package org.wso2.carbon.apimgt.migration.client;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.internal.APIManagerComponent;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.apimgt.migration.APIMigrationException;
import org.wso2.carbon.apimgt.migration.client.sp_migration.APIMStatMigrationException;
import org.wso2.carbon.apimgt.migration.dao.SharedDAO;
import org.wso2.carbon.apimgt.migration.dto.UserRoleFromPermissionDTO;
import org.wso2.carbon.apimgt.migration.util.Constants;
import org.wso2.carbon.apimgt.migration.util.RegistryService;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.tenant.TenantManager;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/apimgt/migration/client/ScopeRoleMappingPopulationClient.class */
public class ScopeRoleMappingPopulationClient extends MigrationClientBase implements MigrationClient {
    private static final Log log = LogFactory.getLog(ScopeRoleMappingPopulationClient.class);
    private RegistryService registryService;

    public ScopeRoleMappingPopulationClient(String str, String str2, String str3, RegistryService registryService, TenantManager tenantManager) throws UserStoreException, APIManagementException {
        super(str, str2, str3, tenantManager);
        this.registryService = registryService;
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void databaseMigration() throws APIMigrationException, SQLException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void registryResourceMigration() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void fileSystemMigration() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void cleanOldResources() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void statsMigration() throws APIMigrationException, APIMStatMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void tierMigration(List<String> list) throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void updateArtifacts() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void populateSPAPPs() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void populateScopeRoleMapping() throws APIMigrationException {
        log.info("WSO2 API-M Migration Task : Started populating Scope-Role mappings");
        populateRoleMappingWithUserRoles();
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void updateScopeRoleMappings() throws APIMigrationException {
        log.info("WSO2 API-M Migration Task : Started updating Scope-Role Mappings");
        for (Tenant tenant : getTenantsArray()) {
            try {
                try {
                    try {
                        this.registryService.startTenantFlow(tenant);
                        JSONObject tenantConfig = APIUtil.getTenantConfig(tenant.getDomain());
                        JSONObject tenantConfFromFile = getTenantConfFromFile();
                        JSONObject jSONObject = (JSONObject) tenantConfig.get("RESTAPIScopes");
                        JSONObject jSONObject2 = (JSONObject) tenantConfFromFile.get("RESTAPIScopes");
                        JSONArray jSONArray = (JSONArray) jSONObject.get(Constants.SCOPE);
                        JSONArray jSONArray2 = (JSONArray) jSONObject2.get(Constants.SCOPE);
                        for (int i = 0; i < jSONArray.size(); i++) {
                            JSONObject jSONObject3 = (JSONObject) jSONArray.get(i);
                            String str = (String) jSONObject3.get(Constants.NAME);
                            String str2 = (String) jSONObject3.get(Constants.ROLES);
                            int i2 = 0;
                            while (true) {
                                if (i2 < jSONArray2.size()) {
                                    JSONObject jSONObject4 = (JSONObject) jSONArray2.get(i2);
                                    String str3 = (String) jSONObject4.get(Constants.NAME);
                                    String str4 = (String) jSONObject4.get(Constants.ROLES);
                                    if (str.equals(str3)) {
                                        HashSet hashSet = new HashSet(Arrays.asList(str2.split("\\s*,\\s*")));
                                        HashSet hashSet2 = new HashSet(Arrays.asList(str4.split("\\s*,\\s*")));
                                        hashSet2.removeAll(hashSet);
                                        if (hashSet2.size() > 0) {
                                            log.info("WSO2 API-M Migration Task : Role Mappings for scope " + str + " has been updated with additional role(s) " + hashSet2.toString());
                                            jSONObject3.put(Constants.ROLES, str2 + "," + hashSet2.toString().replace("[", "").replace("]", ""));
                                        }
                                    } else {
                                        i2++;
                                    }
                                }
                            }
                        }
                        String writeValueAsString = new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(tenantConfig);
                        APIUtil.updateTenantConf(writeValueAsString, tenant.getDomain());
                        log.info("WSO2 API-M Migration Task : Updated old scope roles of tenant-conf.json for tenant " + tenant.getId() + '(' + tenant.getDomain() + ")\n" + writeValueAsString);
                        if (tenant.getId() != -1234) {
                            APIUtil.loadAndSyncTenantConf(tenant.getId());
                        }
                        this.registryService.endTenantFlow();
                    } catch (IOException e) {
                        log.error("WSO2 API-M Migration Task : Error while fetching tenant-conf of tenant " + tenant.getDomain() + " from file system.");
                        this.registryService.endTenantFlow();
                    }
                } catch (APIManagementException e2) {
                    log.error("WSO2 API-M Migration Task : Error while fetching tenant-conf of tenant " + tenant.getDomain() + " from registry.");
                    this.registryService.endTenantFlow();
                }
            } catch (Throwable th) {
                this.registryService.endTenantFlow();
                throw th;
            }
        }
        log.info("WSO2 API-M Migration Task : Finished Updating Scope-Role Mappings for all tenants.");
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void scopeMigration() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void spMigration() throws APIMigrationException {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void updateAPIPropertyVisibility() {
    }

    @Override // org.wso2.carbon.apimgt.migration.client.MigrationClient
    public void updateAPITypeInDB() throws APIMigrationException {
    }

    public void populateRoleMappingWithUserRoles() throws APIMigrationException {
        log.info("WSO2 API-M Migration Task : Updating role mappings for user roles based on permissions");
        for (Tenant tenant : getTenantsArray()) {
            try {
                try {
                    try {
                        this.registryService.startTenantFlow(tenant);
                        if (tenant.getId() != -1234) {
                            APIUtil.loadAndSyncTenantConf(tenant.getId());
                        }
                        log.info("WSO2 API-M Migration Task : Updating user roles for tenant " + tenant.getId() + '(' + tenant.getDomain() + ')');
                        List<UserRoleFromPermissionDTO> roleNamesMatchingPermission = SharedDAO.getInstance().getRoleNamesMatchingPermission(Constants.API_CREATE, tenant.getId());
                        List<UserRoleFromPermissionDTO> roleNamesMatchingPermission2 = SharedDAO.getInstance().getRoleNamesMatchingPermission(Constants.API_PUBLISH, tenant.getId());
                        List<UserRoleFromPermissionDTO> roleNamesMatchingPermission3 = SharedDAO.getInstance().getRoleNamesMatchingPermission(Constants.API_SUBSCRIBE, tenant.getId());
                        List<UserRoleFromPermissionDTO> roleNamesMatchingPermission4 = SharedDAO.getInstance().getRoleNamesMatchingPermission(Constants.API_MANAGE, tenant.getId());
                        roleNamesMatchingPermission.addAll(roleNamesMatchingPermission4);
                        roleNamesMatchingPermission2.addAll(roleNamesMatchingPermission4);
                        roleNamesMatchingPermission3.addAll(roleNamesMatchingPermission4);
                        List<UserRoleFromPermissionDTO> roleNamesMatchingPermissions = SharedDAO.getInstance().getRoleNamesMatchingPermissions(makePermissionsStringByEscapingSlash(Constants.APIM_ADMIN, "/permission"), tenant.getId());
                        JSONObject tenantConfig = APIUtil.getTenantConfig(tenant.getDomain());
                        JSONObject jSONObject = (JSONObject) tenantConfig.get("RoleMappings");
                        if (jSONObject == null) {
                            tenantConfig.put("RoleMappings", new JSONObject());
                            jSONObject = (JSONObject) tenantConfig.get("RoleMappings");
                        }
                        createOrUpdateRoleMappingsField(jSONObject, roleNamesMatchingPermission, roleNamesMatchingPermission2, roleNamesMatchingPermission3, roleNamesMatchingPermissions);
                        String writeValueAsString = new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(tenantConfig);
                        APIUtil.updateTenantConf(writeValueAsString, tenant.getDomain());
                        log.info("WSO2 API-M Migration Task : Updated tenant-conf.json for tenant " + tenant.getId() + '(' + tenant.getDomain() + ")\n" + writeValueAsString);
                        log.info("WSO2 API-M Migration Task : End updating user roles for tenant " + tenant.getId() + '(' + tenant.getDomain() + ')');
                        this.registryService.endTenantFlow();
                    } catch (JsonProcessingException e) {
                        log.error("WSO2 API-M Migration Task : Error while formatting tenant-conf.json of tenant " + tenant.getId());
                        this.registryService.endTenantFlow();
                    }
                } catch (APIManagementException e2) {
                    log.error("WSO2 API-M Migration Task : Error while retrieving role names based on existing permissions. ", e2);
                    this.registryService.endTenantFlow();
                }
            } catch (Throwable th) {
                this.registryService.endTenantFlow();
                throw th;
            }
        }
        log.info("WSO2 API-M Migration Task : Finished updating role mappings for user roles of all the tenants");
    }

    private String getUserRoleArrayAsString(List<UserRoleFromPermissionDTO> list) {
        ArrayList arrayList = new ArrayList();
        for (UserRoleFromPermissionDTO userRoleFromPermissionDTO : list) {
            arrayList.add(addDomainToName(userRoleFromPermissionDTO.getUserRoleName(), userRoleFromPermissionDTO.getUserRoleDomainName()));
        }
        return StringUtils.join(arrayList, ",");
    }

    private String getMergedUserRolesAndRoleMappings(List<UserRoleFromPermissionDTO> list, String str) {
        ArrayList arrayList = new ArrayList(Arrays.asList(StringUtils.split(str, ",")));
        for (int i = 0; i < arrayList.size(); i++) {
            arrayList.set(i, ((String) arrayList.get(i)).trim());
        }
        for (UserRoleFromPermissionDTO userRoleFromPermissionDTO : list) {
            String addDomainToName = addDomainToName(userRoleFromPermissionDTO.getUserRoleName(), userRoleFromPermissionDTO.getUserRoleDomainName());
            if (!arrayList.contains(addDomainToName)) {
                arrayList.add(addDomainToName);
            }
        }
        return StringUtils.join(arrayList, ",");
    }

    private void createOrUpdateRoleMappingsField(JSONObject jSONObject, List<UserRoleFromPermissionDTO> list, List<UserRoleFromPermissionDTO> list2, List<UserRoleFromPermissionDTO> list3, List<UserRoleFromPermissionDTO> list4) {
        if (list.size() > 0) {
            if (jSONObject.get(Constants.CREATOR_ROLE) == null) {
                jSONObject.put(Constants.CREATOR_ROLE, getUserRoleArrayAsString(list));
            } else {
                jSONObject.put(Constants.CREATOR_ROLE, getMergedUserRolesAndRoleMappings(list, String.valueOf(jSONObject.get(Constants.CREATOR_ROLE))));
            }
        }
        if (list2.size() > 0) {
            if (jSONObject.get(Constants.PUBLISHER_ROLE) == null) {
                jSONObject.put(Constants.PUBLISHER_ROLE, getUserRoleArrayAsString(list2));
            } else {
                jSONObject.put(Constants.PUBLISHER_ROLE, getMergedUserRolesAndRoleMappings(list2, String.valueOf(jSONObject.get(Constants.PUBLISHER_ROLE))));
            }
        }
        if (list3.size() > 0) {
            if (jSONObject.get(Constants.SUBSCRIBER_ROLE) == null) {
                jSONObject.put(Constants.SUBSCRIBER_ROLE, getUserRoleArrayAsString(list3));
            } else {
                jSONObject.put(Constants.SUBSCRIBER_ROLE, getMergedUserRolesAndRoleMappings(list3, String.valueOf(jSONObject.get(Constants.SUBSCRIBER_ROLE))));
            }
        }
        if (list4.size() > 0) {
            if (jSONObject.get(Constants.ADMIN_ROLE) == null) {
                jSONObject.put(Constants.ADMIN_ROLE, getUserRoleArrayAsString(list4));
            } else {
                jSONObject.put(Constants.ADMIN_ROLE, getMergedUserRolesAndRoleMappings(list4, String.valueOf(jSONObject.get(Constants.ADMIN_ROLE))));
            }
        }
    }

    private String addDomainToName(String str, String str2) {
        return StringUtils.equals(str2.toLowerCase(), Constants.USER_DOMAIN_INTERNAL.toLowerCase()) ? "Internal/" + str : UserCoreUtil.addDomainToName(str, str2);
    }

    private String makePermissionsStringByEscapingSlash(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("'").append(str).append("', ");
        for (int length = str.length() - 1; length >= 0 && !StringUtils.equals(str.substring(0, length + 1), str2); length--) {
            if (str.charAt(length) == '/') {
                sb.append("'").append((CharSequence) str, 0, length + 1).append("', ");
                sb.append("'").append((CharSequence) str, 0, length).append("', ");
            }
        }
        return StringUtils.chop(sb.toString().trim());
    }

    private static JSONObject getTenantConfFromFile() throws IOException, APIMigrationException {
        byte[] byteArray;
        JSONObject jSONObject = null;
        File file = new File(CarbonUtils.getCarbonHome() + File.separator + APIConstants.RESOURCE_FOLDER_LOCATION + File.separator + "tenant-conf.json");
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    byteArray = IOUtils.toByteArray(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            InputStream resourceAsStream = APIManagerComponent.class.getResourceAsStream("/tenant/tenant-conf.json");
            Throwable th5 = null;
            try {
                try {
                    byteArray = IOUtils.toByteArray(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th7) {
                if (resourceAsStream != null) {
                    if (th5 != null) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                throw th7;
            }
        }
        try {
            jSONObject = (JSONObject) new JSONParser().parse(new String(byteArray, Charset.defaultCharset()));
        } catch (ParseException e) {
            log.error("WSO2 API-M Migration Task : Error while parsing tenant-conf.json from file system.");
        }
        if (jSONObject == null) {
            throw new APIMigrationException("tenant-conf.json (in file system) content cannot be null");
        }
        return jSONObject;
    }
}
