package org.wso2.carbon.identity.oauth;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.io.Charsets;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.utils.Base64;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.cache.CacheKey;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.OAuthCache;
import org.wso2.carbon.identity.oauth.cache.OAuthCacheKey;
import org.wso2.carbon.identity.oauth.dao.OAuthAppDO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.oauth.event.OAuthEventInterceptor;
import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder;
import org.wso2.carbon.identity.oauth.util.ClaimCache;
import org.wso2.carbon.identity.oauth.util.ClaimCacheKey;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2ServerException;
import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory;
import org.wso2.carbon.identity.oauth2.model.AccessTokenDO;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/oauth/OAuthUtil.class */
public final class OAuthUtil {
    public static final Log LOG = LogFactory.getLog(OAuthUtil.class);
    private static final String ALGORITHM_SHA1 = "HmacSHA1";
    private static final String ALGORITHM_SHA256 = "HmacSHA256";

    private OAuthUtil() {
    }

    public static String getRandomNumber() throws IdentityOAuthAdminException {
        try {
            String generateUUID = UUIDGenerator.generateUUID();
            String generateUUID2 = UUIDGenerator.generateUUID();
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateUUID.getBytes(Charsets.UTF_8), ALGORITHM_SHA1);
            Mac mac = Mac.getInstance(ALGORITHM_SHA1);
            mac.init(secretKeySpec);
            return Base64.encode(mac.doFinal(generateUUID2.getBytes(Charsets.UTF_8))).replace("/", "_").replace("=", "a").replace("+", "f");
        } catch (Exception e) {
            throw new IdentityOAuthAdminException("Error when generating a random number.", e);
        }
    }

    public static String getRandomNumberSecure() throws IdentityOAuthAdminException {
        try {
            String generateUUID = UUIDGenerator.generateUUID();
            String generateUUID2 = UUIDGenerator.generateUUID();
            String str = Boolean.parseBoolean(IdentityUtil.getProperty("OAuth.EnableSHA256Params")) ? ALGORITHM_SHA256 : ALGORITHM_SHA1;
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateUUID.getBytes(Charsets.UTF_8), str);
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            return Base64.encode(mac.doFinal(generateUUID2.getBytes(Charsets.UTF_8))).replace("/", "_").replace("=", "a").replace("+", "f");
        } catch (Exception e) {
            throw new IdentityOAuthAdminException("Error when generating a random number.", e);
        }
    }

    @Deprecated
    public static void clearOAuthCache(String str, User user) {
        if (user instanceof AuthenticatedUser) {
            clearOAuthCache(str, (AuthenticatedUser) user);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("User object is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name.");
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
        try {
            String userId = authenticatedUser.getUserId();
            clearOAuthCache(str, userId);
            clearOAuthCacheWithAuthenticatedIDP(str, userId, null);
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    public static void clearOAuthCache(String str, AuthenticatedUser authenticatedUser) {
        try {
            clearOAuthCacheWithAuthenticatedIDP(str, authenticatedUser.getUserId(), OAuth2Util.getAuthenticatedIDP(authenticatedUser));
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    @Deprecated
    public static void clearOAuthCache(String str, User user, String str2) {
        if (user instanceof AuthenticatedUser) {
            clearOAuthCache(str, (AuthenticatedUser) user, str2);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("User object is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name.");
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
        try {
            String userId = authenticatedUser.getUserId();
            clearOAuthCache(str, userId, str2);
            clearOAuthCacheWithAuthenticatedIDP(str, userId, str2, null, authenticatedUser.getTenantDomain());
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    public static void clearOAuthCache(String str, AuthenticatedUser authenticatedUser, String str2) {
        try {
            clearOAuthCacheWithAuthenticatedIDP(str, authenticatedUser.getUserId(), str2, OAuth2Util.getAuthenticatedIDP(authenticatedUser), authenticatedUser.getTenantDomain());
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    @Deprecated
    public static void clearOAuthCache(String str, User user, String str2, String str3) {
        if (user instanceof AuthenticatedUser) {
            clearOAuthCache(str, (AuthenticatedUser) user, str2, str3);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("User is not an instance of AuthenticatedUser therefore cannot resolve authenticatedIDP name");
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser(user);
        try {
            String userId = authenticatedUser.getUserId();
            clearOAuthCache(str, userId, str2);
            clearOAuthCache(buildCacheKeyStringForToken(str, str2, userId, null, str3));
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    public static void clearOAuthCache(String str, AuthenticatedUser authenticatedUser, String str2, String str3) {
        String authenticatedIDP = OAuth2Util.getAuthenticatedIDP(authenticatedUser);
        try {
            clearOAuthCacheByTenant(buildCacheKeyStringForToken(str, str2, authenticatedUser.getUserId(), authenticatedIDP, str3), authenticatedUser.getTenantDomain());
        } catch (UserIdNotFoundException e) {
            LOG.error("User id cannot be found for user: " + authenticatedUser.getLoggableUserId());
        }
    }

    private static void clearOAuthCache(String str, String str2) {
        clearOAuthCache(str + ":" + str2);
    }

    private static void clearOAuthCacheWithAuthenticatedIDP(String str, String str2, String str3) {
        clearOAuthCache(str + ":" + str2 + ":" + str3);
    }

    private static void clearOAuthCache(String str, String str2, String str3) {
        clearOAuthCache(str + ":" + str2 + ":" + str3);
    }

    private static void clearOAuthCacheWithAuthenticatedIDP(String str, String str2, String str3, String str4, String str5) {
        clearOAuthCacheByTenant(str + ":" + str2 + ":" + str3 + ":" + str4, str5);
    }

    @Deprecated
    public static String buildCacheKeyStringForToken(String str, String str2, String str3, String str4, String str5) {
        return OAuth2Util.buildCacheKeyStringForTokenWithUserId(str, str2, str3, str4, str5);
    }

    public static void clearOAuthCache(String str) {
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str));
    }

    public static void clearOAuthCacheByTenant(String str, String str2) {
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(str), str2);
    }

    public static void clearOAuthCache(AccessTokenDO accessTokenDO) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Clearing cache for access token as cache key of user: " + accessTokenDO.getAuthzUser().getLoggableUserId());
        }
        OAuthCache.getInstance().clearCacheEntry(new OAuthCacheKey(accessTokenDO.getAccessToken()), accessTokenDO.getAuthzUser().getTenantDomain());
    }

    public static AuthenticatedUser getAuthenticatedUser(String str) {
        if (StringUtils.isBlank(str)) {
            throw new RuntimeException("Invalid username.");
        }
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(IdentityUtil.extractDomainFromName(str));
        authenticatedUser.setTenantDomain(MultitenantUtils.getTenantDomain(str));
        String str2 = str;
        if (str.startsWith(authenticatedUser.getUserStoreDomain())) {
            str2 = UserCoreUtil.removeDomainFromName(str);
        }
        authenticatedUser.setUserName(MultitenantUtils.getTenantAwareUsername(str2));
        return authenticatedUser;
    }

    public static IdentityOAuthAdminException handleError(String str, Exception exc) {
        return exc == null ? new IdentityOAuthAdminException(str) : new IdentityOAuthAdminException(Error.UNEXPECTED_SERVER_ERROR.getErrorCode(), str, exc);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static IdentityOAuthAdminException handleErrorWithExceptionType(String str, IdentityOAuth2Exception identityOAuth2Exception) {
        if (identityOAuth2Exception == 0) {
            return new IdentityOAuthAdminException(str);
        }
        if (StringUtils.isBlank(identityOAuth2Exception.getErrorCode())) {
            handleError(str, identityOAuth2Exception);
        }
        return identityOAuth2Exception instanceof IdentityOAuth2ClientException ? new IdentityOAuthClientException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception) : identityOAuth2Exception instanceof IdentityOAuth2ServerException ? new IdentityOAuthServerException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception) : new IdentityOAuthAdminException(identityOAuth2Exception.getErrorCode(), str, identityOAuth2Exception);
    }

    public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO oAuthAppDO) {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(oAuthAppDO.getApplicationName());
        oAuthConsumerAppDTO.setCallbackUrl(oAuthAppDO.getCallbackUrl());
        oAuthConsumerAppDTO.setOauthConsumerKey(oAuthAppDO.getOauthConsumerKey());
        oAuthConsumerAppDTO.setOauthConsumerSecret(oAuthAppDO.getOauthConsumerSecret());
        oAuthConsumerAppDTO.setOAuthVersion(oAuthAppDO.getOauthVersion());
        oAuthConsumerAppDTO.setGrantTypes(oAuthAppDO.getGrantTypes());
        oAuthConsumerAppDTO.setScopeValidators(oAuthAppDO.getScopeValidators());
        oAuthConsumerAppDTO.setUsername(oAuthAppDO.getUser().toFullQualifiedUsername());
        oAuthConsumerAppDTO.setState(oAuthAppDO.getState());
        oAuthConsumerAppDTO.setPkceMandatory(oAuthAppDO.isPkceMandatory());
        oAuthConsumerAppDTO.setPkceSupportPlain(oAuthAppDO.isPkceSupportPlain());
        oAuthConsumerAppDTO.setUserAccessTokenExpiryTime(oAuthAppDO.getUserAccessTokenExpiryTime());
        oAuthConsumerAppDTO.setApplicationAccessTokenExpiryTime(oAuthAppDO.getApplicationAccessTokenExpiryTime());
        oAuthConsumerAppDTO.setRefreshTokenExpiryTime(oAuthAppDO.getRefreshTokenExpiryTime());
        oAuthConsumerAppDTO.setIdTokenExpiryTime(oAuthAppDO.getIdTokenExpiryTime());
        oAuthConsumerAppDTO.setAudiences(oAuthAppDO.getAudiences());
        oAuthConsumerAppDTO.setRequestObjectSignatureValidationEnabled(oAuthAppDO.isRequestObjectSignatureValidationEnabled());
        oAuthConsumerAppDTO.setIdTokenEncryptionEnabled(oAuthAppDO.isIdTokenEncryptionEnabled());
        oAuthConsumerAppDTO.setIdTokenEncryptionAlgorithm(oAuthAppDO.getIdTokenEncryptionAlgorithm());
        oAuthConsumerAppDTO.setIdTokenEncryptionMethod(oAuthAppDO.getIdTokenEncryptionMethod());
        oAuthConsumerAppDTO.setBackChannelLogoutUrl(oAuthAppDO.getBackChannelLogoutUrl());
        oAuthConsumerAppDTO.setFrontchannelLogoutUrl(oAuthAppDO.getFrontchannelLogoutUrl());
        oAuthConsumerAppDTO.setTokenType(oAuthAppDO.getTokenType());
        oAuthConsumerAppDTO.setBypassClientCredentials(oAuthAppDO.isBypassClientCredentials());
        oAuthConsumerAppDTO.setRenewRefreshTokenEnabled(oAuthAppDO.getRenewRefreshTokenEnabled());
        oAuthConsumerAppDTO.setTokenBindingType(oAuthAppDO.getTokenBindingType());
        oAuthConsumerAppDTO.setTokenRevocationWithIDPSessionTerminationEnabled(oAuthAppDO.isTokenRevocationWithIDPSessionTerminationEnabled());
        oAuthConsumerAppDTO.setTokenBindingValidationEnabled(oAuthAppDO.isTokenBindingValidationEnabled());
        return oAuthConsumerAppDTO;
    }

    public static void invokePostRevocationBySystemListeners(AccessTokenDO accessTokenDO, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPostTokenRevocationBySystem(accessTokenDO, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for post token revocation by system.", e);
        }
    }

    public static void invokePreRevocationBySystemListeners(AccessTokenDO accessTokenDO, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPreTokenRevocationBySystem(accessTokenDO, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for pre token revocation by system.", e);
        }
    }

    public static boolean removeUserClaimsFromCache(String str, UserStoreManager userStoreManager) throws UserStoreException {
        ClaimCache claimCache = ClaimCache.getInstance();
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(str);
        authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()));
        authenticatedUser.setUserStoreDomain(UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration()));
        CacheKey claimCacheKey = new ClaimCacheKey(authenticatedUser);
        if (claimCacheKey == null) {
            return true;
        }
        claimCache.clearCacheEntry(claimCacheKey, userStoreManager.getTenantId());
        return true;
    }

    public static boolean revokeTokens(String str, UserStoreManager userStoreManager) throws UserStoreException {
        String str2;
        String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
        String tenantDomain = IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId());
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserStoreDomain(domainName);
        authenticatedUser.setTenantDomain(tenantDomain);
        authenticatedUser.setUserName(str);
        String str3 = null;
        if (OAuth2Util.checkAccessTokenPartitioningEnabled() && OAuth2Util.checkUserNameAssertionEnabled()) {
            try {
                str3 = OAuth2Util.getUserStoreForFederatedUser(authenticatedUser);
            } catch (IdentityOAuth2Exception e) {
                LOG.error("Error occurred while getting user store domain for User ID : " + authenticatedUser, e);
                throw new UserStoreException(e);
            }
        }
        try {
            boolean z = false;
            for (String str4 : OAuthTokenPersistenceFactory.getInstance().getTokenManagementDAO().getAllTimeAuthorizedClientIds(authenticatedUser)) {
                try {
                    try {
                        Set<AccessTokenDO> accessTokens = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getAccessTokens(str4, authenticatedUser, str3, true);
                        if (LOG.isDebugEnabled() && CollectionUtils.isNotEmpty(accessTokens)) {
                            LOG.debug("ACTIVE or EXPIRED access tokens found for the client: " + str4 + " for the user: " + str);
                        }
                        boolean parseBoolean = Boolean.parseBoolean(IdentityUtil.getProperty("PasswordUpdate.PreserveLoggedInSession"));
                        str2 = "";
                        String str5 = "";
                        if (parseBoolean) {
                            str2 = ((Map) IdentityUtil.threadLocalProperties.get()).get("currentSessionIdentifier") != null ? (String) ((Map) IdentityUtil.threadLocalProperties.get()).get("currentSessionIdentifier") : "";
                            if (((Map) IdentityUtil.threadLocalProperties.get()).get("currentTokenIdentifier") != null) {
                                str5 = (String) ((Map) IdentityUtil.threadLocalProperties.get()).get("currentTokenIdentifier");
                            }
                        }
                        HashSet hashSet = new HashSet();
                        ArrayList arrayList = new ArrayList();
                        boolean z2 = false;
                        for (AccessTokenDO accessTokenDO : accessTokens) {
                            String str6 = "NONE";
                            if (accessTokenDO.getTokenBinding() != null && StringUtils.isNotBlank(accessTokenDO.getTokenBinding().getBindingReference())) {
                                str6 = accessTokenDO.getTokenBinding().getBindingReference();
                                z2 = true;
                                if (StringUtils.equals(accessTokenDO.getTokenBinding().getBindingValue(), str2)) {
                                }
                            }
                            if (!parseBoolean || !StringUtils.equals(accessTokenDO.getTokenId(), str5)) {
                                clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()), str6);
                                clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()), str6);
                                clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser(), OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                                clearOAuthCache(accessTokenDO.getConsumerKey(), accessTokenDO.getAuthzUser());
                                clearOAuthCache(accessTokenDO);
                                hashSet.add(OAuth2Util.buildScopeString(accessTokenDO.getScope()));
                                arrayList.add(accessTokenDO);
                            }
                        }
                        if (z2 || !OAuth2Util.isHashDisabled()) {
                            try {
                                revokeTokens(arrayList);
                            } catch (IdentityOAuth2Exception e2) {
                                LOG.error("Error occurred while revoking Access Token", e2);
                                throw new UserStoreException(e2);
                            }
                        } else {
                            revokeLatestTokensWithScopes(hashSet, str4, authenticatedUser);
                        }
                    } catch (IdentityOAuth2Exception e3) {
                        LOG.error("Error occurred while retrieving access tokens issued for Client ID : " + str4 + ", User ID : " + authenticatedUser, e3);
                        throw new UserStoreException(e3);
                    }
                } catch (UserStoreException e4) {
                    z = true;
                }
            }
            if (z) {
                throw new UserStoreException("Error occurred while revoking Access Tokens of the user " + str);
            }
            return true;
        } catch (IdentityOAuth2Exception e5) {
            LOG.error("Error occurred while retrieving apps authorized by User ID : " + authenticatedUser, e5);
            throw new UserStoreException(e5);
        }
    }

    private static void revokeTokens(List<AccessTokenDO> list) throws IdentityOAuth2Exception {
        if (list.isEmpty()) {
            return;
        }
        for (AccessTokenDO accessTokenDO : list) {
            invokePreRevocationBySystemListeners(accessTokenDO, (Map<String, Object>) Collections.emptyMap());
            OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().revokeAccessTokens(new String[]{accessTokenDO.getAccessToken()}, OAuth2Util.isHashEnabled());
            invokePostRevocationBySystemListeners(accessTokenDO, (Map<String, Object>) Collections.emptyMap());
        }
    }

    private static void revokeLatestTokensWithScopes(Set<String> set, String str, AuthenticatedUser authenticatedUser) throws UserStoreException {
        for (String str2 : set) {
            try {
                AccessTokenDO latestAccessToken = OAuthTokenPersistenceFactory.getInstance().getAccessTokenDAO().getLatestAccessToken(str, authenticatedUser, authenticatedUser.getUserStoreDomain(), str2, true);
                if (latestAccessToken != null) {
                    try {
                        revokeTokens(Collections.singletonList(latestAccessToken));
                    } catch (IdentityOAuth2Exception e) {
                        LOG.error("Error occurred while revoking Access Token : " + latestAccessToken.getAccessToken() + " for user " + authenticatedUser, e);
                        throw new UserStoreException(e);
                    }
                }
            } catch (IdentityOAuth2Exception e2) {
                LOG.error("Error occurred while retrieving latest access token issued for Client ID : " + str + ", User ID : " + authenticatedUser + " and Scope : " + str2, e2);
                throw new UserStoreException(e2);
            }
        }
    }

    public static Optional<User> getUser(String str, String str2) throws IdentityApplicationManagementException {
        User user = null;
        try {
            int tenantId = IdentityTenantUtil.getTenantId(str);
            String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
            if (tenantId == -1234) {
                user = getUserFromTenant(str2, userId, tenantId);
            } else {
                String associatedOrganizationUUID = OAuthComponentServiceHolder.getInstance().getRealmService().getTenantManager().getTenant(tenantId).getAssociatedOrganizationUUID();
                if (associatedOrganizationUUID == null) {
                    user = getUserFromTenant(str2, userId, tenantId);
                } else {
                    Optional resolveUserFromResidentOrganization = OAuthComponentServiceHolder.getInstance().getOrganizationUserResidentResolverService().resolveUserFromResidentOrganization(str2, userId, associatedOrganizationUUID);
                    if (resolveUserFromResidentOrganization.isPresent()) {
                        user = getApplicationUser((org.wso2.carbon.user.core.common.User) resolveUserFromResidentOrganization.get());
                    }
                }
            }
            return Optional.ofNullable(user);
        } catch (org.wso2.carbon.user.api.UserStoreException | OrganizationManagementException e) {
            throw new IdentityApplicationManagementException("Error resolving user.", e);
        }
    }

    private static User getUserFromTenant(String str, String str2, int i) throws IdentityApplicationManagementException {
        User user = null;
        try {
            AbstractUserStoreManager userStoreManager = OAuthComponentServiceHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager();
            if (str != null && userStoreManager.isExistingUser(str)) {
                user = getApplicationUser(userStoreManager.getUser((String) null, str));
            } else if (str2 != null && userStoreManager.isExistingUserWithID(str2)) {
                user = getApplicationUser(userStoreManager.getUser(str2, (String) null));
            }
            return user;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            throw new IdentityApplicationManagementException("Error finding user in tenant.", e);
        }
    }

    private static User getApplicationUser(org.wso2.carbon.user.core.common.User user) {
        User user2 = new User();
        user2.setUserName(user.getUsername());
        user2.setUserStoreDomain(user.getUserStoreDomain());
        user2.setTenantDomain(user.getTenantDomain());
        return user2;
    }

    public static String getUsername(String str) throws IdentityApplicationManagementException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        if (StringUtils.isBlank(username)) {
            User orElseThrow = getUser(str, null).orElseThrow(() -> {
                return new IdentityApplicationManagementException("Error resolving user.");
            });
            username = IdentityUtil.addDomainToName(orElseThrow.getUserName(), orElseThrow.getUserStoreDomain());
        }
        return username;
    }

    public static void invokePreRevocationBySystemListeners(String str, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPreTokenRevocationBySystem(str, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for pre token revocation by system.", e);
        }
    }

    public static void invokePostRevocationBySystemListeners(String str, Map<String, Object> map) {
        OAuthEventInterceptor oAuthEventInterceptorProxy = OAuthComponentServiceHolder.getInstance().getOAuthEventInterceptorProxy();
        if (oAuthEventInterceptorProxy == null || !oAuthEventInterceptorProxy.isEnabled()) {
            return;
        }
        try {
            oAuthEventInterceptorProxy.onPostTokenRevocationBySystem(str, map);
        } catch (IdentityOAuth2Exception e) {
            LOG.error("Error while triggering listener for post token revocation by system.", e);
        }
    }
}
