package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
import org.wso2.carbon.identity.api.server.application.management.v1.AdditionalSpProperty;
import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthenticationSequence;
import org.wso2.carbon.identity.api.server.application.management.v1.AuthenticationStepModel;
import org.wso2.carbon.identity.api.server.application.management.v1.Authenticator;
import org.wso2.carbon.identity.api.server.application.management.v1.Certificate;
import org.wso2.carbon.identity.api.server.application.management.v1.Claim;
import org.wso2.carbon.identity.api.server.application.management.v1.ClaimConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.ClaimMappings;
import org.wso2.carbon.identity.api.server.application.management.v1.InboundProtocolListItem;
import org.wso2.carbon.identity.api.server.application.management.v1.ProvisioningConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.RequestedClaimConfiguration;
import org.wso2.carbon.identity.api.server.application.management.v1.RoleConfig;
import org.wso2.carbon.identity.api.server.application.management.v1.RoleMapping;
import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfig;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.InboundAuthConfigToApiModel;
import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.provisioning.BuildProvisioningConfiguration;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.application.management.v1-1.2.3.jar:org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/ServiceProviderToApiModel.class */
public class ServiceProviderToApiModel implements Function<ServiceProvider, ApplicationResponseModel> {
    private static final Log log = LogFactory.getLog(ServiceProviderToApiModel.class);
    private static final Set<String> systemApplications = ApplicationManagementServiceHolder.getApplicationManagementService().getSystemApplications();
    private static final String IS_FRAGMENT_APP = "isFragmentApp";

    @Override // java.util.function.Function
    public ApplicationResponseModel apply(ServiceProvider serviceProvider) {
        return isResidentSp(serviceProvider) ? new ApplicationResponseModel().id(serviceProvider.getApplicationResourceId()).name(serviceProvider.getApplicationName()).description(serviceProvider.getDescription()).provisioningConfigurations(buildProvisioningConfiguration(serviceProvider)).access(ApplicationResponseModel.AccessEnum.READ) : new ApplicationResponseModel().id(serviceProvider.getApplicationResourceId()).name(serviceProvider.getApplicationName()).description(serviceProvider.getDescription()).imageUrl(serviceProvider.getImageUrl()).accessUrl(serviceProvider.getAccessUrl()).templateId(serviceProvider.getTemplateId()).isManagementApp(Boolean.valueOf(serviceProvider.isManagementApp())).claimConfiguration(buildClaimConfiguration(serviceProvider)).inboundProtocols(buildInboundProtocols(serviceProvider)).advancedConfigurations(buildAdvancedAppConfiguration(serviceProvider)).provisioningConfigurations(buildProvisioningConfiguration(serviceProvider)).authenticationSequence(buildAuthenticationSequence(serviceProvider)).access(getAccess(serviceProvider.getApplicationName()));
    }

    private List<InboundProtocolListItem> buildInboundProtocols(ServiceProvider serviceProvider) {
        return new InboundAuthConfigToApiModel().apply(serviceProvider);
    }

    private boolean isResidentSp(ServiceProvider serviceProvider) {
        return "wso2carbon-local-sp".equalsIgnoreCase(serviceProvider.getApplicationName());
    }

    private AuthenticationSequence buildAuthenticationSequence(ServiceProvider serviceProvider) {
        LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
        AuthenticationSequence.TypeEnum authenticationType = getAuthenticationType(localAndOutBoundAuthenticationConfig);
        if (authenticationType == AuthenticationSequence.TypeEnum.DEFAULT) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication type is set to 'DEFAULT'. Reading the authentication sequence from the 'default' application and showing the effective authentication sequence for application with id: " + serviceProvider.getApplicationResourceId());
            }
            localAndOutBoundAuthenticationConfig = getDefaultAuthenticationConfig();
        }
        AuthenticationSequence authenticationSequence = new AuthenticationSequence();
        authenticationSequence.setType(authenticationType);
        if (localAndOutBoundAuthenticationConfig.getAuthenticationScriptConfig() != null) {
            authenticationSequence.script(localAndOutBoundAuthenticationConfig.getAuthenticationScriptConfig().getContent());
        }
        addAuthenticationStepInformation(localAndOutBoundAuthenticationConfig, authenticationSequence);
        authenticationSequence.setRequestPathAuthenticators(getRequestPathAuthenticators(serviceProvider));
        return authenticationSequence;
    }

    private List<String> getRequestPathAuthenticators(ServiceProvider serviceProvider) {
        return (List) Utils.arrayToStream(serviceProvider.getRequestPathAuthenticatorConfigs()).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
    }

    private void addAuthenticationStepInformation(LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig, AuthenticationSequence authenticationSequence) {
        if (localAndOutboundAuthenticationConfig.getAuthenticationSteps() != null) {
            Arrays.stream(localAndOutboundAuthenticationConfig.getAuthenticationSteps()).forEach(authenticationStep -> {
                authenticationSequence.addStepsItem(buildAuthStep(authenticationStep));
                if (authenticationStep.isSubjectStep()) {
                    authenticationSequence.setSubjectStepId(Integer.valueOf(authenticationStep.getStepOrder()));
                }
                if (authenticationStep.isAttributeStep()) {
                    authenticationSequence.setAttributeStepId(Integer.valueOf(authenticationStep.getStepOrder()));
                }
            });
            if (authenticationSequence.getSubjectStepId() == null) {
                authenticationSequence.setSubjectStepId(1);
            }
            if (authenticationSequence.getAttributeStepId() == null) {
                authenticationSequence.setAttributeStepId(1);
            }
        }
    }

    private LocalAndOutboundAuthenticationConfig getDefaultAuthenticationConfig() {
        return getDefaultServiceProvider().getLocalAndOutBoundAuthenticationConfig();
    }

    private AuthenticationSequence.TypeEnum getAuthenticationType(LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig) {
        return (localAndOutboundAuthenticationConfig == null || "default".equals(localAndOutboundAuthenticationConfig.getAuthenticationType())) ? AuthenticationSequence.TypeEnum.DEFAULT : AuthenticationSequence.TypeEnum.USER_DEFINED;
    }

    private ServiceProvider getDefaultServiceProvider() {
        try {
            return ApplicationManagementServiceHolder.getApplicationManagementService().getServiceProvider("default", "carbon.super");
        } catch (IdentityApplicationManagementException e) {
            throw Utils.buildServerError("Error while loading default SP configurations.", e);
        }
    }

    private AuthenticationStepModel buildAuthStep(AuthenticationStep authenticationStep) {
        AuthenticationStepModel authenticationStepModel = new AuthenticationStepModel();
        authenticationStepModel.setId(Integer.valueOf(authenticationStep.getStepOrder()));
        Utils.arrayToStream(authenticationStep.getFederatedIdentityProviders()).forEach(identityProvider -> {
            authenticationStepModel.addOptionsItem(new Authenticator().idp(identityProvider.getIdentityProviderName()).authenticator(identityProvider.getDefaultAuthenticatorConfig().getName()));
        });
        Utils.arrayToStream(authenticationStep.getLocalAuthenticatorConfigs()).forEach(localAuthenticatorConfig -> {
            authenticationStepModel.addOptionsItem(new Authenticator().idp("LOCAL").authenticator(localAuthenticatorConfig.getName()));
        });
        return authenticationStepModel;
    }

    private ClaimConfiguration buildClaimConfiguration(ServiceProvider serviceProvider) {
        return new ClaimConfiguration().dialect(getDialect(serviceProvider)).role(buildRoleConfig(serviceProvider)).subject(buildSubjectClaimConfig(serviceProvider)).requestedClaims(buildRequestedClaims(serviceProvider)).claimMappings(buildClaimMappings(serviceProvider));
    }

    private List<ClaimMappings> buildClaimMappings(ServiceProvider serviceProvider) {
        return serviceProvider.getClaimConfig() != null ? (List) Utils.arrayToStream(serviceProvider.getClaimConfig().getClaimMappings()).map(claimMapping -> {
            return new ClaimMappings().applicationClaim(claimMapping.getRemoteClaim().getClaimUri()).localClaim(buildClaimModel(claimMapping.getLocalClaim().getClaimUri()));
        }).collect(Collectors.toList()) : Collections.emptyList();
    }

    private List<RequestedClaimConfiguration> buildRequestedClaims(ServiceProvider serviceProvider) {
        return serviceProvider.getClaimConfig() != null ? (List) Utils.arrayToStream(serviceProvider.getClaimConfig().getClaimMappings()).filter((v0) -> {
            return v0.isRequested();
        }).map(claimMapping -> {
            return new RequestedClaimConfiguration().claim(buildClaimModel(claimMapping.getRemoteClaim().getClaimUri())).mandatory(Boolean.valueOf(claimMapping.isMandatory()));
        }).collect(Collectors.toList()) : Collections.emptyList();
    }

    private SubjectConfig buildSubjectClaimConfig(ServiceProvider serviceProvider) {
        SubjectConfig subjectConfig = new SubjectConfig();
        if (serviceProvider.getClaimConfig() != null) {
            subjectConfig.useMappedLocalSubject(Boolean.valueOf(serviceProvider.getClaimConfig().isAlwaysSendMappedLocalSubjectId()));
        }
        LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
        if (localAndOutBoundAuthenticationConfig != null) {
            subjectConfig.includeTenantDomain(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isUseTenantDomainInLocalSubjectIdentifier()));
            subjectConfig.includeUserDomain(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isUseUserstoreDomainInLocalSubjectIdentifier()));
            if (!StringUtils.isBlank(localAndOutBoundAuthenticationConfig.getSubjectClaimUri())) {
                subjectConfig.claim(buildClaimModel(localAndOutBoundAuthenticationConfig.getSubjectClaimUri()));
            } else if (isLocalClaimDialectUsedBySp(serviceProvider)) {
                subjectConfig.claim(buildClaimModel("http://wso2.org/claims/username"));
            }
        }
        return subjectConfig;
    }

    private ClaimConfiguration.DialectEnum getDialect(ServiceProvider serviceProvider) {
        return isLocalClaimDialectUsedBySp(serviceProvider) ? ClaimConfiguration.DialectEnum.LOCAL : ClaimConfiguration.DialectEnum.CUSTOM;
    }

    private boolean isLocalClaimDialectUsedBySp(ServiceProvider serviceProvider) {
        return serviceProvider.getClaimConfig() != null && serviceProvider.getClaimConfig().isLocalClaimDialect();
    }

    private RoleConfig buildRoleConfig(ServiceProvider serviceProvider) {
        RoleConfig roleConfig = new RoleConfig();
        if (serviceProvider.getClaimConfig() != null) {
            String roleClaimURI = serviceProvider.getClaimConfig().getRoleClaimURI();
            if (!StringUtils.isBlank(roleClaimURI)) {
                roleConfig.claim(buildClaimModel(roleClaimURI));
            } else if (serviceProvider.getClaimConfig().isLocalClaimDialect()) {
                roleConfig.claim(buildClaimModel("http://wso2.org/claims/role"));
            }
        }
        if (serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null) {
            roleConfig.includeUserDomain(Boolean.valueOf(serviceProvider.getLocalAndOutBoundAuthenticationConfig().isUseUserstoreDomainInRoles()));
        }
        if (serviceProvider.getPermissionAndRoleConfig() != null) {
            Utils.arrayToStream(serviceProvider.getPermissionAndRoleConfig().getRoleMappings()).forEach(roleMapping -> {
                roleConfig.addMappingsItem(new RoleMapping().applicationRole(roleMapping.getRemoteRole()).localRole(roleMapping.getLocalRole().getLocalRoleName()));
            });
        }
        return roleConfig;
    }

    private ProvisioningConfiguration buildProvisioningConfiguration(ServiceProvider serviceProvider) {
        return new BuildProvisioningConfiguration().apply(serviceProvider);
    }

    private AdvancedApplicationConfiguration buildAdvancedAppConfiguration(ServiceProvider serviceProvider) {
        LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
        if (localAndOutBoundAuthenticationConfig == null) {
            localAndOutBoundAuthenticationConfig = new LocalAndOutboundAuthenticationConfig();
        }
        return new AdvancedApplicationConfiguration().saas(Boolean.valueOf(serviceProvider.isSaasApp())).discoverableByEndUsers(Boolean.valueOf(serviceProvider.isDiscoverable())).enableAuthorization(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isEnableAuthorization())).returnAuthenticatedIdpList(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isAlwaysSendBackAuthenticatedListOfIdPs())).skipLoginConsent(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isSkipConsent())).skipLogoutConsent(Boolean.valueOf(localAndOutBoundAuthenticationConfig.isSkipLogoutConsent())).certificate(getCertificate(serviceProvider)).fragment(Boolean.valueOf(isFragmentApp(serviceProvider))).additionalSpProperties(getSpProperties(serviceProvider));
    }

    private List<AdditionalSpProperty> getSpProperties(ServiceProvider serviceProvider) {
        ServiceProviderProperty[] removeAndSetSpProperties = removeAndSetSpProperties(serviceProvider.getSpProperties());
        ArrayList arrayList = new ArrayList();
        for (ServiceProviderProperty serviceProviderProperty : removeAndSetSpProperties) {
            AdditionalSpProperty additionalSpProperty = new AdditionalSpProperty();
            if (StringUtils.isNotBlank(serviceProviderProperty.getName())) {
                additionalSpProperty.setName(serviceProviderProperty.getName());
                additionalSpProperty.setValue(serviceProviderProperty.getValue());
            }
            if (StringUtils.isNotBlank(serviceProviderProperty.getDisplayName())) {
                additionalSpProperty.setDisplayName(serviceProviderProperty.getDisplayName());
            }
            arrayList.add(additionalSpProperty);
        }
        return arrayList;
    }

    private ServiceProviderProperty[] removeAndSetSpProperties(ServiceProviderProperty[] serviceProviderPropertyArr) {
        List list = (List) Arrays.stream(serviceProviderPropertyArr).collect(Collectors.toList());
        list.removeIf(serviceProviderProperty -> {
            return "skipConsent".equals(serviceProviderProperty.getName());
        });
        list.removeIf(serviceProviderProperty2 -> {
            return "skipLogoutConsent".equals(serviceProviderProperty2.getName());
        });
        list.removeIf(serviceProviderProperty3 -> {
            return "USE_DOMAIN_IN_ROLES".equals(serviceProviderProperty3.getName());
        });
        list.removeIf(serviceProviderProperty4 -> {
            return "useUserIdForDefaultSubject".equals(serviceProviderProperty4.getName());
        });
        list.removeIf(serviceProviderProperty5 -> {
            return "templateId".equals(serviceProviderProperty5.getName());
        });
        list.removeIf(serviceProviderProperty6 -> {
            return "isManagementApp".equals(serviceProviderProperty6.getName());
        });
        return (ServiceProviderProperty[]) list.toArray(new ServiceProviderProperty[0]);
    }

    private Certificate getCertificate(ServiceProvider serviceProvider) {
        if (StringUtils.isNotBlank(serviceProvider.getCertificateContent())) {
            return new Certificate().type(UpdateAdvancedConfigurations.TYPE_PEM).value(serviceProvider.getCertificateContent());
        }
        if (StringUtils.isNotBlank(serviceProvider.getJwksUri())) {
            return new Certificate().type(UpdateAdvancedConfigurations.TYPE_JWKS).value(serviceProvider.getJwksUri());
        }
        return null;
    }

    private boolean isFragmentApp(ServiceProvider serviceProvider) {
        return (serviceProvider == null || serviceProvider.getSpProperties() == null || !((Boolean) Arrays.stream(serviceProvider.getSpProperties()).filter(serviceProviderProperty -> {
            return IS_FRAGMENT_APP.equals(serviceProviderProperty.getName());
        }).findFirst().map(serviceProviderProperty2 -> {
            return Boolean.valueOf(serviceProviderProperty2.getValue());
        }).orElse(Boolean.FALSE)).booleanValue()) ? false : true;
    }

    private Claim buildClaimModel(String str) {
        return new Claim().uri(str);
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0038, code lost:
    
        if (r0.anyMatch(r5::equalsIgnoreCase) == false) goto L11;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel.AccessEnum getAccess(java.lang.String r5) {
        /*
            r4 = this;
            java.lang.String r0 = org.wso2.carbon.identity.api.server.common.ContextLoader.getUsernameFromContext()
            r6 = r0
            java.lang.String r0 = org.wso2.carbon.identity.api.server.common.ContextLoader.getTenantDomainFromContext()
            r7 = r0
            java.lang.String r0 = "wso2carbon-local-sp"
            r1 = r5
            boolean r0 = r0.equals(r1)     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            if (r0 != 0) goto L43
            java.lang.String r0 = "carbon.super"
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            if (r0 == 0) goto L3b
            java.util.Set<java.lang.String> r0 = org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.ServiceProviderToApiModel.systemApplications     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            if (r0 == 0) goto L3b
            java.util.Set<java.lang.String> r0 = org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.ServiceProviderToApiModel.systemApplications     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            java.util.stream.Stream r0 = r0.stream()     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            r1 = r5
            r2 = r1
            java.lang.Class r2 = r2.getClass()     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel$AccessEnum r1 = r1::equalsIgnoreCase     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            boolean r0 = r0.anyMatch(r1)     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            if (r0 != 0) goto L43
        L3b:
            r0 = r5
            r1 = r6
            boolean r0 = org.wso2.carbon.identity.application.mgt.ApplicationMgtUtil.isUserAuthorized(r0, r1)     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            if (r0 != 0) goto L47
        L43:
            org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel$AccessEnum r0 = org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel.AccessEnum.READ     // Catch: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException -> L4a
            return r0
        L47:
            goto L6d
        L4a:
            r8 = move-exception
            org.apache.commons.logging.Log r0 = org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.ServiceProviderToApiModel.log
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Failed to check user authorization for the application: "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r5
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r2 = r8
            r0.error(r1, r2)
            org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel$AccessEnum r0 = org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel.AccessEnum.READ
            return r0
        L6d:
            org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel$AccessEnum r0 = org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel.AccessEnum.WRITE
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.ServiceProviderToApiModel.getAccess(java.lang.String):org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel$AccessEnum");
    }
}
