package org.wso2.carbon.identity.organization.management.role.management.service;

import com.google.gson.JsonSyntaxException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.ExpressionNode;
import org.wso2.carbon.identity.core.model.FilterTreeBuilder;
import org.wso2.carbon.identity.organization.management.role.management.service.constant.RoleManagementConstants;
import org.wso2.carbon.identity.organization.management.role.management.service.dao.RoleManagementDAO;
import org.wso2.carbon.identity.organization.management.role.management.service.dao.RoleManagementDAOImpl;
import org.wso2.carbon.identity.organization.management.role.management.service.internal.RoleManagementDataHolder;
import org.wso2.carbon.identity.organization.management.role.management.service.models.Cursor;
import org.wso2.carbon.identity.organization.management.role.management.service.models.PatchOperation;
import org.wso2.carbon.identity.organization.management.role.management.service.models.Role;
import org.wso2.carbon.identity.organization.management.role.management.service.models.RolesResponse;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.constant.OrganizationManagementConstants;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/organization/management/role/management/service/RoleManagerImpl.class */
public class RoleManagerImpl implements RoleManager {
    private static final RoleManagementDAO roleManagementDAO = new RoleManagementDAOImpl();

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public Role createRole(String str, Role role) throws OrganizationManagementException {
        if (!StringUtils.equals(RoleManagementConstants.ORG_CREATOR_ROLE, role.getDisplayName())) {
            validateOrganizationRoleAllowedToAccess(str);
        }
        role.setId(Utils.generateUniqueID());
        validateOrganizationId(str);
        if (StringUtils.equals("10084a8d-113f-4211-a0d5-efe36b082211", str)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_SUPER_ORG_ROLE_CREATE, new String[]{str});
        }
        validateRoleNameNotExist(str, role.getDisplayName());
        if (CollectionUtils.isNotEmpty(role.getUsers())) {
            List<String> list = (List) role.getUsers().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list)) {
                validateUsers(list, str);
            }
        }
        if (CollectionUtils.isNotEmpty(role.getGroups())) {
            List<String> list2 = (List) role.getGroups().stream().map((v0) -> {
                return v0.getGroupId();
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list2)) {
                validateGroups(list2, Utils.getTenantId());
            }
        }
        roleManagementDAO.createRole(str, role);
        return new Role(role.getId(), role.getDisplayName());
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public Role getRoleById(String str, String str2) throws OrganizationManagementException {
        validateOrganizationRoleAllowedToAccess(str);
        validateOrganizationId(str);
        validateRoleId(str, str2);
        return roleManagementDAO.getRoleById(str, str2);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public RolesResponse getOrganizationRoles(int i, String str, String str2, String str3) throws OrganizationManagementException {
        validateOrganizationRoleAllowedToAccess(str2);
        String cursorDirection = RoleManagementConstants.CursorDirection.FORWARD.toString();
        String str4 = " ";
        String str5 = null;
        String str6 = null;
        validateOrganizationId(str2);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        getExpressionNodes(str, arrayList, arrayList2);
        if (StringUtils.isNotBlank(str3)) {
            Cursor decodeCursor = decodeCursor(str3);
            str4 = decodeCursor.getCursorValue();
            cursorDirection = decodeCursor.getDirection();
        }
        List<Role> organizationRoles = roleManagementDAO.getOrganizationRoles(str2, i + 1, arrayList, arrayList2, str4, cursorDirection);
        if (StringUtils.equals(RoleManagementConstants.CursorDirection.FORWARD.toString(), cursorDirection)) {
            if (StringUtils.isNotBlank(str4)) {
                str6 = encodeCursor(str4, RoleManagementConstants.CursorDirection.BACKWARD.toString());
            }
            if (organizationRoles.size() == i + 1) {
                str5 = encodeCursor(organizationRoles.get(i - 1).getDisplayName(), cursorDirection);
                organizationRoles.remove(i);
            }
        } else {
            str5 = encodeCursor(str4, RoleManagementConstants.CursorDirection.FORWARD.toString());
            if (organizationRoles.size() == i + 1) {
                str6 = encodeCursor(organizationRoles.get(0).getDisplayName(), cursorDirection);
                organizationRoles.remove(0);
            }
        }
        return new RolesResponse(str5, roleManagementDAO.getTotalOrganizationRoles(str2, arrayList, arrayList2), str6, i, organizationRoles);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public List<Role> getUserOrganizationRoles(String str, String str2) throws OrganizationManagementException {
        return roleManagementDAO.getUserOrganizationRoles(str, str2);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public List<String> getUserOrganizationPermissions(String str, String str2) throws OrganizationManagementException {
        return roleManagementDAO.getUserOrganizationPermissions(str, str2);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public Role patchRole(String str, String str2, List<PatchOperation> list) throws OrganizationManagementException {
        validateOrganizationRoleAllowedToAccess(str);
        validateOrganizationId(str);
        validateRoleId(str, str2);
        if (!isRoleModifiable(str, str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_IS_UNMODIFIABLE, new String[]{str2});
        }
        for (PatchOperation patchOperation : list) {
            String path = patchOperation.getPath();
            String op = patchOperation.getOp();
            if (StringUtils.contains(path, "[")) {
                path = StringUtils.strip(path.split("\\[")[0]);
            }
            if (StringUtils.equalsIgnoreCase(path, RoleManagementConstants.DISPLAY_NAME) && StringUtils.equalsIgnoreCase(op, "REMOVE")) {
                throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_REMOVING_REQUIRED_ATTRIBUTE, new String[]{RoleManagementConstants.DISPLAY_NAME, "REMOVE".toLowerCase()});
            }
            if (!StringUtils.equalsIgnoreCase(path, RoleManagementConstants.DISPLAY_NAME) && !StringUtils.equalsIgnoreCase(path, RoleManagementConstants.USERS) && !StringUtils.equalsIgnoreCase(path, RoleManagementConstants.GROUPS) && !StringUtils.equalsIgnoreCase(path, RoleManagementConstants.PERMISSIONS)) {
                throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ATTRIBUTE_PATCHING, new String[]{path, patchOperation.getOp()});
            }
            if (CollectionUtils.isNotEmpty(patchOperation.getValues())) {
                if (StringUtils.equalsIgnoreCase(path, RoleManagementConstants.USERS)) {
                    validateUsers(patchOperation.getValues(), str);
                } else if (StringUtils.equalsIgnoreCase(path, RoleManagementConstants.GROUPS)) {
                    validateGroups(patchOperation.getValues(), Utils.getTenantId());
                } else if (StringUtils.equalsIgnoreCase(path, RoleManagementConstants.DISPLAY_NAME)) {
                    validatePatchOpDisplayName(patchOperation.getValues(), str);
                }
            }
        }
        return roleManagementDAO.patchRole(str, str2, list);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public Role putRole(String str, String str2, Role role) throws OrganizationManagementException {
        validateOrganizationRoleAllowedToAccess(str);
        validateOrganizationId(str);
        validateRoleId(str, str2);
        if (!isRoleModifiable(str, str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_IS_UNMODIFIABLE, new String[]{str2});
        }
        if (StringUtils.isBlank(role.getDisplayName())) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_DISPLAY_NAME_NULL, new String[0]);
        }
        if (CollectionUtils.isNotEmpty(role.getUsers())) {
            List<String> list = (List) role.getUsers().stream().map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list)) {
                validateUsers(list, str);
            }
        }
        if (CollectionUtils.isNotEmpty(role.getGroups())) {
            List<String> list2 = (List) role.getGroups().stream().map((v0) -> {
                return v0.getGroupId();
            }).collect(Collectors.toList());
            if (CollectionUtils.isNotEmpty(list2)) {
                validateGroups(list2, Utils.getTenantId());
            }
        }
        return roleManagementDAO.putRole(str, str2, role);
    }

    @Override // org.wso2.carbon.identity.organization.management.role.management.service.RoleManager
    public void deleteRole(String str, String str2) throws OrganizationManagementException {
        validateOrganizationRoleAllowedToAccess(str);
        validateOrganizationId(str);
        validateRoleId(str, str2);
        if (!isRoleModifiable(str, str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_IS_UNMODIFIABLE, new String[]{str2});
        }
        roleManagementDAO.deleteRole(str, str2);
    }

    private OrganizationManager getOrganizationManager() {
        return RoleManagementDataHolder.getInstance().getOrganizationManager();
    }

    private void getExpressionNodes(String str, List<ExpressionNode> list, List<String> list2) throws OrganizationManagementException {
        try {
            if (StringUtils.isNotBlank(str)) {
                org.wso2.carbon.identity.organization.management.role.management.service.util.Utils.setExpressionNodeAndOperatorLists(new FilterTreeBuilder(str).buildTree(), list, list2, true);
            }
        } catch (IOException | IdentityException e) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_FILTER_FORMAT, new String[0]);
        }
    }

    private void validateOrganizationId(String str) throws OrganizationManagementException {
        if (!getOrganizationManager().isOrganizationExistById(str)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ORGANIZATION, new String[]{str, Integer.toString(Utils.getTenantId())});
        }
    }

    private void validateRoleId(String str, String str2) throws OrganizationManagementException {
        if (!roleManagementDAO.checkRoleExists(str, StringUtils.strip(str2), null)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ROLE, new String[]{str2});
        }
    }

    private void validateRoleNameNotExist(String str, String str2) throws OrganizationManagementException {
        if (StringUtils.isBlank(str2)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_DISPLAY_NAME_NULL, new String[0]);
        }
        if (roleManagementDAO.checkRoleExists(str, null, StringUtils.strip(str2))) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_DISPLAY_NAME_ALREADY_EXISTS, new String[]{str2, str});
        }
    }

    private void validateUsers(List<String> list, String str) throws OrganizationManagementException {
        for (String str2 : list) {
            RoleManagementDataHolder.getInstance().getOrganizationUserResidentResolverService().resolveResidentOrganization(str2, str).orElseThrow(() -> {
                return Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_USER_ID, new String[]{str2});
            });
        }
    }

    private boolean isRoleModifiable(String str, String str2) throws OrganizationManagementException {
        Role roleById = roleManagementDAO.getRoleById(str, str2);
        if (roleById == null) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_ROLE, new String[]{str2});
        }
        return !RoleManagementConstants.ORG_CREATOR_ROLE.equalsIgnoreCase(roleById.getDisplayName());
    }

    private void validateGroups(List<String> list, int i) throws OrganizationManagementException {
        for (String str : list) {
            try {
                if (!getUserStoreManager(i).isGroupExist(str)) {
                    throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_INVALID_GROUP_ID, new String[]{str});
                }
            } catch (UserStoreException e) {
                throw Utils.handleServerException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_GETTING_GROUP_VALIDITY, e, new String[]{str});
            }
        }
    }

    private void validatePatchOpDisplayName(List<String> list, String str) throws OrganizationManagementException {
        if (list.size() > 1) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_DISPLAY_NAME_MULTIPLE_VALUES, new String[0]);
        }
        validateRoleNameNotExist(str, list.get(0));
    }

    private AbstractUserStoreManager getUserStoreManager(int i) throws UserStoreException {
        return RoleManagementDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager();
    }

    private String encodeCursor(String str, String str2) {
        return Base64.getEncoder().withoutPadding().encodeToString(org.wso2.carbon.identity.organization.management.role.management.service.util.Utils.getGson().toJson(new Cursor(str, str2)).getBytes(StandardCharsets.UTF_8));
    }

    private Cursor decodeCursor(String str) throws OrganizationManagementException {
        try {
            return (Cursor) org.wso2.carbon.identity.organization.management.role.management.service.util.Utils.getGson().fromJson(new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8), Cursor.class);
        } catch (JsonSyntaxException e) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_ROLE_LIST_INVALID_CURSOR, new String[]{str});
        }
    }

    private void validateOrganizationRoleAllowedToAccess(String str) throws OrganizationManagementException {
        String organizationId = Utils.getOrganizationId();
        if (!StringUtils.equals(str, organizationId)) {
            throw Utils.handleClientException(OrganizationManagementConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED_ORG_ROLE_ACCESS, new String[]{str, organizationId});
        }
    }
}
