package org.wso2.carbon.identity.scim2.common.impl;

import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.UUID;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.ListUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.claim.metadata.mgt.model.ExternalClaim;
import org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
import org.wso2.carbon.identity.scim2.common.DAO.GroupDAO;
import org.wso2.carbon.identity.scim2.common.exceptions.IdentitySCIMException;
import org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler;
import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder;
import org.wso2.carbon.identity.scim2.common.utils.AttributeMapper;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.PaginatedUserStoreManager;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreClientException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.constants.UserCoreErrorConstants;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
import org.wso2.carbon.user.core.model.Condition;
import org.wso2.carbon.user.core.model.ExpressionAttribute;
import org.wso2.carbon.user.core.model.ExpressionCondition;
import org.wso2.carbon.user.core.model.ExpressionOperation;
import org.wso2.carbon.user.core.model.OperationalCondition;
import org.wso2.carbon.user.core.model.OperationalOperation;
import org.wso2.carbon.user.core.model.UniqueIDUserClaimSearchEntry;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.user.mgt.RolePermissionException;
import org.wso2.charon3.core.attributes.AbstractAttribute;
import org.wso2.charon3.core.attributes.Attribute;
import org.wso2.charon3.core.attributes.ComplexAttribute;
import org.wso2.charon3.core.attributes.MultiValuedAttribute;
import org.wso2.charon3.core.attributes.SimpleAttribute;
import org.wso2.charon3.core.config.SCIMUserSchemaExtensionBuilder;
import org.wso2.charon3.core.exceptions.BadRequestException;
import org.wso2.charon3.core.exceptions.CharonException;
import org.wso2.charon3.core.exceptions.ConflictException;
import org.wso2.charon3.core.exceptions.NotFoundException;
import org.wso2.charon3.core.exceptions.NotImplementedException;
import org.wso2.charon3.core.extensions.UserManager;
import org.wso2.charon3.core.objects.Group;
import org.wso2.charon3.core.objects.Role;
import org.wso2.charon3.core.objects.User;
import org.wso2.charon3.core.schema.SCIMDefinitions;
import org.wso2.charon3.core.schema.SCIMResourceSchemaManager;
import org.wso2.charon3.core.utils.AttributeUtil;
import org.wso2.charon3.core.utils.ResourceManagerUtil;
import org.wso2.charon3.core.utils.codeutils.ExpressionNode;
import org.wso2.charon3.core.utils.codeutils.Node;
import org.wso2.charon3.core.utils.codeutils.OperationNode;
import org.wso2.charon3.core.utils.codeutils.PatchOperation;
import org.wso2.charon3.core.utils.codeutils.SearchRequest;

/* loaded from: input_file:org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.class */
public class SCIMUserManager implements UserManager {
    private static final String FILTERING_DELIMITER = "*";
    private static final String SQL_FILTERING_DELIMITER = "%";
    private static final String ERROR_CODE_INVALID_USERNAME = "31301";
    private static final String ERROR_CODE_INVALID_CREDENTIAL = "30003";
    private static final String ERROR_CODE_INVALID_CREDENTIAL_DURING_UPDATE = "36001";
    private static final String ERROR_CODE_PASSWORD_HISTORY_VIOLATION = "22001";
    private static final Log log = LogFactory.getLog(SCIMUserManager.class);
    private static final String ERROR_CODE_USER_NOT_FOUND = "30007";
    private AbstractUserStoreManager carbonUM;
    private ClaimManager carbonClaimManager;
    private String tenantDomain;
    private ClaimMetadataManagementService claimMetadataManagementService;
    private static final int MAX_ITEM_LIMIT_UNLIMITED = -1;
    private static final String ENABLE_PAGINATED_USER_STORE = "SCIM.EnablePaginatedUserStore";
    private static final String SERVICE_PROVIDER = "serviceProvider";
    private final String SERVICE_PROVIDER_TENANT_DOMAIN = "serviceProviderTenantDomain";
    private static final String DISPLAY_NAME_PROPERTY = "displayName";
    private static final String DISPLAY_ORDER_PROPERTY = "displayOrder";
    private static final String REGULAR_EXPRESSION_PROPERTY = "regEx";
    private static final String LOCATION_CLAIM = "http://wso2.org/claims/location";
    private static final String LAST_MODIFIED_CLAIM = "http://wso2.org/claims/modified";
    private static final String RESOURCE_TYPE_CLAIM = "http://wso2.org/claims/resourceType";
    private static final String USERNAME_CLAIM = "http://wso2.org/claims/username";
    private static final String ROLE_CLAIM = "http://wso2.org/claims/role";

    @Deprecated
    public SCIMUserManager(UserStoreManager userStoreManager, ClaimManager claimManager) {
        this.carbonUM = (AbstractUserStoreManager) userStoreManager;
        this.carbonClaimManager = claimManager;
    }

    public SCIMUserManager(UserStoreManager userStoreManager, ClaimMetadataManagementService claimMetadataManagementService, String str) {
        this.carbonUM = (AbstractUserStoreManager) userStoreManager;
        this.tenantDomain = str;
        this.claimMetadataManagementService = claimMetadataManagementService;
    }

    public User createUser(User user, Map<String, Boolean> map) throws CharonException, ConflictException, BadRequestException {
        String str = null;
        try {
            String userStoreDomainFromSP = getUserStoreDomainFromSP();
            if (userStoreDomainFromSP != null) {
                str = userStoreDomainFromSP;
            }
            StringBuilder sb = new StringBuilder();
            if (StringUtils.isNotBlank(str)) {
                user.setUserName(sb.append(str).append(CarbonConstants.DOMAIN_SEPARATOR).append(UserCoreUtil.removeDomainFromName(user.getUserName())).toString());
            }
            String extractDomainFromName = IdentityUtil.extractDomainFromName(user.getUserName());
            if (!user.getUserName().contains(CarbonConstants.DOMAIN_SEPARATOR) && !"PRIMARY".equalsIgnoreCase(extractDomainFromName)) {
                user.setUserName(IdentityUtil.addDomainToName(user.getUserName(), extractDomainFromName));
            }
            if (StringUtils.isNotBlank(extractDomainFromName) && !isSCIMEnabled(extractDomainFromName)) {
                throw new CharonException("Cannot add user through scim to user store . SCIM is not enabled for user store " + extractDomainFromName);
            }
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Creating user: " + user.getUserName());
                }
                user.getAttributeList().remove("id");
                SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
                Map<String, String> claimsMap = AttributeMapper.getClaimsMap(user);
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:groups");
                if (claimsMap.containsKey("urn:ietf:params:scim:schemas:core:2.0:User:roles.default")) {
                    claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:roles");
                }
                if (StringUtils.isNotEmpty(user.getId()) ? this.carbonUM.isExistingUserWithID(user.getId()) : this.carbonUM.isExistingUser(user.getUserName())) {
                    throw new ConflictException("User with the name: " + user.getUserName() + " already exists in the system.");
                }
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:userName");
                Map<String, String> convertSCIMtoLocalDialect = SCIMCommonUtils.convertSCIMtoLocalDialect(claimsMap);
                org.wso2.carbon.user.core.common.User addUserWithID = this.carbonUM.addUserWithID(user.getUserName(), user.getPassword(), (String[]) null, convertSCIMtoLocalDialect, (String) null);
                if (addUserWithID == null) {
                    addUserWithID = this.carbonUM.getUser((String) null, user.getUserName());
                    if (addUserWithID != null && StringUtils.isBlank(addUserWithID.getUserID())) {
                        return user;
                    }
                }
                user.setId(addUserWithID.getUserID());
                if (log.isDebugEnabled()) {
                    log.debug("User: " + user.getUserName() + " and with ID " + user.getId() + "  is created through SCIM.");
                }
                Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
                User sCIMUser = getSCIMUser(addUserWithID, getRequiredClaimsInLocalDialect(sCIMtoLocalMappings, map), sCIMtoLocalMappings, convertSCIMtoLocalDialect);
                sCIMUser.setSchemas();
                return sCIMUser;
            } catch (UserStoreException e) {
                handleErrorsOnUserNameAndPasswordPolicy(e);
                if (!(e instanceof org.wso2.carbon.user.core.UserStoreException) || !StringUtils.equals(UserCoreErrorConstants.ErrorMessages.ERROR_CODE_USERNAME_CANNOT_BE_EMPTY.getCode(), e.getErrorCode())) {
                    throw new CharonException("Error in adding the user: " + user.getUserName() + " to the user store.", e);
                }
                CharonException charonException = new CharonException("Unable to create the user. Username is a mandatory field.", e);
                charonException.setStatus(400);
                throw charonException;
            }
        } catch (IdentityApplicationManagementException e2) {
            throw new CharonException("Error retrieving User Store name. ", e2);
        }
    }

    private void handleErrorsOnUserNameAndPasswordPolicy(Throwable th) throws BadRequestException {
        for (int i = 0; th != null && i < 10; i++) {
            if ((th instanceof UserStoreException) && (th.getMessage().contains(ERROR_CODE_INVALID_USERNAME) || th.getMessage().contains(ERROR_CODE_INVALID_CREDENTIAL) || th.getMessage().contains(ERROR_CODE_INVALID_CREDENTIAL_DURING_UPDATE))) {
                throw new BadRequestException(th.getMessage(), "invalidValue");
            }
            if (th instanceof PolicyViolationException) {
                throw new BadRequestException(th.getMessage(), "invalidValue");
            }
            if ((th instanceof IdentityEventException) && StringUtils.equals(ERROR_CODE_PASSWORD_HISTORY_VIOLATION, ((IdentityEventException) th).getErrorCode())) {
                throw new BadRequestException(th.getMessage(), "invalidValue");
            }
            th = th.getCause();
        }
    }

    public User getUser(String str, Map<String, Boolean> map) throws CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving user: " + str);
        }
        try {
            org.wso2.carbon.user.core.common.User user = null;
            if (StringUtils.isNotBlank(SCIMCommonUtils.getSCIMtoLocalMappings().get("urn:ietf:params:scim:schemas:core:2.0:id"))) {
                user = this.carbonUM.getUserWithID(str, (String[]) null, SCIMCommonConstants.DEFAULT);
            }
            if (user == null) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.debug("User with SCIM id: " + str + " does not exist in the system.");
                return null;
            }
            Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
            User sCIMUser = getSCIMUser(user, getRequiredClaimsInLocalDialect(sCIMtoLocalMappings, map), sCIMtoLocalMappings, null);
            sCIMUser.setSchemas();
            if (log.isDebugEnabled()) {
                log.debug("User: " + sCIMUser.getUserName() + " is retrieved through SCIM.");
            }
            return sCIMUser;
        } catch (UserStoreException e) {
            if (e.getMessage().contains(ERROR_CODE_USER_NOT_FOUND)) {
                if (!log.isDebugEnabled()) {
                    return null;
                }
                log.debug("User with SCIM id: " + str + " does not exist in the system.");
                return null;
            }
            String str2 = "Error in getting user information from Carbon User Store for user: " + str;
            if (SCIMCommonUtils.isNotifyUserstoreStatusEnabled()) {
                throw new CharonException(str2 + ". " + e.getMessage(), e);
            }
            throw new CharonException(str2, e);
        }
    }

    public void deleteUser(String str) throws NotFoundException, CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Deleting user: " + str);
        }
        org.wso2.carbon.user.core.common.User user = null;
        try {
            SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
            String str2 = SCIMCommonUtils.getSCIMtoLocalMappings().get("urn:ietf:params:scim:schemas:core:2.0:id");
            if (StringUtils.isNotBlank(str2)) {
                List userListWithID = this.carbonUM.getUserListWithID(str2, str, SCIMCommonConstants.DEFAULT);
                if (userListWithID.size() > 0) {
                    user = (org.wso2.carbon.user.core.common.User) userListWithID.get(0);
                }
            }
            try {
                String userStoreDomainFromSP = getUserStoreDomainFromSP();
                if (user == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("User with id: " + str + " not found.");
                    }
                    throw new NotFoundException();
                }
                if (userStoreDomainFromSP != null && !userStoreDomainFromSP.equalsIgnoreCase(user.getUserStoreDomain())) {
                    throw new CharonException("User :" + user.getUsername() + "is not belong to user store " + userStoreDomainFromSP + "Hence user updating fail");
                }
                String username = user.getUsername();
                String userStoreDomain = user.getUserStoreDomain();
                if (!isSCIMEnabled(userStoreDomain)) {
                    throw new CharonException("Cannot delete user: " + username + " through SCIM from user store: " + userStoreDomain + ". SCIM is not enabled for user store: " + userStoreDomain);
                }
                this.carbonUM.deleteUserWithID(user.getUserID());
                if (log.isDebugEnabled()) {
                    log.debug("User: " + username + " is deleted through SCIM.");
                }
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving User Store name. ", e);
            }
        } catch (org.wso2.carbon.user.core.UserStoreException e2) {
            if (SCIMCommonUtils.isNotifyUserstoreStatusEnabled()) {
                String str3 = "Error in deleting user: " + str + ". " + e2.getMessage();
                log.error(str3, e2);
                throw new CharonException(str3, e2);
            }
            String str4 = "Error in deleting user: " + ((String) null);
            log.error(str4, e2);
            throw new CharonException(str4 + ((String) null), e2);
        }
    }

    @Deprecated
    public List<Object> listUsersWithGET(Node node, int i, int i2, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, NotImplementedException, BadRequestException {
        if (str == null && str2 == null) {
            return node != null ? filterUsers(node, map, i, Integer.valueOf(i2), str, str2, str3) : listUsers(map, i, Integer.valueOf(i2), str, str2, str3);
        }
        throw new NotImplementedException("Sorting is not supported");
    }

    public List<Object> listUsersWithGET(Node node, Integer num, Integer num2, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, NotImplementedException, BadRequestException {
        Integer valueOf = Integer.valueOf(handleStartIndexEqualsNULL(num));
        if (str == null && str2 == null) {
            return (num2 == null || num2.intValue() != 0) ? node != null ? filterUsers(node, map, valueOf.intValue(), num2, str, str2, str3) : listUsers(map, valueOf.intValue(), num2, str, str2, str3) : Collections.emptyList();
        }
        throw new NotImplementedException("Sorting is not supported");
    }

    public List<Object> listUsersWithPost(SearchRequest searchRequest, Map<String, Boolean> map) throws CharonException, NotImplementedException, BadRequestException {
        return listUsersWithGET(searchRequest.getFilter(), Integer.valueOf(searchRequest.getStartIndex()), Integer.valueOf(searchRequest.getCount()), searchRequest.getSortBy(), searchRequest.getSortOder(), searchRequest.getDomainName(), map);
    }

    private List<Object> listUsers(Map<String, Boolean> map, int i, Integer num, String str, String str2, String str3) throws CharonException, BadRequestException {
        Set<org.wso2.carbon.user.core.common.User> listUsernamesAcrossAllDomainsUsingLegacyAPIs;
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        Integer valueOf = Integer.valueOf(handleLimitEqualsNULL(num));
        long j = 0;
        if (StringUtils.isNotEmpty(str3)) {
            if (canPaginate(i, valueOf.intValue())) {
                listUsernamesAcrossAllDomainsUsingLegacyAPIs = listUsernames(i, valueOf.intValue(), str, str2, str3);
                j = getTotalUsers(str3);
            } else {
                listUsernamesAcrossAllDomainsUsingLegacyAPIs = listUsernamesUsingLegacyAPIs(str3);
            }
        } else if (canPaginate(i, valueOf.intValue())) {
            listUsernamesAcrossAllDomainsUsingLegacyAPIs = listUsernamesAcrossAllDomains(i, valueOf.intValue(), str, str2);
            String[] domainNames = getDomainNames();
            if (canCountTotalUserCount(domainNames)) {
                for (String str4 : domainNames) {
                    j += getTotalUsers(str4);
                }
            }
        } else {
            listUsernamesAcrossAllDomainsUsingLegacyAPIs = listUsernamesAcrossAllDomainsUsingLegacyAPIs();
        }
        if (!listUsernamesAcrossAllDomainsUsingLegacyAPIs.isEmpty()) {
            List<Object> userDetails = getUserDetails(listUsernamesAcrossAllDomainsUsingLegacyAPIs, map);
            if (j != 0) {
                arrayList.set(0, Integer.valueOf(Math.toIntExact(j)));
            } else {
                arrayList.set(0, Integer.valueOf(userDetails.size()));
            }
            arrayList.addAll(userDetails);
        } else if (log.isDebugEnabled()) {
            String format = String.format("There are no users who comply with the requested conditions: startIndex = %d, count = %d", Integer.valueOf(i), valueOf);
            if (StringUtils.isNotEmpty(str3)) {
                format = String.format(format + ", domain = %s", str3);
            }
            log.debug(format);
        }
        return arrayList;
    }

    private boolean canCountTotalUserCount(String[] strArr) {
        for (String str : strArr) {
            if (!(this.carbonUM.getSecondaryUserStoreManager(str) instanceof JDBCUserStoreManager)) {
                return false;
            }
        }
        return true;
    }

    private long getTotalUsers(String str) throws CharonException {
        long j = 0;
        AbstractUserStoreManager abstractUserStoreManager = null;
        if (StringUtils.isNotBlank(str)) {
            abstractUserStoreManager = (AbstractUserStoreManager) this.carbonUM.getSecondaryUserStoreManager(str);
        }
        try {
            if (abstractUserStoreManager instanceof JDBCUserStoreManager) {
                j = abstractUserStoreManager.countUsersWithClaims(USERNAME_CLAIM, "*");
            }
            return j;
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            String str2 = "Error while getting total user count in domain: " + str;
            log.error(str2, e);
            throw new CharonException(str2);
        }
    }

    private boolean canPaginate(int i, int i2) {
        return (i == 1 && i2 == 0) ? false : true;
    }

    private Set<org.wso2.carbon.user.core.common.User> listUsernames(int i, int i2, String str, String str2, String str3) throws CharonException, BadRequestException {
        if (isPaginatedUserStoreAvailable()) {
            if (i2 == 0) {
                i2 = getMaxLimit(str3);
            }
            return filterUsernames(new ExpressionCondition(ExpressionOperation.SW.toString(), ExpressionAttribute.USERNAME.toString(), ""), i, i2, str, str2, str3);
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s is not an instance of PaginatedUserStoreManager. Therefore pagination is not supported.", str3));
        }
        throw new CharonException(String.format("Pagination is not supported for %s.", str3));
    }

    private Set<org.wso2.carbon.user.core.common.User> listUsernamesUsingLegacyAPIs(String str) throws CharonException, BadRequestException {
        TreeSet treeSet = null;
        try {
            String str2 = SCIMCommonUtils.getSCIMtoLocalMappings().get("urn:ietf:params:scim:schemas:core:2.0:id");
            String str3 = str.toUpperCase() + CarbonConstants.DOMAIN_SEPARATOR + "*";
            if (StringUtils.isNotBlank(str2)) {
                treeSet = new TreeSet(Comparator.comparing((v0) -> {
                    return v0.getFullQualifiedUsername();
                }));
                treeSet.addAll(this.carbonUM.getUserListWithID(str2, str3, (String) null));
            }
            return treeSet;
        } catch (UserStoreException e) {
            Throwable rootCause = ExceptionUtils.getRootCause(e);
            if (!(rootCause instanceof UserStoreClientException)) {
                throw new CharonException(String.format("Error while listing usernames from domain: %s.", str), e);
            }
            String format = String.format("Error while listing usernames from domain: %s. %s", str, rootCause.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format, rootCause);
            }
            throw new BadRequestException(format, "invalidValue");
        } catch (UserStoreClientException e2) {
            String format2 = String.format("Error while listing usernames from domain: %s. %s", str, e2.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format2, e2);
            }
            throw new BadRequestException(format2, "invalidValue");
        }
    }

    private Set<org.wso2.carbon.user.core.common.User> listUsernamesAcrossAllDomains(int i, int i2, String str, String str2) throws CharonException, BadRequestException {
        if (isPaginatedUserStoreAvailable()) {
            return i2 == 0 ? new TreeSet(paginateUsers(listUsernamesAcrossAllDomainsUsingLegacyAPIs(), i2, i)) : filterUsersFromMultipleDomains(null, i, i2, str, str2, new ExpressionCondition(ExpressionOperation.SW.toString(), ExpressionAttribute.USERNAME.toString(), ""));
        }
        if (log.isDebugEnabled()) {
            log.debug(" The user store is not a paginated user store manager. Therefore pagination is not supported.");
        }
        throw new CharonException("Pagination is not supported.");
    }

    private Set<org.wso2.carbon.user.core.common.User> listUsernamesAcrossAllDomainsUsingLegacyAPIs() throws CharonException {
        TreeSet treeSet = null;
        try {
            String str = SCIMCommonUtils.getSCIMtoLocalMappings().get("urn:ietf:params:scim:schemas:core:2.0:id");
            if (StringUtils.isNotBlank(str)) {
                treeSet = new TreeSet(Comparator.comparing((v0) -> {
                    return v0.getFullQualifiedUsername();
                }));
                treeSet.addAll(this.carbonUM.getUserListWithID(str, "*", (String) null));
            }
            return treeSet;
        } catch (UserStoreException e) {
            throw new CharonException("Error while listing users across all domains. ", e);
        }
    }

    private List<Object> getUserDetails(Set<org.wso2.carbon.user.core.common.User> set, Map<String, Boolean> map) throws CharonException {
        ArrayList arrayList;
        ArrayList arrayList2 = new ArrayList();
        try {
            Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
            List<String> onlyRequiredClaims = getOnlyRequiredClaims(sCIMtoLocalMappings.keySet(), map);
            if (MapUtils.isNotEmpty(sCIMtoLocalMappings)) {
                sCIMtoLocalMappings.keySet().retainAll(onlyRequiredClaims);
                arrayList = new ArrayList(sCIMtoLocalMappings.values());
            } else {
                arrayList = new ArrayList();
            }
            if (isPaginatedUserStoreAvailable()) {
                arrayList2.addAll(getSCIMUsers(set, arrayList, sCIMtoLocalMappings));
            } else {
                retriveSCIMUsers(arrayList2, set, arrayList, sCIMtoLocalMappings);
            }
            return arrayList2;
        } catch (UserStoreException e) {
            throw new CharonException("Error while retrieving users from user store.", e);
        }
    }

    private void retriveSCIMUsers(List<Object> list, Set<org.wso2.carbon.user.core.common.User> set, List<String> list2, Map<String, String> map) throws CharonException {
        Map attributeList;
        for (org.wso2.carbon.user.core.common.User user : set) {
            if (user.getUsername().contains("$_USERNAME_SEPARATOR_$")) {
                user.setUsername(user.getUsername().split("\\$_USERNAME_SEPARATOR_$")[0]);
            }
            String userStoreDomain = user.getUserStoreDomain();
            if (isSCIMEnabled(userStoreDomain)) {
                if (log.isDebugEnabled()) {
                    log.debug("SCIM is enabled for the user-store domain : " + userStoreDomain + ". Including user : " + user.getUsername() + " in the response.");
                }
                User sCIMUser = getSCIMUser(user, list2, map, null);
                if (sCIMUser != null && (attributeList = sCIMUser.getAttributeList()) != null && !attributeList.isEmpty()) {
                    list.add(sCIMUser);
                }
            } else if (log.isDebugEnabled()) {
                log.debug("SCIM is disabled for the user-store domain : " + userStoreDomain + ". Hence user : " + user.getUsername() + " in this domain is excluded in the response.");
            }
        }
    }

    public User updateUser(User user, Map<String, Boolean> map) throws CharonException, BadRequestException {
        ArrayList arrayList;
        try {
            if (log.isDebugEnabled()) {
                log.debug("Updating user: " + user.getUserName());
            }
            SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
            Map<String, String> claimsMap = AttributeMapper.getClaimsMap(user);
            try {
                String userStoreDomainFromSP = getUserStoreDomainFromSP();
                User user2 = getUser(user.getId(), ResourceManagerUtil.getAllAttributeURIs(SCIMResourceSchemaManager.getInstance().getUserResourceSchema()));
                if (userStoreDomainFromSP != null && !userStoreDomainFromSP.equalsIgnoreCase(IdentityUtil.extractDomainFromName(user2.getUserName()))) {
                    throw new CharonException("User :" + user2.getUserName() + "is not belong to user store " + userStoreDomainFromSP + "Hence user updating fail");
                }
                if (getUserStoreDomainFromSP() != null && !"PRIMARY".equalsIgnoreCase(getUserStoreDomainFromSP())) {
                    user.setUserName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(user.getUserName()), getUserStoreDomainFromSP()));
                }
                String username = user.getUsername();
                String username2 = user2.getUsername();
                if (!IdentityUtil.isUserStoreInUsernameCaseSensitive(user2.getUsername())) {
                    username = username.toLowerCase();
                    username2 = username2.toLowerCase();
                }
                if (!StringUtils.equals(username, username2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Failing the request as attempting to modify username. Old username: " + user2.getUserName() + ", new username: " + user.getUserName());
                    }
                    throw new BadRequestException("Attribute userName cannot be modified.", "mutability");
                }
                if (!(StringUtils.isNotEmpty(user.getId()) ? this.carbonUM.isExistingUserWithID(user.getId()) : this.carbonUM.isExistingUser(user.getUserName()))) {
                    throw new CharonException("User name is immutable in carbon user store.");
                }
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:groups");
                if (claimsMap.containsKey("urn:ietf:params:scim:schemas:core:2.0:User:roles.default")) {
                    claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:roles");
                }
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:userName");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.lastModified");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.location");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType");
                Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
                List<String> onlyRequiredClaims = getOnlyRequiredClaims(sCIMtoLocalMappings.keySet(), map);
                if (MapUtils.isNotEmpty(sCIMtoLocalMappings)) {
                    sCIMtoLocalMappings.keySet().retainAll(onlyRequiredClaims);
                    arrayList = new ArrayList(sCIMtoLocalMappings.values());
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("SCIM to Local Claim mappings list is empty.");
                    }
                    arrayList = new ArrayList();
                }
                Map<String, String> userClaimValuesWithID = this.carbonUM.getUserClaimValuesWithID(user.getId(), (String[]) arrayList.toArray(new String[0]), (String) null);
                userClaimValuesWithID.remove(LOCATION_CLAIM);
                userClaimValuesWithID.remove(LAST_MODIFIED_CLAIM);
                userClaimValuesWithID.remove(RESOURCE_TYPE_CLAIM);
                Map<String, String> convertSCIMtoLocalDialect = SCIMCommonUtils.convertSCIMtoLocalDialect(claimsMap);
                if (user.getPassword() != null) {
                    this.carbonUM.updateCredentialByAdminWithID(user.getId(), user.getPassword());
                }
                updateUserClaims(user, userClaimValuesWithID, convertSCIMtoLocalDialect);
                if (log.isDebugEnabled()) {
                    log.debug("User: " + user.getUserName() + " updated through SCIM.");
                }
                return getUser(user.getId(), map);
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving User Store name. ", e);
            }
        } catch (BadRequestException e2) {
            reThrowMutabilityBadRequests(e2);
            log.error("Error occurred while trying to update the user", e2);
            throw new CharonException("Error occurred while trying to update the user", e2);
        } catch (UserStoreException e3) {
            String str = "Error while updating attributes of user: " + user.getUserName();
            log.error(str, e3);
            handleErrorsOnUserNameAndPasswordPolicy(e3);
            if (SCIMCommonUtils.isNotifyUserstoreStatusEnabled()) {
                throw new CharonException(str + ". " + e3.getMessage(), e3);
            }
            throw new CharonException(str, e3);
        } catch (CharonException e4) {
            log.error("Error occurred while trying to update the user", e4);
            throw new CharonException("Error occurred while trying to update the user", e4);
        }
    }

    public User updateUser(User user, Map<String, Boolean> map, List<String> list) throws CharonException, BadRequestException {
        ArrayList arrayList;
        try {
            if (log.isDebugEnabled()) {
                log.debug("Updating user: " + user.getUserName());
            }
            SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
            Map<String, String> claimsMap = AttributeMapper.getClaimsMap(user);
            HashMap hashMap = new HashMap();
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashMap.put(it.next(), "");
            }
            Map<String, String> convertSCIMtoLocalDialect = SCIMCommonUtils.convertSCIMtoLocalDialect(hashMap);
            try {
                String userStoreDomainFromSP = getUserStoreDomainFromSP();
                User user2 = getUser(user.getId(), ResourceManagerUtil.getAllAttributeURIs(SCIMResourceSchemaManager.getInstance().getUserResourceSchema()));
                if (userStoreDomainFromSP != null) {
                    if (!userStoreDomainFromSP.equalsIgnoreCase(IdentityUtil.extractDomainFromName(user2.getUserName()))) {
                        throw new CharonException(String.format("User : %s does not belong to userstore %s. Hence user updating failed", user2.getUserName(), userStoreDomainFromSP));
                    }
                    if (!"PRIMARY".equalsIgnoreCase(userStoreDomainFromSP)) {
                        user.setUserName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(user.getUserName()), userStoreDomainFromSP));
                    }
                }
                if (!StringUtils.equals(user.getUserName(), user2.getUserName())) {
                    if (log.isDebugEnabled()) {
                        log.debug("Failing the request as attempting to modify username. Old username: " + user2.getUserName() + ", new username: " + user.getUserName());
                    }
                    throw new BadRequestException("Attribute userName cannot be modified.", "mutability");
                }
                if (!validateUserExistence(user)) {
                    throw new CharonException("User name is immutable in carbon user store.");
                }
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:groups");
                if (claimsMap.containsKey("urn:ietf:params:scim:schemas:core:2.0:User:roles.default")) {
                    claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:roles");
                }
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:User:userName");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.lastModified");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.location");
                claimsMap.remove("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType");
                Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
                List<String> onlyRequiredClaims = getOnlyRequiredClaims(sCIMtoLocalMappings.keySet(), map);
                if (MapUtils.isNotEmpty(sCIMtoLocalMappings)) {
                    sCIMtoLocalMappings.keySet().retainAll(onlyRequiredClaims);
                    arrayList = new ArrayList(sCIMtoLocalMappings.values());
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("SCIM to Local Claim mappings list is empty.");
                    }
                    arrayList = new ArrayList();
                }
                Map<String, String> userClaimValuesWithID = this.carbonUM.getUserClaimValuesWithID(user.getId(), (String[]) arrayList.toArray(new String[0]), (String) null);
                userClaimValuesWithID.remove(LOCATION_CLAIM);
                userClaimValuesWithID.remove(LAST_MODIFIED_CLAIM);
                userClaimValuesWithID.remove(RESOURCE_TYPE_CLAIM);
                Map<String, String> convertSCIMtoLocalDialect2 = SCIMCommonUtils.convertSCIMtoLocalDialect(claimsMap);
                if (user.getPassword() != null) {
                    this.carbonUM.updateCredentialByAdminWithID(user.getId(), user.getPassword());
                }
                updateUserClaims(user, userClaimValuesWithID, convertSCIMtoLocalDialect2, convertSCIMtoLocalDialect);
                if (log.isDebugEnabled()) {
                    log.debug("User: " + user.getUserName() + " updated through SCIM.");
                }
                return getUser(user.getId(), map);
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving Userstore name. ", e);
            }
        } catch (UserStoreException e2) {
            handleErrorsOnUserNameAndPasswordPolicy(e2);
            throw new CharonException("Error while updating attributes of user: " + user.getUserName(), e2);
        } catch (CharonException e3) {
            throw new CharonException("Error occurred while trying to update the user: " + user.getUserName(), e3);
        } catch (BadRequestException e4) {
            reThrowMutabilityBadRequests(e4);
            throw new CharonException("Error occurred while trying to update the user: " + user.getUserName(), e4);
        }
    }

    private int handleLimitEqualsNULL(Integer num) {
        if (num == null) {
            num = 0;
        }
        return num.intValue();
    }

    private List<Object> filterUsers(Node node, Map<String, Boolean> map, int i, Integer num, String str, String str2, String str3) throws CharonException, BadRequestException {
        Integer valueOf = Integer.valueOf(handleLimitEqualsNULL(num));
        if (node instanceof ExpressionNode) {
            return filterUsersBySingleAttribute((ExpressionNode) node, map, i, valueOf.intValue(), str, str2, str3);
        }
        if (!(node instanceof OperationNode)) {
            throw new CharonException("Unknown operation. Not either an expression node or an operation node.");
        }
        if (log.isDebugEnabled()) {
            log.debug("Listing users by multi attribute filter");
        }
        return getMultiAttributeFilteredUsers(node, map, i, valueOf.intValue(), str, str2, str3);
    }

    private List<Object> filterUsersBySingleAttribute(ExpressionNode expressionNode, Map<String, Boolean> map, int i, int i2, String str, String str2, String str3) throws CharonException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Listing users by filter: %s %s %s", expressionNode.getAttributeValue(), expressionNode.getOperation(), expressionNode.getValue()));
        }
        if (isFilteringNotSupported(expressionNode.getOperation())) {
            throw new CharonException("Filter operation: " + expressionNode.getOperation() + " is not supported for filtering in users endpoint.");
        }
        String resolveDomainName = resolveDomainName(str3, expressionNode);
        try {
            return getDetailedUsers(isUseLegacyAPIs(i2) ? filterUsersUsingLegacyAPIs(expressionNode, i2, i, resolveDomainName) : filterUsers(expressionNode, i, i2, str, str2, resolveDomainName), map);
        } catch (NotImplementedException e) {
            throw new CharonException(String.format("System does not support filter operator: %s", expressionNode.getOperation()), e);
        }
    }

    private String resolveDomainName(String str, ExpressionNode expressionNode) throws CharonException {
        try {
            str = resolveDomainNameInAttributeValue(str, expressionNode);
            if (StringUtils.isEmpty(str)) {
                str = getFilteredDomainName(expressionNode);
            }
            return str;
        } catch (BadRequestException e) {
            throw new CharonException(String.format("Domain parameter: %s in request does not match with the domain name in the attribute value: %s ", str, expressionNode.getValue()), e);
        }
    }

    private boolean isUseLegacyAPIs(int i) {
        if (i <= 0) {
            return true;
        }
        return (isPaginatedUserStoreAvailable() || (this.carbonUM instanceof PaginatedUserStoreManager)) ? false : true;
    }

    private String getFilteredDomainName(ExpressionNode expressionNode) {
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String value = expressionNode.getValue();
        if (SCIMCommonUtils.isFilterUsersAndGroupsOnlyFromPrimaryDomainEnabled() && !StringUtils.contains(value, CarbonConstants.DOMAIN_SEPARATOR)) {
            return "PRIMARY";
        }
        if (SCIMCommonUtils.isFilteringEnhancementsEnabled() && SCIMCommonConstants.EQ.equalsIgnoreCase(operation) && StringUtils.equals(attributeValue, "urn:ietf:params:scim:schemas:core:2.0:User:userName") && !StringUtils.contains(value, CarbonConstants.DOMAIN_SEPARATOR)) {
            return "PRIMARY";
        }
        return null;
    }

    private String resolveDomainNameInAttributeValue(String str, ExpressionNode expressionNode) throws BadRequestException {
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String value = expressionNode.getValue();
        if (isDomainNameEmbeddedInAttributeValue(operation, attributeValue, value)) {
            int indexOf = value.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
            String upperCase = value.substring(0, indexOf).toUpperCase();
            expressionNode.setValue(value.substring(indexOf + 1));
            if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(upperCase) && !upperCase.equalsIgnoreCase(str)) {
                throw new BadRequestException(String.format(" Domain name %s in the domain parameter does not match with the domain name %s in search attribute value of %s claim.", str, upperCase, attributeValue));
            }
            if (StringUtils.isEmpty(str) && StringUtils.isNotEmpty(upperCase)) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Domain name %s set from the domain name in the attribute value %s ", upperCase, value));
                }
                return upperCase;
            }
        }
        return str;
    }

    private boolean isDomainNameEmbeddedInAttributeValue(String str, String str2, String str3) {
        if (!StringUtils.contains(str3, CarbonConstants.DOMAIN_SEPARATOR)) {
            return false;
        }
        if (!StringUtils.equals(str2, "urn:ietf:params:scim:schemas:core:2.0:User:userName") && !StringUtils.equals(str2, "urn:ietf:params:scim:schemas:core:2.0:User:groups")) {
            return false;
        }
        if (!SCIMCommonConstants.EQ.equalsIgnoreCase(str) && !SCIMCommonConstants.SW.equalsIgnoreCase(str) && !SCIMCommonConstants.CO.equalsIgnoreCase(str) && !SCIMCommonConstants.EW.equalsIgnoreCase(str)) {
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug(String.format("Attribute value %s is embedded with a domain in %s claim, ", str3, str2));
        return true;
    }

    private Set<org.wso2.carbon.user.core.common.User> filterUsers(Node node, int i, int i2, String str, String str2, String str3) throws CharonException, BadRequestException {
        return StringUtils.isNotEmpty(str3) ? filterUsernames(createConditionForSingleAttributeFilter(str3, node), i, i2, str, str2, str3) : filterUsersFromMultipleDomains(node, i, i2, str, str2, null);
    }

    private Set<org.wso2.carbon.user.core.common.User> filterUsersFromMultipleDomains(Node node, int i, int i2, String str, String str2, Condition condition) throws CharonException, BadRequestException {
        String[] domainNames = getDomainNames();
        TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
            return v0.getFullQualifiedUsername();
        }));
        for (String str3 : domainNames) {
            Condition createConditionForSingleAttributeFilter = condition == null ? createConditionForSingleAttributeFilter(str3, node) : condition;
            try {
                Set<org.wso2.carbon.user.core.common.User> filterUsernames = filterUsernames(createConditionForSingleAttributeFilter, i, i2, str, str2, str3);
                int size = filterUsernames.size();
                if (size > 0 || i <= 1) {
                    i = 1;
                    i2 = calculateLimit(i2, size);
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("Filter returned no results for original offset: %d.", Integer.valueOf(i)));
                    }
                    i = calculateOffset(createConditionForSingleAttributeFilter, i, str, str2, str3);
                }
                treeSet.addAll(filterUsernames);
            } catch (CharonException e) {
                log.error("Error occurred while getting the users list for domain: " + str3, e);
            }
            if (i2 == 0) {
                break;
            }
        }
        return treeSet;
    }

    private int calculateLimit(int i, int i2) {
        int i3 = i - i2;
        if (i < 0) {
            i3 = 0;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("New limit: %d calculated using initial offset: %d and filtered user count: %d. ", Integer.valueOf(i3), Integer.valueOf(i), Integer.valueOf(i2)));
        }
        return i3;
    }

    private int calculateOffset(Condition condition, int i, String str, String str2, String str3) throws CharonException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Checking for number of matches from the beginning to the original offset: %d for the same filter and updating the new offset.", Integer.valueOf(i)));
        }
        return i - filterUsernames(condition, 1, i, str, str2, str3).size();
    }

    private Set<org.wso2.carbon.user.core.common.User> filterUsernames(Condition condition, int i, int i2, String str, String str2, String str3) throws CharonException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Filtering users in domain : %s with limit: %d and offset: %d.", str3, Integer.valueOf(i2), Integer.valueOf(i)));
        }
        try {
            TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getFullQualifiedUsername();
            }));
            treeSet.addAll(this.carbonUM.getUserListWithID(condition, str3, SCIMCommonConstants.DEFAULT, i2, i, str, str2));
            return treeSet;
        } catch (UserStoreClientException e) {
            String format = String.format("Error while retrieving users for the domain: %s with limit: %d and offset: %d. %s", str3, Integer.valueOf(i2), Integer.valueOf(i), e.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format, e);
            }
            throw new BadRequestException(format, "invalidValue");
        } catch (UserStoreException e2) {
            Throwable rootCause = ExceptionUtils.getRootCause(e2);
            if (!(rootCause instanceof UserStoreClientException)) {
                throw new CharonException(String.format("Error while retrieving users for the domain: %s with limit: %d and offset: %d.", str3, Integer.valueOf(i2), Integer.valueOf(i)), e2);
            }
            String format2 = String.format("Error in obtaining role names from user store. %s", rootCause.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format2, rootCause);
            }
            throw new BadRequestException(format2, "invalidValue");
        }
    }

    private Condition createConditionForSingleAttributeFilter(String str, Node node) throws CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Creating condition for domain : " + str);
        }
        try {
            return getCondition(node, getAllAttributes(str));
        } catch (CharonException e) {
            throw new CharonException(String.format("Error while retrieving attributes for the domain %s.", str), e);
        }
    }

    private String[] getDomainNames() {
        ArrayList arrayList = new ArrayList();
        UserStoreManager secondaryUserStoreManager = this.carbonUM.getSecondaryUserStoreManager();
        while (secondaryUserStoreManager != null) {
            String upperCase = secondaryUserStoreManager.getRealmConfiguration().getUserStoreProperty("DomainName").toUpperCase();
            secondaryUserStoreManager = secondaryUserStoreManager.getSecondaryUserStoreManager();
            arrayList.add(upperCase);
        }
        Collections.sort(arrayList);
        arrayList.add(0, "PRIMARY");
        return (String[]) arrayList.toArray(new String[0]);
    }

    private Set<org.wso2.carbon.user.core.common.User> filterUsersUsingLegacyAPIs(ExpressionNode expressionNode, int i, int i2, String str) throws NotImplementedException, CharonException {
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String searchAttribute = getSearchAttribute(attributeValue, operation, expressionNode.getValue(), "*");
        if (StringUtils.isNotEmpty(str) && StringUtils.containsNone(searchAttribute, CarbonConstants.DOMAIN_SEPARATOR)) {
            searchAttribute = str.toUpperCase() + CarbonConstants.DOMAIN_SEPARATOR + searchAttribute;
        }
        try {
            Set<org.wso2.carbon.user.core.common.User> userListOfRoles = "urn:ietf:params:scim:schemas:core:2.0:User:groups".equals(attributeValue) ? getUserListOfRoles(getRoleNames(attributeValue, operation, searchAttribute)) : getUserNames(attributeValue, operation, searchAttribute);
            paginateUsers(userListOfRoles, i, i2);
            return userListOfRoles;
        } catch (UserStoreException e) {
            String format = String.format("Error while filtering the users for filter with attribute name: %s , filter operation: %s and attribute value: %s. ", attributeValue, operation, searchAttribute);
            if (SCIMCommonUtils.isNotifyUserstoreStatusEnabled()) {
                throw new CharonException(format + e.getMessage(), e);
            }
            throw new CharonException(format, e);
        }
    }

    private List<Object> getDetailedUsers(Set<org.wso2.carbon.user.core.common.User> set, Map<String, Boolean> map) throws CharonException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        arrayList.set(0, Integer.valueOf(set.size()));
        arrayList.addAll(getFilteredUserDetails(set, map));
        return arrayList;
    }

    private List<Object> getMultiAttributeFilteredUsers(Node node, Map<String, Boolean> map, int i, int i2, String str, String str2, String str3) throws CharonException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        if (i2 > 0) {
            Set<org.wso2.carbon.user.core.common.User> filteredUsersFromMultiAttributeFiltering = getFilteredUsersFromMultiAttributeFiltering(node, i, i2, str, str2, str3);
            arrayList.set(0, Integer.valueOf(filteredUsersFromMultiAttributeFiltering.size()));
            arrayList.addAll(getFilteredUserDetails(filteredUsersFromMultiAttributeFiltering, map));
        } else {
            int maxLimit = getMaxLimit(str3);
            if (StringUtils.isNotEmpty(str3)) {
                Set<org.wso2.carbon.user.core.common.User> filteredUsersFromMultiAttributeFiltering2 = getFilteredUsersFromMultiAttributeFiltering(node, i, maxLimit, str, str2, str3);
                arrayList.set(0, Integer.valueOf(filteredUsersFromMultiAttributeFiltering2.size()));
                arrayList.addAll(getFilteredUserDetails(filteredUsersFromMultiAttributeFiltering2, map));
            } else {
                int i3 = 0;
                while (this.carbonUM != null) {
                    if (this.carbonUM instanceof AbstractUserStoreManager) {
                        Set<org.wso2.carbon.user.core.common.User> filteredUsersFromMultiAttributeFiltering3 = getFilteredUsersFromMultiAttributeFiltering(node, i, maxLimit, str, str2, this.carbonUM.getRealmConfiguration().getUserStoreProperty("DomainName"));
                        i3 += filteredUsersFromMultiAttributeFiltering3.size();
                        arrayList.addAll(getFilteredUserDetails(filteredUsersFromMultiAttributeFiltering3, map));
                    }
                    this.carbonUM = this.carbonUM.getSecondaryUserStoreManager();
                }
                arrayList.set(0, Integer.valueOf(i3));
            }
        }
        return arrayList;
    }

    private int getMaxLimit(String str) {
        int i = 100;
        if (StringUtils.isEmpty(str)) {
            str = "PRIMARY";
        }
        if (this.carbonUM.getSecondaryUserStoreManager(str).getRealmConfiguration().getUserStoreProperty("MaxUserNameListLength") != null) {
            i = Integer.parseInt(this.carbonUM.getSecondaryUserStoreManager(str).getRealmConfiguration().getUserStoreProperty("MaxUserNameListLength"));
        }
        return i;
    }

    private Condition getCondition(Node node, Map<String, String> map) throws CharonException {
        String str;
        if (!(node instanceof ExpressionNode)) {
            if (!(node instanceof OperationNode)) {
                throw new CharonException("Unsupported Operation");
            }
            Condition condition = getCondition(node.getLeftNode(), map);
            Condition condition2 = getCondition(node.getRightNode(), map);
            String operation = ((OperationNode) node).getOperation();
            if (OperationalOperation.AND.toString().equalsIgnoreCase(operation)) {
                return new OperationalCondition(OperationalOperation.AND.toString(), condition, condition2);
            }
            throw new CharonException("Unsupported Operation: " + operation);
        }
        String operation2 = ((ExpressionNode) node).getOperation();
        String attributeValue = ((ExpressionNode) node).getAttributeValue();
        String value = ((ExpressionNode) node).getValue();
        String expressionOperation = SCIMCommonConstants.EQ.equals(operation2) ? ExpressionOperation.EQ.toString() : SCIMCommonConstants.SW.equals(operation2) ? ExpressionOperation.SW.toString() : SCIMCommonConstants.EW.equals(operation2) ? ExpressionOperation.EW.toString() : SCIMCommonConstants.CO.equals(operation2) ? ExpressionOperation.CO.toString() : operation2;
        if ("urn:ietf:params:scim:schemas:core:2.0:User:groups".equals(attributeValue)) {
            str = ExpressionAttribute.ROLE.toString();
        } else if ("urn:ietf:params:scim:schemas:core:2.0:User:userName".equals(attributeValue)) {
            str = ExpressionAttribute.USERNAME.toString();
        } else {
            if (map == null || map.get(attributeValue) == null) {
                throw new CharonException("Unsupported attribute: " + attributeValue);
            }
            str = map.get(attributeValue);
        }
        return new ExpressionCondition(expressionOperation, str, value);
    }

    private Map<String, String> getAllAttributes(String str) throws CharonException {
        HashMap hashMap = new HashMap();
        if (this.claimMetadataManagementService != null) {
            hashMap.putAll(getMappedAttributes(SCIMCommonConstants.SCIM_CORE_CLAIM_DIALECT, str));
            hashMap.putAll(getMappedAttributes(SCIMCommonConstants.SCIM_USER_CLAIM_DIALECT, str));
            if (SCIMUserSchemaExtensionBuilder.getInstance().getExtensionSchema() != null) {
                hashMap.putAll(getMappedAttributes(SCIMUserSchemaExtensionBuilder.getInstance().getExtensionSchema().getURI(), str));
            }
        } else {
            try {
                ClaimMapping[] allClaimMappings = this.carbonClaimManager.getAllClaimMappings(SCIMCommonConstants.SCIM_CORE_CLAIM_DIALECT);
                ClaimMapping[] allClaimMappings2 = this.carbonClaimManager.getAllClaimMappings(SCIMCommonConstants.SCIM_USER_CLAIM_DIALECT);
                ClaimMapping[] allClaimMappings3 = SCIMUserSchemaExtensionBuilder.getInstance().getExtensionSchema() != null ? this.carbonClaimManager.getAllClaimMappings(SCIMUserSchemaExtensionBuilder.getInstance().getExtensionSchema().getURI()) : null;
                for (ClaimMapping claimMapping : allClaimMappings) {
                    hashMap.put(claimMapping.getClaim().getClaimUri(), claimMapping.getMappedAttribute(str));
                }
                for (ClaimMapping claimMapping2 : allClaimMappings2) {
                    hashMap.put(claimMapping2.getClaim().getClaimUri(), claimMapping2.getMappedAttribute(str));
                }
                if (allClaimMappings3 != null) {
                    for (ClaimMapping claimMapping3 : allClaimMappings3) {
                        hashMap.put(claimMapping3.getClaim().getClaimUri(), claimMapping3.getMappedAttribute(str));
                    }
                }
            } catch (UserStoreException e) {
                throw new CharonException("Error in filtering users by multi attributes ", e);
            }
        }
        return hashMap;
    }

    private Map<String, String> getMappedAttributes(String str, String str2) throws CharonException {
        HashMap hashMap = new HashMap();
        Map<ExternalClaim, LocalClaim> mappedLocalClaimsForDialect = getMappedLocalClaimsForDialect(str, this.tenantDomain);
        if (mappedLocalClaimsForDialect != null) {
            for (Map.Entry<ExternalClaim, LocalClaim> entry : mappedLocalClaimsForDialect.entrySet()) {
                ExternalClaim key = entry.getKey();
                LocalClaim value = entry.getValue();
                String mappedAttribute = value.getMappedAttribute(str2);
                if (StringUtils.isEmpty(mappedAttribute)) {
                    mappedAttribute = value.getMappedAttribute("PRIMARY");
                }
                hashMap.put(key.getClaimURI(), mappedAttribute);
            }
        }
        return hashMap;
    }

    private Set<org.wso2.carbon.user.core.common.User> getFilteredUsersFromMultiAttributeFiltering(Node node, int i, int i2, String str, String str2, String str3) throws CharonException {
        try {
            if (StringUtils.isEmpty(str3)) {
                str3 = "PRIMARY";
            }
            Map<String, String> allAttributes = getAllAttributes(str3);
            if (log.isDebugEnabled()) {
                log.debug("Invoking the do get user list for domain: " + str3);
            }
            TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getFullQualifiedUsername();
            }));
            treeSet.addAll(this.carbonUM.getUserListWithID(getCondition(node, allAttributes), str3, SCIMCommonConstants.DEFAULT, i2, i, str, str2));
            return treeSet;
        } catch (UserStoreException e) {
            throw new CharonException("Error in filtering users by multi attributes in domain: " + str3, e);
        }
    }

    private List<Object> getFilteredUserDetails(Set<org.wso2.carbon.user.core.common.User> set, Map<String, Boolean> map) throws CharonException {
        ArrayList arrayList;
        ArrayList arrayList2 = new ArrayList();
        if (set == null || set.size() == 0) {
            if (log.isDebugEnabled()) {
                log.debug("Users for this filter does not exist in the system.");
            }
            return arrayList2;
        }
        try {
            Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
            List<String> onlyRequiredClaims = getOnlyRequiredClaims(sCIMtoLocalMappings.keySet(), map);
            if (MapUtils.isNotEmpty(sCIMtoLocalMappings)) {
                sCIMtoLocalMappings.keySet().retainAll(onlyRequiredClaims);
                arrayList = new ArrayList(sCIMtoLocalMappings.values());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("SCIM to Local Claim mappings list is empty.");
                }
                arrayList = new ArrayList();
            }
            if (!isPaginatedUserStoreAvailable()) {
                addSCIMUsers(arrayList2, set, arrayList, sCIMtoLocalMappings);
            } else if (this.carbonUM instanceof PaginatedUserStoreManager) {
                arrayList2.addAll(getSCIMUsers(set, arrayList, sCIMtoLocalMappings));
            } else {
                addSCIMUsers(arrayList2, set, arrayList, sCIMtoLocalMappings);
            }
            return arrayList2;
        } catch (UserStoreException e) {
            throw new CharonException("Error in retrieve user details. ", e);
        }
    }

    private void addSCIMUsers(List<Object> list, Set<org.wso2.carbon.user.core.common.User> set, List<String> list2, Map<String, String> map) throws CharonException {
        for (org.wso2.carbon.user.core.common.User user : set) {
            if (!"wso2.anonymous.user".equals(user.getUsername())) {
                String userStoreDomain = user.getUserStoreDomain();
                if (isSCIMEnabled(userStoreDomain)) {
                    if (log.isDebugEnabled()) {
                        log.debug("SCIM is enabled for the user-store domain : " + userStoreDomain + ". Including user : " + user.getUsername() + " in the response.");
                    }
                    User sCIMUser = getSCIMUser(user, list2, map, null);
                    if (sCIMUser == null || !StringUtils.isBlank(sCIMUser.getId())) {
                        list.add(sCIMUser);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("SCIM is disabled for the user-store domain : " + userStoreDomain + ". Hence user : " + user.getUsername() + " in this domain is excluded in the response.");
                }
            }
        }
    }

    public User getMe(String str, Map<String, Boolean> map) throws CharonException, NotFoundException {
        ArrayList arrayList;
        if (log.isDebugEnabled()) {
            log.debug("Getting user: " + str);
        }
        try {
            Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
            List<String> onlyRequiredClaims = getOnlyRequiredClaims(sCIMtoLocalMappings.keySet(), map);
            if (MapUtils.isNotEmpty(sCIMtoLocalMappings)) {
                sCIMtoLocalMappings.keySet().retainAll(onlyRequiredClaims);
                arrayList = new ArrayList(sCIMtoLocalMappings.values());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("SCIM to Local Claim mappings list is empty.");
                }
                arrayList = new ArrayList();
            }
            User sCIMUser = getSCIMUser(this.carbonUM.getUser((String) null, str), arrayList, sCIMtoLocalMappings, null);
            if (sCIMUser == null) {
                if (log.isDebugEnabled()) {
                    log.debug("User with userName : " + str + " does not exist in the system.");
                }
                throw new NotFoundException("No such user exist");
            }
            sCIMUser.setSchemas();
            if (log.isDebugEnabled()) {
                log.debug("User: " + sCIMUser.getUserName() + " is retrieved through SCIM.");
            }
            return sCIMUser;
        } catch (UserStoreException e) {
            throw new CharonException("Error from getting the authenticated user", e);
        }
    }

    public User createMe(User user, Map<String, Boolean> map) throws CharonException, ConflictException, BadRequestException {
        return createUser(user, map);
    }

    public void deleteMe(String str) throws NotFoundException, CharonException, NotImplementedException {
        throw new NotImplementedException("Self delete is not supported");
    }

    public User updateMe(User user, Map<String, Boolean> map) throws NotImplementedException, CharonException, BadRequestException {
        return updateUser(user, map);
    }

    public Group createGroup(Group group, Map<String, Boolean> map) throws CharonException, ConflictException, BadRequestException {
        String str;
        String groupNameWithDomain;
        if (log.isDebugEnabled()) {
            log.debug("Creating group: " + group.getDisplayName());
        }
        try {
            String displayName = group.getDisplayName();
            try {
                if (getUserStoreDomainFromSP() != null) {
                    str = getUserStoreDomainFromSP();
                    groupNameWithDomain = IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(displayName), str);
                } else if (displayName.indexOf(CarbonConstants.DOMAIN_SEPARATOR) > 0) {
                    str = IdentityUtil.extractDomainFromName(displayName);
                    groupNameWithDomain = IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(displayName), str);
                } else {
                    str = "PRIMARY";
                    groupNameWithDomain = SCIMCommonUtils.getGroupNameWithDomain(displayName);
                }
                if (!isInternalOrApplicationGroup(str) && StringUtils.isNotBlank(str) && !isSCIMEnabled(str)) {
                    throw new CharonException("Cannot create group through scim to user store . SCIM is not enabled for user store " + str);
                }
                group.setDisplayName(groupNameWithDomain);
                if (this.carbonUM.isExistingRole(group.getDisplayName(), false)) {
                    throw new ConflictException("Group with name: " + group.getDisplayName() + " already exists in the system.");
                }
                SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
                List members = group.getMembers();
                List membersWithDisplayName = group.getMembersWithDisplayName();
                if (CollectionUtils.isNotEmpty(members)) {
                    ArrayList arrayList = new ArrayList();
                    for (Object obj : members) {
                        org.wso2.carbon.user.core.common.User userWithID = StringUtils.isNotBlank(SCIMCommonUtils.getSCIMtoLocalMappings().get("urn:ietf:params:scim:schemas:core:2.0:id")) ? this.carbonUM.getUserWithID((String) obj, (String[]) null, SCIMCommonConstants.DEFAULT) : null;
                        if (userWithID == null) {
                            throw new IdentitySCIMException("User: " + obj + " doesn't exist in the user store. Hence, can not create the group: " + group.getDisplayName());
                        }
                        if (userWithID.getUsername().indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 && !StringUtils.containsIgnoreCase(userWithID.getUsername(), str)) {
                            throw new IdentitySCIMException("User: " + obj + " doesn't exist in the same user store. Hence, can not create the group: " + group.getDisplayName());
                        }
                        arrayList.add(userWithID.getUserID());
                        if (CollectionUtils.isNotEmpty(membersWithDisplayName)) {
                            boolean z = false;
                            Iterator it = membersWithDisplayName.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                String str2 = (String) it.next();
                                if ((str2.indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 ? str2.split(UserCoreConstants.DOMAIN_SEPARATOR)[1] : str2).equalsIgnoreCase(userWithID.getUsername().indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > 0 ? userWithID.getUsername().split(UserCoreConstants.DOMAIN_SEPARATOR)[1] : userWithID.getUsername())) {
                                    z = true;
                                    break;
                                }
                            }
                            if (!z) {
                                throw new IdentitySCIMException("Given SCIM user Id and name does not match..");
                            }
                        }
                    }
                    new SCIMGroupHandler(this.carbonUM.getTenantId()).createSCIMAttributes(group);
                    this.carbonUM.addRoleWithID(group.getDisplayName(), (String[]) arrayList.toArray(new String[0]), (Permission[]) null, false);
                    if (log.isDebugEnabled()) {
                        log.debug("Group: " + group.getDisplayName() + " is created through SCIM.");
                    }
                } else {
                    new SCIMGroupHandler(this.carbonUM.getTenantId()).createSCIMAttributes(group);
                    this.carbonUM.addRoleWithID(group.getDisplayName(), (String[]) null, (Permission[]) null, false);
                    if (log.isDebugEnabled()) {
                        log.debug("Group: " + group.getDisplayName() + " is created through SCIM.");
                    }
                }
                return group;
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving User Store name. ", e);
            }
        } catch (UserStoreException e2) {
            try {
                new SCIMGroupHandler(this.carbonUM.getTenantId()).deleteGroupAttributes(group.getDisplayName());
                throw new CharonException("Error occurred while adding role : " + group.getDisplayName(), e2);
            } catch (UserStoreException | IdentitySCIMException e3) {
                log.error("Error occurred while doing rollback operation of the SCIM table entry for role: " + group.getDisplayName(), e3);
                throw new CharonException("Error occurred while doing rollback operation of the SCIM table entry for role: " + group.getDisplayName(), e2);
            }
        } catch (IdentitySCIMException | BadRequestException e4) {
            String str3 = "One or more group members do not exist in the same user store. Hence, can not create the group: " + group.getDisplayName();
            if (log.isDebugEnabled()) {
                log.debug(str3, e4);
            }
            throw new BadRequestException(str3, "invalidValue");
        }
    }

    public Group getGroup(String str, Map<String, Boolean> map) throws CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving group with id: " + str);
        }
        try {
            String groupName = new SCIMGroupHandler(this.carbonUM.getTenantId()).getGroupName(str);
            if (groupName == null) {
                return null;
            }
            Group groupWithoutMembers = !isMemberAttributeRequired(map) ? getGroupWithoutMembers(groupName) : isMemberValueRequested(map) ? getGroupWithName(groupName) : getGroupWithMemberUsernameOnly(groupName);
            groupWithoutMembers.setSchemas();
            return groupWithoutMembers;
        } catch (IdentitySCIMException e) {
            log.error("Error in retrieving SCIM Group information from database.", e);
            throw new CharonException("Error in retrieving SCIM Group information from database.", e);
        } catch (UserStoreException e2) {
            String str2 = "Error in retrieving group : " + str;
            log.error(str2, e2);
            throw new CharonException(str2, e2);
        } catch (CharonException | BadRequestException e3) {
            throw new CharonException("Error in retrieving the group", e3);
        }
    }

    private Group getGroupWithoutMembers(String str) throws IdentitySCIMException, UserStoreException, BadRequestException, CharonException {
        return doGetGroup(str, false, true);
    }

    private Group getGroupWithMemberUsernameOnly(String str) throws CharonException, UserStoreException, IdentitySCIMException, BadRequestException {
        return doGetGroup(str, false, false);
    }

    private boolean isMemberValueRequested(Map<String, Boolean> map) {
        if (map == null || map.isEmpty()) {
            return true;
        }
        Boolean bool = map.get("urn:ietf:params:scim:schemas:core:2.0:Group:members.value");
        return bool != null && bool.booleanValue();
    }

    private boolean isMemberAttributeRequired(Map<String, Boolean> map) {
        if (MapUtils.isEmpty(map)) {
            return true;
        }
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            if (it.next().startsWith("urn:ietf:params:scim:schemas:core:2.0:Group:members")) {
                return true;
            }
        }
        return false;
    }

    public void deleteGroup(String str) throws NotFoundException, CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Deleting group: " + str);
        }
        try {
            SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
            String groupName = new SCIMGroupHandler(this.carbonUM.getTenantId()).getGroupName(str);
            if (groupName == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Group with SCIM id: " + str + " doesn't exist in the system.");
                }
                throw new NotFoundException();
            }
            try {
                String userStoreDomainFromSP = getUserStoreDomainFromSP();
                if (userStoreDomainFromSP != null && !userStoreDomainFromSP.equalsIgnoreCase(IdentityUtil.extractDomainFromName(groupName))) {
                    throw new CharonException("Group :" + groupName + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail");
                }
                String extractDomainFromName = IdentityUtil.extractDomainFromName(groupName);
                if (!isInternalOrApplicationGroup(extractDomainFromName) && StringUtils.isNotBlank(extractDomainFromName) && !isSCIMEnabled(extractDomainFromName)) {
                    throw new CharonException("Cannot delete group: " + groupName + " through scim from user store: " + extractDomainFromName + ". SCIM is not enabled for user store: " + extractDomainFromName);
                }
                this.carbonUM.deleteRole(groupName);
                if (log.isDebugEnabled()) {
                    log.debug("Group: " + groupName + " is deleted through SCIM.");
                }
            } catch (IdentityApplicationManagementException e) {
                throw new CharonException("Error retrieving User Store name. ", e);
            }
        } catch (UserStoreException | IdentitySCIMException e2) {
            throw new CharonException("Error occurred while deleting group " + str, e2);
        }
    }

    public List<Object> listGroupsWithGET(Node node, int i, int i2, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, NotImplementedException, BadRequestException {
        int i3 = i < 1 ? 1 : i;
        if (str != null || str2 != null) {
            throw new NotImplementedException("Sorting is not supported");
        }
        if (i3 == 1 || i2 < 0) {
            return node != null ? filterGroups(node, i3, Integer.valueOf(i2), str, str2, str3, map) : listGroups(i3, Integer.valueOf(i2), str, str2, str3, map);
        }
        throw new NotImplementedException("Pagination is not supported");
    }

    public List<Object> listGroupsWithGET(Node node, Integer num, Integer num2, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, NotImplementedException, BadRequestException {
        Integer valueOf = Integer.valueOf(handleStartIndexEqualsNULL(num));
        if (str != null || str2 != null) {
            throw new NotImplementedException("Sorting is not supported");
        }
        if (valueOf.intValue() == 1 && num2 == null) {
            return node != null ? filterGroups(node, valueOf.intValue(), num2, str, str2, str3, map) : listGroups(valueOf.intValue(), num2, str, str2, str3, map);
        }
        throw new NotImplementedException("Pagination is not supported");
    }

    private int handleStartIndexEqualsNULL(Integer num) {
        if (num != null) {
            return num.intValue();
        }
        if (!log.isDebugEnabled()) {
            return 1;
        }
        log.debug("NULL value for startIndex argument interpreted as 1");
        return 1;
    }

    private List<Object> listGroups(int i, Integer num, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, BadRequestException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        try {
            for (String str4 : this.carbonUM.isRoleAndGroupSeparationEnabled() ? getGroupNamesForGroupsEndpoint(str3) : getRoleNamesForGroupsEndpoint(str3)) {
                String extractDomainFromName = IdentityUtil.extractDomainFromName(str4);
                if (isInternalOrApplicationGroup(extractDomainFromName) || isSCIMEnabled(extractDomainFromName)) {
                    if (log.isDebugEnabled()) {
                        log.debug("SCIM is enabled for the user-store domain : " + extractDomainFromName + ". Including group with name : " + str4 + " in the response.");
                    }
                    Group groupWithName = getGroupWithName(str4);
                    if (groupWithName.getId() != null) {
                        arrayList.add(groupWithName);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("SCIM is disabled for the user-store domain : " + extractDomainFromName + ". Hence group with name : " + str4 + " is excluded in the response.");
                }
            }
            arrayList.set(0, Integer.valueOf(arrayList.size() - 1));
            return arrayList;
        } catch (IdentitySCIMException | BadRequestException e) {
            throw new CharonException("Error in retrieving SCIM Group information from database.", e);
        } catch (UserStoreClientException e2) {
            String format = String.format("Error in obtaining role names from user store. %s", e2.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format, e2);
            }
            throw new BadRequestException(format, "invalidValue");
        } catch (UserStoreException e3) {
            throw new CharonException("Error in retrieving role names from user store.", e3);
        } catch (org.wso2.carbon.user.core.UserStoreException e4) {
            Throwable rootCause = ExceptionUtils.getRootCause(e4);
            if (!(rootCause instanceof UserStoreClientException)) {
                String str5 = "Error in obtaining role names from user store." + e4.getMessage();
                log.error(str5, e4);
                throw new CharonException(str5, e4);
            }
            String format2 = String.format("Error in obtaining role names from user store. %s", rootCause.getMessage());
            if (log.isDebugEnabled()) {
                log.debug(format2, rootCause);
            }
            throw new BadRequestException(format2, "invalidValue");
        }
    }

    private Set<String> getRoleNamesForGroupsEndpoint(String str) throws UserStoreException, IdentitySCIMException {
        SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(this.carbonUM.getTenantId());
        if (StringUtils.isEmpty(str)) {
            Set<String> listSCIMRoles = sCIMGroupHandler.listSCIMRoles();
            List<String> sCIMDisabledHybridRoleList = getSCIMDisabledHybridRoleList(new HashSet(Arrays.asList(this.carbonUM.getHybridRoles())), listSCIMRoles);
            if (!sCIMDisabledHybridRoleList.isEmpty()) {
                createSCIMAttributesForSCIMDisabledHybridRoles(sCIMDisabledHybridRoleList);
                listSCIMRoles.addAll(sCIMDisabledHybridRoleList);
            }
            return listSCIMRoles;
        }
        String str2 = str + CarbonConstants.DOMAIN_SEPARATOR + "*";
        HashSet hashSet = new HashSet(isInternalOrApplicationGroup(str) ? filterHybridRoles(str, str2) : Arrays.asList(this.carbonUM.getRoleNames(str2, MAX_ITEM_LIMIT_UNLIMITED, true, true, true)));
        List<String> sCIMDisabledHybridRoleList2 = getSCIMDisabledHybridRoleList(hashSet, sCIMGroupHandler.listSCIMRoles());
        if (!sCIMDisabledHybridRoleList2.isEmpty()) {
            createSCIMAttributesForSCIMDisabledHybridRoles(sCIMDisabledHybridRoleList2);
            hashSet.addAll(sCIMDisabledHybridRoleList2);
        }
        return hashSet;
    }

    private Set<String> getGroupNamesForGroupsEndpoint(String str) throws UserStoreException, IdentitySCIMException {
        SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(this.carbonUM.getTenantId());
        if (!StringUtils.isEmpty(str)) {
            return new HashSet(Arrays.asList(this.carbonUM.getRoleNames(str + CarbonConstants.DOMAIN_SEPARATOR + "*", MAX_ITEM_LIMIT_UNLIMITED, true, true, true)));
        }
        Set<String> listSCIMRoles = sCIMGroupHandler.listSCIMRoles();
        listSCIMRoles.removeIf(SCIMCommonUtils::isHybridRole);
        return listSCIMRoles;
    }

    private List<Object> filterGroups(Node node, int i, Integer num, String str, String str2, String str3, Map<String, Boolean> map) throws NotImplementedException, CharonException, BadRequestException {
        Integer valueOf = Integer.valueOf(handleLimitEqualsNULL(num));
        if (node instanceof ExpressionNode) {
            return filterGroupsBySingleAttribute((ExpressionNode) node, i, valueOf.intValue(), str, str2, str3, map);
        }
        if (node instanceof OperationNode) {
            throw new NotImplementedException("Complex filters are not supported yet");
        }
        throw new CharonException("Unknown operation. Not either an expression node or an operation node.");
    }

    private List<Object> filterGroupsBySingleAttribute(ExpressionNode expressionNode, int i, int i2, String str, String str2, String str3, Map<String, Boolean> map) throws CharonException, BadRequestException {
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String value = expressionNode.getValue();
        if (log.isDebugEnabled()) {
            log.debug("Filtering groups with filter: " + attributeValue + " + " + operation + " + " + value);
        }
        if (isFilteringNotSupported(operation)) {
            throw new CharonException("Filter operation: " + operation + " is not supported for groups filtering.");
        }
        String resolveDomain = resolveDomain(str3, expressionNode);
        ArrayList arrayList = new ArrayList();
        arrayList.add(0);
        try {
            ArrayList<String> arrayList2 = new ArrayList(getGroupList(expressionNode, resolveDomain));
            if (this.carbonUM.isRoleAndGroupSeparationEnabled()) {
                arrayList2.removeIf(SCIMCommonUtils::isHybridRole);
            }
            if (arrayList2 != null) {
                for (String str4 : arrayList2) {
                    if (str4 == null || !this.carbonUM.isExistingRole(str4, false)) {
                        arrayList.clear();
                        arrayList.add(0);
                        return arrayList;
                    }
                    if (!"system/wso2.anonymous.role".equals(str4) && !UserCoreUtil.isEveryoneRole(str4, this.carbonUM.getRealmConfiguration())) {
                        Group roleWithDefaultAttributes = getRoleWithDefaultAttributes(str4);
                        if (roleWithDefaultAttributes != null && roleWithDefaultAttributes.getId() != null) {
                            arrayList.add(roleWithDefaultAttributes);
                        }
                    }
                }
            }
            arrayList.set(0, Integer.valueOf(arrayList.size() - 1));
            return arrayList;
        } catch (org.wso2.carbon.user.core.UserStoreException e) {
            String str5 = "Error in filtering groups by attribute name : " + attributeValue + ", attribute value : " + value + " and filter operation : " + operation;
            log.error(str5, e);
            throw new CharonException(str5, e);
        } catch (UserStoreException e2) {
            throw new CharonException("Error in filtering group with filter: " + attributeValue + " + " + operation + " + " + value, e2);
        }
    }

    private String resolveDomain(String str, ExpressionNode expressionNode) throws CharonException, BadRequestException {
        String resolveDomainInAttributeValue = resolveDomainInAttributeValue(str, expressionNode);
        if (StringUtils.isEmpty(resolveDomainInAttributeValue)) {
            resolveDomainInAttributeValue = getDomainWithFilterProperties(expressionNode);
        }
        return resolveDomainInAttributeValue;
    }

    private String getDomainWithFilterProperties(ExpressionNode expressionNode) {
        return SCIMCommonUtils.isFilterUsersAndGroupsOnlyFromPrimaryDomainEnabled() ? "PRIMARY" : (SCIMCommonUtils.isFilteringEnhancementsEnabled() && SCIMCommonConstants.EQ.equalsIgnoreCase(expressionNode.getOperation()) && StringUtils.equals(expressionNode.getAttributeValue(), "urn:ietf:params:scim:schemas:core:2.0:Group:displayName")) ? "PRIMARY" : "";
    }

    private String resolveDomainInAttributeValue(String str, ExpressionNode expressionNode) throws CharonException, BadRequestException {
        String attributeValue = expressionNode.getAttributeValue();
        String value = expressionNode.getValue();
        if (!StringUtils.equals(attributeValue, "urn:ietf:params:scim:schemas:core:2.0:Group:displayName") && !StringUtils.equals(attributeValue, "urn:ietf:params:scim:schemas:core:2.0:Group:members.display") && !StringUtils.equals(attributeValue, "urn:ietf:params:scim:schemas:core:2.0:Group:members.value")) {
            return str;
        }
        String[] split = value.split(CarbonConstants.DOMAIN_SEPARATOR, 2);
        if (split.length <= 1) {
            return str;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Attribute value: %s is embedded with a domain.", value));
        }
        String str2 = split[0];
        String upperCase = isInternalOrApplicationGroup(str2) ? str2 : str2.toUpperCase();
        validateExtractedDomain(str, attributeValue, upperCase);
        expressionNode.setValue(split[1]);
        return upperCase;
    }

    private Group getRoleWithDefaultAttributes(String str) throws CharonException, UserStoreException {
        String extractDomainFromName = IdentityUtil.extractDomainFromName(str);
        if (!isInternalOrApplicationGroup(extractDomainFromName) && !isSCIMEnabled(extractDomainFromName)) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("SCIM is disabled for the user-store domain : " + extractDomainFromName + ". Hence group with name : " + str + " is excluded in the response.");
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("SCIM is enabled for the user-store domain : " + extractDomainFromName + ". Including group with name : " + str + " in the response.");
        }
        try {
            return getGroupWithName(str);
        } catch (BadRequestException e) {
            throw new CharonException("Error in retrieving SCIM Group.", e);
        } catch (IdentitySCIMException e2) {
            log.error("Error in retrieving SCIM Group information from database.", e2);
            throw new CharonException("Error in retrieving SCIM Group information from database.", e2);
        }
    }

    public void updateGroup(Group group, Group group2) throws CharonException {
        try {
            doUpdateGroup(group, group2);
        } catch (UserStoreException | IdentitySCIMException e) {
            throw new CharonException(e.getMessage(), e);
        } catch (IdentityApplicationManagementException e2) {
            throw new CharonException("Error retrieving User Store name. ", e2);
        } catch (BadRequestException | CharonException e3) {
            throw new CharonException("Error in updating the group", e3);
        }
    }

    public Group patchGroup(String str, String str2, Map<String, List<PatchOperation>> map, Map<String, Boolean> map2) throws NotImplementedException, BadRequestException, CharonException, NotFoundException {
        if (log.isDebugEnabled()) {
            log.debug("Updating group: " + str2);
        }
        try {
            ArrayList arrayList = new ArrayList();
            ArrayList<PatchOperation> arrayList2 = new ArrayList();
            String str3 = str2;
            Iterator<List<PatchOperation>> it = map.values().iterator();
            while (it.hasNext()) {
                for (PatchOperation patchOperation : it.next()) {
                    if (StringUtils.equals(DISPLAY_NAME_PROPERTY, patchOperation.getAttributeName())) {
                        arrayList.add(patchOperation);
                    } else if (StringUtils.equals("members", patchOperation.getAttributeName())) {
                        arrayList2.add(patchOperation);
                    }
                }
            }
            Collections.reverse(arrayList);
            if (CollectionUtils.isNotEmpty(arrayList)) {
                str3 = (String) ((PatchOperation) arrayList.get(0)).getValues();
                setGroupDisplayName(str2, str3);
            }
            Collections.sort(arrayList2);
            Set<String> hashSet = new HashSet<>();
            Set<String> hashSet2 = new HashSet<>();
            Set<Object> hashSet3 = new HashSet<>();
            for (PatchOperation patchOperation2 : arrayList2) {
                if (patchOperation2.getValues() instanceof Map) {
                    prepareAddedRemovedMemberLists(hashSet, hashSet2, hashSet3, patchOperation2, (Map) patchOperation2.getValues());
                } else if (patchOperation2.getValues() instanceof List) {
                    Iterator it2 = ((List) patchOperation2.getValues()).iterator();
                    while (it2.hasNext()) {
                        prepareAddedRemovedMemberLists(hashSet, hashSet2, hashSet3, patchOperation2, (Map) it2.next());
                    }
                }
            }
            String extractDomainFromName = IdentityUtil.extractDomainFromName(str3);
            HashSet hashSet4 = new HashSet();
            if (isNotInternalOrApplicationGroup(extractDomainFromName) && (!hashSet.isEmpty() || !hashSet2.isEmpty())) {
                Iterator<String> it3 = hashSet.iterator();
                while (it3.hasNext()) {
                    hashSet4.add(UserCoreUtil.addDomainToName(UserCoreUtil.removeDomainFromName(it3.next()), extractDomainFromName));
                }
                hashSet.clear();
                hashSet.addAll(hashSet4);
                hashSet4.clear();
                Iterator<String> it4 = hashSet2.iterator();
                while (it4.hasNext()) {
                    hashSet4.add(UserCoreUtil.addDomainToName(UserCoreUtil.removeDomainFromName(it4.next()), extractDomainFromName));
                }
                hashSet2.clear();
                hashSet2.addAll(hashSet4);
            }
            Set<String> memberValuesFromUserstore = getMemberValuesFromUserstore(hashSet2, extractDomainFromName, str3);
            Set<String> memberValuesFromUserstore2 = getMemberValuesFromUserstore(hashSet, extractDomainFromName, str3);
            if (CollectionUtils.isNotEmpty(hashSet)) {
                validateUserIds(memberValuesFromUserstore2, hashSet3);
            }
            SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
            if (CollectionUtils.isNotEmpty(hashSet) || CollectionUtils.isNotEmpty(hashSet2)) {
                this.carbonUM.updateUserListOfRoleWithID(str3, (String[]) memberValuesFromUserstore.toArray(new String[0]), (String[]) memberValuesFromUserstore2.toArray(new String[0]));
            }
            return getGroup(str, map2);
        } catch (UserStoreException | IdentitySCIMException e) {
            throw new CharonException(e.getMessage(), e);
        } catch (BadRequestException e2) {
            throw new CharonException("Error in updating the group", e2);
        } catch (IdentityApplicationManagementException e3) {
            throw new CharonException("Error retrieving User Store name. ", e3);
        }
    }

    private void prepareAddedRemovedMemberLists(Set<String> set, Set<String> set2, Set<Object> set3, PatchOperation patchOperation, Map<String, String> map) throws UserStoreException {
        if (StringUtils.isEmpty(map.get("display"))) {
            List userListWithID = this.carbonUM.getUserListWithID("urn:ietf:params:scim:schemas:core:2.0:id", map.get("value"), (String) null);
            if (CollectionUtils.isNotEmpty(userListWithID)) {
                map.put("display", ((org.wso2.carbon.user.core.common.User) userListWithID.get(0)).getUsername());
                patchOperation.setValues(map);
            }
        }
        if (StringUtils.equals(patchOperation.getOperation(), "add")) {
            set2.remove(map.get("display"));
            set.add(map.get("display"));
            set3.add(map.get("value"));
        } else if (StringUtils.equals(patchOperation.getOperation(), "remove")) {
            set.remove(map.get("display"));
            set2.add(map.get("display"));
        }
    }

    private void setGroupDisplayName(String str, String str2) throws IdentityApplicationManagementException, CharonException, BadRequestException, IdentitySCIMException, UserStoreException {
        String userStoreDomainFromSP = getUserStoreDomainFromSP();
        String extractDomainFromName = IdentityUtil.extractDomainFromName(str);
        if (userStoreDomainFromSP != null && !userStoreDomainFromSP.equalsIgnoreCase(extractDomainFromName)) {
            throw new CharonException("Group :" + str + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail");
        }
        String extractDomainFromName2 = IdentityUtil.extractDomainFromName(str2);
        if (isPrimaryDomain(extractDomainFromName2) && !isPrimaryDomain(extractDomainFromName)) {
            str2 = IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(str2), extractDomainFromName);
        } else if (!extractDomainFromName.equals(extractDomainFromName2)) {
            throw new IdentitySCIMException("User store domain of the group is not matching with the given SCIM group Id.");
        }
        String groupNameWithDomain = SCIMCommonUtils.getGroupNameWithDomain(str);
        String groupNameWithDomain2 = SCIMCommonUtils.getGroupNameWithDomain(str2);
        if (StringUtils.equalsIgnoreCase(groupNameWithDomain, groupNameWithDomain2)) {
            return;
        }
        this.carbonUM.updateRoleName(groupNameWithDomain, groupNameWithDomain2);
    }

    public Group updateGroup(Group group, Group group2, Map<String, Boolean> map) throws CharonException, BadRequestException {
        try {
            try {
                if (!doUpdateGroup(group, group2)) {
                    log.warn("There is no updated field in the group: " + group.getDisplayName() + ". Therefore ignoring the provisioning.");
                    return group;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Group: " + group.getDisplayName() + " is updated through SCIM.");
                }
                return getGroup(group2.getId(), map);
            } catch (UserStoreException | IdentitySCIMException e) {
                throw new CharonException(e.getMessage(), e);
            }
        } catch (IdentityApplicationManagementException e2) {
            throw new CharonException("Error retrieving User Store name. ", e2);
        } catch (CharonException e3) {
            throw new CharonException("Error in updating the group", e3);
        }
    }

    public boolean doUpdateGroup(Group group, Group group2) throws CharonException, IdentitySCIMException, BadRequestException, IdentityApplicationManagementException, org.wso2.carbon.user.core.UserStoreException {
        setGroupDisplayName(group, group2);
        if (log.isDebugEnabled()) {
            log.debug("Updating group: " + group.getDisplayName());
        }
        String extractDomainFromName = IdentityUtil.extractDomainFromName(group2.getDisplayName());
        if (CollectionUtils.isNotEmpty(group2.getMembers()) && isNotInternalOrApplicationGroup(extractDomainFromName)) {
            appendDomainToMembers(group2, extractDomainFromName);
        }
        SCIMCommonUtils.setThreadLocalIsManagedThroughSCIMEP(true);
        HashSet hashSet = new HashSet(group.getMembersWithDisplayName());
        HashSet hashSet2 = new HashSet(group2.getMembersWithDisplayName());
        Set<String> deletedMemberUsernames = getDeletedMemberUsernames(hashSet, hashSet2);
        Set<String> memberValuesFromUserstore = getMemberValuesFromUserstore(deletedMemberUsernames, extractDomainFromName, group.getDisplayName());
        Set<String> addedMemberUsernames = getAddedMemberUsernames(hashSet, hashSet2);
        Set<String> memberValuesFromUserstore2 = getMemberValuesFromUserstore(addedMemberUsernames, extractDomainFromName, group.getDisplayName());
        Set<Object> newlyAddedMemberIds = getNewlyAddedMemberIds(group, group2);
        if (CollectionUtils.isNotEmpty(addedMemberUsernames)) {
            validateUserIds(memberValuesFromUserstore2, newlyAddedMemberIds);
        }
        String displayName = group.getDisplayName();
        String displayName2 = group2.getDisplayName();
        boolean z = false;
        if (isGroupDisplayNameChanged(displayName, displayName2)) {
            this.carbonUM.updateRoleName(displayName, displayName2);
            z = true;
        }
        if (CollectionUtils.isNotEmpty(addedMemberUsernames) || CollectionUtils.isNotEmpty(deletedMemberUsernames)) {
            this.carbonUM.updateUserListOfRoleWithID(displayName2, (String[]) memberValuesFromUserstore.toArray(new String[0]), (String[]) memberValuesFromUserstore2.toArray(new String[0]));
            z = true;
        }
        return z;
    }

    private Set<String> getAddedMemberUsernames(Set<String> set, Set<String> set2) {
        HashSet hashSet = new HashSet(set2);
        hashSet.removeAll(set);
        return hashSet;
    }

    private Set<String> getDeletedMemberUsernames(Set<String> set, Set<String> set2) {
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(set2);
        return hashSet;
    }

    private Set<Object> getNewlyAddedMemberIds(Group group, Group group2) {
        HashSet hashSet = new HashSet(group2.getMembers());
        HashSet hashSet2 = new HashSet(group.getMembers());
        if (CollectionUtils.isNotEmpty(hashSet2)) {
            hashSet.removeAll(hashSet2);
        }
        return hashSet;
    }

    private Set<String> getMemberValuesFromUserstore(Set<String> set, String str, String str2) throws IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException {
        HashSet hashSet = new HashSet();
        for (String str3 : set) {
            String extractDomainFromName = IdentityUtil.extractDomainFromName(str3);
            if (!isInternalOrApplicationGroup(str) && !str.equalsIgnoreCase(extractDomainFromName)) {
                throw new IdentitySCIMException(String.format("%s doesn't belongs to user store: %s", str3, str));
            }
            org.wso2.carbon.user.core.common.User userFromUsername = getUserFromUsername(str3);
            if (userFromUsername == null || StringUtils.isEmpty(userFromUsername.getUserID())) {
                throw new IdentitySCIMException("User: " + str3 + " doesn't exist in the user store. Hence can not update the group: " + str2);
            }
            hashSet.add(userFromUsername.getUserID());
        }
        return hashSet;
    }

    private void validateUserIds(Set<String> set, Set<Object> set2) throws BadRequestException {
        for (Object obj : set2) {
            if (!set.contains(obj.toString())) {
                throw new BadRequestException(String.format("Provided SCIM user Id: %s doesn't match with the userID obtained from user-store for the provided username.", obj.toString()), "invalidValue");
            }
        }
    }

    private void setGroupDisplayName(Group group, Group group2) throws IdentityApplicationManagementException, CharonException, BadRequestException, IdentitySCIMException {
        String userStoreDomainFromSP = getUserStoreDomainFromSP();
        String extractDomainFromName = IdentityUtil.extractDomainFromName(group.getDisplayName());
        if (userStoreDomainFromSP != null && !userStoreDomainFromSP.equalsIgnoreCase(extractDomainFromName)) {
            throw new CharonException("Group :" + group.getDisplayName() + "is not belong to user store " + userStoreDomainFromSP + "Hence group updating fail");
        }
        String extractDomainFromName2 = IdentityUtil.extractDomainFromName(group2.getDisplayName());
        if (isPrimaryDomain(extractDomainFromName2) && !isPrimaryDomain(extractDomainFromName)) {
            group2.setDisplayName(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(group2.getDisplayName()), extractDomainFromName));
        } else if (!extractDomainFromName.equals(extractDomainFromName2)) {
            throw new IdentitySCIMException("User store domain of the group is not matching with the given SCIM group Id.");
        }
        group2.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(group2.getDisplayName()));
        group.setDisplayName(SCIMCommonUtils.getGroupNameWithDomain(group.getDisplayName()));
    }

    private boolean isPrimaryDomain(String str) {
        return str.equals(IdentityUtil.getPrimaryDomainName());
    }

    private boolean isGroupDisplayNameChanged(String str, String str2) {
        return !str.equalsIgnoreCase(str2);
    }

    private org.wso2.carbon.user.core.common.User getUserFromUsername(String str) throws org.wso2.carbon.user.core.UserStoreException {
        List userListWithID = this.carbonUM.getUserListWithID(USERNAME_CLAIM, str, SCIMCommonConstants.DEFAULT);
        if (userListWithID.isEmpty()) {
            return null;
        }
        return (org.wso2.carbon.user.core.common.User) userListWithID.get(0);
    }

    private void doUserValidation(String str, String str2, String str3, String str4, List<Object> list) throws IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException {
        if (!isInternalOrApplicationGroup(str3) && !str3.equalsIgnoreCase(str2)) {
            throw new IdentitySCIMException(str + " does not belongs to user store " + str3);
        }
        if (StringUtils.isEmpty(str)) {
            throw new IdentitySCIMException("User: " + str + " doesn't exist in the user store. Hence can not update the group: " + str4);
        }
        if (!UserCoreUtil.isContain(str, (String[]) list.toArray(new String[0]))) {
            throw new IdentitySCIMException("Provided SCIM user Id: " + str + " doesn't match with the userID obtained from user-store for the provided username: " + str);
        }
    }

    public List<Object> listGroupsWithPost(SearchRequest searchRequest, Map<String, Boolean> map) throws BadRequestException, NotImplementedException, CharonException {
        return listGroupsWithGET(searchRequest.getFilter(), searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getSortBy(), searchRequest.getSortOder(), searchRequest.getDomainName(), map);
    }

    private String getUserStoreDomainFromSP() throws IdentityApplicationManagementException {
        ServiceProvider serviceProvider;
        Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(SERVICE_PROVIDER);
        Object obj2 = ((Map) IdentityUtil.threadLocalProperties.get()).get("serviceProviderTenantDomain");
        if ((obj instanceof String) && (obj2 instanceof String)) {
            serviceProvider = ApplicationManagementService.getInstance().getServiceProvider((String) obj, (String) obj2);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Thread Local SP or SP tenant domain is null. Checking for provisioning configurations in resident SP: wso2carbon-local-sp for tenantDomain: " + this.tenantDomain);
            }
            serviceProvider = ApplicationManagementService.getInstance().getServiceProvider("wso2carbon-local-sp", this.tenantDomain);
        }
        if (serviceProvider != null && log.isDebugEnabled()) {
            log.debug("Service provider found as: " + serviceProvider.getApplicationName() + " when retrieving userstore domain.");
        }
        if (serviceProvider == null || serviceProvider.getInboundProvisioningConfig() == null || StringUtils.isBlank(serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore())) {
            return null;
        }
        String provisioningUserStore = serviceProvider.getInboundProvisioningConfig().getProvisioningUserStore();
        if (log.isDebugEnabled()) {
            log.debug("Userstore domain set to: " + provisioningUserStore + " after retrieving info from service provider provisioning config: " + serviceProvider.getApplicationName());
        }
        return provisioningUserStore;
    }

    private boolean isSCIMEnabled(String str) {
        UserStoreManager secondaryUserStoreManager = this.carbonUM.getSecondaryUserStoreManager(str);
        if (secondaryUserStoreManager == null) {
            return false;
        }
        try {
            return secondaryUserStoreManager.isSCIMEnabled();
        } catch (UserStoreException e) {
            log.error("Error while evaluating isSCIMEnalbed for user store " + str, e);
            return false;
        }
    }

    private User getSCIMUser(org.wso2.carbon.user.core.common.User user, List<String> list, Map<String, String> map, Map<String, String> map2) throws CharonException {
        String userStoreDomain = user.getUserStoreDomain();
        if (StringUtils.isNotBlank(userStoreDomain) && !isSCIMEnabled(userStoreDomain)) {
            throw new CharonException("Cannot get user through SCIM to user store. SCIM is not enabled for user store: " + userStoreDomain);
        }
        try {
            Map<String, String> convertLocalToSCIMDialect = SCIMCommonUtils.convertLocalToSCIMDialect(this.carbonUM.getUserClaimValuesWithID(user.getUserID(), (String[]) list.toArray(new String[0]), (String) null), map);
            if (!convertLocalToSCIMDialect.containsKey("urn:ietf:params:scim:schemas:core:2.0:id")) {
                return null;
            }
            convertLocalToSCIMDialect.remove("urn:ietf:params:scim:schemas:core:2.0:User:addresses");
            convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:User:userName", user.getUsername());
            convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:meta.location", SCIMCommonUtils.getSCIMUserURL(convertLocalToSCIMDialect.get("urn:ietf:params:scim:schemas:core:2.0:id")));
            if (!convertLocalToSCIMDialect.containsKey("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType")) {
                convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType", "User");
            }
            HashMap hashMap = new HashMap();
            ArrayList arrayList = new ArrayList(this.carbonUM.getRoleListOfUserWithID(user.getUserID()));
            if (this.carbonUM.isRoleAndGroupSeparationEnabled()) {
                arrayList.removeIf(SCIMCommonUtils::isHybridRole);
            } else {
                checkForSCIMDisabledHybridRoles(arrayList);
            }
            User user2 = (User) AttributeMapper.constructSCIMObjectFromAttributes(convertLocalToSCIMDialect, 1);
            if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
                user2.setUserName(SCIMCommonUtils.prependDomain(user.getDomainQualifiedUsername()));
            } else {
                user2.setUserName(user.getDomainQualifiedUsername());
            }
            for (String str : arrayList) {
                if (!UserCoreUtil.isEveryoneRole(str, this.carbonUM.getRealmConfiguration()) && !"system/wso2.anonymous.role".equalsIgnoreCase(str)) {
                    if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
                        str = SCIMCommonUtils.prependDomain(str);
                    } else if (SCIMCommonUtils.isFilteringEnhancementsEnabled()) {
                        str = SCIMCommonUtils.prependDomain(str);
                    }
                    Group group = hashMap.get(str);
                    if (group == null && !hashMap.containsKey(str)) {
                        group = getGroupOnlyWithMetaAttributes(str);
                        hashMap.put(str, group);
                    }
                    if (group != null) {
                        user2.setGroup((String) null, group);
                    }
                }
            }
            if (this.carbonUM.isRoleAndGroupSeparationEnabled()) {
                setRolesOfUser(hashMap, user, user2);
            }
            return user2;
        } catch (UserStoreException | CharonException | NotFoundException | IdentitySCIMException | BadRequestException e) {
            throw new CharonException("Error in getting user information for user: " + user.getDomainQualifiedUsername(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v130, types: [java.util.Map] */
    private Set<User> getSCIMUsers(Set<org.wso2.carbon.user.core.common.User> set, List<String> list, Map<String, String> map) throws CharonException {
        ArrayList arrayList = new ArrayList();
        try {
            List<UniqueIDUserClaimSearchEntry> usersClaimValuesWithID = this.carbonUM.getUsersClaimValuesWithID((List) set.stream().map((v0) -> {
                return v0.getUserID();
            }).collect(Collectors.toList()), list, (String) null);
            Map roleListOfUsersWithID = this.carbonUM.getRoleListOfUsersWithID((List) set.stream().map((v0) -> {
                return v0.getUserID();
            }).collect(Collectors.toList()));
            HashMap hashMap = new HashMap();
            for (org.wso2.carbon.user.core.common.User user : set) {
                String userStoreDomain = user.getUserStoreDomain();
                if (isSCIMEnabled(userStoreDomain)) {
                    if (log.isDebugEnabled()) {
                        log.debug("SCIM is enabled for the user-store domain : " + userStoreDomain + ". Including user : " + user.getUsername() + " in the response.");
                    }
                    HashMap hashMap2 = new HashMap();
                    for (UniqueIDUserClaimSearchEntry uniqueIDUserClaimSearchEntry : usersClaimValuesWithID) {
                        if (uniqueIDUserClaimSearchEntry.getUser() != null && StringUtils.isNotBlank(uniqueIDUserClaimSearchEntry.getUser().getUserID()) && uniqueIDUserClaimSearchEntry.getUser().getUserID().equals(user.getUserID())) {
                            hashMap2 = uniqueIDUserClaimSearchEntry.getClaims();
                        }
                    }
                    try {
                        Map<String, String> convertLocalToSCIMDialect = SCIMCommonUtils.convertLocalToSCIMDialect(hashMap2, map);
                        try {
                            if (convertLocalToSCIMDialect.containsKey("urn:ietf:params:scim:schemas:core:2.0:id")) {
                                if (convertLocalToSCIMDialect.containsKey("urn:ietf:params:scim:schemas:core:2.0:User:addresses")) {
                                    convertLocalToSCIMDialect.remove("urn:ietf:params:scim:schemas:core:2.0:User:addresses");
                                }
                                convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:meta.location", SCIMCommonUtils.getSCIMUserURL(convertLocalToSCIMDialect.get("urn:ietf:params:scim:schemas:core:2.0:id")));
                                if (!convertLocalToSCIMDialect.containsKey("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType")) {
                                    convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:meta.resourceType", "User");
                                }
                                List list2 = (List) roleListOfUsersWithID.get(user.getUserID());
                                ArrayList arrayList2 = new ArrayList();
                                if (CollectionUtils.isNotEmpty(list2)) {
                                    arrayList2 = new ArrayList(list2);
                                } else if (log.isDebugEnabled()) {
                                    log.debug(String.format("Roles not found for user %s with id %s .", user.getFullQualifiedUsername(), user.getUserID()));
                                }
                                if (this.carbonUM.isRoleAndGroupSeparationEnabled()) {
                                    arrayList2.removeIf(SCIMCommonUtils::isHybridRole);
                                } else {
                                    checkForSCIMDisabledHybridRoles(arrayList2);
                                }
                                if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
                                    convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:User:userName", SCIMCommonUtils.prependDomain(user.getDomainQualifiedUsername()));
                                } else {
                                    convertLocalToSCIMDialect.put("urn:ietf:params:scim:schemas:core:2.0:User:userName", user.getDomainQualifiedUsername());
                                }
                                User user2 = (User) AttributeMapper.constructSCIMObjectFromAttributes(convertLocalToSCIMDialect, 1);
                                for (String str : arrayList2) {
                                    if (!UserCoreUtil.isEveryoneRole(str, this.carbonUM.getRealmConfiguration()) && !"system/wso2.anonymous.role".equalsIgnoreCase(str)) {
                                        if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
                                            str = SCIMCommonUtils.prependDomain(str);
                                        } else if (SCIMCommonUtils.isFilteringEnhancementsEnabled()) {
                                            str = SCIMCommonUtils.prependDomain(str);
                                        }
                                        Group group = hashMap.get(str);
                                        if (group == null && !hashMap.containsKey(str)) {
                                            group = getGroupOnlyWithMetaAttributes(str);
                                            hashMap.put(str, group);
                                        }
                                        if (group != null) {
                                            user2.setGroup((String) null, group);
                                        }
                                    }
                                }
                                if (this.carbonUM.isRoleAndGroupSeparationEnabled()) {
                                    setRolesOfUser(hashMap, user, user2);
                                }
                                if (user2 != null) {
                                    arrayList.add(user2);
                                }
                            } else if (log.isDebugEnabled()) {
                                log.debug(String.format("Skipping adding user %s with id %s as attribute %s is not available.", user.getFullQualifiedUsername(), user.getUserID(), "urn:ietf:params:scim:schemas:core:2.0:id"));
                            }
                        } catch (UserStoreException | CharonException | NotFoundException | IdentitySCIMException | BadRequestException e) {
                            throw new CharonException("Error in getting user information for user: " + user.getUsername(), e);
                        }
                    } catch (UserStoreException e2) {
                        throw new CharonException("Error in converting local claims to SCIM dialect for user: " + user.getUsername(), e2);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("SCIM is disabled for the user-store domain : " + userStoreDomain + ". Hence user : " + user.getUsername() + " in this domain is excluded in the response.");
                }
            }
            TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getUsername();
            }));
            treeSet.addAll(arrayList);
            return treeSet;
        } catch (org.wso2.carbon.user.core.UserStoreException e3) {
            log.error("Error occurred while retrieving SCIM user information", e3);
            throw new CharonException("Error occurred while retrieving SCIM user information", e3);
        }
    }

    private void setRolesOfUser(Map<String, Group> map, org.wso2.carbon.user.core.common.User user, User user2) throws org.wso2.carbon.user.core.UserStoreException, CharonException, IdentitySCIMException, BadRequestException {
        List<String> hybridRoleListOfUser = this.carbonUM.getHybridRoleListOfUser(user.getUsername(), user.getUserStoreDomain());
        checkForSCIMDisabledHybridRoles(hybridRoleListOfUser);
        for (String str : hybridRoleListOfUser) {
            if (!"system/wso2.anonymous.role".equalsIgnoreCase(str)) {
                Group group = map.get(str);
                if (group == null && !map.containsKey(str)) {
                    group = getGroupOnlyWithMetaAttributes(str);
                    map.put(str, group);
                }
                Role role = new Role();
                role.setDisplayName(removeInternalDomain(group.getDisplayName()));
                role.setId(group.getId());
                role.setLocation(SCIMCommonUtils.getSCIMRoleURL(group.getId()));
                user2.setRole(role);
            }
        }
    }

    private Group getGroupOnlyWithMetaAttributes(String str) throws CharonException, IdentitySCIMException, org.wso2.carbon.user.core.UserStoreException, BadRequestException {
        Group group = new Group();
        group.setDisplayName(str);
        return new SCIMGroupHandler(this.carbonUM.getTenantId()).getGroupWithAttributes(group, str);
    }

    private boolean isInternalOrApplicationGroup(String str) {
        return StringUtils.isNotBlank(str) && (SCIMCommonConstants.APPLICATION_DOMAIN.equalsIgnoreCase(str) || SCIMCommonConstants.INTERNAL_DOMAIN.equalsIgnoreCase(str));
    }

    private boolean isNotInternalOrApplicationGroup(String str) {
        return !isInternalOrApplicationGroup(str);
    }

    private void appendDomainToMembers(Group group, String str) throws CharonException {
        List attributeValues;
        if (StringUtils.isBlank(str) || CollectionUtils.isEmpty(group.getMembers()) || !group.isAttributeExist("members") || (attributeValues = ((MultiValuedAttribute) group.getAttributeList().get("members")).getAttributeValues()) == null || attributeValues.isEmpty()) {
            return;
        }
        Iterator it = attributeValues.iterator();
        while (it.hasNext()) {
            SimpleAttribute subAttribute = ((Attribute) it.next()).getSubAttribute("display");
            subAttribute.setValue(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(AttributeUtil.getStringValueOfAttribute(subAttribute.getValue(), subAttribute.getType())), str));
        }
    }

    private Group getGroupWithName(String str) throws CharonException, UserStoreException, IdentitySCIMException, BadRequestException {
        return doGetGroup(str, true, false);
    }

    private Group doGetGroup(String str, boolean z, boolean z2) throws CharonException, org.wso2.carbon.user.core.UserStoreException, IdentitySCIMException, BadRequestException {
        String extractDomainFromName = IdentityUtil.extractDomainFromName(str);
        if (!isInternalOrApplicationGroup(extractDomainFromName) && StringUtils.isNotBlank(extractDomainFromName) && !isSCIMEnabled(extractDomainFromName)) {
            throw new CharonException("Cannot retrieve group through scim to user store . SCIM is not enabled for user store " + extractDomainFromName);
        }
        Group group = new Group();
        if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
            str = SCIMCommonUtils.prependDomain(str);
            group.setDisplayName(str);
        } else if (SCIMCommonUtils.mandateDomainForGroupNamesInGroupsResponse()) {
            str = SCIMCommonUtils.prependDomain(str);
            group.setDisplayName(str);
        } else {
            group.setDisplayName(str);
        }
        List<org.wso2.carbon.user.core.common.User> userListOfRoleWithID = this.carbonUM.getUserListOfRoleWithID(str);
        if (userListOfRoleWithID != null && userListOfRoleWithID.size() != 0) {
            for (org.wso2.carbon.user.core.common.User user : userListOfRoleWithID) {
                String userID = user.getUserID();
                String domainQualifiedUsername = user.getDomainQualifiedUsername();
                if (SCIMCommonUtils.mandateDomainForUsernamesAndGroupNamesInResponse()) {
                    domainQualifiedUsername = SCIMCommonUtils.prependDomain(domainQualifiedUsername);
                }
                String sCIMUserURL = SCIMCommonUtils.getSCIMUserURL(userID);
                User user2 = new User();
                user2.setUserName(domainQualifiedUsername);
                user2.setId(userID);
                user2.setLocation(sCIMUserURL);
                group.setMember(user2);
            }
        }
        HashMap hashMap = new HashMap();
        List<String> hybridRoleListOfGroup = this.carbonUM.getHybridRoleListOfGroup(UserCoreUtil.removeDomainFromName(str), UserCoreUtil.extractDomainFromName(str));
        checkForSCIMDisabledHybridRoles(hybridRoleListOfGroup);
        for (String str2 : hybridRoleListOfGroup) {
            if (!"system/wso2.anonymous.role".equalsIgnoreCase(str2)) {
                Group group2 = (Group) hashMap.get(str2);
                if (group2 == null && !hashMap.containsKey(str2)) {
                    group2 = getGroupOnlyWithMetaAttributes(str2);
                    hashMap.put(str2, group2);
                }
                Role role = new Role();
                role.setDisplayName(removeInternalDomain(group2.getDisplayName()));
                role.setId(group2.getId());
                role.setLocation(SCIMCommonUtils.getSCIMRoleURL(group2.getId()));
                group.setRole(role);
            }
        }
        return new SCIMGroupHandler(this.carbonUM.getTenantId()).getGroupWithAttributes(group, str);
    }

    private Group addDomainToUserMembers(Group group, String str) throws CharonException {
        List attributeValues;
        List members = group.getMembers();
        if (StringUtils.isBlank(str) || members == null || members.isEmpty()) {
            return group;
        }
        if (group.isAttributeExist("members") && (attributeValues = ((MultiValuedAttribute) group.getAttributeList().get("members")).getAttributeValues()) != null && !attributeValues.isEmpty()) {
            Iterator it = attributeValues.iterator();
            while (it.hasNext()) {
                SimpleAttribute subAttribute = ((Attribute) it.next()).getSubAttribute("display");
                subAttribute.setValue(IdentityUtil.addDomainToName(UserCoreUtil.removeDomainFromName(AttributeUtil.getStringValueOfAttribute(subAttribute.getValue(), subAttribute.getType())), str));
            }
        }
        return group;
    }

    private List<String> getMappedClaimList(Map<String, Boolean> map) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            if (!entry.getValue().equals(true)) {
                arrayList.add(entry.getKey());
            }
        }
        return arrayList;
    }

    private List<String> getOnlyRequiredClaims(Set<String> set, Map<String, Boolean> map) {
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            if (map.get(str).booleanValue()) {
                if (set.contains(str)) {
                    arrayList.add(str);
                } else {
                    String[] split = str.split("[.]");
                    for (String str2 : set) {
                        if (split.length == 3) {
                            if (str2.contains(split[0] + "." + split[1]) && !arrayList.contains(str2)) {
                                arrayList.add(str2);
                            }
                        } else if (split.length == 2 && str2.contains(split[0]) && !arrayList.contains(str2)) {
                            arrayList.add(str2);
                        }
                    }
                }
            } else if (!arrayList.contains(str)) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private Set<org.wso2.carbon.user.core.common.User> paginateUsers(Set<org.wso2.carbon.user.core.common.User> set, int i, int i2) {
        TreeSet treeSet;
        if (set == null) {
            return new TreeSet(Comparator.comparing((v0) -> {
                return v0.getFullQualifiedUsername();
            }));
        }
        if (set instanceof TreeSet) {
            treeSet = (TreeSet) set;
        } else {
            treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getFullQualifiedUsername();
            }));
            treeSet.addAll(set);
        }
        if (i2 <= 0) {
            i2 = 1;
        }
        return i2 > treeSet.size() ? new TreeSet(Comparator.comparing((v0) -> {
            return v0.getFullQualifiedUsername();
        })) : i <= 0 ? i2 == 1 ? set : new TreeSet(new ArrayList(treeSet).subList(i2 - 1, treeSet.size())) : set.size() > i + i2 ? new TreeSet(new ArrayList(treeSet).subList(i2 - 1, (i + i2) - 1)) : new TreeSet(new ArrayList(treeSet).subList(i2 - 1, treeSet.size()));
    }

    private boolean isFilteringNotSupported(String str) {
        return (str.equalsIgnoreCase(SCIMCommonConstants.EQ) || str.equalsIgnoreCase(SCIMCommonConstants.CO) || str.equalsIgnoreCase(SCIMCommonConstants.SW) || str.equalsIgnoreCase(SCIMCommonConstants.EW)) ? false : true;
    }

    private Set<org.wso2.carbon.user.core.common.User> getUserListOfRoles(List<String> list) throws org.wso2.carbon.user.core.UserStoreException {
        HashSet hashSet = new HashSet();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                hashSet.addAll(new HashSet(this.carbonUM.getUserListOfRoleWithID(it.next())));
            }
        }
        return hashSet;
    }

    private String getSearchAttribute(String str, String str2, String str3, String str4) {
        String str5 = null;
        if (str2.equalsIgnoreCase(SCIMCommonConstants.CO)) {
            str5 = createSearchValueForCoOperation(str, str2, str3, str4);
        } else if (str2.equalsIgnoreCase(SCIMCommonConstants.SW)) {
            str5 = str3 + str4;
        } else if (str2.equalsIgnoreCase(SCIMCommonConstants.EW)) {
            str5 = createSearchValueForEwOperation(str, str2, str3, str4);
        } else if (str2.equalsIgnoreCase(SCIMCommonConstants.EQ)) {
            str5 = str3;
        }
        return str5;
    }

    private String createSearchValueForCoOperation(String str, String str2, String str3, String str4) {
        if (!isDomainSupportedAttribute(str)) {
            return str4 + str3 + str4;
        }
        String[] split = str3.split(CarbonConstants.DOMAIN_SEPARATOR, 2);
        return split.length > 1 ? createSearchValueWithDomainForCoEwOperations(str, str2, str3, str4, split) : str4 + str3 + str4;
    }

    private String createSearchValueForEwOperation(String str, String str2, String str3, String str4) {
        if (!isDomainSupportedAttribute(str)) {
            return str4 + str3;
        }
        String[] split = str3.split(CarbonConstants.DOMAIN_SEPARATOR, 2);
        return split.length > 1 ? createSearchValueWithDomainForCoEwOperations(str, str2, str3, str4, split) : str4 + str3;
    }

    private String createSearchValueWithDomainForCoEwOperations(String str, String str2, String str3, String str4, String[] strArr) {
        String str5;
        if (log.isDebugEnabled()) {
            log.debug(String.format("Domain detected in attribute value: %s for filter attribute: %s for filter operation: %s.", str3, str, str2));
        }
        if (str2.equalsIgnoreCase(SCIMCommonConstants.EW)) {
            str5 = strArr[0] + CarbonConstants.DOMAIN_SEPARATOR + str4 + strArr[1];
        } else if (str2.equalsIgnoreCase(SCIMCommonConstants.CO)) {
            str5 = strArr[0] + CarbonConstants.DOMAIN_SEPARATOR + str4 + strArr[1] + str4;
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Filter operation: %s is not supported by method createSearchValueWithDomainForCoEwOperations to create a search value.", new Object[0]));
            }
            str5 = str3;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Search attribute value : %s is created for operation: %s created with domain : %s ", str5, str2, strArr[0]));
        }
        return str5;
    }

    private boolean isDomainSupportedAttribute(String str) {
        return "urn:ietf:params:scim:schemas:core:2.0:User:userName".equalsIgnoreCase(str) || "urn:ietf:params:scim:schemas:core:2.0:id".equalsIgnoreCase(str) || "urn:ietf:params:scim:schemas:core:2.0:User:groups".equalsIgnoreCase(str) || "urn:ietf:params:scim:schemas:core:2.0:Group:displayName".equalsIgnoreCase(str) || "urn:ietf:params:scim:schemas:core:2.0:Group:members.display".equalsIgnoreCase(str);
    }

    private List<String> getRoleNames(String str, String str2, String str3) throws org.wso2.carbon.user.core.UserStoreException {
        String searchAttribute = str3.contains("*") ? str3 : getSearchAttribute(str, str2, str3, "*");
        if (log.isDebugEnabled()) {
            log.debug(String.format("Filtering roleNames from search attribute: %s", searchAttribute));
        }
        String extractDomain = SCIMCommonUtils.extractDomain(str3);
        return isInternalOrApplicationGroup(extractDomain) ? filterHybridRoles(extractDomain, searchAttribute) : StringUtils.isEmpty(extractDomain) ? Arrays.asList(this.carbonUM.getRoleNames(searchAttribute, MAX_ITEM_LIMIT_UNLIMITED, false, true, true)) : Arrays.asList(this.carbonUM.getRoleNames(searchAttribute, MAX_ITEM_LIMIT_UNLIMITED, true, true, true));
    }

    private Set<org.wso2.carbon.user.core.common.User> getUserNames(String str, String str2, String str3) throws org.wso2.carbon.user.core.UserStoreException {
        String searchAttribute = str3.contains("*") ? str3 : getSearchAttribute(str, str2, str3, "*");
        String str4 = SCIMCommonUtils.getSCIMtoLocalMappings().get(str);
        if (StringUtils.isBlank(str4)) {
            str4 = str;
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Filtering userNames from search attribute: %s", searchAttribute));
        }
        return new HashSet(this.carbonUM.getUserListWithID(str4, searchAttribute, SCIMCommonConstants.DEFAULT));
    }

    private List<String> getGroupList(ExpressionNode expressionNode, String str) throws org.wso2.carbon.user.core.UserStoreException, CharonException {
        Set<org.wso2.carbon.user.core.common.User> userNames;
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String value = expressionNode.getValue();
        if (!attributeValue.equals("urn:ietf:params:scim:schemas:core:2.0:Group:members.display") && !attributeValue.equals("urn:ietf:params:scim:schemas:core:2.0:Group:members.value")) {
            if (attributeValue.equals("urn:ietf:params:scim:schemas:core:2.0:Group:displayName")) {
                List<String> roleNames = getRoleNames(attributeValue, operation, prependDomainNameToTheAttributeValue(value, str));
                checkForSCIMDisabledHybridRoles(roleNames);
                return roleNames;
            }
            try {
                return getGroupNamesFromDB(attributeValue, operation, value, str);
            } catch (IdentitySCIMException e) {
                log.error("Error in retrieving SCIM Group information from database.", e);
                throw new CharonException("Error in retrieving SCIM Group information from database.", e);
            }
        }
        String prependDomainNameToTheAttributeValue = prependDomainNameToTheAttributeValue(value, str);
        if (attributeValue.equals("urn:ietf:params:scim:schemas:core:2.0:Group:members.display")) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Filter attribute: %s mapped to filter attribute: %s to filter users in groups endpoint.", attributeValue, "urn:ietf:params:scim:schemas:core:2.0:User:userName"));
            }
            userNames = getUserNames("urn:ietf:params:scim:schemas:core:2.0:User:userName", operation, prependDomainNameToTheAttributeValue);
        } else {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Filter attribute: %s mapped to filter attribute: %s to filter users in groups endpoint", attributeValue, "urn:ietf:params:scim:schemas:core:2.0:id"));
            }
            userNames = getUserNames("urn:ietf:params:scim:schemas:core:2.0:id", operation, prependDomainNameToTheAttributeValue);
        }
        HashSet hashSet = new HashSet();
        Iterator<org.wso2.carbon.user.core.common.User> it = userNames.iterator();
        while (it.hasNext()) {
            hashSet.addAll(this.carbonUM.getRoleListOfUserWithID(it.next().getUserID()));
        }
        ArrayList arrayList = new ArrayList(hashSet);
        checkForSCIMDisabledHybridRoles(arrayList);
        return arrayList;
    }

    private void checkForSCIMDisabledHybridRoles(List<String> list) throws CharonException {
        try {
            List<String> sCIMDisabledHybridRoleList = getSCIMDisabledHybridRoleList(new HashSet(list), new SCIMGroupHandler(this.carbonUM.getTenantId()).listSCIMRoles());
            if (!sCIMDisabledHybridRoleList.isEmpty()) {
                createSCIMAttributesForSCIMDisabledHybridRoles(sCIMDisabledHybridRoleList);
            }
        } catch (org.wso2.carbon.user.core.UserStoreException | IdentitySCIMException e) {
            throw new CharonException("Error in retrieving SCIM Group information from database.", e);
        }
    }

    private String prependDomainNameToTheAttributeValue(String str, String str2) {
        return StringUtils.isNotEmpty(str2) ? str2 + CarbonConstants.DOMAIN_SEPARATOR + str : str;
    }

    private List<String> getGroupNamesFromDB(String str, String str2, String str3, String str4) throws org.wso2.carbon.user.core.UserStoreException, IdentitySCIMException {
        String searchAttribute = getSearchAttribute(str, str2, str3, SQL_FILTERING_DELIMITER);
        SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(this.carbonUM.getTenantId());
        if (log.isDebugEnabled()) {
            log.debug(String.format("Filtering roleNames from DB from search attribute: %s", searchAttribute));
        }
        return Arrays.asList(sCIMGroupHandler.getGroupListFromAttributeName(str, searchAttribute, str4));
    }

    private boolean isPaginatedUserStoreAvailable() {
        String property = IdentityUtil.getProperty(ENABLE_PAGINATED_USER_STORE);
        if (StringUtils.isNotBlank(property)) {
            return Boolean.parseBoolean(property);
        }
        return true;
    }

    private boolean isImmutableClaim(String str) throws UserStoreException {
        Map<String, String> sCIMtoLocalMappings = SCIMCommonUtils.getSCIMtoLocalMappings();
        return str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:id")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:User:userName")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:User:roles.default")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:meta.created")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:meta.lastModified")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:meta.location")) || str.equals(sCIMtoLocalMappings.get("urn:ietf:params:scim:schemas:core:2.0:User:name.familyName")) || str.contains("http://wso2.org/claims/identity");
    }

    private List<String> getRequiredClaimsInLocalDialect(Map<String, String> map, Map<String, Boolean> map2) throws UserStoreException {
        ArrayList arrayList;
        List<String> onlyRequiredClaims = getOnlyRequiredClaims(map.keySet(), map2);
        if (MapUtils.isNotEmpty(map)) {
            map.keySet().retainAll(onlyRequiredClaims);
            arrayList = new ArrayList(map.values());
        } else {
            if (log.isDebugEnabled()) {
                log.debug("SCIM to Local Claim mappings list is empty.");
            }
            arrayList = new ArrayList();
        }
        return arrayList;
    }

    private void updateUserClaims(User user, Map<String, String> map, Map<String, String> map2) throws UserStoreException, CharonException {
        HashMap hashMap = new HashMap(map2);
        HashMap hashMap2 = new HashMap(map);
        HashMap hashMap3 = new HashMap();
        hashMap2.keySet().removeAll(map2.keySet());
        hashMap.keySet().removeAll(map.keySet());
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            if (map.containsKey(entry.getKey()) && !map.get(entry.getKey()).equals(entry.getValue())) {
                hashMap3.put(entry.getKey(), entry.getValue());
            }
        }
        for (Map.Entry entry2 : hashMap2.entrySet()) {
            if (!isImmutableClaim((String) entry2.getKey())) {
                this.carbonUM.deleteUserClaimValueWithID(user.getId(), (String) entry2.getKey(), (String) null);
            }
        }
        hashMap3.putAll(hashMap);
        this.carbonUM.setUserClaimValuesWithID(user.getId(), hashMap3, (String) null);
    }

    private void updateUserClaims(User user, Map<String, String> map, Map<String, String> map2, Map<String, String> map3) throws UserStoreException, CharonException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (String str : map3.keySet()) {
            String multiAttributeSeparator = StringUtils.isNotEmpty(FrameworkUtils.getMultiAttributeSeparator()) ? FrameworkUtils.getMultiAttributeSeparator() : ",";
            if (map.containsKey(str) && map2.containsKey(str)) {
                List asList = Arrays.asList(map.get(str).split(multiAttributeSeparator));
                List asList2 = Arrays.asList(map2.get(str).split(multiAttributeSeparator));
                if (!CollectionUtils.subtract(asList, asList2).isEmpty()) {
                    hashMap2.put(str, (List) CollectionUtils.subtract(asList, asList2));
                }
                if (!CollectionUtils.subtract(asList2, asList).isEmpty()) {
                    hashMap.put(str, (List) CollectionUtils.subtract(asList2, asList));
                }
            } else if (map.containsKey(str) && !map2.containsKey(str)) {
                hashMap2.put(str, Arrays.asList(map.get(str).split(multiAttributeSeparator)));
            } else if (!map.containsKey(str) && map2.containsKey(str)) {
                hashMap.put(str, Arrays.asList(map2.get(str).split(multiAttributeSeparator)));
            }
        }
        HashMap hashMap3 = new HashMap(map);
        hashMap3.keySet().removeAll(map3.keySet());
        HashMap hashMap4 = new HashMap(map2);
        hashMap4.keySet().removeAll(map3.keySet());
        HashMap hashMap5 = new HashMap(hashMap4);
        HashMap hashMap6 = new HashMap(hashMap3);
        HashMap hashMap7 = new HashMap();
        hashMap6.keySet().removeAll(hashMap4.keySet());
        hashMap5.keySet().removeAll(hashMap3.keySet());
        for (Map.Entry entry : hashMap4.entrySet()) {
            if (hashMap3.containsKey(entry.getKey()) && !((String) hashMap3.get(entry.getKey())).equals(entry.getValue())) {
                hashMap7.put(entry.getKey(), entry.getValue());
            }
        }
        for (Map.Entry entry2 : hashMap6.entrySet()) {
            if (!isImmutableClaim((String) entry2.getKey())) {
                this.carbonUM.deleteUserClaimValueWithID(user.getId(), (String) entry2.getKey(), (String) null);
            }
        }
        hashMap7.putAll(hashMap5);
        if (MapUtils.isEmpty(hashMap) && MapUtils.isEmpty(hashMap2)) {
            this.carbonUM.setUserClaimValuesWithID(user.getId(), hashMap7, (String) null);
        } else {
            this.carbonUM.setUserClaimValuesWithID(user.getId(), convertClaimValuesToList(map), hashMap, hashMap2, convertClaimValuesToList(hashMap7), (String) null);
        }
    }

    private Map<String, List<String>> convertClaimValuesToList(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        String multiAttributeSeparator = FrameworkUtils.getMultiAttributeSeparator();
        if (StringUtils.isEmpty(multiAttributeSeparator)) {
            multiAttributeSeparator = ",";
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), Arrays.asList(entry.getValue().split(multiAttributeSeparator)));
        }
        return hashMap;
    }

    private boolean validateUserExistence(User user) throws org.wso2.carbon.user.core.UserStoreException, CharonException {
        return StringUtils.isNotEmpty(user.getId()) ? this.carbonUM.isExistingUserWithID(user.getId()) : this.carbonUM.isExistingUser(user.getUserName());
    }

    private List<String> filterHybridRoles(String str, String str2) throws org.wso2.carbon.user.core.UserStoreException {
        ArrayList arrayList = new ArrayList();
        for (String str3 : this.carbonUM.getRoleNames(str2, MAX_ITEM_LIMIT_UNLIMITED, false, true, true)) {
            if ((str == null || str3.startsWith(str)) && (str3.toLowerCase().startsWith(SCIMCommonConstants.INTERNAL_DOMAIN.toLowerCase()) || str3.toLowerCase().startsWith(SCIMCommonConstants.APPLICATION_DOMAIN.toLowerCase()))) {
                arrayList.add(str3);
            }
        }
        return arrayList;
    }

    private List<String> getSCIMDisabledHybridRoleList(Set<String> set, Set<String> set2) {
        ArrayList arrayList = new ArrayList();
        for (String str : set) {
            if (!set2.contains(str) && SCIMCommonUtils.isHybridRole(str) && !UserCoreUtil.isEveryoneRole(str, this.carbonUM.getRealmConfiguration())) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private void createSCIMAttributesForSCIMDisabledHybridRoles(List<String> list) throws org.wso2.carbon.user.core.UserStoreException, IdentitySCIMException {
        HashMap hashMap = new HashMap();
        for (String str : list) {
            HashMap hashMap2 = new HashMap();
            String uuid = UUID.randomUUID().toString();
            hashMap2.put("urn:ietf:params:scim:schemas:core:2.0:id", uuid);
            String formatDateTime = AttributeUtil.formatDateTime(Instant.now());
            hashMap2.put("urn:ietf:params:scim:schemas:core:2.0:meta.created", formatDateTime);
            hashMap2.put("urn:ietf:params:scim:schemas:core:2.0:meta.lastModified", formatDateTime);
            hashMap2.put("urn:ietf:params:scim:schemas:core:2.0:meta.location", SCIMCommonUtils.getSCIMGroupURL(uuid));
            hashMap.put(str, hashMap2);
        }
        new GroupDAO().addSCIMGroupAttributesToSCIMDisabledHybridRoles(this.carbonUM.getTenantId(), hashMap);
        if (log.isDebugEnabled()) {
            log.debug("Persisted SCIM metadata for hybrid roles created while SCIM is disabled in the user store.");
        }
    }

    public String[] getGroupPermissions(String str) throws UserStoreException, RolePermissionException {
        return SCIMCommonComponentHolder.getRolePermissionManagementService().getRolePermissions(str, this.carbonUM.getTenantId());
    }

    public void setGroupPermissions(String str, String[] strArr) throws RolePermissionException {
        SCIMCommonComponentHolder.getRolePermissionManagementService().setRolePermissions(str, strArr);
    }

    public void updatePermissionListOfGroup(String str, String[] strArr, String[] strArr2) throws UserStoreException, RolePermissionException {
        List asList = Arrays.asList(getGroupPermissions(str));
        if (asList.isEmpty()) {
            if (ArrayUtils.isNotEmpty(strArr)) {
                SCIMCommonComponentHolder.getRolePermissionManagementService().setRolePermissions(str, strArr);
            }
        } else {
            if (ArrayUtils.isNotEmpty(strArr)) {
                asList = ListUtils.union(asList, Arrays.asList(strArr));
            }
            if (ArrayUtils.isNotEmpty(strArr2)) {
                asList = ListUtils.subtract(asList, Arrays.asList(strArr2));
            }
            SCIMCommonComponentHolder.getRolePermissionManagementService().setRolePermissions(str, (String[]) asList.toArray(new String[0]));
        }
    }

    public List<Attribute> getUserSchema() throws CharonException {
        ArrayList arrayList = new ArrayList(buildHierarchicalAttributeMap(getFilteredUserSchemaAttributes(getMappedLocalClaimsForDialect(SCIMCommonConstants.SCIM_USER_CLAIM_DIALECT, this.tenantDomain))).values());
        if (log.isDebugEnabled()) {
            logSchemaAttributes(arrayList);
        }
        return arrayList;
    }

    public List<Attribute> getEnterpriseUserSchema() throws CharonException {
        ArrayList arrayList = null;
        if (SCIMCommonUtils.isEnterpriseUserExtensionEnabled()) {
            arrayList = new ArrayList(buildHierarchicalAttributeMap(getFilteredEnterpriseUserSchemaAttributes(getMappedLocalClaimsForDialect(SCIMCommonConstants.SCIM_ENTERPRISE_USER_CLAIM_DIALECT, this.tenantDomain))).values());
            if (log.isDebugEnabled()) {
                logSchemaAttributes(arrayList);
            }
        } else if (log.isDebugEnabled()) {
            log.debug("Enterprise user schema support disabled.");
        }
        return arrayList;
    }

    private Map<ExternalClaim, LocalClaim> getMappedLocalClaimsForDialect(String str, String str2) throws CharonException {
        try {
            List externalClaims = this.claimMetadataManagementService.getExternalClaims(str, str2);
            List localClaims = this.claimMetadataManagementService.getLocalClaims(str2);
            HashMap hashMap = new HashMap();
            if (externalClaims != null && localClaims != null) {
                externalClaims.forEach(externalClaim -> {
                    getMappedLocalClaim(externalClaim, localClaims).ifPresent(localClaim -> {
                    });
                });
            }
            return hashMap;
        } catch (ClaimMetadataException e) {
            throw new CharonException("Error while retrieving schema attribute details.", e);
        }
    }

    private Optional<LocalClaim> getMappedLocalClaim(ExternalClaim externalClaim, List<LocalClaim> list) {
        return list == null ? Optional.empty() : list.stream().filter(localClaim -> {
            return localClaim.getClaimURI().equals(externalClaim.getMappedLocalClaim());
        }).findAny();
    }

    private Map<String, Attribute> getFilteredUserSchemaAttributes(Map<ExternalClaim, LocalClaim> map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<ExternalClaim, LocalClaim> entry : map.entrySet()) {
            ExternalClaim key = entry.getKey();
            LocalClaim value = entry.getValue();
            if (isSupportedByDefault(value) || isUsernameClaim(key)) {
                Attribute schemaAttributes = getSchemaAttributes(key, value);
                hashMap.put(schemaAttributes.getName(), schemaAttributes);
            }
        }
        return hashMap;
    }

    private Map<String, Attribute> getFilteredEnterpriseUserSchemaAttributes(Map<ExternalClaim, LocalClaim> map) {
        return (Map) map.entrySet().stream().filter(entry -> {
            return isSupportedByDefault((LocalClaim) entry.getValue());
        }).map(entry2 -> {
            return getSchemaAttributes((ExternalClaim) entry2.getKey(), (LocalClaim) entry2.getValue());
        }).collect(Collectors.toMap(attribute -> {
            return attribute.getName();
        }, Function.identity()));
    }

    private boolean isSupportedByDefault(LocalClaim localClaim) {
        return Boolean.parseBoolean(localClaim.getClaimProperty("SupportedByDefault"));
    }

    private boolean isUsernameClaim(ExternalClaim externalClaim) {
        return "urn:ietf:params:scim:schemas:core:2.0:User:userName".equals(externalClaim.getClaimURI());
    }

    private Attribute getSchemaAttributes(ExternalClaim externalClaim, LocalClaim localClaim) {
        String claimURI = externalClaim.getClaimURI();
        if (claimURI.startsWith(externalClaim.getClaimDialectURI())) {
            claimURI = claimURI.substring(externalClaim.getClaimDialectURI().length() + 1);
        }
        ComplexAttribute complexAttribute = isComplexAttribute(claimURI) ? new ComplexAttribute(claimURI) : new SimpleAttribute(claimURI, (Object) null);
        pupulateBasicAttributes(localClaim, complexAttribute);
        return complexAttribute;
    }

    private boolean isComplexAttribute(String str) {
        boolean z = MAX_ITEM_LIMIT_UNLIMITED;
        switch (str.hashCode()) {
            case -1704576794:
                if (str.equals("entitlements")) {
                    z = 8;
                    break;
                }
                break;
            case -1299765161:
                if (str.equals("emails")) {
                    z = 2;
                    break;
                }
                break;
            case -1237460524:
                if (str.equals("groups")) {
                    z = 7;
                    break;
                }
                break;
            case -989034367:
                if (str.equals("photos")) {
                    z = 5;
                    break;
                }
                break;
            case -320633246:
                if (str.equals("x509Certificates")) {
                    z = 10;
                    break;
                }
                break;
            case 104399:
                if (str.equals("ims")) {
                    z = 4;
                    break;
                }
                break;
            case 3373707:
                if (str.equals(SCIMCommonConstants.ATTRIBUTE_NAME_NAME)) {
                    z = true;
                    break;
                }
                break;
            case 108695229:
                if (str.equals("roles")) {
                    z = 9;
                    break;
                }
                break;
            case 835260333:
                if (str.equals("manager")) {
                    z = false;
                    break;
                }
                break;
            case 874544034:
                if (str.equals("addresses")) {
                    z = 6;
                    break;
                }
                break;
            case 1672646908:
                if (str.equals("phoneNumbers")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case SCIMCommonConstants.USER /* 1 */:
            case SCIMCommonConstants.GROUP /* 2 */:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return true;
            default:
                return false;
        }
    }

    private boolean isMultivaluedAttribute(String str) {
        boolean z = MAX_ITEM_LIMIT_UNLIMITED;
        switch (str.hashCode()) {
            case -1704576794:
                if (str.equals("entitlements")) {
                    z = 6;
                    break;
                }
                break;
            case -1299765161:
                if (str.equals("emails")) {
                    z = false;
                    break;
                }
                break;
            case -1237460524:
                if (str.equals("groups")) {
                    z = 5;
                    break;
                }
                break;
            case -989034367:
                if (str.equals("photos")) {
                    z = 3;
                    break;
                }
                break;
            case -320633246:
                if (str.equals("x509Certificates")) {
                    z = 8;
                    break;
                }
                break;
            case 104399:
                if (str.equals("ims")) {
                    z = 2;
                    break;
                }
                break;
            case 108695229:
                if (str.equals("roles")) {
                    z = 7;
                    break;
                }
                break;
            case 874544034:
                if (str.equals("addresses")) {
                    z = 4;
                    break;
                }
                break;
            case 1672646908:
                if (str.equals("phoneNumbers")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case SCIMCommonConstants.USER /* 1 */:
            case SCIMCommonConstants.GROUP /* 2 */:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return true;
            default:
                return false;
        }
    }

    private void pupulateBasicAttributes(LocalClaim localClaim, AbstractAttribute abstractAttribute) {
        if (localClaim != null) {
            abstractAttribute.setDescription(localClaim.getClaimProperty("Description"));
            abstractAttribute.setRequired(Boolean.valueOf(Boolean.parseBoolean(localClaim.getClaimProperty("Required"))));
            if (Boolean.parseBoolean(localClaim.getClaimProperty("ReadOnly"))) {
                abstractAttribute.setMutability(SCIMDefinitions.Mutability.READ_ONLY);
            } else {
                abstractAttribute.setMutability(SCIMDefinitions.Mutability.READ_WRITE);
            }
        }
        abstractAttribute.setCaseExact(false);
        if (abstractAttribute instanceof ComplexAttribute) {
            abstractAttribute.setType(SCIMDefinitions.DataType.COMPLEX);
        } else {
            abstractAttribute.setType(SCIMDefinitions.DataType.STRING);
        }
        abstractAttribute.setMultiValued(Boolean.valueOf(isMultivaluedAttribute(abstractAttribute.getName())));
        abstractAttribute.setReturned(SCIMDefinitions.Returned.DEFAULT);
        abstractAttribute.setUniqueness(SCIMDefinitions.Uniqueness.NONE);
        if (localClaim != null) {
            abstractAttribute.addAttributeProperty(DISPLAY_NAME_PROPERTY, localClaim.getClaimProperty("DisplayName"));
            abstractAttribute.addAttributeProperty(DISPLAY_ORDER_PROPERTY, localClaim.getClaimProperty("DisplayOrder"));
            abstractAttribute.addAttributeProperty(REGULAR_EXPRESSION_PROPERTY, localClaim.getClaimProperty("RegEx"));
        }
    }

    private Map<String, Attribute> buildHierarchicalAttributeMap(Map<String, Attribute> map) throws CharonException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, Attribute> entry : map.entrySet()) {
            String key = entry.getKey();
            Attribute value = entry.getValue();
            if (key.contains(".")) {
                ComplexAttribute handleSubAttribute = handleSubAttribute(value, map, hashMap2);
                hashMap2.put(handleSubAttribute.getName(), handleSubAttribute);
            } else {
                hashMap.put(key, value);
            }
        }
        hashMap.putAll(hashMap2);
        return hashMap;
    }

    private ComplexAttribute handleSubAttribute(Attribute attribute, Map<String, Attribute> map, Map<String, ComplexAttribute> map2) throws CharonException {
        String name = attribute.getName();
        String substring = name.substring(0, name.indexOf("."));
        String substring2 = name.substring(name.indexOf(".") + 1);
        AbstractAttribute abstractAttribute = (ComplexAttribute) map.get(substring);
        if (abstractAttribute == null) {
            abstractAttribute = (ComplexAttribute) map2.get(substring);
        }
        if (abstractAttribute == null) {
            abstractAttribute = new ComplexAttribute(substring);
            pupulateBasicAttributes(null, abstractAttribute);
            map2.put(substring, abstractAttribute);
        }
        if (!(attribute instanceof AbstractAttribute)) {
            throw new CharonException("Unsupported attribute type");
        }
        ((AbstractAttribute) attribute).setName(substring2);
        abstractAttribute.setSubAttribute(attribute);
        return abstractAttribute;
    }

    private void logSchemaAttributes(List<Attribute> list) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Final user schema attribute list calculated as: [");
        for (Attribute attribute : list) {
            if (1 == 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append("{");
            stringBuffer.append(attribute.getName());
            stringBuffer.append("}");
        }
        stringBuffer.append("]");
        log.debug(stringBuffer);
    }

    private void validateExtractedDomain(String str, String str2, String str3) throws BadRequestException, CharonException {
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str3) && !str3.equalsIgnoreCase(str)) {
            throw new BadRequestException(String.format(" Domain name: %s in the domain parameter does not match with the domain name: %s in search attribute value of %s claim.", str, str3, str2));
        }
        if (IdentityUtil.getPrimaryDomainName().equals(str3) || isInternalOrApplicationGroup(str3)) {
            return;
        }
        try {
            UserStoreManager userStoreManager = SCIMCommonComponentHolder.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(this.tenantDomain)).getUserStoreManager();
            if (userStoreManager instanceof UserStoreManager) {
                if (userStoreManager.getSecondaryUserStoreManager(str3) == null) {
                    throw new BadRequestException("The provided domain name: " + str3 + ", must be a valid user-store domain");
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Cannot resolve secondary user store domain names as user-store manager: " + userStoreManager.getClass() + ", for the tenant domain: " + this.tenantDomain + ", is not an instance of " + UserStoreManager.class);
                }
                throw new CharonException("Error while resolving user-store domain for the provided value: " + str3);
            }
        } catch (UserStoreException e) {
            throw new CharonException("Unable to retrieve user realm for the tenant domain: " + this.tenantDomain, e);
        }
    }

    private void reThrowMutabilityBadRequests(BadRequestException badRequestException) throws BadRequestException {
        if ("mutability".equals(badRequestException.getScimType())) {
            throw badRequestException;
        }
    }

    private String removeInternalDomain(String str) {
        return SCIMCommonConstants.INTERNAL_DOMAIN.equalsIgnoreCase(IdentityUtil.extractDomainFromName(str)) ? UserCoreUtil.removeDomainFromName(str) : str;
    }
}
