package org.wso2.carbon.identity.organization.user.invitation.management;

import java.security.SecureRandom;
import java.sql.Timestamp;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.OrganizationUserSharingService;
import org.wso2.carbon.identity.organization.management.organization.user.sharing.util.OrganizationSharedUserUtil;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementServerException;
import org.wso2.carbon.identity.organization.management.service.util.Utils;
import org.wso2.carbon.identity.organization.user.invitation.management.constant.UserInvitationMgtConstants;
import org.wso2.carbon.identity.organization.user.invitation.management.dao.UserInvitationDAO;
import org.wso2.carbon.identity.organization.user.invitation.management.dao.UserInvitationDAOImpl;
import org.wso2.carbon.identity.organization.user.invitation.management.exception.UserInvitationMgtClientException;
import org.wso2.carbon.identity.organization.user.invitation.management.exception.UserInvitationMgtException;
import org.wso2.carbon.identity.organization.user.invitation.management.exception.UserInvitationMgtServerException;
import org.wso2.carbon.identity.organization.user.invitation.management.internal.UserInvitationMgtDataHolder;
import org.wso2.carbon.identity.organization.user.invitation.management.models.AudienceInfo;
import org.wso2.carbon.identity.organization.user.invitation.management.models.GroupAssignments;
import org.wso2.carbon.identity.organization.user.invitation.management.models.Invitation;
import org.wso2.carbon.identity.organization.user.invitation.management.models.InvitationDO;
import org.wso2.carbon.identity.organization.user.invitation.management.models.InvitationResult;
import org.wso2.carbon.identity.organization.user.invitation.management.models.RoleAssignments;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.common.Group;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/organization/user/invitation/management/InvitationCoreServiceImpl.class */
public class InvitationCoreServiceImpl implements InvitationCoreService {
    private static final Log LOG = LogFactory.getLog(InvitationCoreServiceImpl.class);
    private static final UserInvitationDAO userInvitationDAO = new UserInvitationDAOImpl();

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public List<InvitationResult> createInvitations(InvitationDO invitationDO) throws UserInvitationMgtException {
        LOG.debug("Creating invitations for the parent organization users.");
        ArrayList arrayList = new ArrayList();
        Invitation invitation = new Invitation();
        String organizationId = Utils.getOrganizationId();
        String resolveTenantDomain = resolveTenantDomain(organizationId);
        validateInvitationPayload(invitationDO, organizationId);
        validateRoleAssignments(invitationDO, resolveTenantDomain);
        validateGroupAssignments(invitationDO, resolveTenantDomain);
        invitation.setInvitedOrganizationId(organizationId);
        try {
            String parentOrganizationId = getOrganizationManager().getParentOrganizationId(organizationId);
            String resolveTenantDomain2 = resolveTenantDomain(parentOrganizationId);
            AbstractUserStoreManager abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(resolveTenantDomain2));
            for (String str : invitationDO.getUsernamesList()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Creating invitation for the user: " + str + " in the organization: " + resolveTenantDomain2);
                }
                String addDomainToName = UserCoreUtil.addDomainToName(str, invitationDO.getUserDomain());
                String userIDFromUserName = abstractUserStoreManager.getUserIDFromUserName(addDomainToName);
                String userManagedOrganizationClaim = StringUtils.isNotBlank(userIDFromUserName) ? OrganizationSharedUserUtil.getUserManagedOrganizationClaim(abstractUserStoreManager, userIDFromUserName) : null;
                if (StringUtils.isNotEmpty(userManagedOrganizationClaim)) {
                    abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(getOrganizationManager().resolveTenantDomain(userManagedOrganizationClaim)));
                }
                InvitationResult userValidationResult = userValidationResult(invitationDO, abstractUserStoreManager, addDomainToName, userIDFromUserName, str, parentOrganizationId, organizationId, resolveTenantDomain2);
                if (UserInvitationMgtConstants.SUCCESS_STATUS.equals(userValidationResult.getStatus())) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Setting invitation creation details for the user: " + str);
                    }
                    String userClaimValue = abstractUserStoreManager.getUserClaimValue(addDomainToName, UserInvitationMgtConstants.CLAIM_EMAIL_ADDRESS, (String) null);
                    invitation.setUsername(str);
                    invitation.setEmail(userClaimValue);
                    invitation.setUserDomain(invitationDO.getUserDomain());
                    invitation.setUserRedirectUrl(invitationDO.getUserRedirectUrl());
                    invitation.setRoleAssignments(invitationDO.getRoleAssignments());
                    invitation.setGroupAssignments(invitationDO.getGroupAssignments());
                    invitation.setUserOrganizationId(parentOrganizationId);
                    invitation.setStatus(UserInvitationMgtConstants.STATUS_PENDING);
                    invitation.setInvitationId(UUID.randomUUID().toString());
                    String uuid = UUID.randomUUID().toString();
                    invitation.setConfirmationCode(uuid);
                    Map<String, String> invitationProperties = invitationDO.getInvitationProperties();
                    invitation.setInvitationProperties(invitationProperties);
                    userInvitationDAO.createInvitation(invitation);
                    Invitation invitationByInvitationId = userInvitationDAO.getInvitationByInvitationId(invitation.getInvitationId());
                    if (isNotificationsInternallyManaged(organizationId, invitationProperties)) {
                        triggerInvitationAddNotification(invitationByInvitationId);
                    } else {
                        LOG.debug("Sending confirmation code in the response since the notifications are managed externally.");
                        userValidationResult.setConfirmationCode(uuid);
                    }
                }
                arrayList.add(userValidationResult);
            }
            return arrayList;
        } catch (UserStoreException | OrganizationManagementException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getDescription(), invitationDO.getUsernamesList()), e);
        }
    }

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public boolean acceptInvitation(String str) throws UserInvitationMgtException {
        Invitation invitationWithAssignmentsByConfirmationCode = userInvitationDAO.getInvitationWithAssignmentsByConfirmationCode(str);
        if (invitationWithAssignmentsByConfirmationCode != null) {
            if (invitationWithAssignmentsByConfirmationCode.getExpiredAt().getTime() > Instant.now().toEpochMilli()) {
                try {
                    String invitedOrganizationId = invitationWithAssignmentsByConfirmationCode.getInvitedOrganizationId();
                    String resolveTenantDomain = resolveTenantDomain(invitedOrganizationId);
                    AbstractUserStoreManager abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(resolveTenantDomain));
                    if (abstractUserStoreManager.isExistingUser(UserCoreUtil.addDomainToName(invitationWithAssignmentsByConfirmationCode.getUsername(), invitationWithAssignmentsByConfirmationCode.getUserDomain()))) {
                        LOG.error("User: " + invitationWithAssignmentsByConfirmationCode.getUsername() + " exists in the organization: " + invitedOrganizationId + ". Hence deleting the invitation with the confirmation code: " + str);
                        userInvitationDAO.deleteInvitation(invitationWithAssignmentsByConfirmationCode.getInvitationId());
                        throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_USER_ALREADY_EXISTS.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_USER_ALREADY_EXISTS.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_USER_ALREADY_EXISTS.getDescription(), invitationWithAssignmentsByConfirmationCode.getUsername(), invitedOrganizationId));
                    }
                    String invitedUserId = getInvitedUserId(invitationWithAssignmentsByConfirmationCode);
                    getOrganizationUserSharingService().shareOrganizationUser(invitedOrganizationId, invitedUserId, invitationWithAssignmentsByConfirmationCode.getUserOrganizationId());
                    String userId = getOrganizationUserSharingService().getUserAssociationOfAssociatedUserByOrgId(invitedUserId, invitedOrganizationId).getUserId();
                    if (ArrayUtils.isNotEmpty(invitationWithAssignmentsByConfirmationCode.getRoleAssignments())) {
                        for (RoleAssignments roleAssignments : invitationWithAssignmentsByConfirmationCode.getRoleAssignments()) {
                            if (getRoleManagementService().isExistingRole(roleAssignments.getRoleId(), resolveTenantDomain)) {
                                getRoleManagementService().updateUserListOfRole(roleAssignments.getRoleId(), Collections.singletonList(userId), Collections.emptyList(), resolveTenantDomain);
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("Role: " + roleAssignments.getRoleId() + " is not exist in the invitedTenantDomain : " + resolveTenantDomain);
                            }
                        }
                    }
                    if (ArrayUtils.isNotEmpty(invitationWithAssignmentsByConfirmationCode.getGroupAssignments())) {
                        for (GroupAssignments groupAssignments : invitationWithAssignmentsByConfirmationCode.getGroupAssignments()) {
                            if (abstractUserStoreManager.isGroupExist(groupAssignments.getGroupId())) {
                                abstractUserStoreManager.updateUserListOfRoleWithID(abstractUserStoreManager.getGroupNameByGroupId(groupAssignments.getGroupId()), new String[0], new String[]{userId});
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("Group: " + groupAssignments.getGroupId() + " does not exist in the invitedTenantDomain : " + resolveTenantDomain);
                            }
                        }
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("User: " + invitationWithAssignmentsByConfirmationCode.getUsername() + " is added to the organization: " + invitedOrganizationId + ". Hence deleting the invitation with the confirmation code: " + str);
                    }
                    userInvitationDAO.deleteInvitation(invitationWithAssignmentsByConfirmationCode.getInvitationId());
                    return true;
                } catch (UserStoreException | OrganizationManagementException | IdentityRoleManagementException e) {
                    UserCoreUtil.removeSkipPasswordPatternValidationThreadLocal();
                    throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ACCEPT_INVITATION.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ACCEPT_INVITATION.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ACCEPT_INVITATION.getDescription(), str), e);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.error("Invitation with the confirmation code: " + str + " is expired. Hence deleting the invitation.");
            }
            userInvitationDAO.deleteInvitation(invitationWithAssignmentsByConfirmationCode.getInvitationId());
        }
        throw new UserInvitationMgtException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getDescription(), str));
    }

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public Invitation introspectInvitation(String str) throws UserInvitationMgtException {
        Invitation invitationByConfirmationCode = userInvitationDAO.getInvitationByConfirmationCode(str);
        if (invitationByConfirmationCode == null) {
            throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CONFIRMATION_CODE.getDescription(), str));
        }
        Instant now = Instant.now();
        invitationByConfirmationCode.setStatus(UserInvitationMgtConstants.STATUS_PENDING);
        if (invitationByConfirmationCode.getExpiredAt().getTime() < now.toEpochMilli()) {
            invitationByConfirmationCode.setStatus(UserInvitationMgtConstants.STATUS_EXPIRED);
        }
        return invitationByConfirmationCode;
    }

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public List<Invitation> getInvitations(String str) throws UserInvitationMgtException {
        String str2 = null;
        String str3 = null;
        String str4 = null;
        if (StringUtils.isNotBlank(str) && isFilteringAttributeSupported(str)) {
            String[] split = str.split(" ");
            if (split.length != 3) {
                throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_FILTER.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_FILTER.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_FILTER.getDescription(), str));
            }
            str2 = split[0];
            str3 = split[1];
            str4 = split[2];
        }
        List<Invitation> invitationsByOrganization = userInvitationDAO.getInvitationsByOrganization(Utils.getOrganizationId(), str2, str3, str4);
        for (Invitation invitation : invitationsByOrganization) {
            invitation.setRoleAssignments(processingRoleAssignments(invitation.getRoleAssignments(), invitation.getInvitedOrganizationId()));
            invitation.setGroupAssignments(processingGroupAssignments(invitation.getGroupAssignments(), invitation.getInvitedOrganizationId()));
        }
        Instant now = Instant.now();
        for (Invitation invitation2 : invitationsByOrganization) {
            invitation2.setStatus(UserInvitationMgtConstants.STATUS_PENDING);
            if (invitation2.getExpiredAt().getTime() < now.toEpochMilli()) {
                invitation2.setStatus(UserInvitationMgtConstants.STATUS_EXPIRED);
            }
        }
        return invitationsByOrganization;
    }

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public boolean deleteInvitation(String str) throws UserInvitationMgtException {
        Invitation invitationByInvitationId = userInvitationDAO.getInvitationByInvitationId(str);
        String organizationId = Utils.getOrganizationId();
        if (invitationByInvitationId != null) {
            if (invitationByInvitationId.getInvitedOrganizationId().equals(organizationId)) {
                return userInvitationDAO.deleteInvitation(str);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Invitation with id: " + str + " is not belongs to the organization: " + organizationId);
            }
        }
        throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_INVITATION_ID.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_INVITATION_ID.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_INVITATION_ID.getDescription(), str));
    }

    @Override // org.wso2.carbon.identity.organization.user.invitation.management.InvitationCoreService
    public Invitation resendInvitation(String str, String str2) throws UserInvitationMgtException {
        OrganizationManager organizationManagerService = UserInvitationMgtDataHolder.getInstance().getOrganizationManagerService();
        String organizationId = Utils.getOrganizationId();
        try {
            Invitation activeInvitationByUser = userInvitationDAO.getActiveInvitationByUser(str, str2, organizationManagerService.getParentOrganizationId(organizationId), organizationId);
            if (activeInvitationByUser == null) {
                throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_NO_INVITATION_FOR_USER.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_NO_INVITATION_FOR_USER.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_NO_INVITATION_FOR_USER.getDescription(), str));
            }
            if (!activeInvitationByUser.getExpiredAt().after(new Timestamp(new Date().getTime()))) {
                throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVITATION_EXPIRED.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVITATION_EXPIRED.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVITATION_EXPIRED.getDescription(), str));
            }
            if (isNotificationsInternallyManaged(organizationId, activeInvitationByUser.getInvitationProperties())) {
                triggerInvitationAddNotification(activeInvitationByUser);
            }
            return activeInvitationByUser;
        } catch (OrganizationManagementException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RESEND_INVITATION.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RESEND_INVITATION.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNABLE_TO_RESEND_INVITATION.getDescription(), str), e);
        }
    }

    private void validateInvitationPayload(InvitationDO invitationDO, String str) throws UserInvitationMgtServerException {
        LOG.debug("Validating the invitation payload.");
        if (StringUtils.isEmpty(invitationDO.getUserDomain())) {
            invitationDO.setUserDomain(IdentityUtil.getProperty(UserInvitationMgtConstants.ORG_USER_INVITATION_USER_DOMAIN));
        }
        if (StringUtils.isEmpty(invitationDO.getUserRedirectUrl())) {
            try {
                invitationDO.setUserRedirectUrl(ServiceURLBuilder.create().addPath(new String[]{IdentityUtil.getProperty(UserInvitationMgtConstants.ORG_USER_INVITATION_DEFAULT_REDIRECT_URL)}).setOrganization(str).build().getAbsolutePublicURL());
            } catch (URLBuilderException e) {
                throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CONSTRUCT_REDIRECT_URL.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CONSTRUCT_REDIRECT_URL.getDescription(), (Throwable) e);
            }
        }
    }

    private AbstractUserStoreManager getAbstractUserStoreManager(int i) throws UserStoreException {
        return UserInvitationMgtDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager();
    }

    private String getInvitedUserId(Invitation invitation) throws UserInvitationMgtServerException {
        String addDomainToName = UserCoreUtil.addDomainToName(invitation.getUsername(), invitation.getUserDomain());
        try {
            AbstractUserStoreManager abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(resolveTenantDomain(invitation.getUserOrganizationId())));
            String userIDFromUserName = abstractUserStoreManager.getUserIDFromUserName(addDomainToName);
            String userManagedOrganizationClaim = OrganizationSharedUserUtil.getUserManagedOrganizationClaim(abstractUserStoreManager, userIDFromUserName);
            if (userManagedOrganizationClaim == null) {
                return userIDFromUserName;
            }
            String userOrganizationId = invitation.getUserOrganizationId();
            invitation.setUserOrganizationId(userManagedOrganizationClaim);
            return getOrganizationUserSharingService().getUserAssociation(userIDFromUserName, userOrganizationId).getAssociatedUserId();
        } catch (UserStoreException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getMessage(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getDescription(), e);
        } catch (OrganizationManagementException e2) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getDescription(), invitation.getUserOrganizationId()), e2);
        }
    }

    private void triggerInvitationAddNotification(Invitation invitation) throws UserInvitationMgtServerException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Triggering the event for invitation creation for the user: " + invitation.getUsername());
        }
        HashMap hashMap = new HashMap();
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_USER_NAME, invitation.getUsername());
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_EMAIL_ADDRESS, invitation.getEmail());
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_CONFIRMATION_CODE, invitation.getConfirmationCode());
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_TENANT_DOMAIN, invitation.getInvitedOrganizationId());
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_REDIRECT_URL, invitation.getUserRedirectUrl());
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_PROPERTIES, invitation.getInvitationProperties());
        try {
            UserInvitationMgtDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(UserInvitationMgtConstants.EVENT_NAME_POST_ADD_INVITATION, hashMap));
        } catch (IdentityEventException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_EVENT_HANDLE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_EVENT_HANDLE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_EVENT_HANDLE.getDescription(), invitation.getUsername()), e);
        }
    }

    private boolean isFilteringAttributeSupported(String str) throws UserInvitationMgtClientException {
        List asList = Arrays.asList(UserInvitationMgtConstants.STATUS_PENDING, UserInvitationMgtConstants.STATUS_EXPIRED);
        if (!StringUtils.contains(str, UserInvitationMgtConstants.FILTER_STATUS_EQ)) {
            throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE.getDescription(), str));
        }
        String substringAfter = StringUtils.substringAfter(str, UserInvitationMgtConstants.FILTER_STATUS_EQ);
        if (asList.contains(substringAfter)) {
            return true;
        }
        throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE_VALUE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE_VALUE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_ATTRIBUTE_VALUE.getDescription(), substringAfter));
    }

    private boolean isActiveInvitationAvailable(String str, String str2, String str3, String str4) throws UserInvitationMgtException {
        Invitation activeInvitationByUser = userInvitationDAO.getActiveInvitationByUser(str, str2, str3, str4);
        if (activeInvitationByUser == null) {
            return false;
        }
        return activeInvitationByUser.getExpiredAt().after(new Timestamp(new Date().getTime()));
    }

    private String getAvailableGroupName() throws UserStoreException {
        return "DEFAULT/invitedOrgUserGroup-" + String.format("%06d", Integer.valueOf(new SecureRandom().nextInt(999999)));
    }

    private void triggerRoleAssignmentEvent(String str, String str2, List<RoleAssignments> list) {
        HashMap hashMap = new HashMap();
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_ORG_ID, str);
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_GROUP_NAME, str2);
        hashMap.put(UserInvitationMgtConstants.EVENT_PROP_ROLE_ASSIGNMENTS, list);
        try {
            UserInvitationMgtDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(UserInvitationMgtConstants.EVENT_POST_ADD_INVITED_ORG_USER, hashMap));
        } catch (IdentityEventException e) {
            LOG.error("Error while triggering role assignment event for group: " + str2 + " in organization: " + str, e);
        }
    }

    private OrganizationUserSharingService getOrganizationUserSharingService() {
        return UserInvitationMgtDataHolder.getInstance().getOrganizationUserSharingService();
    }

    private OrganizationManager getOrganizationManager() {
        return UserInvitationMgtDataHolder.getInstance().getOrganizationManagerService();
    }

    private RoleManagementService getRoleManagementService() {
        return UserInvitationMgtDataHolder.getInstance().getRoleManagementService();
    }

    private RoleAssignments[] processingRoleAssignments(RoleAssignments[] roleAssignmentsArr, String str) throws UserInvitationMgtServerException {
        String resolveTenantDomain = resolveTenantDomain(str);
        ArrayList arrayList = new ArrayList(Arrays.asList(roleAssignmentsArr));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            RoleAssignments roleAssignments = (RoleAssignments) it.next();
            try {
                if (getRoleManagementService().isExistingRole(roleAssignments.getRoleId(), resolveTenantDomain)) {
                    Role roleWithoutUsers = getRoleManagementService().getRoleWithoutUsers(roleAssignments.getRoleId(), str);
                    AudienceInfo audienceInfo = new AudienceInfo();
                    audienceInfo.setApplicationType(roleWithoutUsers.getAudience());
                    audienceInfo.setApplicationId(roleWithoutUsers.getAudienceId());
                    audienceInfo.setApplicationName(roleWithoutUsers.getAudienceName());
                    roleAssignments.setAudience(audienceInfo);
                    roleAssignments.setRoleName(roleWithoutUsers.getName());
                } else {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Role: " + roleAssignments.getRoleId() + " does not exist in the invitedTenantDomain : " + resolveTenantDomain);
                    }
                    it.remove();
                }
            } catch (IdentityRoleManagementException e) {
                throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_ROLE_ASSIGNMENTS_BY_ROLE_ID.getDescription(), roleAssignments.getRoleId()), e);
            }
        }
        return (RoleAssignments[]) arrayList.toArray(new RoleAssignments[0]);
    }

    private GroupAssignments[] processingGroupAssignments(GroupAssignments[] groupAssignmentsArr, String str) throws UserInvitationMgtServerException {
        try {
            String resolveTenantDomain = resolveTenantDomain(str);
            AbstractUserStoreManager abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(resolveTenantDomain));
            ArrayList arrayList = new ArrayList(Arrays.asList(groupAssignmentsArr));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                GroupAssignments groupAssignments = (GroupAssignments) it.next();
                try {
                    if (abstractUserStoreManager.isGroupExist(groupAssignments.getGroupId())) {
                        Group group = abstractUserStoreManager.getGroup(groupAssignments.getGroupId(), Collections.singletonList("displayName"));
                        groupAssignments.setGroupId(group.getGroupID());
                        groupAssignments.setDisplayName(group.getDisplayName());
                    } else {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Group: " + groupAssignments.getGroupId() + " does not exist in the invitedTenantDomain : " + resolveTenantDomain);
                        }
                        it.remove();
                    }
                } catch (org.wso2.carbon.user.core.UserStoreException e) {
                    throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_GROUP_ASSIGNMENTS_BY_GROUP_ID.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_GROUP_ASSIGNMENTS_BY_GROUP_ID.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_GROUP_ASSIGNMENTS_BY_GROUP_ID.getDescription(), groupAssignments.getGroupId()), e);
                }
            }
            return (GroupAssignments[]) arrayList.toArray(new GroupAssignments[0]);
        } catch (UserStoreException e2) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getMessage(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_USER_STORE_MANAGER.getDescription(), e2);
        }
    }

    private boolean isUserExistAtInvitedOrganization(String str) throws UserStoreException {
        if (!getAbstractUserStoreManager(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId()).isExistingUser(str)) {
            return false;
        }
        if (!LOG.isDebugEnabled()) {
            return true;
        }
        LOG.debug("User: " + str + " is already exists in the organization.");
        return true;
    }

    private boolean isConsoleAudienceAvailableInRole(InvitationDO invitationDO, String str) throws IdentityRoleManagementException {
        if (!ArrayUtils.isNotEmpty(invitationDO.getRoleAssignments())) {
            return false;
        }
        for (RoleAssignments roleAssignments : invitationDO.getRoleAssignments()) {
            Role roleWithoutUsers = getRoleManagementService().getRoleWithoutUsers(roleAssignments.getRole(), str);
            if (roleWithoutUsers != null && "Console".equals(roleWithoutUsers.getAudienceName())) {
                return true;
            }
        }
        return false;
    }

    private void validateRoleAssignments(InvitationDO invitationDO, String str) throws UserInvitationMgtException {
        LOG.debug("Validating the role assignments in the invitation.");
        try {
            if (ArrayUtils.isNotEmpty(invitationDO.getRoleAssignments())) {
                for (RoleAssignments roleAssignments : invitationDO.getRoleAssignments()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Validating the role: " + roleAssignments.getRole() + " in the invitation.");
                    }
                    if (!getRoleManagementService().isExistingRole(roleAssignments.getRole(), str)) {
                        throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_ROLE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_ROLE.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_ROLE.getDescription(), roleAssignments.getRole()));
                    }
                }
            }
        } catch (IdentityRoleManagementException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ROLE_EXISTENCE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ROLE_EXISTENCE.getMessage(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ROLE_EXISTENCE.getDescription());
        }
    }

    private void validateGroupAssignments(InvitationDO invitationDO, String str) throws UserInvitationMgtException {
        LOG.debug("Validating the group assignments in the invitation.");
        try {
            if (ArrayUtils.isNotEmpty(invitationDO.getGroupAssignments())) {
                AbstractUserStoreManager abstractUserStoreManager = getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(str));
                for (GroupAssignments groupAssignments : invitationDO.getGroupAssignments()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Validating the group: " + groupAssignments.getGroupId() + " in the invitation.");
                    }
                    if (!abstractUserStoreManager.isGroupExist(groupAssignments.getGroupId())) {
                        throw new UserInvitationMgtClientException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_GROUP.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_GROUP.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVALID_GROUP.getDescription(), groupAssignments.getGroupId()));
                    }
                }
            }
        } catch (UserStoreException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GROUP_EXISTENCE.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GROUP_EXISTENCE.getMessage(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GROUP_EXISTENCE.getDescription());
        }
    }

    private String resolveTenantDomain(String str) throws UserInvitationMgtServerException {
        try {
            return getOrganizationManager().resolveTenantDomain(str);
        } catch (OrganizationManagementException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_GET_TENANT_FROM_ORG.getDescription(), str), e);
        }
    }

    private boolean isInvitedUserHasConsoleAccess(String str, String str2) throws IdentityRoleManagementException, UserStoreException {
        List roleListOfUser = getRoleManagementService().getRoleListOfUser(str, str2);
        List roleListOfGroups = getRoleManagementService().getRoleListOfGroups(getUserGroups(str, str2), str2);
        if (!roleListOfGroups.isEmpty()) {
            roleListOfUser.addAll(roleListOfGroups);
        }
        return roleListOfUser.stream().anyMatch(roleBasicInfo -> {
            return "Console".equals(roleBasicInfo.getAudienceName());
        });
    }

    private List<String> getUserGroups(String str, String str2) throws UserStoreException {
        ArrayList arrayList = new ArrayList();
        for (Group group : getAbstractUserStoreManager(IdentityTenantUtil.getTenantId(str2)).getGroupListOfUser(str, (String) null, (String) null)) {
            String extractDomainFromName = UserCoreUtil.extractDomainFromName(group.getGroupName());
            if (!"Internal".equalsIgnoreCase(extractDomainFromName) && !"Application".equalsIgnoreCase(extractDomainFromName)) {
                arrayList.add(group.getGroupID());
            }
        }
        return arrayList;
    }

    private InvitationResult userValidationResult(InvitationDO invitationDO, AbstractUserStoreManager abstractUserStoreManager, String str, String str2, String str3, String str4, String str5, String str6) throws UserInvitationMgtException {
        InvitationResult invitationResult = new InvitationResult();
        invitationResult.setUsername(str3);
        try {
            if (isUserExistAtInvitedOrganization(str)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("User " + str2 + " is already exists in the organization " + str5);
                }
                invitationResult.setStatus(UserInvitationMgtConstants.FAIL_STATUS);
                invitationResult.setErrorMsg(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_USER_ALREADY_EXISTS_INVITED_ORGANIZATION);
                return invitationResult;
            }
            if (isActiveInvitationAvailable(str3, invitationDO.getUserDomain(), str4, str5)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Active invitation is already available for the user: " + str2 + " in the organization: " + str5);
                }
                invitationResult.setStatus(UserInvitationMgtConstants.FAIL_STATUS);
                invitationResult.setErrorMsg(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_ACTIVE_INVITATION_EXISTS);
                return invitationResult;
            }
            if (!abstractUserStoreManager.isExistingUser(str)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("User: " + str2 + " is not exists in the organization: " + str4);
                }
                invitationResult.setStatus(UserInvitationMgtConstants.FAIL_STATUS);
                invitationResult.setErrorMsg(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_USER_NOT_FOUND);
                return invitationResult;
            }
            if (StringUtils.isEmpty(abstractUserStoreManager.getUserClaimValue(str, UserInvitationMgtConstants.CLAIM_EMAIL_ADDRESS, (String) null))) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Couldn't resolve the email claim of the invited user :" + str2);
                }
                invitationResult.setStatus(UserInvitationMgtConstants.FAIL_STATUS);
                invitationResult.setErrorMsg(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_INVITED_USER_EMAIL_NOT_FOUND);
                return invitationResult;
            }
            if (!isConsoleAudienceAvailableInRole(invitationDO, resolveTenantDomain(str5)) || isInvitedUserHasConsoleAccess(str2, str6)) {
                invitationResult.setStatus(UserInvitationMgtConstants.SUCCESS_STATUS);
                return invitationResult;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("The user: " + str2 + " is not having the console access.");
            }
            invitationResult.setStatus(UserInvitationMgtConstants.FAIL_STATUS);
            invitationResult.setErrorMsg(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CONSOLE_ACCESS_RESTRICTED);
            return invitationResult;
        } catch (UserStoreException | IdentityRoleManagementException e) {
            throw new UserInvitationMgtServerException(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getCode(), UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getMessage(), String.format(UserInvitationMgtConstants.ErrorMessage.ERROR_CODE_CREATE_INVITATION.getDescription(), str3), e);
        }
    }

    private boolean isNotificationsInternallyManaged(String str, Map<String, String> map) throws UserInvitationMgtServerException {
        if (MapUtils.isEmpty(map)) {
            return isNotificationsInternallyManagedForOrganization(str);
        }
        String str2 = map.get("manageNotificationsInternally");
        return StringUtils.isNotEmpty(str2) ? Boolean.parseBoolean(str2) : isNotificationsInternallyManagedForOrganization(str);
    }

    private boolean isNotificationsInternallyManagedForOrganization(String str) throws UserInvitationMgtServerException {
        try {
            boolean parseBoolean = Boolean.parseBoolean(org.wso2.carbon.identity.recovery.util.Utils.getConnectorConfig("EmailVerification.Notification.InternallyManage", resolveTenantDomain(getOrganizationManager().getPrimaryOrganizationId(str))));
            if (LOG.isDebugEnabled()) {
                if (parseBoolean) {
                    LOG.debug("Notification will be managed internally for the organization: " + str);
                } else {
                    LOG.debug("Notification will be managed externally for the organization: " + str);
                }
            }
            return parseBoolean;
        } catch (OrganizationManagementServerException | IdentityEventException e) {
            throw new UserInvitationMgtServerException(e.getMessage());
        }
    }
}
