserAdminException {
        try {
            AbstractUserStoreManager userStoreManager = this.realm.getUserStoreManager();
            String[] roleNames = userStoreManager instanceof AbstractUserStoreManager ? userStoreManager.getRoleNames(str, i, true, true, true) : userStoreManager.getRoleNames();
            ArrayList arrayList = new ArrayList();
            HashMap hashMap = new HashMap();
            String[] strArr = roleNames;
            int length = strArr.length;
            for (int i2 = 0; i2 < length; i2++) {
                String str2 = strArr[i2];
                FlaggedName flaggedName = new FlaggedName();
                mapEntityName(str2, flaggedName, userStoreManager);
                flaggedName.setRoleType(UserMgtConstants.EXTERNAL_ROLE);
                int indexOf = str2 != null ? str2.indexOf(CarbonConstants.DOMAIN_SEPARATOR) : -1;
                String substring = indexOf > 0 ? str2.substring(0, indexOf) : null;
                UserStoreManager secondaryUserStoreManager = this.realm.getUserStoreManager().getSecondaryUserStoreManager(substring);
                if (substring == null || UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) || UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                    if (this.realm.getUserStoreManager().isReadOnly() || FALSE.equals(this.realm.getUserStoreManager().getRealmConfiguration().getUserStoreProperty("WriteGroups"))) {
                        flaggedName.setEditable(false);
                    } else {
                        flaggedName.setEditable(true);
                    }
                } else if (secondaryUserStoreManager == null || !(secondaryUserStoreManager.isReadOnly() || FALSE.equals(secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups")))) {
                    flaggedName.setEditable(true);
                } else {
                    flaggedName.setEditable(false);
                }
                if (substring != null) {
                    if (hashMap.containsKey(substring)) {
                        hashMap.put(substring, Integer.valueOf(((Integer) hashMap.get(substring)).intValue() + 1));
                    } else {
                        hashMap.put(substring, 1);
                    }
                } else if (hashMap.containsKey("PRIMARY")) {
                    hashMap.put("PRIMARY", Integer.valueOf(((Integer) hashMap.get("PRIMARY")).intValue() + 1));
                } else {
                    hashMap.put("PRIMARY", 1);
                }
                arrayList.add(flaggedName);
            }
            String str3 = str.contains(CarbonConstants.DOMAIN_SEPARATOR) ? str.split(CarbonConstants.DOMAIN_SEPARATOR)[0] : null;
            if (str.startsWith(UserMgtConstants.INTERNAL_ROLE + CarbonConstants.DOMAIN_SEPARATOR)) {
                str = str.substring(str.indexOf(CarbonConstants.DOMAIN_SEPARATOR) + 1);
            }
            for (String str4 : userStoreManager.getHybridRoles(str)) {
                if (str3 == null || str4.startsWith(str3)) {
                    FlaggedName flaggedName2 = new FlaggedName();
                    flaggedName2.setItemName(str4);
                    if (str4.toLowerCase().startsWith(UserMgtConstants.INTERNAL_ROLE.toLowerCase())) {
                        flaggedName2.setRoleType(UserMgtConstants.INTERNAL_ROLE);
                    } else {
                        flaggedName2.setRoleType(UserMgtConstants.APPLICATION_DOMAIN);
                    }
                    flaggedName2.setEditable(true);
                    arrayList.add(flaggedName2);
                }
            }
            String str5 = "";
            boolean z = false;
            Map maxListCount = this.realm.getUserStoreManager().getMaxListCount("MaxRoleNameListLength");
            String[] strArr2 = (String[]) hashMap.keySet().toArray(new String[hashMap.keySet().size()]);
            for (int i3 = 0; i3 < strArr2.length; i3++) {
                if ("PRIMARY".equals(strArr2[i3])) {
                    if (((Integer) hashMap.get("PRIMARY")).equals(maxListCount.get("PRIMARY"))) {
                        z = true;
                    }
                } else if (((Integer) hashMap.get(strArr2[i3])).equals(maxListCount.get(strArr2[i3].toUpperCase()))) {
                    str5 = str5 + strArr2[i3];
                    if (i3 != strArr2.length - 1) {
                        str5 = str5 + ":";
                    }
                }
            }
            FlaggedName[] flaggedNameArr = (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size() + 1]);
            Arrays.sort(flaggedNameArr, new Comparator<FlaggedName>() { // from class: org.wso2.carbon.user.mgt.UserRealmProxy.3
                @Override // java.util.Comparator
                public int compare(FlaggedName flaggedName3, FlaggedName flaggedName4) {
                    if (flaggedName3 == null || flaggedName4 == null) {
                        return 0;
                    }
                    return flaggedName3.getItemName().toLowerCase().compareTo(flaggedName4.getItemName().toLowerCase());
                }
            });
            FlaggedName flaggedName3 = new FlaggedName();
            if (z) {
                flaggedName3.setItemName("true");
            } else {
                flaggedName3.setItemName(FALSE);
            }
            flaggedName3.setItemDisplayName(str5);
            flaggedNameArr[flaggedNameArr.length - 1] = flaggedName3;
            return flaggedNameArr;
        } catch (UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public UserRealmInfo getUserRealmInfo() throws UserAdminException {
        UserRealmInfo userRealmInfo = new UserRealmInfo();
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        try {
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            if (this.realm.getAuthorizationManager().isUserAuthorized(username, "/permission/admin/manage/identity", UserMgtConstants.EXECUTE_ACTION) || this.realm.getAuthorizationManager().isUserAuthorized(username, "/permission/admin/manage/identity/usermgt/users", UserMgtConstants.EXECUTE_ACTION) || this.realm.getAuthorizationManager().isUserAuthorized(username, "/permission/admin/manage/identity/usermgt/passwords", UserMgtConstants.EXECUTE_ACTION) || this.realm.getAuthorizationManager().isUserAuthorized(username, "/permission/admin/manage/identity/usermgt/view", UserMgtConstants.EXECUTE_ACTION) || this.realm.getAuthorizationManager().isUserAuthorized(username, "/permission/admin/manage/identity/rolemgt/view", UserMgtConstants.EXECUTE_ACTION)) {
                userRealmInfo.setAdminRole(realmConfiguration.getAdminRoleName());
                userRealmInfo.setAdminUser(realmConfiguration.getAdminUserName());
                userRealmInfo.setEveryOneRole(realmConfiguration.getEveryOneRoleName());
                ClaimMapping[] allClaimMappings = this.realm.getClaimManager().getAllClaimMappings("http://wso2.org/claims");
                if (ArrayUtils.isNotEmpty(allClaimMappings)) {
                    Arrays.sort(allClaimMappings, new ClaimMappingsComparator());
                }
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                ArrayList arrayList3 = new ArrayList();
                for (ClaimMapping claimMapping : allClaimMappings) {
                    Claim claim = claimMapping.getClaim();
                    arrayList.add(claim.getClaimUri());
                    if (claim.isRequired()) {
                        arrayList2.add(claim.getClaimUri());
                    }
                    if (claim.isSupportedByDefault()) {
                        arrayList3.add(claim.getClaimUri());
                    }
                }
                userRealmInfo.setUserClaims((String[]) arrayList.toArray(new String[arrayList.size()]));
                userRealmInfo.setRequiredUserClaims((String[]) arrayList2.toArray(new String[arrayList2.size()]));
                userRealmInfo.setDefaultUserClaims((String[]) arrayList3.toArray(new String[arrayList3.size()]));
            }
            ArrayList arrayList4 = new ArrayList();
            ArrayList arrayList5 = new ArrayList();
            UserStoreManager userStoreManager = this.realm.getUserStoreManager();
            do {
                RealmConfiguration realmConfiguration2 = userStoreManager.getRealmConfiguration();
                UserStoreInfo userStoreInfo = getUserStoreInfo(realmConfiguration2, userStoreManager);
                if (realmConfiguration2.isPrimary()) {
                    userRealmInfo.setPrimaryUserStoreInfo(userStoreInfo);
                }
                arrayList4.add(userStoreInfo);
                userRealmInfo.setBulkImportSupported(userStoreManager.isBulkImportSupported());
                String userStoreProperty = realmConfiguration2.getUserStoreProperty("DomainName");
                if (userStoreProperty != null && userStoreProperty.trim().length() > 0) {
                    arrayList5.add(userStoreProperty.toUpperCase());
                }
                userStoreManager = userStoreManager.getSecondaryUserStoreManager();
            } while (userStoreManager != null);
            if (arrayList4.size() > 1) {
                userRealmInfo.setMultipleUserStore(true);
            }
            userRealmInfo.setUserStoresInfo((UserStoreInfo[]) arrayList4.toArray(new UserStoreInfo[arrayList4.size()]));
            userRealmInfo.setDomainNames((String[]) arrayList5.toArray(new String[arrayList5.size()]));
            int i = 15;
            try {
                i = Integer.parseInt(realmConfiguration.getRealmProperty("MaxItemsPerUserMgtUIPage"));
            } catch (Exception e) {
                if (log.isDebugEnabled()) {
                    log.debug("Error parsing number of items per page, using default value", e);
                }
            }
            userRealmInfo.setMaxItemsPerUIPage(i);
            int i2 = 6;
            try {
                i2 = Integer.parseInt(realmConfiguration.getRealmProperty("MaxUserMgtUIPagesInCache"));
            } catch (Exception e2) {
                if (log.isDebugEnabled()) {
                    log.debug("Error parsing number of maximum pages in cache, using default value", e2);
                }
            }
            userRealmInfo.setMaxUIPagesInCache(i2);
            userRealmInfo.setEnableUIPageCache(FALSE.equals(realmConfiguration.getRealmProperty("EnableUserMgtUIPageCache")) ? false : true);
            return userRealmInfo;
        } catch (Exception e3) {
            throw new UserAdminException(e3.getMessage(), e3);
        }
    }

    private UserStoreInfo getUserStoreInfo(RealmConfiguration realmConfiguration, UserStoreManager userStoreManager) throws UserAdminException {
        try {
            UserStoreInfo userStoreInfo = new UserStoreInfo();
            userStoreInfo.setReadOnly(userStoreManager.isReadOnly());
            boolean parseBoolean = Boolean.parseBoolean(realmConfiguration.getUserStoreProperty("ReadGroups"));
            userStoreInfo.setReadGroupsEnabled(parseBoolean);
            userStoreInfo.setWriteGroupsEnabled(!userStoreManager.isReadOnly() && parseBoolean && Boolean.parseBoolean(realmConfiguration.getUserStoreProperty("WriteGroups")));
            userStoreInfo.setPasswordsExternallyManaged(realmConfiguration.isPasswordsExternallyManaged());
            userStoreInfo.setPasswordRegEx(realmConfiguration.getUserStoreProperty("PasswordJavaScriptRegEx"));
            userStoreInfo.setPasswordRegExViolationErrorMsg(realmConfiguration.getUserStoreProperty("PasswordJavaRegExViolationErrorMsg"));
            userStoreInfo.setUsernameRegExViolationErrorMsg(realmConfiguration.getUserStoreProperty("UsernameJavaRegExViolationErrorMsg"));
            userStoreInfo.setUserNameRegEx(realmConfiguration.getUserStoreProperty("UsernameJavaScriptRegEx"));
            userStoreInfo.setRoleNameRegEx(realmConfiguration.getUserStoreProperty("RolenameJavaScriptRegEx"));
            userStoreInfo.setExternalIdP(realmConfiguration.getUserStoreProperty("ExternalIdP"));
            userStoreInfo.setBulkImportSupported(isBulkImportSupported(realmConfiguration));
            userStoreInfo.setDomainName(realmConfiguration.getUserStoreProperty("DomainName"));
            userStoreInfo.setCaseSensitiveUsername(IdentityUtil.isUserStoreCaseSensitive(userStoreManager));
            return userStoreInfo;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            throw new UserAdminException("Error while getting user realm information for domain '" + userStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName") + "' : " + e2.getMessage(), e2);
        }
    }

    private boolean isBulkImportSupported(RealmConfiguration realmConfiguration) throws UserAdminException {
        if (realmConfiguration != null) {
            return Boolean.valueOf((String) realmConfiguration.getUserStoreProperties().get("IsBulkImportSupported")).booleanValue();
        }
        throw new UserAdminException("Unable to retrieve user store manager from realm.");
    }

    private final String addPrimaryDomainIfNotExists(String str) {
        if (StringUtils.isNotEmpty(str) && !str.contains(UserCoreConstants.DOMAIN_SEPARATOR)) {
            StringBuilder sb = new StringBuilder();
            sb.append("PRIMARY").append(CarbonConstants.DOMAIN_SEPARATOR).append(str);
            str = sb.toString();
        }
        return str;
    }

    public void addUser(String str, String str2, String[] strArr, ClaimValue[] claimValueArr, String str3) throws UserAdminException {
        try {
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            if (realmConfiguration.getUserStoreProperty("ExternalIdP") != null) {
                throw new UserAdminException("Please contact your external Identity Provider to add users");
            }
            if (strArr != null && strArr.length > 0) {
                String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
                String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
                Arrays.sort(strArr);
                boolean z = false;
                for (String str4 : strArr) {
                    z = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                    if (!z) {
                        z = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                    }
                    if (z) {
                        break;
                    }
                }
                if (z && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                    log.warn("An attempt to assign user " + str + " to a role which has admin permission by user : " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("You do not have the required privilege to assign a user to a role which has admin permission.");
                }
            }
            UserStoreManager userStoreManager = this.realm.getUserStoreManager();
            HashMap hashMap = new HashMap();
            if (claimValueArr != null) {
                for (ClaimValue claimValue : claimValueArr) {
                    hashMap.put(claimValue.getClaimURI(), claimValue.getValue());
                }
            }
            userStoreManager.addUser(str, str2, strArr, hashMap, str3, false);
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void changePassword(String str, String str2) throws UserAdminException {
        try {
            String loggedInUser = getLoggedInUser();
            if (loggedInUser != null && loggedInUser.equalsIgnoreCase(str)) {
                log.warn("An attempt to change password with out providing old password : " + loggedInUser);
                throw new UserStoreException("An attempt to change password with out providing old password");
            }
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            if (loggedInUser != null) {
                loggedInUser = addPrimaryDomainIfNotExists(loggedInUser);
            }
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
            if (realmConfiguration.getAdminUserName().equalsIgnoreCase(str) && !addPrimaryDomainIfNotExists.equalsIgnoreCase(loggedInUser)) {
                log.warn("An attempt to change password of admin user by user : " + loggedInUser);
                throw new UserStoreException("You do not have the required privilege to change the password of admin user");
            }
            if (str != null) {
                boolean isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                if (!isUserAuthorized) {
                    isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                }
                if (isUserAuthorized && !addPrimaryDomainIfNotExists.equalsIgnoreCase(loggedInUser)) {
                    log.warn("An attempt to change password of user has admin permission by user : " + loggedInUser);
                    throw new UserStoreException("You do not have the required privilege to change the password of a user with admin permission");
                }
            }
            this.realm.getUserStoreManager().updateCredentialByAdmin(str, str2);
        } catch (UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void deleteUser(String str, Registry registry) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
            if (realmConfiguration.getAdminUserName().equalsIgnoreCase(str) && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                log.warn("An attempt to delete the admin user by user : " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("You do not have the required privilege to delete the admin user");
            }
            if (str != null) {
                boolean isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                if (!isUserAuthorized) {
                    isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                }
                if (isUserAuthorized && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                    log.warn("An attempt to delete a user who has admin permission by user : " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("You do not have the required privilege to delete a user who has admin permission");
                }
            }
            this.realm.getUserStoreManager().deleteUser(str);
            String str2 = "/users/" + str;
            if (registry.resourceExists(str2)) {
                registry.delete(str2);
            }
        } catch (RegistryException e) {
            String str3 = "Error deleting user from registry " + e.getMessage();
            log.error(str3, e);
            throw new UserAdminException(str3, e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            throw new UserAdminException(e3.getMessage(), e3);
        }
    }

    public void addRole(String str, String[] strArr, String[] strArr2, boolean z) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(this.realm.getRealmConfiguration().getAdminUserName());
            if (strArr2 != null && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                Arrays.sort(strArr2);
                if (Arrays.binarySearch(strArr2, PERMISSION_ADMIN) > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_ADMIN_PERMISSION_ROOT) > -1 || Arrays.binarySearch(strArr2, PERMISSION) > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_PERMISSION_ROOT) > -1 || Arrays.binarySearch(strArr2, "/permission/protected") > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_PROTECTED_PERMISSION_ROOT) > -1) {
                    log.warn("An attempt to create a role with admin permission by user " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("You do not have the required privilege to create a role with admin permission");
                }
            }
            UserStoreManager userStoreManager = this.realm.getUserStoreManager();
            UserStoreManager secondaryUserStoreManager = str.contains(UserCoreConstants.DOMAIN_SEPARATOR) ? userStoreManager.getSecondaryUserStoreManager(str.substring(0, str.indexOf(UserCoreConstants.DOMAIN_SEPARATOR))) : userStoreManager;
            if (secondaryUserStoreManager == null) {
                throw new UserAdminException("Invalid Domain");
            }
            if (secondaryUserStoreManager.isReadOnly() || FALSE.equals(secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups"))) {
                throw new UserAdminException("Read only user store or Role creation is disabled");
            }
            userStoreManager.addRole(str, strArr, ManagementPermissionUtil.getRoleUIPermissions(str, strArr2), z);
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void addInternalRole(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(this.realm.getRealmConfiguration().getAdminUserName());
            if (strArr2 != null && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                Arrays.sort(strArr2);
                if (Arrays.binarySearch(strArr2, PERMISSION_ADMIN) > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_ADMIN_PERMISSION_ROOT) > -1 || Arrays.binarySearch(strArr2, PERMISSION) > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_PERMISSION_ROOT) > -1 || Arrays.binarySearch(strArr2, "/permission/protected") > -1 || Arrays.binarySearch(strArr2, UserMgtConstants.UI_PROTECTED_PERMISSION_ROOT) > -1) {
                    log.warn("An attempt to create a role with admin permission by user " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("You do not have the required privilege to create a role with admin permission");
                }
            }
            AbstractUserStoreManager userStoreManager = this.realm.getUserStoreManager();
            if (!(userStoreManager instanceof AbstractUserStoreManager)) {
                throw new UserStoreException("Internal role can not be created");
            }
            if (str.contains(UserCoreConstants.DOMAIN_SEPARATOR) && UserMgtConstants.APPLICATION_DOMAIN.equals(str.substring(0, str.indexOf(UserCoreConstants.DOMAIN_SEPARATOR)))) {
                userStoreManager.addRole(str, strArr, (Permission[]) null, false);
            } else {
                userStoreManager.addRole(UserMgtConstants.INTERNAL_ROLE + UserCoreConstants.DOMAIN_SEPARATOR + str, strArr, (Permission[]) null, false);
            }
            if (str.contains(UserCoreConstants.DOMAIN_SEPARATOR) && UserMgtConstants.APPLICATION_DOMAIN.equals(str.substring(0, str.indexOf(UserCoreConstants.DOMAIN_SEPARATOR)))) {
                ManagementPermissionUtil.updateRoleUIPermission(str, strArr2);
            } else {
                ManagementPermissionUtil.updateRoleUIPermission(UserMgtConstants.INTERNAL_ROLE + UserCoreConstants.DOMAIN_SEPARATOR + str, strArr2);
            }
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void updateRoleName(String str, String str2) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(this.realm.getRealmConfiguration().getAdminUserName());
            String str3 = str.split("@")[0];
            boolean isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleAuthorized) {
                isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
            }
            if (!isRoleAuthorized || addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                this.realm.getUserStoreManager().updateRoleName(str, str2);
            } else {
                log.warn("An attempt to rename a role with admin permission by user " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("You do not have the required privilege to rename a role with admin permission");
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void deleteRole(String str) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(this.realm.getRealmConfiguration().getAdminUserName());
            boolean isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleAuthorized) {
                isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
            }
            if (!isRoleAuthorized || addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                this.realm.getUserStoreManager().deleteRole(str);
            } else {
                log.warn("An attempt to delete a role with admin permission by user " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("You do not have the required privilege to delete a role with admin permission");
            }
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public FlaggedName[] getUsersOfRole(String str, String str2, int i) throws UserAdminException {
        int indexOf;
        if (str != null) {
            try {
                indexOf = str.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                throw new UserAdminException(e.getMessage(), e);
            }
        } else {
            indexOf = -1;
        }
        int i2 = indexOf;
        String substring = i2 > 0 ? str.substring(0, i2) : null;
        if (substring != null && str2 != null && !str2.toLowerCase().startsWith(substring.toLowerCase()) && !UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) && !UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
            str2 = substring + CarbonConstants.DOMAIN_SEPARATOR + str2;
        }
        if (substring == null && i != 0) {
            str2 = str2 != null ? CarbonConstants.DOMAIN_SEPARATOR + str2 : "/*";
        }
        UserStoreManager userStoreManager = this.realm.getUserStoreManager();
        String[] userListOfRole = userStoreManager.getUserListOfRole(str);
        Arrays.sort(userListOfRole);
        HashMap hashMap = new HashMap();
        if (i != 0) {
            String[] listUsers = userStoreManager.listUsers(str2, i);
            FlaggedName[] flaggedNameArr = new FlaggedName[listUsers.length + 1];
            for (int i3 = 0; i3 < listUsers.length; i3++) {
                FlaggedName flaggedName = new FlaggedName();
                flaggedName.setItemName(listUsers[i3]);
                if (Arrays.binarySearch(userListOfRole, listUsers[i3]) > -1) {
                    flaggedName.setSelected(true);
                }
                int indexOf2 = listUsers[i3].indexOf("$_USERNAME_SEPARATOR_$");
                if (indexOf2 > 0) {
                    flaggedName.setItemName(listUsers[i3].substring(0, indexOf2));
                    flaggedName.setItemDisplayName(listUsers[i3].substring(indexOf2 + "$_USERNAME_SEPARATOR_$".length()));
                } else {
                    flaggedName.setItemName(listUsers[i3]);
                }
                if (substring == null || UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) || UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                    if (userStoreManager.isReadOnly() || (userStoreManager.getSecondaryUserStoreManager(substring) != null && FALSE.equals(userStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups")))) {
                        flaggedName.setEditable(false);
                    } else {
                        flaggedName.setEditable(true);
                    }
                } else if (userStoreManager.getSecondaryUserStoreManager(substring) == null || !(userStoreManager.getSecondaryUserStoreManager(substring).isReadOnly() || FALSE.equals(userStoreManager.getSecondaryUserStoreManager(substring).getRealmConfiguration().getUserStoreProperty("WriteGroups")))) {
                    flaggedName.setEditable(true);
                } else {
                    flaggedName.setEditable(false);
                }
                if (substring != null) {
                    if (hashMap.containsKey(substring)) {
                        hashMap.put(substring, Integer.valueOf(((Integer) hashMap.get(substring)).intValue() + 1));
                    } else {
                        hashMap.put(substring, 1);
                    }
                } else if (hashMap.containsKey("PRIMARY")) {
                    hashMap.put("PRIMARY", Integer.valueOf(((Integer) hashMap.get("PRIMARY")).intValue() + 1));
                } else {
                    hashMap.put("PRIMARY", 1);
                }
                flaggedNameArr[i3] = flaggedName;
            }
            String str3 = "";
            boolean z = false;
            Map maxListCount = this.realm.getUserStoreManager().getMaxListCount("MaxUserNameListLength");
            String[] strArr = (String[]) hashMap.keySet().toArray(new String[hashMap.keySet().size()]);
            for (int i4 = 0; i4 < strArr.length; i4++) {
                if ("PRIMARY".equals(strArr[i4])) {
                    if (((Integer) hashMap.get("PRIMARY")).equals(maxListCount.get("PRIMARY"))) {
                        z = true;
                    }
                } else if (((Integer) hashMap.get(strArr[i4])).equals(maxListCount.get(strArr[i4].toUpperCase()))) {
                    str3 = str3 + strArr[i4];
                    if (i4 != strArr.length - 1) {
                        str3 = str3 + ":";
                    }
                }
            }
            FlaggedName flaggedName2 = new FlaggedName();
            if (z) {
                flaggedName2.setItemName("true");
            } else {
                flaggedName2.setItemName(FALSE);
            }
            flaggedName2.setItemDisplayName(str3);
            flaggedNameArr[flaggedNameArr.length - 1] = flaggedName2;
            return flaggedNameArr;
        }
        Pattern compile = Pattern.compile(str2.replace("*", ".*"), 2);
        ArrayList arrayList = new ArrayList();
        for (String str4 : userListOfRole) {
            int indexOf3 = str4.indexOf("$_USERNAME_SEPARATOR_$");
            if ((indexOf3 > 0 ? compile.matcher(str4.substring(indexOf3 + "$_USERNAME_SEPARATOR_$".length())) : compile.matcher(str4)).matches()) {
                FlaggedName flaggedName3 = new FlaggedName();
                flaggedName3.setSelected(true);
                if (indexOf3 > 0) {
                    flaggedName3.setItemName(str4.substring(0, indexOf3));
                    flaggedName3.setItemDisplayName(str4.substring(indexOf3 + "$_USERNAME_SEPARATOR_$".length()));
                } else {
                    flaggedName3.setItemName(str4);
                    flaggedName3.setItemDisplayName(str4);
                }
                if (substring == null || UserMgtConstants.INTERNAL_ROLE.equalsIgnoreCase(substring) || UserMgtConstants.APPLICATION_DOMAIN.equalsIgnoreCase(substring)) {
                    if (userStoreManager.isReadOnly() || (userStoreManager.getSecondaryUserStoreManager(substring) != null && FALSE.equals(userStoreManager.getRealmConfiguration().getUserStoreProperty("WriteGroups")))) {
                        flaggedName3.setEditable(false);
                    } else {
                        flaggedName3.setEditable(true);
                    }
                } else if (userStoreManager.getSecondaryUserStoreManager(substring) == null || !(userStoreManager.getSecondaryUserStoreManager(substring).isReadOnly() || FALSE.equals(userStoreManager.getSecondaryUserStoreManager(substring).getRealmConfiguration().getUserStoreProperty("WriteGroups")))) {
                    flaggedName3.setEditable(true);
                } else {
                    flaggedName3.setEditable(false);
                }
                if (substring != null) {
                    if (hashMap.containsKey(substring)) {
                        hashMap.put(substring, Integer.valueOf(((Integer) hashMap.get(substring)).intValue() + 1));
                    } else {
                        hashMap.put(substring, 1);
                    }
                } else if (hashMap.containsKey("PRIMARY")) {
                    hashMap.put("PRIMARY", Integer.valueOf(((Integer) hashMap.get("PRIMARY")).intValue() + 1));
                } else {
                    hashMap.put("PRIMARY", 1);
                }
                arrayList.add(flaggedName3);
            }
        }
        String str5 = "";
        boolean z2 = false;
        Map maxListCount2 = this.realm.getUserStoreManager().getMaxListCount("MaxUserNameListLength");
        String[] strArr2 = (String[]) hashMap.keySet().toArray(new String[hashMap.keySet().size()]);
        for (int i5 = 0; i5 < strArr2.length; i5++) {
            if ("PRIMARY".equals(strArr2[i5])) {
                if (((Integer) hashMap.get("PRIMARY")).equals(maxListCount2.get("PRIMARY"))) {
                    z2 = true;
                }
            } else if (((Integer) hashMap.get(strArr2[i5])).equals(maxListCount2.get(strArr2[i5].toUpperCase()))) {
                str5 = str5 + strArr2[i5];
                if (i5 != strArr2.length - 1) {
                    str5 = str5 + ":";
                }
            }
        }
        FlaggedName flaggedName4 = new FlaggedName();
        if (z2) {
            flaggedName4.setItemName("true");
        } else {
            flaggedName4.setItemName(FALSE);
        }
        flaggedName4.setItemDisplayName(str5);
        arrayList.add(flaggedName4);
        return (FlaggedName[]) arrayList.toArray(new FlaggedName[arrayList.size()]);
    }

    /* JADX WARN: Removed duplicated region for block: B:58:0x0248 A[Catch: Exception -> 0x07cf, TryCatch #0 {Exception -> 0x07cf, blocks: (B:229:0x0004, B:9:0x0022, B:13:0x0036, B:15:0x0059, B:17:0x0066, B:18:0x0075, B:20:0x0086, B:21:0x008b, B:24:0x00ba, B:26:0x00d3, B:28:0x00ee, B:31:0x0105, B:33:0x0110, B:37:0x0126, B:43:0x0163, B:45:0x0181, B:47:0x018b, B:49:0x0195, B:51:0x01a6, B:53:0x01bc, B:55:0x01ef, B:58:0x0248, B:60:0x0254, B:61:0x02c1, B:63:0x0275, B:64:0x0286, B:66:0x0292, B:67:0x02b3, B:70:0x01dc, B:72:0x01e6, B:73:0x01f8, B:75:0x0202, B:77:0x0211, B:79:0x023d, B:82:0x022a, B:84:0x0234, B:41:0x02cb, B:86:0x013b, B:90:0x0151, B:96:0x02d1, B:97:0x030e, B:99:0x0316, B:101:0x0323, B:105:0x03a1, B:107:0x0344, B:109:0x0368, B:111:0x038b, B:116:0x03a7, B:118:0x03b5, B:119:0x03c6, B:122:0x03bf, B:123:0x03ec, B:125:0x0401, B:127:0x0409, B:128:0x04f7, B:130:0x050a, B:133:0x051d, B:135:0x0549, B:138:0x0554, B:140:0x0569, B:142:0x0586, B:146:0x05c1, B:148:0x05cd, B:150:0x063a, B:151:0x05ee, B:153:0x05ff, B:155:0x060b, B:157:0x062c, B:159:0x057d, B:160:0x058f, B:162:0x0599, B:164:0x05b6, B:165:0x05ad, B:169:0x064f, B:172:0x0662, B:174:0x068b, B:176:0x0691, B:179:0x06a7, B:180:0x06f1, B:182:0x06f9, B:184:0x0706, B:188:0x0784, B:190:0x0727, B:192:0x074b, B:194:0x076e, B:199:0x078a, B:201:0x0798, B:202:0x07a9, B:204:0x07a2, B:205:0x0425, B:208:0x0436, B:210:0x0458, B:212:0x0460, B:213:0x0472, B:214:0x047e, B:216:0x0486, B:219:0x04a2, B:220:0x04d4, B:222:0x04dc, B:223:0x04ee, B:224:0x04ba, B:225:0x0494), top: B:228:0x0004 }] */
    /* JADX WARN: Removed duplicated region for block: B:64:0x0286 A[Catch: Exception -> 0x07cf, TryCatch #0 {Exception -> 0x07cf, blocks: (B:229:0x0004, B:9:0x0022, B:13:0x0036, B:15:0x0059, B:17:0x0066, B:18:0x0075, B:20:0x0086, B:21:0x008b, B:24:0x00ba, B:26:0x00d3, B:28:0x00ee, B:31:0x0105, B:33:0x0110, B:37:0x0126, B:43:0x0163, B:45:0x0181, B:47:0x018b, B:49:0x0195, B:51:0x01a6, B:53:0x01bc, B:55:0x01ef, B:58:0x0248, B:60:0x0254, B:61:0x02c1, B:63:0x0275, B:64:0x0286, B:66:0x0292, B:67:0x02b3, B:70:0x01dc, B:72:0x01e6, B:73:0x01f8, B:75:0x0202, B:77:0x0211, B:79:0x023d, B:82:0x022a, B:84:0x0234, B:41:0x02cb, B:86:0x013b, B:90:0x0151, B:96:0x02d1, B:97:0x030e, B:99:0x0316, B:101:0x0323, B:105:0x03a1, B:107:0x0344, B:109:0x0368, B:111:0x038b, B:116:0x03a7, B:118:0x03b5, B:119:0x03c6, B:122:0x03bf, B:123:0x03ec, B:125:0x0401, B:127:0x0409, B:128:0x04f7, B:130:0x050a, B:133:0x051d, B:135:0x0549, B:138:0x0554, B:140:0x0569, B:142:0x0586, B:146:0x05c1, B:148:0x05cd, B:150:0x063a, B:151:0x05ee, B:153:0x05ff, B:155:0x060b, B:157:0x062c, B:159:0x057d, B:160:0x058f, B:162:0x0599, B:164:0x05b6, B:165:0x05ad, B:169:0x064f, B:172:0x0662, B:174:0x068b, B:176:0x0691, B:179:0x06a7, B:180:0x06f1, B:182:0x06f9, B:184:0x0706, B:188:0x0784, B:190:0x0727, B:192:0x074b, B:194:0x076e, B:199:0x078a, B:201:0x0798, B:202:0x07a9, B:204:0x07a2, B:205:0x0425, B:208:0x0436, B:210:0x0458, B:212:0x0460, B:213:0x0472, B:214:0x047e, B:216:0x0486, B:219:0x04a2, B:220:0x04d4, B:222:0x04dc, B:223:0x04ee, B:224:0x04ba, B:225:0x0494), top: B:228:0x0004 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.wso2.carbon.user.mgt.common.FlaggedName[] getRolesOfUser(java.lang.String r8, java.lang.String r9, int r10) throws org.wso2.carbon.user.mgt.common.UserAdminException {
        /*
            Method dump skipped, instructions count: 2026
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.user.mgt.UserRealmProxy.getRolesOfUser(java.lang.String, java.lang.String, int):org.wso2.carbon.user.mgt.common.FlaggedName[]");
    }

    public void updateUsersOfRole(String str, FlaggedName[] flaggedNameArr) throws UserAdminException {
        try {
            if ("system/wso2.anonymous.role".equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon anonymous role is being manipulated");
                throw new UserStoreException("Invalid data");
            }
            if (this.realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon Everyone role is being manipulated");
                throw new UserStoreException("Invalid data");
            }
            UserStoreManager userStoreManager = this.realm.getUserStoreManager();
            String[] userListOfRole = userStoreManager.getUserListOfRole(str);
            ArrayList arrayList = new ArrayList();
            if (userListOfRole != null) {
                for (String str2 : userListOfRole) {
                    int indexOf = str2.indexOf("$_USERNAME_SEPARATOR_$");
                    if (indexOf > 0) {
                        arrayList.add(str2.substring(0, indexOf));
                    } else {
                        arrayList.add(str2);
                    }
                }
                userListOfRole = (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
            if (userListOfRole != null) {
                Arrays.sort(userListOfRole);
            }
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            for (FlaggedName flaggedName : flaggedNameArr) {
                boolean isSelected = flaggedName.isSelected();
                String itemName = flaggedName.getItemName();
                if ("wso2.anonymous.user".equalsIgnoreCase(itemName)) {
                    log.error("Security Alert! Carbon anonymous user is being manipulated");
                    return;
                }
                int binarySearch = Arrays.binarySearch(userListOfRole, itemName);
                if (binarySearch > -1 && !isSelected) {
                    arrayList2.add(itemName);
                } else if (binarySearch < 0 && isSelected) {
                    arrayList3.add(itemName);
                }
            }
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
            boolean isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, UserMgtConstants.UI_PERMISSION_ROOT, UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleAuthorized) {
                isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, UserMgtConstants.UI_ADMIN_PERMISSION_ROOT, UserMgtConstants.EXECUTE_ACTION);
            }
            if ((realmConfiguration.getAdminRoleName().equalsIgnoreCase(str) || isRoleAuthorized) && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                log.warn("An attempt to add or remove users from Admin role by user : " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("Can not add or remove user from Admin permission role");
            }
            String[] strArr = null;
            String[] userListOfRole2 = this.realm.getUserStoreManager().getUserListOfRole(str);
            if (arrayList2 != null && userListOfRole2 != null) {
                Arrays.sort(userListOfRole2);
                strArr = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
                Arrays.sort(strArr);
                if (Arrays.binarySearch(strArr, addPrimaryDomainIfNotExists) > -1 && Arrays.binarySearch(userListOfRole2, addPrimaryDomainIfNotExists) > -1 && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                    log.warn("An attempt to remove from role : " + str + " by user :" + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("Can not remove yourself from role : " + str);
                }
            }
            userStoreManager.updateUserListOfRole(str, strArr, arrayList3 != null ? (String[]) arrayList3.toArray(new String[arrayList3.size()]) : null);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void updateRolesOfUser(String str, String[] strArr) throws UserAdminException {
        try {
            if ("wso2.anonymous.user".equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon anonymous user is being manipulated");
                throw new UserAdminException("Invalid data");
            }
            if (strArr != null) {
                String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
                RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
                String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
                Arrays.sort(strArr);
                String[] roleListOfUser = this.realm.getUserStoreManager().getRoleListOfUser(str);
                UserStoreManager userStoreManager = this.realm.getUserStoreManager();
                String[] roleListOfUser2 = userStoreManager.getRoleListOfUser(str);
                Arrays.sort(roleListOfUser2);
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                boolean z = false;
                String str2 = null;
                if (roleListOfUser != null) {
                    Arrays.sort(roleListOfUser);
                    for (String str3 : roleListOfUser) {
                        z = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                        if (!z) {
                            z = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                        }
                        if (z) {
                            break;
                        }
                    }
                }
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str4 = strArr[i];
                    boolean isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                    if (!isRoleAuthorized) {
                        isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                    }
                    if (isRoleAuthorized) {
                        str2 = str4;
                        break;
                    }
                    i++;
                }
                if (roleListOfUser == null || Arrays.binarySearch(roleListOfUser, realmConfiguration.getAdminRoleName()) < 0) {
                    if ((Arrays.binarySearch(strArr, realmConfiguration.getAdminRoleName()) > -1 || (!z && str2 != null)) && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                        log.warn("An attempt to add users to Admin permission role by user : " + addPrimaryDomainIfNotExists);
                        throw new UserStoreException("Can not add users to Admin permission role");
                    }
                } else if (Arrays.binarySearch(strArr, realmConfiguration.getAdminRoleName()) < 0 && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                    log.warn("An attempt to remove users from Admin role by user : " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("Can not remove users from Admin role");
                }
                for (String str5 : strArr) {
                    if (Arrays.binarySearch(roleListOfUser2, str5) < 0) {
                        arrayList.add(str5);
                    }
                }
                for (String str6 : roleListOfUser2) {
                    if (Arrays.binarySearch(strArr, str6) < 0) {
                        if (this.realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(str6)) {
                            log.warn("Carbon Internal/everyone role can't be manipulated");
                        } else {
                            arrayList2.add(str6);
                        }
                    }
                }
                userStoreManager.updateRoleListOfUser(str, (String[]) arrayList2.toArray(new String[arrayList2.size()]), (String[]) arrayList.toArray(new String[arrayList.size()]));
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void updateUsersOfRole(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            if ("system/wso2.anonymous.role".equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon anonymous role is being manipulated by user " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("Invalid data");
            }
            if (this.realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon Everyone role is being manipulated by user " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("Invalid data");
            }
            boolean isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, UserMgtConstants.UI_PERMISSION_ROOT, UserMgtConstants.EXECUTE_ACTION);
            if (!isRoleAuthorized) {
                isRoleAuthorized = this.realm.getAuthorizationManager().isRoleAuthorized(str, UserMgtConstants.UI_ADMIN_PERMISSION_ROOT, UserMgtConstants.EXECUTE_ACTION);
            }
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName());
            if ((realmConfiguration.getAdminRoleName().equalsIgnoreCase(str) || isRoleAuthorized) && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                log.warn("An attempt to add or remove users from a admin role by user : " + addPrimaryDomainIfNotExists);
                throw new UserStoreException("You do not have the required privilege to add or remove user from a admin role");
            }
            if (strArr2 != null) {
                Arrays.sort(strArr2);
                if (realmConfiguration.getAdminRoleName().equalsIgnoreCase(str) && Arrays.binarySearch(strArr2, realmConfiguration.getAdminUserName()) > -1) {
                    log.warn("An attempt to remove Admin user from Admin role by user : " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("Can not remove Admin user from Admin role");
                }
            }
            UserStoreManager userStoreManager = this.realm.getUserStoreManager();
            String[] userListOfRole = userStoreManager.getUserListOfRole(str);
            ArrayList arrayList = new ArrayList();
            if (userListOfRole != null) {
                for (String str2 : userListOfRole) {
                    int indexOf = str2.indexOf("$_USERNAME_SEPARATOR_$");
                    if (indexOf > 0) {
                        arrayList.add(str2.substring(0, indexOf));
                    } else {
                        arrayList.add(str2);
                    }
                }
                userListOfRole = (String[]) arrayList.toArray(new String[arrayList.size()]);
                Arrays.sort(userListOfRole);
            }
            ArrayList arrayList2 = new ArrayList();
            ArrayList arrayList3 = new ArrayList();
            if (userListOfRole != null) {
                if (strArr != null) {
                    for (String str3 : strArr) {
                        if (Arrays.binarySearch(userListOfRole, str3) < 0) {
                            arrayList3.add(str3);
                        }
                    }
                    strArr = (String[]) arrayList3.toArray(new String[arrayList3.size()]);
                }
                if (strArr2 != null) {
                    for (String str4 : strArr2) {
                        if (Arrays.binarySearch(userListOfRole, str4) > -1) {
                            arrayList2.add(str4);
                        }
                    }
                    strArr2 = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
                }
            } else {
                strArr2 = null;
            }
            userStoreManager.updateUserListOfRole(str, strArr2, strArr);
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void updateRolesOfUser(String str, String[] strArr, String[] strArr2) throws UserAdminException {
        try {
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            if ("wso2.anonymous.user".equalsIgnoreCase(str)) {
                log.error("Security Alert! Carbon anonymous user is being manipulated by user " + addPrimaryDomainIfNotExists);
                throw new UserAdminException("Invalid data");
            }
            if (strArr2 != null) {
                for (String str2 : strArr2) {
                    if (this.realm.getRealmConfiguration().getEveryOneRoleName().equalsIgnoreCase(str2)) {
                        log.error("Security Alert! Carbon everyone role is being manipulated by user " + addPrimaryDomainIfNotExists);
                        throw new UserAdminException("Invalid data");
                    }
                    if (this.realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(str2) && this.realm.getRealmConfiguration().getAdminUserName().equalsIgnoreCase(str)) {
                        log.error("Can not remove admin user from admin role " + addPrimaryDomainIfNotExists);
                        throw new UserAdminException("Can not remove admin user from admin role");
                    }
                }
            }
            RealmConfiguration realmConfiguration = this.realm.getRealmConfiguration();
            if (!addPrimaryDomainIfNotExists(realmConfiguration.getAdminUserName()).equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                boolean isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                if (!isUserAuthorized) {
                    isUserAuthorized = this.realm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                }
                if (strArr != null) {
                    boolean z = false;
                    for (String str3 : strArr) {
                        if (str3.equalsIgnoreCase(realmConfiguration.getAdminRoleName())) {
                            log.warn("An attempt to add users to Admin permission role by user : " + addPrimaryDomainIfNotExists);
                            throw new UserStoreException("Can not add users to Admin permission role");
                        }
                        z = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                        if (!z) {
                            z = this.realm.getAuthorizationManager().isRoleAuthorized(str3, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                        }
                        if (z) {
                            break;
                        }
                    }
                    if (!isUserAuthorized && z) {
                        log.warn("An attempt to add users to Admin permission role by user : " + addPrimaryDomainIfNotExists);
                        throw new UserStoreException("Can not add users to Admin permission role");
                    }
                }
                if (strArr2 != null) {
                    boolean z2 = false;
                    for (String str4 : strArr2) {
                        z2 = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION, UserMgtConstants.EXECUTE_ACTION);
                        if (!z2) {
                            z2 = this.realm.getAuthorizationManager().isRoleAuthorized(str4, PERMISSION_ADMIN, UserMgtConstants.EXECUTE_ACTION);
                        }
                        if (z2) {
                            break;
                        }
                    }
                    if (isUserAuthorized && z2) {
                        log.warn("An attempt to remove users from Admin role by user : " + addPrimaryDomainIfNotExists);
                        throw new UserStoreException("Can not remove users from Admin role");
                    }
                }
            }
            this.realm.getUserStoreManager().updateRoleListOfUser(str, strArr2, strArr);
        } catch (UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public UIPermissionNode getAllUIPermissions(int i) throws UserAdminException {
        Collection collection;
        UIPermissionNode uIPermissionNode;
        Collection collection2 = null;
        Registry registry = null;
        try {
            UserRegistry governanceSystemRegistry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry();
            if (i != -1234) {
                collection = (Collection) governanceSystemRegistry.get(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT);
                registry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry(i);
                if (registry.resourceExists(APPLICATIONS_PATH)) {
                    Collection collection3 = registry.get(APPLICATIONS_PATH);
                    collection2 = (Collection) registry.newCollection();
                    collection2.setProperty("name", "All Permissions");
                    collection2.setChildren(new String[]{collection.getPath(), collection3.getPath()});
                }
                uIPermissionNode = new UIPermissionNode(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT, collection2 != null ? collection2.getProperty("name") : collection.getProperty("name"));
            } else {
                if (CarbonContext.getThreadLocalCarbonContext().getTenantId() != -1234) {
                    log.error("Illegal access attempt");
                    throw new UserStoreException("Illegal access attempt");
                }
                collection = (Collection) governanceSystemRegistry.get(UserMgtConstants.UI_PERMISSION_ROOT);
                uIPermissionNode = new UIPermissionNode(UserMgtConstants.UI_PERMISSION_ROOT, collection.getProperty("name"));
            }
            if (collection2 != null) {
                buildUIPermissionNode(collection2, uIPermissionNode, governanceSystemRegistry, registry, null, null, null);
            } else {
                buildUIPermissionNode(collection, uIPermissionNode, governanceSystemRegistry, registry, null, null, null);
            }
            return uIPermissionNode;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public UIPermissionNode getRolePermissions(String str, int i) throws UserAdminException {
        Collection collection;
        UIPermissionNode uIPermissionNode;
        Collection collection2 = null;
        Registry registry = null;
        try {
            UserRegistry governanceSystemRegistry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry();
            if (i == -1234) {
                collection = (Collection) governanceSystemRegistry.get(UserMgtConstants.UI_PERMISSION_ROOT);
                uIPermissionNode = new UIPermissionNode(UserMgtConstants.UI_PERMISSION_ROOT, collection.getProperty("name"));
            } else {
                collection = (Collection) governanceSystemRegistry.get(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT);
                registry = UserMgtDSComponent.getRegistryService().getGovernanceSystemRegistry(i);
                if (registry.resourceExists(APPLICATIONS_PATH)) {
                    Collection collection3 = registry.get(APPLICATIONS_PATH);
                    collection2 = (Collection) registry.newCollection();
                    collection2.setProperty("name", "All Permissions");
                    collection2.setChildren(new String[]{collection.getPath(), collection3.getPath()});
                }
                uIPermissionNode = new UIPermissionNode(UserMgtConstants.UI_ADMIN_PERMISSION_ROOT, collection2 != null ? collection2.getProperty("name") : collection.getProperty("name"));
            }
            if (collection2 != null) {
                buildUIPermissionNode(collection2, uIPermissionNode, governanceSystemRegistry, registry, this.realm.getAuthorizationManager(), str, null);
            } else {
                buildUIPermissionNode(collection, uIPermissionNode, governanceSystemRegistry, registry, this.realm.getAuthorizationManager(), str, null);
            }
            return uIPermissionNode;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        } catch (UserStoreException e2) {
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public void setRoleUIPermission(String str, String[] strArr) throws UserAdminException {
        try {
            if (this.realm.getUserStoreManager().isOthersSharedRole(str)) {
                throw new UserAdminException("Logged in user is not authorized to assign permissions to a role belong to another tenant");
            }
            if (this.realm.getRealmConfiguration().getAdminRoleName().equalsIgnoreCase(str)) {
                log.error("UI permissions of Admin is not allowed to change");
                throw new UserAdminException("UI permissions of Admin is not allowed to change");
            }
            String addPrimaryDomainIfNotExists = addPrimaryDomainIfNotExists(getLoggedInUser());
            String addPrimaryDomainIfNotExists2 = addPrimaryDomainIfNotExists(this.realm.getRealmConfiguration().getAdminUserName());
            if (strArr != null && !addPrimaryDomainIfNotExists2.equalsIgnoreCase(addPrimaryDomainIfNotExists)) {
                Arrays.sort(strArr);
                if (Arrays.binarySearch(strArr, PERMISSION_ADMIN) > -1 || Arrays.binarySearch(strArr, "/permission/protected") > -1 || Arrays.binarySearch(strArr, PERMISSION) > -1) {
                    log.warn("An attempt to Assign admin permission for role by user : " + addPrimaryDomainIfNotExists);
                    throw new UserStoreException("Can not assign Admin for permission role");
                }
            }
            String[] optimizePermissions = UserCoreUtil.optimizePermissions(strArr);
            AuthorizationManager authorizationManager = this.realm.getAuthorizationManager();
            authorizationManager.clearRoleActionOnAllResources(str, UserMgtConstants.EXECUTE_ACTION);
            Permission[] permissionArr = new Permission[optimizePermissions.length];
            for (int i = 0; i < optimizePermissions.length; i++) {
                authorizationManager.authorizeRole(str, optimizePermissions[i], UserMgtConstants.EXECUTE_ACTION);
                permissionArr[i] = new Permission(optimizePermissions[i], UserMgtConstants.EXECUTE_ACTION);
            }
            ManagementPermissionUtil.handlePostUpdatePermissionsOfRole(str, permissionArr, this.realm.getUserStoreManager());
        } catch (UserStoreException e) {
            ManagementPermissionUtil.handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), str, null, null);
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        }
    }

    public void bulkImportUsers(String str, String str2, InputStream inputStream, String str3) throws UserAdminException {
        try {
            BulkImportConfig bulkImportConfig = new BulkImportConfig(inputStream, str2);
            if (str3 != null && str3.trim().length() > 0) {
                bulkImportConfig.setDefaultPassword(str3.trim());
            }
            if (StringUtils.isNotEmpty(str)) {
                bulkImportConfig.setUserStoreDomain(str);
            }
            UserStoreManager secondaryUserStoreManager = this.realm.getUserStoreManager().getSecondaryUserStoreManager(str);
            if (str2.endsWith("csv")) {
                new CSVUserBulkImport(bulkImportConfig).addUserList(secondaryUserStoreManager);
            } else {
                if (!str2.endsWith("xls") && !str2.endsWith("xlsx")) {
                    throw new UserAdminException("Unsupported format");
                }
                new ExcelUserBulkImport(bulkImportConfig).addUserList(secondaryUserStoreManager);
            }
        } catch (UserStoreException e) {
            throw new UserAdminException(e.getMessage(), e);
        }
    }

    public void changePasswordByUser(String str, String str2, String str3) throws UserAdminException {
        try {
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            RealmService realmService = UserMgtDSComponent.getRealmService();
            realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(tenantDomain)).getUserStoreManager().updateCredential(tenantAwareUsername, str3, str2);
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            log.error("Error while getting tenant user realm", e);
            throw new UserAdminException("Error while getting tenant user realm", e);
        } catch (UserStoreException e2) {
            throw new UserAdminException(e2.getMessage(), e2);
        }
    }

    public boolean hasMultipleUserStores() throws UserAdminException {
        try {
            return this.realm.getUserStoreManager().getSecondaryUserStoreManager() != null;
        } catch (UserStoreException e) {
            log.error(e);
            throw new UserAdminException("Unable to check for multiple user stores");
        }
    }

    private void buildUIPermissionNode(Collection collection, UIPermissionNode uIPermissionNode, Registry registry, Registry registry2, AuthorizationManager authorizationManager, String str, String str2) throws RegistryException, UserStoreException {
        boolean z = false;
        if (str != null) {
            z = authorizationManager.isRoleAuthorized(str, uIPermissionNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION);
        } else if (str2 != null) {
            z = authorizationManager.isUserAuthorized(str2, uIPermissionNode.getResourcePath(), UserMgtConstants.EXECUTE_ACTION);
        }
        if (!z) {
            buildUIPermissionNodeNotAllSelected(collection, uIPermissionNode, registry, registry2, authorizationManager, str, str2);
        } else {
            buildUIPermissionNodeAllSelected(collection, uIPermissionNode, registry, registry2);
            uIPermissionNode.setSelected(true);
        }
    }

    private void buildUIPermissionNodeAllSelected(Collection collection, UIPermissionNode uIPermissionNode, Registry registry, Registry registry2) throws RegistryException, UserStoreException {
        Resource resource;
        String[] children = collection.getChildren();
        UIPermissionNode[] uIPermissionNodeArr = new UIPermissionNode[children.length];
        for (int i = 0; i < children.length; i++) {
            String str = children[i];
            if (registry.resourceExists(str)) {
                resource = registry.get(str);
            } else {
                if (registry2 == null) {
                    throw new RegistryException("Permission resource not found in the registry.");
                }
                resource = registry2.get(str);
            }
            uIPermissionNodeArr[i] = getUIPermissionNode(resource, true);
            if (resource instanceof Collection) {
                buildUIPermissionNodeAllSelected((Collection) resource, uIPermissionNodeArr[i], registry, registry2);
            }
        }
        uIPermissionNode.setNodeList(uIPermissionNodeArr);
    }

    private void buildUIPermissionNodeNotAllSelected(Collection collection, UIPermissionNode uIPermissionNode, Registry registry, Registry registry2, AuthorizationManager authorizationManager, String str, String str2) throws RegistryException, UserStoreException {
        Resource resource;
        String[] children = collection.getChildren();
        UIPermissionNode[] uIPermissionNodeArr = new UIPermissionNode[children.length];
        for (int i = 0; i < children.length; i++) {
            String str3 = children[i];
            if (registry2 != null && str3.startsWith(APPLICATIONS_PATH)) {
                resource = registry2.get(str3);
            } else {
                if (!registry.resourceExists(str3)) {
                    throw new RegistryException("Permission resource not found in the registry.");
                }
                resource = registry.get(str3);
            }
            boolean z = false;
            if (str != null) {
                z = authorizationManager.isRoleAuthorized(str, str3, UserMgtConstants.EXECUTE_ACTION);
            } else if (str2 != null) {
                z = authorizationManager.isUserAuthorized(str2, str3, UserMgtConstants.EXECUTE_ACTION);
            }
            uIPermissionNodeArr[i] = getUIPermissionNode(resource, z);
            if (resource instanceof Collection) {
                buildUIPermissionNodeNotAllSelected((Collection) resource, uIPermissionNodeArr[i], registry, registry2, authorizationManager, str, str2);
            }
        }
        uIPermissionNode.setNodeList(uIPermissionNodeArr);
    }

    private UIPermissionNode getUIPermissionNode(Resource resource, boolean z) throws RegistryException {
        return new UIPermissionNode(resource.getPath(), resource.getProperty("name"), z);
    }

    private String getLoggedInUser() {
        return CarbonContext.getThreadLocalCarbonContext().getUsername();
    }

    private void mapEntityName(String str, FlaggedName flaggedName, UserStoreManager userStoreManager) {
        if (!str.contains("@SharedRoleSeperator@")) {
            flaggedName.setItemName(str);
            return;
        }
        String[] split = str.split("@SharedRoleSeperator@");
        flaggedName.setItemName(split[0]);
        flaggedName.setDn(split[1]);
        flaggedName.setShared(((AbstractUserStoreManager) userStoreManager).isOthersSharedRole(str));
        if (flaggedName.isShared()) {
            flaggedName.setItemDisplayName("@SharedRoleSeperator@" + flaggedName.getItemName());
        }
    }

    public boolean isSharedRolesEnabled() throws UserAdminException {
        try {
            return this.realm.getUserStoreManager().isSharedGroupEnabled();
        } catch (UserStoreException e) {
            log.error(e);
            throw new UserAdminException("Unable to check shared role enabled", e);
        }
    }

    public String[] concatArrays(String[] strArr, String[] strArr2) {
        String[] strArr3 = new String[strArr.length + strArr2.length];
        System.arraycopy(strArr, 0, strArr3, 0, strArr.length);
        System.arraycopy(strArr2, 0, strArr3, strArr.length, strArr2.length);
        return strArr3;
    }
}
