package org.wso2.carbon.identity.organization.management.application;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventClientException;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.oauth.Error;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl;
import org.wso2.carbon.identity.oauth.dto.OAuthAppRevocationRequestDTO;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.organization.management.application.constant.OrgApplicationMgtConstants;
import org.wso2.carbon.identity.organization.management.application.dao.OrgApplicationMgtDAO;
import org.wso2.carbon.identity.organization.management.application.internal.OrgApplicationMgtDataHolder;
import org.wso2.carbon.identity.organization.management.application.listener.ApplicationSharingManagerListener;
import org.wso2.carbon.identity.organization.management.application.model.MainApplicationDO;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplication;
import org.wso2.carbon.identity.organization.management.application.model.SharedApplicationDO;
import org.wso2.carbon.identity.organization.management.application.util.OrgApplicationManagerUtil;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementClientException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
import org.wso2.carbon.identity.organization.management.service.model.BasicOrganization;
import org.wso2.carbon.identity.organization.management.service.model.Organization;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdpManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/organization/management/application/OrgApplicationManagerImpl.class */
public class OrgApplicationManagerImpl implements OrgApplicationManager {
    private static final Log LOG = LogFactory.getLog(OrgApplicationManagerImpl.class);
    private final ExecutorService executorService = Executors.newFixedThreadPool(1);

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public void shareOrganizationApplication(String str, String str2, boolean z, List<String> list) throws OrganizationManagementException {
        if (z || !CollectionUtils.isEmpty(list)) {
            String organizationId = Utils.getOrganizationId();
            if (organizationId == null) {
                organizationId = "10084a8d-113f-4211-a0d5-efe36b082211";
            }
            validateApplicationShareAccess(organizationId, str);
            Organization organization = getOrganizationManager().getOrganization(str, false, false);
            String tenantDomain = Utils.getTenantDomain();
            ServiceProvider orgApplication = getOrgApplication(str2, tenantDomain);
            if (isAlreadySharedApplication(orgApplication)) {
                throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_BLOCK_SHARING_SHARED_APP, new String[]{str2});
            }
            List childOrganizations = getOrganizationManager().getChildOrganizations(str, true);
            List list2 = z ? childOrganizations : (List) childOrganizations.stream().filter(basicOrganization -> {
                return list.contains(basicOrganization.getId());
            }).collect(Collectors.toList());
            if (shouldUpdateShareWithAllChildren(z, orgApplication)) {
                try {
                    try {
                        ((Map) IdentityUtil.threadLocalProperties.get()).put(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN, true);
                        OrgApplicationManagerUtil.setShareWithAllChildrenProperty(orgApplication, z);
                        getApplicationManagementService().updateApplication(orgApplication, tenantDomain, Utils.getAuthenticatedUsername());
                        getOrgApplicationMgtDAO().updateShareWithAllChildren(orgApplication.getApplicationResourceId(), str, z);
                        ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN);
                    } catch (IdentityApplicationManagementException e) {
                        throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_APPLICATION_ATTRIBUTE, e, new String[]{str2});
                    }
                } catch (Throwable th) {
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN);
                    throw th;
                }
            }
            if (childOrganizations.isEmpty()) {
                return;
            }
            if (z || !list2.isEmpty()) {
                modifyRootApplication(orgApplication, tenantDomain);
            }
            OrgApplicationManagerUtil.setIsAppSharedProperty(orgApplication, !list2.isEmpty());
            try {
                getApplicationManagementService().updateApplication(orgApplication, tenantDomain, Utils.getAuthenticatedUsername());
                Iterator it = list2.iterator();
                while (it.hasNext()) {
                    Organization organization2 = getOrganizationManager().getOrganization(((BasicOrganization) it.next()).getId(), false, false);
                    if (OrgApplicationMgtConstants.TENANT.equalsIgnoreCase(organization2.getType())) {
                        CompletableFuture.runAsync(() -> {
                            try {
                                shareApplication(organization.getId(), organization2.getId(), orgApplication, z);
                            } catch (OrganizationManagementException e2) {
                                LOG.error(String.format("Error in sharing application: %s to organization: %s", Integer.valueOf(orgApplication.getApplicationID()), organization2.getId()), e2);
                            }
                        }, this.executorService);
                    }
                }
            } catch (IdentityApplicationManagementException e2) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_APPLICATION, e2, new String[]{orgApplication.getApplicationResourceId()});
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public void deleteSharedApplication(String str, String str2, String str3) throws OrganizationManagementException {
        validateFragmentApplicationAccess(Utils.getOrganizationId(), str);
        ServiceProvider orgApplication = getOrgApplication(str2, Utils.getTenantDomain());
        if (str3 != null) {
            getListener().preDeleteSharedApplication(str, str2, str3);
            if (Arrays.stream(orgApplication.getSpProperties()).anyMatch(serviceProviderProperty -> {
                return OrgApplicationMgtConstants.SHARE_WITH_ALL_CHILDREN.equals(serviceProviderProperty.getName()) && Boolean.parseBoolean(serviceProviderProperty.getValue());
            })) {
                throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_DELETE_SHARE_REQUEST, new String[]{orgApplication.getApplicationResourceId(), str3});
            }
            Optional<String> resolveSharedApp = resolveSharedApp(orgApplication.getApplicationResourceId(), str, str3);
            if (resolveSharedApp.isPresent()) {
                revokeSharedAppAccessTokens(str, str2, str3);
                deleteSharedApplication(str3, resolveSharedApp.get());
                if (CollectionUtils.isEmpty(getApplicationSharedOrganizations(str, orgApplication.getApplicationResourceId()))) {
                    OrgApplicationManagerUtil.setIsAppSharedProperty(orgApplication, false);
                    try {
                        getApplicationManagementService().updateApplication(orgApplication, Utils.getTenantDomain(), Utils.getAuthenticatedUsername());
                    } catch (IdentityApplicationManagementException e) {
                        throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_APPLICATION_ATTRIBUTE, e, new String[]{str2});
                    }
                }
                getListener().postDeleteSharedApplication(str, str2, str3, resolveSharedApp.get());
                return;
            }
            return;
        }
        getListener().preDeleteAllSharedApplications(str, str2);
        List<SharedApplicationDO> sharedApplications = getOrgApplicationMgtDAO().getSharedApplications(str, str2);
        for (SharedApplicationDO sharedApplicationDO : sharedApplications) {
            ((Map) IdentityUtil.threadLocalProperties.get()).put(OrgApplicationMgtConstants.DELETE_SHARE_FOR_MAIN_APPLICATION, true);
            Optional<String> resolveSharedApp2 = resolveSharedApp(orgApplication.getApplicationResourceId(), str, sharedApplicationDO.getOrganizationId());
            if (resolveSharedApp2.isPresent()) {
                revokeSharedAppAccessTokens(str, str2, sharedApplicationDO.getOrganizationId());
                deleteSharedApplication(sharedApplicationDO.getOrganizationId(), resolveSharedApp2.get());
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.DELETE_SHARE_FOR_MAIN_APPLICATION);
        }
        getListener().postDeleteAllSharedApplications(str, str2, sharedApplications);
        boolean anyMatch = Arrays.stream(orgApplication.getSpProperties()).anyMatch(serviceProviderProperty2 -> {
            return OrgApplicationMgtConstants.SHARE_WITH_ALL_CHILDREN.equals(serviceProviderProperty2.getName()) && Boolean.parseBoolean(serviceProviderProperty2.getValue());
        });
        boolean anyMatch2 = Arrays.stream(orgApplication.getSpProperties()).anyMatch(serviceProviderProperty3 -> {
            return "isAppShared".equals(serviceProviderProperty3.getName()) && Boolean.parseBoolean(serviceProviderProperty3.getValue());
        });
        if (anyMatch || anyMatch2) {
            OrgApplicationManagerUtil.setShareWithAllChildrenProperty(orgApplication, false);
            OrgApplicationManagerUtil.setIsAppSharedProperty(orgApplication, false);
            ((Map) IdentityUtil.threadLocalProperties.get()).put(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN, true);
            try {
                try {
                    getApplicationManagementService().updateApplication(orgApplication, Utils.getTenantDomain(), Utils.getAuthenticatedUsername());
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN);
                } catch (IdentityApplicationManagementException e2) {
                    throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_APPLICATION_ATTRIBUTE, e2, new String[]{str2});
                }
            } catch (Throwable th) {
                ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.UPDATE_SP_METADATA_SHARE_WITH_ALL_CHILDREN);
                throw th;
            }
        }
    }

    private void revokeSharedAppAccessTokens(String str, String str2, String str3) throws OrganizationManagementException {
        revokeTokensForAppInOrg(getOrgApplication(str2, getOrganizationManager().resolveTenantDomain(str)), str3);
    }

    private void revokeTokensForAppInOrg(ServiceProvider serviceProvider, String str) throws OrganizationManagementException {
        String str2 = null;
        if (serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() != null) {
            InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
            int length = inboundAuthenticationRequestConfigs.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = inboundAuthenticationRequestConfigs[i];
                if (inboundAuthenticationRequestConfig.getInboundAuthType().equals(OrgApplicationMgtConstants.AUTH_TYPE_OAUTH_2)) {
                    str2 = inboundAuthenticationRequestConfig.getInboundAuthKey();
                    break;
                }
                i++;
            }
        }
        if (StringUtils.isNotBlank(str2)) {
            OAuthAppRevocationRequestDTO oAuthAppRevocationRequestDTO = new OAuthAppRevocationRequestDTO();
            oAuthAppRevocationRequestDTO.setConsumerKey(str2);
            try {
                OrgApplicationMgtDataHolder.getInstance().getOAuthAdminService().revokeIssuedTokensForOrganizationByApplication(oAuthAppRevocationRequestDTO, str);
            } catch (IdentityOAuthAdminException e) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_REVOKING_SHARED_APP_TOKENS, e, new String[]{serviceProvider.getApplicationResourceId(), str});
            }
        }
    }

    private void deleteSharedApplication(String str, String str2) throws OrganizationManagementException {
        try {
            try {
                String resolveTenantDomain = getOrganizationManager().resolveTenantDomain(str);
                ServiceProvider applicationByResourceId = getApplicationManagementService().getApplicationByResourceId(str2, resolveTenantDomain);
                String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
                String userId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserId();
                ((Map) IdentityUtil.threadLocalProperties.get()).put(OrgApplicationMgtConstants.DELETE_FRAGMENT_APPLICATION, true);
                try {
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(resolveTenantDomain, true);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserId(userId);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(username);
                    getApplicationManagementService().deleteApplication(applicationByResourceId.getApplicationName(), resolveTenantDomain, username);
                    PrivilegedCarbonContext.endTenantFlow();
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.DELETE_FRAGMENT_APPLICATION);
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.DELETE_SHARE_FOR_MAIN_APPLICATION);
                } catch (Throwable th) {
                    PrivilegedCarbonContext.endTenantFlow();
                    throw th;
                }
            } catch (IdentityApplicationManagementException e) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_REMOVING_FRAGMENT_APP, e, new String[]{str2, str});
            }
        } catch (Throwable th2) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.DELETE_FRAGMENT_APPLICATION);
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(OrgApplicationMgtConstants.DELETE_SHARE_FOR_MAIN_APPLICATION);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public List<BasicOrganization> getApplicationSharedOrganizations(String str, String str2) throws OrganizationManagementException {
        getListener().preGetApplicationSharedOrganizations(str, str2);
        List list = (List) getOrgApplicationMgtDAO().getSharedApplications(str, getOrgApplication(str2, Utils.getTenantDomain()).getApplicationResourceId()).stream().map((v0) -> {
            return v0.getOrganizationId();
        }).collect(Collectors.toList());
        List<BasicOrganization> list2 = (List) getOrganizationManager().getChildOrganizations(str, true).stream().filter(basicOrganization -> {
            return list.contains(basicOrganization.getId());
        }).collect(Collectors.toList());
        getListener().postGetApplicationSharedOrganizations(str, str2, list2);
        return list2;
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public List<SharedApplication> getSharedApplications(String str, String str2) throws OrganizationManagementException {
        getListener().preGetSharedApplications(str, str2);
        List<SharedApplication> list = (List) getOrgApplicationMgtDAO().getSharedApplications(str, getOrgApplication(str2, Utils.getTenantDomain()).getApplicationResourceId()).stream().map(sharedApplicationDO -> {
            return new SharedApplication(sharedApplicationDO.getFragmentApplicationId(), sharedApplicationDO.getOrganizationId());
        }).collect(Collectors.toList());
        getListener().postGetSharedApplications(str, str2, list);
        return list;
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public ServiceProvider resolveSharedApplication(String str, String str2, String str3) throws OrganizationManagementException {
        String resolveTenantDomain = getOrganizationManager().resolveTenantDomain(str2);
        if (StringUtils.isBlank(resolveTenantDomain)) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RESOLVING_TENANT_DOMAIN_FROM_ORGANIZATION_DOMAIN, (Throwable) null, new String[]{str2});
        }
        try {
            return resolveSharedApplicationByMainAppUUID(((ServiceProvider) Optional.ofNullable(getApplicationManagementService().getServiceProvider(str, resolveTenantDomain)).orElseThrow(() -> {
                return Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_APPLICATION, new String[]{str});
            })).getApplicationResourceId(), str2, str3);
        } catch (IdentityApplicationManagementException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RESOLVING_SHARED_APPLICATION, e, new String[]{str, str2});
        }
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public ServiceProvider resolveSharedApplicationByMainAppUUID(String str, String str2, String str3) throws OrganizationManagementException {
        try {
            return getApplicationManagementService().getApplicationByResourceId(resolveSharedApp(str, str2, str3).orElseThrow(() -> {
                return Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_APPLICATION_NOT_SHARED, new String[]{str, str2});
            }), getOrganizationManager().resolveTenantDomain(str3));
        } catch (IdentityApplicationManagementException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RESOLVING_SHARED_APPLICATION, e, new String[]{str, str2});
        }
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public boolean isApplicationSharedWithGivenOrganization(String str, String str2, String str3) throws OrganizationManagementException {
        return resolveSharedApp(str, str2, str3).isPresent();
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public String getMainApplicationIdForGivenSharedApp(String str, String str2) throws OrganizationManagementException {
        return (String) getOrgApplicationMgtDAO().getMainApplication(str, str2).map((v0) -> {
            return v0.getMainApplicationId();
        }).orElse(null);
    }

    private ServiceProvider getOrgApplication(String str, String str2) throws OrganizationManagementException {
        try {
            return (ServiceProvider) Optional.ofNullable(getApplicationManagementService().getApplicationByResourceId(str, str2)).orElseThrow(() -> {
                return Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_APPLICATION, new String[]{str});
            });
        } catch (IdentityApplicationManagementException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RETRIEVING_APPLICATION, e, new String[]{str});
        }
    }

    private void modifyRootApplication(ServiceProvider serviceProvider, String str) throws OrganizationManagementServerException, OrganizationManagementClientException {
        LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
        AuthenticationStep[] authenticationSteps = localAndOutBoundAuthenticationConfig.getAuthenticationSteps();
        if (StringUtils.equalsIgnoreCase(localAndOutBoundAuthenticationConfig.getAuthenticationType(), "default")) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Authentication type is set to 'DEFAULT'. Reading the authentication sequence from the 'default' application and showing the effective authentication sequence for application with id: " + serviceProvider.getApplicationResourceId());
            }
            LocalAndOutboundAuthenticationConfig defaultAuthenticationConfig = OrgApplicationManagerUtil.getDefaultAuthenticationConfig();
            if (defaultAuthenticationConfig != null) {
                authenticationSteps = defaultAuthenticationConfig.getAuthenticationSteps();
            }
            LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
            localAndOutboundAuthenticationConfig.setUseUserstoreDomainInLocalSubjectIdentifier(localAndOutBoundAuthenticationConfig.isUseUserstoreDomainInLocalSubjectIdentifier());
            localAndOutboundAuthenticationConfig.setUseTenantDomainInLocalSubjectIdentifier(localAndOutBoundAuthenticationConfig.isUseUserstoreDomainInLocalSubjectIdentifier());
            localAndOutboundAuthenticationConfig.setSkipConsent(localAndOutBoundAuthenticationConfig.isSkipConsent());
            localAndOutboundAuthenticationConfig.setSkipLogoutConsent(localAndOutBoundAuthenticationConfig.isSkipLogoutConsent());
            localAndOutBoundAuthenticationConfig = localAndOutboundAuthenticationConfig;
            localAndOutBoundAuthenticationConfig.setAuthenticationType("flow");
        }
        AuthenticationStep authenticationStep = new AuthenticationStep();
        if (ArrayUtils.isNotEmpty(authenticationSteps)) {
            AuthenticationStep authenticationStep2 = authenticationSteps[0];
            if (Arrays.stream(authenticationStep.getFederatedIdentityProviders()).map((v0) -> {
                return v0.getDefaultAuthenticatorConfig();
            }).anyMatch(federatedAuthenticatorConfig -> {
                return OrgApplicationMgtConstants.ORGANIZATION_LOGIN_AUTHENTICATOR.equals(federatedAuthenticatorConfig.getName());
            })) {
                return;
            }
            authenticationStep.setStepOrder(authenticationStep2.getStepOrder());
            authenticationStep.setSubjectStep(authenticationStep2.isSubjectStep());
            authenticationStep.setAttributeStep(authenticationStep2.isAttributeStep());
            authenticationStep.setFederatedIdentityProviders(authenticationStep2.getFederatedIdentityProviders());
            authenticationStep.setLocalAuthenticatorConfigs(authenticationStep2.getLocalAuthenticatorConfigs());
        }
        AuthenticationStep[] authenticationStepArr = ArrayUtils.isNotEmpty(authenticationSteps) ? (AuthenticationStep[]) authenticationSteps.clone() : new AuthenticationStep[1];
        try {
            Optional findFirst = Arrays.stream(getApplicationManagementService().getAllIdentityProviders(str)).filter(this::isOrganizationLoginIDP).findFirst();
            try {
                authenticationStep.setFederatedIdentityProviders((IdentityProvider[]) ArrayUtils.addAll(authenticationStep.getFederatedIdentityProviders(), new IdentityProvider[]{findFirst.isPresent() ? (IdentityProvider) findFirst.get() : getIdentityProviderManager().addIdPWithResourceId(OrgApplicationManagerUtil.createOrganizationSSOIDP(), str)}));
                authenticationStepArr[0] = authenticationStep;
                localAndOutBoundAuthenticationConfig.setAuthenticationSteps(authenticationStepArr);
                serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutBoundAuthenticationConfig);
                serviceProvider.getClaimConfig().setAlwaysSendMappedLocalSubjectId(true);
                try {
                    getApplicationManagementService().updateApplication(serviceProvider, str, Utils.getAuthenticatedUsername());
                } catch (IdentityApplicationManagementException e) {
                    throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_UPDATING_APPLICATION, e, new String[]{serviceProvider.getApplicationResourceId()});
                }
            } catch (IdentityProviderManagementClientException e2) {
                throw new OrganizationManagementClientException(e2.getMessage(), e2.getMessage(), e2.getErrorCode());
            } catch (IdentityProviderManagementException e3) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_CREATING_ORG_LOGIN_IDP, e3, new String[]{Utils.getOrganizationId()});
            }
        } catch (IdentityApplicationManagementException e4) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RETRIEVING_ORGANIZATION_IDP_LIST, e4, new String[]{Utils.getOrganizationId()});
        }
    }

    private boolean isOrganizationLoginIDP(IdentityProvider identityProvider) {
        FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = identityProvider.getFederatedAuthenticatorConfigs();
        return ArrayUtils.isNotEmpty(federatedAuthenticatorConfigs) && OrgApplicationMgtConstants.ORGANIZATION_LOGIN_AUTHENTICATOR.equals(federatedAuthenticatorConfigs[0].getName());
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public void shareApplication(String str, String str2, ServiceProvider serviceProvider, boolean z) throws OrganizationManagementException {
        OAuthConsumerAppDTO handleOAuthClientExistsError;
        try {
            getListener().preShareApplication(str, serviceProvider.getApplicationResourceId(), str2, z);
            String resolveTenantDomain = getOrganizationManager().resolveTenantDomain(str2);
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(resolveTenantDomain, true);
            int tenantId = IdentityTenantUtil.getTenantId(resolveTenantDomain);
            try {
                String adminUserId = getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserId();
                if (StringUtils.isBlank(adminUserId)) {
                    adminUserId = getRealmService().getTenantUserRealm(tenantId).getRealmConfiguration().getAdminUserName();
                }
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername((String) OrgApplicationMgtDataHolder.getInstance().getOrganizationUserResidentResolverService().resolveUserFromResidentOrganization((String) null, adminUserId, str2).map((v0) -> {
                    return v0.getDomainQualifiedUsername();
                }).orElse(MultitenantUtils.getTenantAwareUsername(serviceProvider.getOwner().toFullQualifiedUsername())));
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserId(adminUserId);
                if (resolveSharedApp(serviceProvider.getApplicationResourceId(), str, str2).isPresent()) {
                    return;
                }
                try {
                    handleOAuthClientExistsError = createOAuthApplication(serviceProvider.getApplicationName(), resolveCallbackURL(str));
                } catch (URLBuilderException | IdentityOAuthAdminException e) {
                    if (!isOAuthClientExistsError(e)) {
                        throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_CREATING_OAUTH_APP, e, new String[]{serviceProvider.getApplicationResourceId(), str2});
                    }
                    handleOAuthClientExistsError = handleOAuthClientExistsError(str, str2, serviceProvider);
                }
                try {
                    String createApplication = getApplicationManagementService().createApplication(prepareSharedApplication(serviceProvider, handleOAuthClientExistsError, str2), resolveTenantDomain, Utils.getAuthenticatedUsername());
                    getOrgApplicationMgtDAO().addSharedApplication(serviceProvider.getApplicationResourceId(), str, createApplication, str2, z);
                    getListener().postShareApplication(str, serviceProvider.getApplicationResourceId(), str2, createApplication, z);
                    PrivilegedCarbonContext.endTenantFlow();
                    if (serviceProvider.getApplicationName().equals("Console")) {
                        fireOrganizationCreatorSharingEvent(str2);
                    }
                } catch (IdentityApplicationManagementException e2) {
                    removeOAuthApplication(handleOAuthClientExistsError);
                    throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_SHARING_APPLICATION, e2, new String[]{serviceProvider.getApplicationResourceId(), str2});
                }
            } catch (UserStoreException e3) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_SHARING_APPLICATION, e3, new String[]{serviceProvider.getApplicationResourceId(), str2});
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public Map<String, String> getAncestorAppIds(String str, String str2) throws OrganizationManagementException {
        Optional<MainApplicationDO> mainApplication = getOrgApplicationMgtDAO().getMainApplication(str, str2);
        if (!mainApplication.isPresent()) {
            return isMainApp(str, str2) ? Collections.singletonMap(str2, str) : Collections.emptyMap();
        }
        String organizationId = mainApplication.get().getOrganizationId();
        String mainApplicationId = mainApplication.get().getMainApplicationId();
        List ancestorOrganizationIds = getOrganizationManager().getAncestorOrganizationIds(str2);
        HashMap hashMap = new HashMap();
        hashMap.put(organizationId, mainApplicationId);
        if (CollectionUtils.isNotEmpty(ancestorOrganizationIds) && ancestorOrganizationIds.size() > 1) {
            getOrgApplicationMgtDAO().getSharedApplications(mainApplicationId, organizationId, ancestorOrganizationIds.subList(0, ancestorOrganizationIds.size() - 1)).forEach(sharedApplicationDO -> {
            });
        }
        return hashMap;
    }

    @Override // org.wso2.carbon.identity.organization.management.application.OrgApplicationManager
    public Map<String, String> getChildAppIds(String str, String str2, List<String> list) throws OrganizationManagementException {
        if (CollectionUtils.isEmpty(list)) {
            return Collections.emptyMap();
        }
        if (isMainApp(str, str2)) {
            return getFilteredChildApplications(str, str2, list);
        }
        Optional<MainApplicationDO> mainApplication = getOrgApplicationMgtDAO().getMainApplication(str, str2);
        return mainApplication.isPresent() ? getFilteredChildApplications(mainApplication.get().getMainApplicationId(), mainApplication.get().getOrganizationId(), list) : Collections.emptyMap();
    }

    private boolean isMainApp(String str, String str2) throws OrganizationManagementException {
        try {
            ServiceProvider applicationByResourceId = OrgApplicationMgtDataHolder.getInstance().getApplicationManagementService().getApplicationByResourceId(str, OrgApplicationMgtDataHolder.getInstance().getOrganizationManager().resolveTenantDomain(str2));
            return (applicationByResourceId == null || Arrays.stream(applicationByResourceId.getSpProperties()).anyMatch(serviceProviderProperty -> {
                return OrgApplicationMgtConstants.IS_FRAGMENT_APP.equals(serviceProviderProperty.getName()) && Boolean.parseBoolean(serviceProviderProperty.getValue());
            })) ? false : true;
        } catch (IdentityApplicationManagementException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_RETRIEVING_APPLICATION, e, new String[]{str});
        }
    }

    private boolean isOAuthClientExistsError(IdentityException identityException) {
        return Error.DUPLICATE_OAUTH_CLIENT.getErrorCode().equals(identityException.getErrorCode());
    }

    private OAuthConsumerAppDTO handleOAuthClientExistsError(String str, String str2, ServiceProvider serviceProvider) throws OrganizationManagementException {
        try {
            OAuthConsumerAppDTO oAuthApplicationDataByAppName = getOAuthAdminService().getOAuthApplicationDataByAppName(serviceProvider.getApplicationName());
            if (getApplicationManagementService().getServiceProvider(serviceProvider.getApplicationName(), getOrganizationManager().resolveTenantDomain(str2)) != null) {
                throw new IdentityOAuthAdminException(String.format("OAuth app and SP with name %s already exists in sub organization with id %s.", serviceProvider.getApplicationName(), str2));
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("OAuth app with name %s already exists in sub organization with id %s due to stale data. Attempting retry after deleting the application.", serviceProvider.getApplicationName(), str2));
            }
            removeOAuthApplication(oAuthApplicationDataByAppName);
            return createOAuthApplication(serviceProvider.getApplicationName(), resolveCallbackURL(str));
        } catch (URLBuilderException | IdentityOAuthAdminException | IdentityApplicationManagementException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_CREATING_OAUTH_APP, e, new String[]{serviceProvider.getApplicationResourceId(), str2});
        }
    }

    private void fireOrganizationCreatorSharingEvent(String str) throws OrganizationManagementException {
        HashMap hashMap = new HashMap();
        hashMap.put("ORGANIZATION_ID", str);
        try {
            OrgApplicationMgtDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("POST_SHARED_CONSOLE_APP", hashMap));
        } catch (IdentityEventException e) {
            throw new OrganizationManagementServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getMessage(), OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_FIRING_EVENTS.getCode(), e);
        } catch (IdentityEventClientException e2) {
            throw new OrganizationManagementClientException(e2.getMessage(), e2.getMessage(), e2.getErrorCode(), e2);
        }
    }

    private Optional<String> resolveSharedApp(String str, String str2, String str3) throws OrganizationManagementException {
        return getOrgApplicationMgtDAO().getSharedApplicationResourceId(str, str2, str3);
    }

    private OAuthConsumerAppDTO createOAuthApplication(String str, String str2) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setOauthConsumerKey(UUID.randomUUID().toString());
        oAuthConsumerAppDTO.setOAuthVersion("OAuth-2.0");
        oAuthConsumerAppDTO.setGrantTypes("authorization_code");
        oAuthConsumerAppDTO.setCallbackUrl(str2);
        oAuthConsumerAppDTO.setApplicationName(str);
        return getOAuthAdminService().registerAndRetrieveOAuthApplicationData(oAuthConsumerAppDTO);
    }

    private String resolveCallbackURL(String str) throws URLBuilderException, OrganizationManagementException {
        String resolveTenantDomain = getOrganizationManager().resolveTenantDomain(str);
        if ("carbon.super".equals(resolveTenantDomain)) {
            return ServiceURLBuilder.create().addPath(new String[]{"commonauth"}).setTenant(resolveTenantDomain).build().getAbsolutePublicURL();
        }
        return ServiceURLBuilder.create().addPath(new String[]{String.format(OrgApplicationMgtConstants.TENANT_CONTEXT_PATH_COMPONENT, resolveTenantDomain) + "/commonauth"}).setTenant(resolveTenantDomain).build().getAbsolutePublicURL();
    }

    private void removeOAuthApplication(OAuthConsumerAppDTO oAuthConsumerAppDTO) throws OrganizationManagementException {
        try {
            getOAuthAdminService().removeOAuthApplicationData(oAuthConsumerAppDTO.getOauthConsumerKey());
        } catch (IdentityOAuthAdminException e) {
            throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ERROR_SHARING_APPLICATION, e, new String[]{oAuthConsumerAppDTO.getOauthConsumerKey()});
        }
    }

    private ServiceProvider prepareSharedApplication(ServiceProvider serviceProvider, OAuthConsumerAppDTO oAuthConsumerAppDTO, String str) throws OrganizationManagementException {
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthType(OrgApplicationMgtConstants.AUTH_TYPE_OAUTH_2);
        inboundAuthenticationRequestConfig.setInboundAuthKey(oAuthConsumerAppDTO.getOauthConsumerKey());
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs(new InboundAuthenticationRequestConfig[]{inboundAuthenticationRequestConfig});
        ServiceProvider serviceProvider2 = new ServiceProvider();
        serviceProvider2.setApplicationName(oAuthConsumerAppDTO.getApplicationName());
        serviceProvider2.setDescription(serviceProvider.getDescription());
        serviceProvider2.setInboundAuthenticationConfig(inboundAuthenticationConfig);
        if (ApplicationMgtUtil.isConsole(serviceProvider.getApplicationName())) {
            serviceProvider2.setAccessUrl(resolveAccessURL(serviceProvider.getTenantDomain(), str, "/console"));
        } else if (ApplicationMgtUtil.isMyAccount(serviceProvider.getApplicationName())) {
            String property = IdentityUtil.getProperty("MyAccount.AppBaseName");
            if (StringUtils.isEmpty(property)) {
                property = "/myaccount";
            }
            serviceProvider2.setAccessUrl(resolveAccessURL(serviceProvider.getTenantDomain(), str, property));
        }
        appendFragmentAppProperties(serviceProvider2);
        return serviceProvider2;
    }

    private String resolveAccessURL(String str, String str2, String str3) {
        return IdentityUtil.getServerURL(str3, true, true).replace(str3, "/t/" + str + "/o/" + str2 + str3);
    }

    private void appendFragmentAppProperties(ServiceProvider serviceProvider) {
        ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty();
        serviceProviderProperty.setName(OrgApplicationMgtConstants.IS_FRAGMENT_APP);
        serviceProviderProperty.setValue(Boolean.TRUE.toString());
        ServiceProviderProperty serviceProviderProperty2 = new ServiceProviderProperty();
        serviceProviderProperty2.setName("skipConsent");
        serviceProviderProperty2.setValue(Boolean.TRUE.toString());
        serviceProvider.setSpProperties(new ServiceProviderProperty[]{serviceProviderProperty, serviceProviderProperty2});
    }

    private void validateApplicationShareAccess(String str, String str2) throws OrganizationManagementException {
        if (!StringUtils.equals(str, str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED_APPLICATION_SHARE, new String[]{str2, str});
        }
    }

    private boolean isAlreadySharedApplication(ServiceProvider serviceProvider) {
        return serviceProvider.getSpProperties() != null && Arrays.stream(serviceProvider.getSpProperties()).anyMatch(serviceProviderProperty -> {
            return OrgApplicationMgtConstants.IS_FRAGMENT_APP.equals(serviceProviderProperty.getName()) && Boolean.parseBoolean(serviceProviderProperty.getValue());
        });
    }

    private void validateFragmentApplicationAccess(String str, String str2) throws OrganizationManagementException {
        if (str == null || !StringUtils.equals(str, str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED_FRAGMENT_APP_ACCESS, new String[]{str2, str});
        }
    }

    private boolean shouldUpdateShareWithAllChildren(boolean z, ServiceProvider serviceProvider) {
        if (z && !Arrays.stream(serviceProvider.getSpProperties()).anyMatch(serviceProviderProperty -> {
            return OrgApplicationMgtConstants.SHARE_WITH_ALL_CHILDREN.equals(serviceProviderProperty.getName());
        })) {
            return true;
        }
        if (z && Arrays.stream(serviceProvider.getSpProperties()).anyMatch(serviceProviderProperty2 -> {
            return OrgApplicationMgtConstants.SHARE_WITH_ALL_CHILDREN.equals(serviceProviderProperty2.getName()) && !Boolean.parseBoolean(serviceProviderProperty2.getValue());
        })) {
            return true;
        }
        return !z && Arrays.stream(serviceProvider.getSpProperties()).anyMatch(serviceProviderProperty3 -> {
            return OrgApplicationMgtConstants.SHARE_WITH_ALL_CHILDREN.equals(serviceProviderProperty3.getName()) && Boolean.parseBoolean(serviceProviderProperty3.getValue());
        });
    }

    private Map<String, String> getFilteredChildApplications(String str, String str2, List<String> list) throws OrganizationManagementException {
        return (Map) getOrgApplicationMgtDAO().getSharedApplications(str, str2, list).stream().collect(Collectors.toMap((v0) -> {
            return v0.getOrganizationId();
        }, (v0) -> {
            return v0.getFragmentApplicationId();
        }));
    }

    private OAuthAdminServiceImpl getOAuthAdminService() {
        return OrgApplicationMgtDataHolder.getInstance().getOAuthAdminService();
    }

    private OrganizationManager getOrganizationManager() {
        return OrgApplicationMgtDataHolder.getInstance().getOrganizationManager();
    }

    private ApplicationManagementService getApplicationManagementService() {
        return OrgApplicationMgtDataHolder.getInstance().getApplicationManagementService();
    }

    private OrgApplicationMgtDAO getOrgApplicationMgtDAO() {
        return OrgApplicationMgtDataHolder.getInstance().getOrgApplicationMgtDAO();
    }

    private RealmService getRealmService() {
        return OrgApplicationMgtDataHolder.getInstance().getRealmService();
    }

    private IdpManager getIdentityProviderManager() {
        return OrgApplicationMgtDataHolder.getInstance().getIdpManager();
    }

    private ClaimMetadataManagementService getClaimMetadataManagementService() {
        return OrgApplicationMgtDataHolder.getInstance().getClaimMetadataManagementService();
    }

    private ApplicationSharingManagerListener getListener() {
        return OrgApplicationMgtDataHolder.getInstance().getApplicationSharingManagerListener();
    }
}
