package org.wso2.identity.apps.common.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AssociatedRolesConfig;
import org.wso2.carbon.identity.application.common.model.Claim;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.IdentityOAuthAdminException;
import org.wso2.carbon.identity.oauth.OAuthUtil;
import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.identity.apps.common.internal.AppsCommonDataHolder;
import org.wso2.identity.apps.common.util.AppPortalConstants;

/* loaded from: input_file:org/wso2/identity/apps/common/util/AppPortalUtils.class */
public class AppPortalUtils {
    private AppPortalUtils() {
    }

    public static void createOAuth2Application(String str, String str2, String str3, String str4, String str5, int i, String str6, String str7, List<String> list) throws IdentityOAuthAdminException {
        OAuthConsumerAppDTO oAuthConsumerAppDTO = new OAuthConsumerAppDTO();
        oAuthConsumerAppDTO.setApplicationName(str);
        oAuthConsumerAppDTO.setOAuthVersion("OAuth-2.0");
        oAuthConsumerAppDTO.setOauthConsumerKey(str3);
        oAuthConsumerAppDTO.setOauthConsumerSecret(str4);
        if (AppPortalConstants.CONSOLE_APP.equals(str) && StringUtils.isNotEmpty(IdentityUtil.getProperty(AppPortalConstants.CONSOLE_PORTAL_PATH))) {
            str2 = IdentityUtil.getProperty(AppPortalConstants.CONSOLE_PORTAL_PATH);
        }
        if (AppPortalConstants.MYACCOUNT_APP.equals(str) && StringUtils.isNotEmpty(IdentityUtil.getProperty(AppPortalConstants.MYACCOUNT_PORTAL_PATH))) {
            str2 = IdentityUtil.getProperty(AppPortalConstants.MYACCOUNT_PORTAL_PATH);
        }
        if (!str2.startsWith("/")) {
            str2 = "/" + str2;
        }
        try {
            String resolveOriginUrlFromPlaceholders = ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(ApplicationMgtUtil.replaceUrlOriginWithPlaceholders(IdentityUtil.getServerURL(str2, true, true)), str);
            if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue()) {
                resolveOriginUrlFromPlaceholders = "carbon.super".equals(str6) ? "regexp=(" + resolveOriginUrlFromPlaceholders + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/o/(.*)" + str2) + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/carbon.super" + str2) + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/carbon.super/o/(.*)" + str2) + ")" : "regexp=(" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/(.*)" + str2) + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/(.*)/o/(.*)" + str2) + ")";
            } else if ("carbon.super".equals(str6)) {
                resolveOriginUrlFromPlaceholders = (StringUtils.equals(AppPortalConstants.CONSOLE_APP, str) && AppsCommonDataHolder.getInstance().isOrganizationManagementEnabled()) ? "regexp=(" + resolveOriginUrlFromPlaceholders + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/(.*)" + str2) + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/o/(.*)" + str2) + ")" : "regexp=(" + resolveOriginUrlFromPlaceholders + "|" + resolveOriginUrlFromPlaceholders.replace(str2, "/t/(.*)" + str2) + ")";
            }
            oAuthConsumerAppDTO.setCallbackUrl(resolveOriginUrlFromPlaceholders);
            oAuthConsumerAppDTO.setBypassClientCredentials(true);
            if (list != null && !list.isEmpty()) {
                oAuthConsumerAppDTO.setGrantTypes(String.join(" ", list));
            }
            oAuthConsumerAppDTO.setPkceMandatory(true);
            oAuthConsumerAppDTO.setTokenBindingType(str7);
            oAuthConsumerAppDTO.setTokenBindingValidationEnabled(true);
            oAuthConsumerAppDTO.setTokenRevocationWithIDPSessionTerminationEnabled(true);
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantId(i);
                threadLocalCarbonContext.setTenantDomain(str6);
                threadLocalCarbonContext.setUsername(str5);
                AppsCommonDataHolder.getInstance().getOAuthAdminService().registerOAuthApplicationData(oAuthConsumerAppDTO);
            } finally {
                PrivilegedCarbonContext.endTenantFlow();
            }
        } catch (URLBuilderException e) {
            throw new IdentityOAuthAdminException("Server encountered an error while building callback URL with placeholders for the server URL", e);
        }
    }

    @Deprecated
    public static void createApplication(String str, String str2, String str3, String str4, String str5, String str6) throws IdentityApplicationManagementException {
        createApplication(str, str2, str3, str4, str5, str6, "");
    }

    public static void createApplication(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IdentityApplicationManagementException {
        try {
            createApplication(str, str2, str3, str4, str5, str6, AppsCommonDataHolder.getInstance().getRealmService().getTenantManager().getTenantId(str6), str7);
        } catch (UserStoreException e) {
            throw new IdentityApplicationManagementException("Failed to retrieve tenant id for tenant domain: " + str6, e);
        }
    }

    public static void createApplication(String str, String str2, String str3, String str4, String str5, String str6, int i, String str7) throws IdentityApplicationManagementException {
        ServiceProvider serviceProvider = new ServiceProvider();
        serviceProvider.setApplicationName(str);
        serviceProvider.setDescription(str3);
        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue()) {
            enableLegacyBehaviour(serviceProvider, str7);
        } else {
            enableNewBehaviour(serviceProvider, str7, str6);
        }
        updateInboundConfiguration(str4, serviceProvider);
        updateLocalAndOutboundConfiguration(serviceProvider);
        updateClaimConfigs(serviceProvider);
        String createApplication = AppsCommonDataHolder.getInstance().getApplicationManagementService().createApplication(serviceProvider, str6, str2);
        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue() || !AppPortalConstants.CONSOLE_APP.equals(str)) {
            return;
        }
        shareApplication(str6, i, createApplication, str, str2);
    }

    public static void initiatePortals(String str, int i) throws IdentityApplicationManagementException, IdentityOAuthAdminException, org.wso2.carbon.user.core.UserStoreException {
        TenantInfoBean tenantInfoBean = new TenantInfoBean();
        tenantInfoBean.setTenantDomain(str);
        tenantInfoBean.setTenantId(i);
        tenantInfoBean.setAdmin(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName());
        initiatePortals(tenantInfoBean);
    }

    public static void initiatePortals(TenantInfoBean tenantInfoBean) throws IdentityApplicationManagementException, IdentityOAuthAdminException {
        ApplicationManagementService applicationManagementService = AppsCommonDataHolder.getInstance().getApplicationManagementService();
        for (AppPortalConstants.AppPortal appPortal : AppPortalConstants.AppPortal.values()) {
            if (StringUtils.equalsIgnoreCase(AppPortalConstants.CONSOLE_APP, appPortal.getName()) || AppsCommonDataHolder.getInstance().getDefaultApplications().contains(appPortal.getName())) {
                if (applicationManagementService.getApplicationExcludingFileBasedSPs(appPortal.getName(), tenantInfoBean.getTenantDomain()) == null) {
                    String randomNumber = OAuthUtil.getRandomNumber();
                    List asList = Arrays.asList("authorization_code", "refresh_token", AppPortalConstants.GRANT_TYPE_ACCOUNT_SWITCH);
                    if (AppPortalConstants.CONSOLE_APP.equals(appPortal.getName())) {
                        asList = Arrays.asList("authorization_code", "refresh_token", AppPortalConstants.GRANT_TYPE_ACCOUNT_SWITCH, AppPortalConstants.GRANT_TYPE_ORGANIZATION_SWITCH);
                    }
                    List asList2 = Arrays.asList(AppsCommonDataHolder.getInstance().getOAuthAdminService().getAllowedGrantTypes());
                    Stream stream = asList.stream();
                    Objects.requireNonNull(asList2);
                    List list = (List) stream.filter((v1) -> {
                        return r1.contains(v1);
                    }).collect(Collectors.toList());
                    String consumerKey = appPortal.getConsumerKey();
                    try {
                        createOAuth2Application(appPortal.getName(), appPortal.getPath(), consumerKey, randomNumber, tenantInfoBean.getAdmin(), tenantInfoBean.getTenantId(), tenantInfoBean.getTenantDomain(), AppPortalConstants.TOKEN_BINDING_TYPE_COOKIE, list);
                        createApplication(appPortal.getName(), tenantInfoBean.getAdmin(), appPortal.getDescription(), consumerKey, randomNumber, tenantInfoBean.getTenantDomain(), tenantInfoBean.getTenantId(), appPortal.getPath());
                    } catch (IdentityOAuthAdminException e) {
                        if (!"Error when adding the application. An application with the same name already exists.".equals(e.getMessage())) {
                            throw e;
                        }
                    }
                } else if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue() && StringUtils.equalsIgnoreCase(AppPortalConstants.CONSOLE_APP, appPortal.getName())) {
                    try {
                        String userId = getUserId(tenantInfoBean.getAdmin(), tenantInfoBean.getTenantId());
                        List<RoleBasicInfo> roleListOfUser = AppsCommonDataHolder.getInstance().getRoleManagementServiceV2().getRoleListOfUser(userId, tenantInfoBean.getTenantDomain());
                        String applicationResourceIDByInboundKey = AppsCommonDataHolder.getInstance().getApplicationManagementService().getApplicationResourceIDByInboundKey(AppPortalConstants.AppPortal.CONSOLE.getConsumerKey(), AppPortalConstants.INBOUND_AUTH2_TYPE, tenantInfoBean.getTenantDomain());
                        for (RoleBasicInfo roleBasicInfo : roleListOfUser) {
                            if ("Administrator".equalsIgnoreCase(roleBasicInfo.getName()) && "application".equalsIgnoreCase(roleBasicInfo.getAudience()) && applicationResourceIDByInboundKey.equals(roleBasicInfo.getAudienceId())) {
                                return;
                            }
                        }
                        assignAdministratorRole(userId, getAdministratorRoleId("Administrator", "application", applicationResourceIDByInboundKey, tenantInfoBean.getTenantDomain()), tenantInfoBean.getTenantId(), tenantInfoBean.getTenantDomain());
                    } catch (UserStoreException | IdentityRoleManagementException e2) {
                        throw new IdentityApplicationManagementException("Error occured while assigning administrator role to the admin user.", e2);
                    }
                }
            }
        }
    }

    public static InboundAuthenticationRequestConfig getOAuthInboundAuthenticationRequestConfig(ServiceProvider serviceProvider) {
        if (serviceProvider == null || serviceProvider.getInboundAuthenticationConfig() == null || serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs() == null || serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs().length == 0) {
            return null;
        }
        for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs()) {
            if (AppPortalConstants.INBOUND_AUTH2_TYPE.equals(inboundAuthenticationRequestConfig.getInboundAuthType())) {
                return inboundAuthenticationRequestConfig;
            }
        }
        return null;
    }

    private static void shareApplication(String str, int i, String str2, String str3, String str4) throws IdentityApplicationManagementException {
        String associatedOrganizationUUID;
        RealmService realmService = AppsCommonDataHolder.getInstance().getRealmService();
        if ("carbon.super".equals(str)) {
            associatedOrganizationUUID = "10084a8d-113f-4211-a0d5-efe36b082211";
        } else {
            try {
                associatedOrganizationUUID = realmService.getTenantManager().getTenant(i).getAssociatedOrganizationUUID();
            } catch (UserStoreException e) {
                throw new IdentityApplicationManagementException("Failed to organization id for tenant domain: " + str, e);
            }
        }
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantId(i);
                threadLocalCarbonContext.setTenantDomain(str);
                threadLocalCarbonContext.setUsername(str4);
                IdentityApplicationManagementUtil.setAllowUpdateSystemApplicationThreadLocal(true);
                AppsCommonDataHolder.getInstance().getOrgApplicationManager().shareOrganizationApplication(associatedOrganizationUUID, str2, true, Collections.emptyList());
                if (StringUtils.equalsIgnoreCase(AppPortalConstants.CONSOLE_APP, str3)) {
                    addAdministratorRole(str4, str2, i, str);
                }
                IdentityApplicationManagementUtil.removeAllowUpdateSystemApplicationThreadLocal();
                PrivilegedCarbonContext.endTenantFlow();
            } catch (OrganizationManagementException e2) {
                throw new IdentityApplicationManagementException("Failed to share system application.", e2);
            }
        } catch (Throwable th) {
            IdentityApplicationManagementUtil.removeAllowUpdateSystemApplicationThreadLocal();
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    private static void addAdministratorRole(String str, String str2, int i, String str3) throws IdentityApplicationManagementException {
        try {
            String userId = getUserId(str, i);
            String adminGroupId = getAdminGroupId(i);
            List emptyList = Collections.emptyList();
            if (StringUtils.isNotEmpty(adminGroupId)) {
                emptyList = Collections.singletonList(adminGroupId);
            }
            AppsCommonDataHolder.getInstance().getRoleManagementServiceV2().addRole("Administrator", Collections.singletonList(userId), emptyList, Collections.emptyList(), "application", str2, str3);
        } catch (IdentityRoleManagementException e) {
            throw new IdentityApplicationManagementException("Failed to add Administrator role for the console", e);
        } catch (UserStoreException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private static String getAdministratorRoleId(String str, String str2, String str3, String str4) throws IdentityRoleManagementException {
        return AppsCommonDataHolder.getInstance().getRoleManagementServiceV2().getRoleIdByName(str, str2, str3, str4);
    }

    private static void assignAdministratorRole(String str, String str2, int i, String str3) throws IdentityApplicationManagementException {
        try {
            AppsCommonDataHolder.getInstance().getRoleManagementServiceV2().updateUserListOfRole(str2, Collections.singletonList(str), Collections.emptyList(), str3);
        } catch (IdentityRoleManagementException e) {
            throw new IdentityApplicationManagementException("Failed to assign Administrator role of the console to :" + str, e);
        }
    }

    private static String getUserId(String str, int i) throws UserStoreException {
        return AppsCommonDataHolder.getInstance().getRealmService().getTenantUserRealm(i).getUserStoreManager().getUserIDFromUserName(str);
    }

    private static void updateClaimConfigs(ServiceProvider serviceProvider) {
        ClaimConfig claimConfig = new ClaimConfig();
        claimConfig.setClaimMappings(getRequestedClaimMappings());
        claimConfig.setLocalClaimDialect(true);
        serviceProvider.setClaimConfig(claimConfig);
    }

    private static void updateLocalAndOutboundConfiguration(ServiceProvider serviceProvider) {
        LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
        localAndOutboundAuthenticationConfig.setUseUserstoreDomainInLocalSubjectIdentifier(true);
        localAndOutboundAuthenticationConfig.setUseTenantDomainInLocalSubjectIdentifier(true);
        localAndOutboundAuthenticationConfig.setSkipConsent(true);
        localAndOutboundAuthenticationConfig.setSkipLogoutConsent(true);
        serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundAuthenticationConfig);
    }

    private static void updateInboundConfiguration(String str, ServiceProvider serviceProvider) {
        InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
        inboundAuthenticationRequestConfig.setInboundAuthKey(str);
        inboundAuthenticationRequestConfig.setInboundAuthType(AppPortalConstants.INBOUND_AUTH2_TYPE);
        inboundAuthenticationRequestConfig.setInboundConfigType(AppPortalConstants.INBOUND_CONFIG_TYPE);
        List asList = Arrays.asList(inboundAuthenticationRequestConfig);
        InboundAuthenticationConfig inboundAuthenticationConfig = new InboundAuthenticationConfig();
        inboundAuthenticationConfig.setInboundAuthenticationRequestConfigs((InboundAuthenticationRequestConfig[]) asList.toArray(new InboundAuthenticationRequestConfig[0]));
        serviceProvider.setInboundAuthenticationConfig(inboundAuthenticationConfig);
    }

    private static void enableNewBehaviour(ServiceProvider serviceProvider, String str, String str2) {
        if (StringUtils.isNotEmpty(str)) {
            String serverURL = IdentityUtil.getServerURL(str, true, true);
            if (!"carbon.super".equals(str2)) {
                serverURL = serverURL.replace(str, "/t/" + str2.trim() + str);
            }
            serviceProvider.setAccessUrl(serverURL);
        }
        ArrayList arrayList = new ArrayList();
        ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty();
        serviceProviderProperty.setName("isSystemReservedApp");
        serviceProviderProperty.setValue("true");
        serviceProviderProperty.setDisplayName("Is System Reserved Application");
        arrayList.add(serviceProviderProperty);
        if (AppPortalConstants.CONSOLE_APP.equals(serviceProvider.getApplicationName())) {
            ServiceProviderProperty serviceProviderProperty2 = new ServiceProviderProperty();
            serviceProviderProperty2.setName("shareWithAllChildren");
            serviceProviderProperty2.setValue("true");
            arrayList.add(serviceProviderProperty2);
        }
        serviceProvider.setSpProperties((ServiceProviderProperty[]) arrayList.toArray(new ServiceProviderProperty[0]));
        AssociatedRolesConfig associatedRolesConfig = new AssociatedRolesConfig();
        associatedRolesConfig.setAllowedAudience("application");
        serviceProvider.setAssociatedRolesConfig(associatedRolesConfig);
    }

    private static void enableLegacyBehaviour(ServiceProvider serviceProvider, String str) {
        serviceProvider.setManagementApp(true);
        serviceProvider.setSaasApp(true);
        if (StringUtils.isNotEmpty(str)) {
            serviceProvider.setAccessUrl(IdentityUtil.getServerURL(str, true, true));
        }
    }

    private static ClaimMapping[] getRequestedClaimMappings() {
        Claim claim = new Claim();
        claim.setClaimUri(AppPortalConstants.EMAIL_CLAIM_URI);
        ClaimMapping claimMapping = new ClaimMapping();
        claimMapping.setRequested(true);
        claimMapping.setLocalClaim(claim);
        claimMapping.setRemoteClaim(claim);
        Claim claim2 = new Claim();
        claim2.setClaimUri(AppPortalConstants.DISPLAY_NAME_CLAIM_URI);
        ClaimMapping claimMapping2 = new ClaimMapping();
        claimMapping2.setRequested(true);
        claimMapping2.setLocalClaim(claim2);
        claimMapping2.setRemoteClaim(claim2);
        Claim claim3 = new Claim();
        claim3.setClaimUri(AppPortalConstants.USERNAME_CLAIM_URI);
        ClaimMapping claimMapping3 = new ClaimMapping();
        claimMapping3.setRequested(true);
        claimMapping3.setLocalClaim(claim3);
        claimMapping3.setRemoteClaim(claim3);
        Claim claim4 = new Claim();
        claim4.setClaimUri(AppPortalConstants.PROFILE_CLAIM_URI);
        ClaimMapping claimMapping4 = new ClaimMapping();
        claimMapping4.setRequested(true);
        claimMapping4.setLocalClaim(claim4);
        claimMapping4.setRemoteClaim(claim4);
        return new ClaimMapping[]{claimMapping, claimMapping2, claimMapping3, claimMapping4};
    }

    private static String getAdminGroupId(int i) throws IdentityApplicationManagementException {
        try {
            RealmService realmService = AppsCommonDataHolder.getInstance().getRealmService();
            String adminRoleName = realmService.getTenantUserRealm(i).getRealmConfiguration().getAdminRoleName();
            if (adminRoleName == null) {
                return null;
            }
            if (adminRoleName.startsWith("Internal" + CarbonConstants.DOMAIN_SEPARATOR)) {
                adminRoleName = adminRoleName.replace("Internal" + CarbonConstants.DOMAIN_SEPARATOR, "");
            }
            try {
                return realmService.getTenantUserRealm(i).getUserStoreManager().getGroupIdByGroupName(adminRoleName);
            } catch (UserStoreException e) {
                return null;
            }
        } catch (UserStoreException e2) {
            throw new IdentityApplicationManagementException("Fail to resolve the admin group ID of the tenant: " + i, e2);
        }
    }
}
