package org.wso2.carbon.identity.scim2.common.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
import org.wso2.carbon.identity.role.mgt.core.GroupBasicInfo;
import org.wso2.carbon.identity.role.mgt.core.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.mgt.core.RoleBasicInfo;
import org.wso2.carbon.identity.role.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.mgt.core.RoleManagementService;
import org.wso2.carbon.identity.role.mgt.core.UserBasicInfo;
import org.wso2.carbon.identity.role.mgt.core.util.UserIDResolver;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants;
import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.charon3.core.exceptions.BadRequestException;
import org.wso2.charon3.core.exceptions.CharonException;
import org.wso2.charon3.core.exceptions.ConflictException;
import org.wso2.charon3.core.exceptions.ForbiddenException;
import org.wso2.charon3.core.exceptions.NotFoundException;
import org.wso2.charon3.core.exceptions.NotImplementedException;
import org.wso2.charon3.core.extensions.RoleManager;
import org.wso2.charon3.core.objects.Group;
import org.wso2.charon3.core.objects.Role;
import org.wso2.charon3.core.objects.User;
import org.wso2.charon3.core.objects.plainobjects.RolesGetResponse;
import org.wso2.charon3.core.utils.codeutils.ExpressionNode;
import org.wso2.charon3.core.utils.codeutils.Node;
import org.wso2.charon3.core.utils.codeutils.OperationNode;
import org.wso2.charon3.core.utils.codeutils.PatchOperation;
import org.wso2.charon3.core.utils.codeutils.SearchRequest;

/* loaded from: input_file:org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManager.class */
public class SCIMRoleManager implements RoleManager {
    private static final Log log = LogFactory.getLog(SCIMRoleManager.class);
    private RoleManagementService roleManagementService;
    private String tenantDomain;
    private Set<String> systemRoles;
    private static final String FILTERING_DELIMITER = "*";
    private UserIDResolver userIDResolver = new UserIDResolver();

    public SCIMRoleManager(RoleManagementService roleManagementService, String str) {
        this.roleManagementService = roleManagementService;
        this.tenantDomain = str;
        this.systemRoles = roleManagementService.getSystemRoles();
    }

    public Role createRole(Role role) throws CharonException, ConflictException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug("Creating role: " + role.getDisplayName());
        }
        try {
            if (!isRoleModificationAllowedForTenant(this.tenantDomain)) {
                throw new BadRequestException("Role creation is not allowed for organizations.", "invalidValue");
            }
            if (this.roleManagementService.isExistingRole(role.getId(), this.tenantDomain)) {
                throw new ConflictException("Role with name: " + role.getDisplayName() + " already exists in the tenantDomain: " + this.tenantDomain);
            }
            RoleBasicInfo addRole = this.roleManagementService.addRole(role.getDisplayName(), role.getUsers(), role.getGroups(), role.getPermissions(), this.tenantDomain);
            Role role2 = new Role();
            role2.setId(addRole.getId());
            role2.setLocation(SCIMCommonUtils.getSCIMRoleURL(addRole.getId()));
            role2.setDisplayName(addRole.getName());
            role2.setSchemas();
            return role2;
        } catch (IdentityRoleManagementException e) {
            if (StringUtils.equals(RoleConstants.Error.ROLE_ALREADY_EXISTS.getCode(), e.getErrorCode())) {
                throw new ConflictException(e.getMessage());
            }
            if (StringUtils.equals(RoleConstants.Error.INVALID_REQUEST.getCode(), e.getErrorCode())) {
                throw new BadRequestException(e.getMessage());
            }
            throw new CharonException(String.format("Error occurred while adding a new role: %s", role.getDisplayName()), e);
        }
    }

    public Role getRole(String str, Map<String, Boolean> map) throws BadRequestException, CharonException, NotFoundException {
        try {
            org.wso2.carbon.identity.role.mgt.core.Role role = isUsersAttributeRequired(map) ? this.roleManagementService.getRole(str, this.tenantDomain) : this.roleManagementService.getRoleWithoutUsers(str, this.tenantDomain);
            Role role2 = new Role();
            role2.setId(role.getId());
            role2.setDisplayName(role.getName());
            role2.setLocation(SCIMCommonUtils.getSCIMRoleURL(role.getId()));
            role2.setPermissions(role.getPermissions());
            role2.setSchemas();
            if (this.systemRoles.contains(role.getName())) {
                role2.setSystemRole(true);
            }
            if (CollectionUtils.isNotEmpty(role.getUsers())) {
                for (UserBasicInfo userBasicInfo : role.getUsers()) {
                    String sCIMUserURL = SCIMCommonUtils.getSCIMUserURL(userBasicInfo.getId());
                    User user = new User();
                    user.setUserName(userBasicInfo.getName());
                    user.setId(userBasicInfo.getId());
                    user.setLocation(sCIMUserURL);
                    role2.setUser(user);
                }
            }
            if (CollectionUtils.isNotEmpty(role.getGroups())) {
                for (GroupBasicInfo groupBasicInfo : role.getGroups()) {
                    String sCIMGroupURL = SCIMCommonUtils.getSCIMGroupURL(groupBasicInfo.getId());
                    Group group = new Group();
                    group.setDisplayName(groupBasicInfo.getName());
                    group.setId(groupBasicInfo.getId());
                    group.setLocation(sCIMGroupURL);
                    role2.setGroup(group);
                }
            }
            return role2;
        } catch (IdentityRoleManagementException e) {
            if (StringUtils.equals(RoleConstants.Error.ROLE_NOT_FOUND.getCode(), e.getErrorCode())) {
                throw new NotFoundException(e.getMessage());
            }
            throw new CharonException(String.format("Error occurred while getting the role: %s", str), e);
        }
    }

    public void deleteRole(String str) throws CharonException, NotFoundException, BadRequestException {
        try {
            this.roleManagementService.deleteRole(str, this.tenantDomain);
        } catch (IdentityRoleManagementException e) {
            if (StringUtils.equals(RoleConstants.Error.ROLE_NOT_FOUND.getCode(), e.getErrorCode())) {
                throw new NotFoundException(e.getMessage());
            }
            if (!StringUtils.equals(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), e.getErrorCode())) {
                throw new CharonException(String.format("Error occurred while deleting the role: %s", str), e);
            }
            throw new BadRequestException(e.getMessage());
        }
    }

    public RolesGetResponse listRolesWithGET(Node node, Integer num, Integer num2, String str, String str2) throws CharonException, NotImplementedException, BadRequestException {
        if (str == null && str2 == null) {
            return (num2 == null || num2.intValue() != 0) ? node != null ? filterRoles(node, num2, num, str, str2) : listRoles(num2, num, str, str2) : new RolesGetResponse(0, Collections.emptyList());
        }
        throw new NotImplementedException("Sorting is not supported.");
    }

    private RolesGetResponse filterRoles(Node node, Integer num, Integer num2, String str, String str2) throws CharonException, NotImplementedException, BadRequestException {
        if (node instanceof ExpressionNode) {
            return filterRolesBySingleAttribute((ExpressionNode) node, num, num2, str, str2);
        }
        if (node instanceof OperationNode) {
            throw new NotImplementedException("Complex filters are not supported yet");
        }
        throw new CharonException("Unknown operation. Not either an expression node or an operation node.");
    }

    private RolesGetResponse filterRolesBySingleAttribute(ExpressionNode expressionNode, Integer num, Integer num2, String str, String str2) throws CharonException, BadRequestException {
        String attributeValue = expressionNode.getAttributeValue();
        String operation = expressionNode.getOperation();
        String value = expressionNode.getValue();
        if (log.isDebugEnabled()) {
            log.debug("Filtering roles with filter: " + attributeValue + " + " + operation + " + " + value);
        }
        if (isFilteringNotSupported(operation)) {
            throw new BadRequestException("Filter operation: " + operation + " is not supported for role filtering.");
        }
        String searchFilter = getSearchFilter(operation, value);
        if (log.isDebugEnabled()) {
            log.debug(String.format("Filtering roleNames from search filter: %s", searchFilter));
        }
        try {
            List<Role> scimRolesList = getScimRolesList(this.roleManagementService.getRoles(searchFilter, num, num2, str, str2, this.tenantDomain));
            return new RolesGetResponse(scimRolesList.size(), scimRolesList);
        } catch (IdentityRoleManagementException e) {
            throw new CharonException(String.format("Error occurred while listing roles based on the search filter: %s", searchFilter), e);
        }
    }

    private boolean isFilteringNotSupported(String str) {
        return (str.equalsIgnoreCase(SCIMCommonConstants.EQ) || str.equalsIgnoreCase(SCIMCommonConstants.CO) || str.equalsIgnoreCase(SCIMCommonConstants.SW) || str.equalsIgnoreCase(SCIMCommonConstants.EW)) ? false : true;
    }

    private String getSearchFilter(String str, String str2) {
        String str3 = null;
        if (str.equalsIgnoreCase(SCIMCommonConstants.CO)) {
            str3 = "*" + str2 + "*";
        } else if (str.equalsIgnoreCase(SCIMCommonConstants.SW)) {
            str3 = str2 + "*";
        } else if (str.equalsIgnoreCase(SCIMCommonConstants.EW)) {
            str3 = "*" + str2;
        } else if (str.equalsIgnoreCase(SCIMCommonConstants.EQ)) {
            str3 = str2;
        }
        return str3;
    }

    private RolesGetResponse listRoles(Integer num, Integer num2, String str, String str2) throws CharonException, BadRequestException {
        ArrayList arrayList = new ArrayList();
        try {
            List<Role> scimRolesList = getScimRolesList(this.roleManagementService.getRoles(num, num2, str, str2, this.tenantDomain));
            int rolesCount = this.roleManagementService.getRolesCount(this.tenantDomain);
            if (rolesCount == 0) {
                rolesCount = scimRolesList.size();
            }
            arrayList.addAll(scimRolesList);
            return new RolesGetResponse(rolesCount, arrayList);
        } catch (IdentityRoleManagementException e) {
            throw new CharonException("Error occurred while listing roles.", e);
        }
    }

    private List<Role> getScimRolesList(List<RoleBasicInfo> list) throws BadRequestException, CharonException {
        ArrayList arrayList = new ArrayList();
        for (RoleBasicInfo roleBasicInfo : list) {
            Role role = new Role();
            role.setDisplayName(roleBasicInfo.getName());
            role.setId(roleBasicInfo.getId());
            role.setLocation(SCIMCommonUtils.getSCIMRoleURL(roleBasicInfo.getId()));
            if (this.systemRoles.contains(roleBasicInfo.getName())) {
                role.setSystemRole(true);
            }
            arrayList.add(role);
        }
        return arrayList;
    }

    public Role updateRole(Role role, Role role2) throws BadRequestException, CharonException, ConflictException, NotFoundException {
        doUpdateRoleName(role, role2);
        doUpdateUsers(role, role2);
        doUpdateGroups(role, role2);
        doUpdatePermissions(role, role2);
        Role role3 = new Role();
        role3.setDisplayName(role2.getDisplayName());
        role3.setId(role.getId());
        role3.setSchemas();
        role3.setLocation(role.getLocation());
        return role3;
    }

    private void doUpdateRoleName(Role role, Role role2) throws CharonException, ConflictException, NotFoundException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Updating name of role %s to %s.", role.getDisplayName(), role2.getDisplayName()));
        }
        String displayName = role.getDisplayName();
        String displayName2 = role2.getDisplayName();
        if (StringUtils.equals(displayName, displayName2)) {
            return;
        }
        try {
            this.roleManagementService.updateRoleName(role.getId(), displayName2, this.tenantDomain);
        } catch (IdentityRoleManagementException e) {
            if (StringUtils.equals(RoleConstants.Error.ROLE_NOT_FOUND.getCode(), e.getErrorCode())) {
                throw new NotFoundException(e.getMessage());
            }
            if (StringUtils.equals(RoleConstants.Error.ROLE_ALREADY_EXISTS.getCode(), e.getErrorCode())) {
                throw new ConflictException(e.getMessage());
            }
            if (!StringUtils.equals(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), e.getErrorCode())) {
                throw new CharonException(String.format("Error occurred while updating role name from: %s to %s", displayName, displayName2), e);
            }
            throw new BadRequestException(e.getMessage());
        }
    }

    private void doUpdateUsers(Role role, Role role2) throws CharonException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug("Updating users of role: " + role.getDisplayName());
        }
        HashSet hashSet = new HashSet(role.getUsers());
        HashSet hashSet2 = new HashSet(role2.getUsers());
        Set<String> removedIDList = getRemovedIDList(hashSet, hashSet2);
        Set<String> addedIDList = getAddedIDList(hashSet, hashSet2);
        if (CollectionUtils.isNotEmpty(addedIDList) || CollectionUtils.isNotEmpty(removedIDList)) {
            try {
                this.roleManagementService.updateUserListOfRole(role.getId(), new ArrayList(addedIDList), new ArrayList(removedIDList), this.tenantDomain);
            } catch (IdentityRoleManagementException e) {
                if (!StringUtils.equals(RoleConstants.Error.INVALID_REQUEST.getCode(), e.getErrorCode()) && !StringUtils.equals(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), e.getErrorCode())) {
                    throw new CharonException(String.format("Error occurred while updating users in the role: %s", role2.getDisplayName()), e);
                }
                throw new BadRequestException(e.getMessage());
            }
        }
    }

    private void doUpdateGroups(Role role, Role role2) throws CharonException, BadRequestException {
        if (log.isDebugEnabled()) {
            log.debug("Updating groups of role: " + role.getDisplayName());
        }
        HashSet hashSet = new HashSet(role.getGroups());
        HashSet hashSet2 = new HashSet(role2.getGroups());
        Set<String> removedIDList = getRemovedIDList(hashSet, hashSet2);
        Set<String> addedIDList = getAddedIDList(hashSet, hashSet2);
        if (CollectionUtils.isNotEmpty(addedIDList) || CollectionUtils.isNotEmpty(removedIDList)) {
            try {
                this.roleManagementService.updateGroupListOfRole(role.getId(), new ArrayList(addedIDList), new ArrayList(removedIDList), this.tenantDomain);
            } catch (IdentityRoleManagementException e) {
                if (!StringUtils.equals(RoleConstants.Error.INVALID_REQUEST.getCode(), e.getErrorCode()) && !StringUtils.equals(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), e.getErrorCode())) {
                    throw new CharonException(String.format("Error occurred while updating groups in the role: %s", role2.getDisplayName()), e);
                }
                throw new BadRequestException(e.getMessage());
            }
        }
    }

    private void doUpdatePermissions(Role role, Role role2) throws BadRequestException, CharonException {
        if (log.isDebugEnabled()) {
            log.debug("Updating permissions of role: " + role.getDisplayName());
        }
        List<String> permissions = role.getPermissions();
        List<String> permissions2 = role2.getPermissions();
        if (hasPermissionsChanged(permissions, permissions2)) {
            if (log.isDebugEnabled()) {
                log.debug("Permissions have changed. Updating permissions of role: " + role.getDisplayName());
            }
            try {
                this.roleManagementService.setPermissionsForRole(role.getId(), permissions2, this.tenantDomain);
            } catch (IdentityRoleManagementException e) {
                if (StringUtils.equals(RoleConstants.Error.INVALID_REQUEST.getCode(), e.getErrorCode())) {
                    throw new BadRequestException(e.getMessage());
                }
                if (!StringUtils.equals(RoleConstants.Error.OPERATION_FORBIDDEN.getCode(), e.getErrorCode())) {
                    throw new CharonException(String.format("Error occurred while updating permissions for role: %s", role2.getDisplayName()), e);
                }
                throw new BadRequestException(e.getMessage());
            }
        }
    }

    private Set<String> getAddedIDList(Set<String> set, Set<String> set2) {
        HashSet hashSet = new HashSet(set2);
        hashSet.removeAll(set);
        return hashSet;
    }

    private Set<String> getRemovedIDList(Set<String> set, Set<String> set2) {
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(set2);
        return hashSet;
    }

    private boolean hasPermissionsChanged(List<String> list, List<String> list2) {
        if (list2 == null) {
            return false;
        }
        if (list == null) {
            return true;
        }
        return ((CollectionUtils.isEmpty(list) && CollectionUtils.isEmpty(list2)) || CollectionUtils.isEqualCollection(list, list2)) ? false : true;
    }

    public RolesGetResponse listRolesWithPost(SearchRequest searchRequest) throws NotImplementedException, BadRequestException, CharonException {
        return listRolesWithGET(searchRequest.getFilter(), Integer.valueOf(searchRequest.getStartIndex()), Integer.valueOf(searchRequest.getCount()), searchRequest.getSortBy(), searchRequest.getSortOder());
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x011f, code lost:
    
        switch(r18) {
            case 0: goto L53;
            case 1: goto L54;
            case 2: goto L55;
            case 3: goto L56;
            default: goto L58;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x013c, code lost:
    
        r0.add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0149, code lost:
    
        r0.add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x0156, code lost:
    
        r0.add(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0163, code lost:
    
        r0.add(r0);
     */
    /* JADX WARN: Removed duplicated region for block: B:15:0x009b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.wso2.charon3.core.objects.Role patchRole(java.lang.String r6, java.util.Map<java.lang.String, java.util.List<org.wso2.charon3.core.utils.codeutils.PatchOperation>> r7) throws org.wso2.charon3.core.exceptions.BadRequestException, org.wso2.charon3.core.exceptions.CharonException, org.wso2.charon3.core.exceptions.ConflictException, org.wso2.charon3.core.exceptions.NotFoundException, org.wso2.charon3.core.exceptions.ForbiddenException {
        /*
            Method dump skipped, instructions count: 489
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.scim2.common.impl.SCIMRoleManager.patchRole(java.lang.String, java.util.Map):org.wso2.charon3.core.objects.Role");
    }

    private void updateUsers(String str, String str2, List<PatchOperation> list) throws BadRequestException, CharonException, ForbiddenException {
        Collections.sort(list);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (PatchOperation patchOperation : list) {
            if (patchOperation.getValues() instanceof Map) {
                prepareAddedRemovedUserLists(hashSet, hashSet2, hashSet3, patchOperation, (Map) patchOperation.getValues(), str2);
            } else if (patchOperation.getValues() instanceof List) {
                Iterator it = ((List) patchOperation.getValues()).iterator();
                while (it.hasNext()) {
                    prepareAddedRemovedUserLists(hashSet, hashSet2, hashSet3, patchOperation, (Map) it.next(), str2);
                }
            }
        }
        if (CollectionUtils.isNotEmpty(hashSet) || CollectionUtils.isNotEmpty(hashSet2)) {
            doUpdateUsers(hashSet, hashSet2, hashSet3, str);
        }
    }

    private void updateGroups(String str, List<PatchOperation> list) throws CharonException, BadRequestException {
        try {
            Collections.sort(list);
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            List<GroupBasicInfo> groupListOfRole = this.roleManagementService.getGroupListOfRole(str, this.tenantDomain);
            for (PatchOperation patchOperation : list) {
                if (patchOperation.getValues() instanceof Map) {
                    prepareAddedRemovedGroupLists(hashSet, hashSet2, hashSet3, patchOperation, (Map) patchOperation.getValues(), groupListOfRole);
                } else if (patchOperation.getValues() instanceof List) {
                    Iterator it = ((List) patchOperation.getValues()).iterator();
                    while (it.hasNext()) {
                        prepareAddedRemovedGroupLists(hashSet, hashSet2, hashSet3, patchOperation, (Map) it.next(), groupListOfRole);
                    }
                }
                prepareReplacedGroupLists(groupListOfRole, hashSet, hashSet2, hashSet3);
            }
            if (CollectionUtils.isNotEmpty(hashSet) || CollectionUtils.isNotEmpty(hashSet2)) {
                doUpdateGroups(str, hashSet, hashSet2);
            }
        } catch (IdentityRoleManagementException e) {
            throw new CharonException(String.format("Error occurred while retrieving the group list for role: %s", str), e);
        }
    }

    private String getCurrentRoleName(String str, String str2) throws CharonException, BadRequestException {
        try {
            String roleNameByRoleId = this.roleManagementService.getRoleNameByRoleId(str, str2);
            if (isInternalRole(roleNameByRoleId)) {
                roleNameByRoleId = addInternalDomain(roleNameByRoleId);
            }
            return roleNameByRoleId;
        } catch (IdentityRoleManagementException e) {
            if (RoleConstants.Error.ROLE_NOT_FOUND.getCode().equals(e.getErrorCode())) {
                throw new BadRequestException(e.getMessage());
            }
            throw new CharonException(String.format("Error occurred while getting the role name by the role id: %s", str), e);
        }
    }

    private void doUpdateUsers(Set<String> set, Set<String> set2, Set<Object> set3, String str) throws CharonException, BadRequestException, ForbiddenException {
        List<String> userIDList = getUserIDList(new ArrayList(set), this.tenantDomain);
        List<String> userIDList2 = getUserIDList(new ArrayList(set2), this.tenantDomain);
        if (CollectionUtils.isNotEmpty(set) && (set3.size() != 1 || !set3.contains(null))) {
            validateUserIds(userIDList, set3);
        }
        if (CollectionUtils.isNotEmpty(userIDList) || CollectionUtils.isNotEmpty(userIDList2)) {
            try {
                this.roleManagementService.updateUserListOfRole(str, new ArrayList(userIDList), new ArrayList(userIDList2), this.tenantDomain);
            } catch (IdentityRoleManagementException e) {
                if (RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) {
                    throw new BadRequestException(e.getMessage());
                }
                if (!RoleConstants.Error.OPERATION_FORBIDDEN.getCode().equals(e.getErrorCode())) {
                    throw new CharonException(String.format("Error occurred while updating users in the role: %s", str), e);
                }
                throw new ForbiddenException(e.getMessage());
            }
        }
    }

    private void updateRoleName(String str, String str2, String str3) throws CharonException, ConflictException, NotFoundException {
        if (StringUtils.equals(str2, str3)) {
            return;
        }
        try {
            this.roleManagementService.updateRoleName(str, str3, this.tenantDomain);
        } catch (IdentityRoleManagementException e) {
            if (RoleConstants.Error.ROLE_NOT_FOUND.getCode().equals(e.getErrorCode())) {
                throw new NotFoundException(e.getMessage());
            }
            if (!RoleConstants.Error.ROLE_ALREADY_EXISTS.getCode().equals(e.getErrorCode())) {
                throw new CharonException(String.format("Error occurred while updating role name from: %s to %s", str2, str3), e);
            }
            throw new ConflictException(e.getMessage());
        }
    }

    private void updatePermissions(String str, List<PatchOperation> list) throws BadRequestException, CharonException {
        List<String> newRolePermissions = getNewRolePermissions(list);
        try {
            if (hasPermissionsChanged(this.roleManagementService.getPermissionListOfRole(str, this.tenantDomain), newRolePermissions)) {
                if (log.isDebugEnabled()) {
                    log.debug("Permissions have changed. Updating permissions of role: " + str);
                }
                try {
                    this.roleManagementService.setPermissionsForRole(str, newRolePermissions, this.tenantDomain);
                } catch (IdentityRoleManagementException e) {
                    if (!RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) {
                        throw new CharonException(String.format("Error occurred while updating permissions for role: %s", str), e);
                    }
                    throw new BadRequestException(e.getMessage());
                }
            }
        } catch (IdentityRoleManagementException e2) {
            throw new CharonException(String.format("Error occurred while retrieving the permissions for role: %s", str), e2);
        }
    }

    private void prepareAddedRemovedGroupLists(Set<String> set, Set<String> set2, Set<String> set3, PatchOperation patchOperation, Map<String, String> map, List<GroupBasicInfo> list) throws BadRequestException {
        String str = map.get("value");
        if (StringUtils.isBlank(str)) {
            throw new BadRequestException("Group id is required to update group of the role.", "invalidValue");
        }
        String operation = patchOperation.getOperation();
        boolean z = -1;
        switch (operation.hashCode()) {
            case -934610812:
                if (operation.equals("remove")) {
                    z = true;
                    break;
                }
                break;
            case 96417:
                if (operation.equals("add")) {
                    z = false;
                    break;
                }
                break;
            case 1094496948:
                if (operation.equals("replace")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case SCIMCommonConstants.DEFAULT_ENABLE_LOGIN_IDENTIFIERS /* 0 */:
                set2.remove(str);
                if (isGroupExist(str, list)) {
                    return;
                }
                set.add(str);
                return;
            case SCIMCommonConstants.USER /* 1 */:
                set.remove(str);
                set2.add(str);
                return;
            case SCIMCommonConstants.GROUP /* 2 */:
                set3.add(str);
                return;
            default:
                return;
        }
    }

    private void prepareAddedRemovedUserLists(Set<String> set, Set<String> set2, Set<Object> set3, PatchOperation patchOperation, Map<String, String> map, String str) throws BadRequestException, CharonException {
        try {
            AbstractUserStoreManager userStoreManager = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
            if (StringUtils.isEmpty(map.get("display"))) {
                List userListWithID = userStoreManager.getUserListWithID("urn:ietf:params:scim:schemas:core:2.0:id", map.get("value"), (String) null);
                if (CollectionUtils.isNotEmpty(userListWithID)) {
                    String username = ((org.wso2.carbon.user.core.common.User) userListWithID.get(0)).getUsername();
                    if (StringUtils.isNotBlank(((org.wso2.carbon.user.core.common.User) userListWithID.get(0)).getUserStoreDomain())) {
                        username = ((org.wso2.carbon.user.core.common.User) userListWithID.get(0)).getUserStoreDomain() + SCIMCommonConstants.URL_SEPERATOR + username;
                    }
                    map.put("display", username);
                    patchOperation.setValues(map);
                }
            }
            if (map.get("display") == null) {
                throw new BadRequestException("User can't be resolved from the given user Id.");
            }
            List asList = Arrays.asList(userStoreManager.getRoleListOfUser(map.get("display")));
            if (StringUtils.equals(patchOperation.getOperation(), "add") && !asList.contains(str)) {
                set2.remove(map.get("display"));
                set.add(map.get("display"));
                set3.add(map.get("value"));
            } else if (StringUtils.equals(patchOperation.getOperation(), "remove")) {
                set.remove(map.get("display"));
                set2.add(map.get("display"));
            }
        } catch (UserStoreException e) {
            if (!"Invalid Domain Name".equals(e.getMessage())) {
                throw new CharonException("Error occurred while retrieving the user list for role.");
            }
            throw new BadRequestException("Invalid userstore name", "invalidValue");
        }
    }

    private void prepareReplacedGroupLists(List<GroupBasicInfo> list, Set<String> set, Set<String> set2, Set<String> set3) {
        if (set3.isEmpty()) {
            return;
        }
        if (!list.isEmpty()) {
            for (GroupBasicInfo groupBasicInfo : list) {
                if (set3.contains(groupBasicInfo.getId())) {
                    set3.remove(groupBasicInfo.getId());
                } else {
                    set2.add(groupBasicInfo.getId());
                }
            }
        }
        set.addAll(set3);
    }

    private void doUpdateGroups(String str, Set<String> set, Set<String> set2) throws CharonException, BadRequestException {
        if (CollectionUtils.isNotEmpty(set) || CollectionUtils.isNotEmpty(set2)) {
            try {
                this.roleManagementService.updateGroupListOfRole(str, new ArrayList(set), new ArrayList(set2), this.tenantDomain);
            } catch (IdentityRoleManagementException e) {
                if (!RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) {
                    throw new CharonException(String.format("Error occurred while updating groups in the role: %s", str), e);
                }
                throw new BadRequestException(e.getMessage());
            }
        }
    }

    private List<String> getUserIDList(List<String> list, String str) throws CharonException, BadRequestException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            try {
                arrayList.add(getUserIDByName(str2, str));
            } catch (IdentityRoleManagementException e) {
                if (RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) {
                    throw new BadRequestException(e.getMessage(), "invalidValue");
                }
                throw new CharonException(String.format("Error occurred while getting the user id of the user: %s", str2), e);
            }
        }
        return arrayList;
    }

    private void validateUserIds(List<String> list, Set<Object> set) throws BadRequestException {
        for (Object obj : set) {
            if (!list.contains(obj.toString())) {
                throw new BadRequestException(String.format("Provided SCIM user Id: %s doesn't match with the userID obtained from user-store for the provided username.", obj.toString()), "invalidValue");
            }
        }
    }

    private boolean isGroupExist(String str, List<GroupBasicInfo> list) {
        Iterator<GroupBasicInfo> it = list.iterator();
        while (it.hasNext()) {
            if (StringUtils.equals(str, it.next().getId())) {
                return true;
            }
        }
        return false;
    }

    private String getUserIDByName(String str, String str2) throws IdentityRoleManagementException {
        return this.userIDResolver.getIDByName(str, str2);
    }

    private boolean isInternalRole(String str) {
        return StringUtils.isNotBlank(IdentityUtil.extractDomainFromName(str));
    }

    private String addInternalDomain(String str) {
        return StringUtils.isNotBlank(IdentityUtil.extractDomainFromName(str)) ? SCIMCommonConstants.INTERNAL_DOMAIN + UserCoreConstants.DOMAIN_SEPARATOR + str : str;
    }

    private List<String> getNewRolePermissions(List<PatchOperation> list) {
        for (PatchOperation patchOperation : list) {
            if ("replace".equals(patchOperation.getOperation()) && (patchOperation.getValues() instanceof List)) {
                return (List) patchOperation.getValues();
            }
        }
        return Collections.emptyList();
    }

    private boolean isUsersAttributeRequired(Map<String, Boolean> map) {
        if (map == null || MapUtils.isEmpty(map)) {
            return true;
        }
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            if (it.next().startsWith("urn:ietf:params:scim:schemas:extension:2.0:Role:users")) {
                return true;
            }
        }
        return false;
    }

    private boolean isRoleModificationAllowedForTenant(String str) throws CharonException {
        try {
            return !OrganizationManagementUtil.isOrganization(str);
        } catch (OrganizationManagementException e) {
            throw new CharonException("Error while checking whether the tenant is an organization.", e);
        }
    }
}
