package org.wso2.carbon.consent.mgt.core;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.wso2.carbon.consent.mgt.core.connector.PIIController;
import org.wso2.carbon.consent.mgt.core.constant.ConsentConstants;
import org.wso2.carbon.consent.mgt.core.dao.PIICategoryDAO;
import org.wso2.carbon.consent.mgt.core.dao.PurposeCategoryDAO;
import org.wso2.carbon.consent.mgt.core.dao.PurposeDAO;
import org.wso2.carbon.consent.mgt.core.dao.ReceiptDAO;
import org.wso2.carbon.consent.mgt.core.exception.ConsentManagementClientException;
import org.wso2.carbon.consent.mgt.core.exception.ConsentManagementException;
import org.wso2.carbon.consent.mgt.core.exception.ConsentManagementServerException;
import org.wso2.carbon.consent.mgt.core.model.AddReceiptResponse;
import org.wso2.carbon.consent.mgt.core.model.Address;
import org.wso2.carbon.consent.mgt.core.model.ConsentManagerConfigurationHolder;
import org.wso2.carbon.consent.mgt.core.model.PIICategory;
import org.wso2.carbon.consent.mgt.core.model.PiiController;
import org.wso2.carbon.consent.mgt.core.model.Purpose;
import org.wso2.carbon.consent.mgt.core.model.PurposeCategory;
import org.wso2.carbon.consent.mgt.core.model.PurposePIICategory;
import org.wso2.carbon.consent.mgt.core.model.Receipt;
import org.wso2.carbon.consent.mgt.core.model.ReceiptInput;
import org.wso2.carbon.consent.mgt.core.model.ReceiptListResponse;
import org.wso2.carbon.consent.mgt.core.model.ReceiptPurposeInput;
import org.wso2.carbon.consent.mgt.core.model.ReceiptServiceInput;
import org.wso2.carbon.consent.mgt.core.util.ConsentConfigParser;
import org.wso2.carbon.consent.mgt.core.util.ConsentUtils;
import org.wso2.carbon.consent.mgt.core.util.LambdaExceptionUtils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/consent/mgt/core/ConsentManagerImpl.class */
public class ConsentManagerImpl implements ConsentManager {
    private static final Log log = LogFactory.getLog(ConsentManagerImpl.class);
    private static final int DEFAULT_SEARCH_LIMIT = 100;
    private static final String PII_CONTROLLER = "piiControllers";
    private static final String RECEIPT_DAO = "receiptDAOs";
    private static final String PII_CATEGORY_DAO = "piiCategoryDAOs";
    private static final String PURPOSE_CATEGORY_DAO = "purposedCategoryDAOs";
    private static final String PURPOSE_DAO = "purposedDAOs";
    private static final String USE_CASE_SENSITIVE_USERNAME_FOR_CACHE_KEYS = "UseCaseSensitiveUsernameForCacheKeys";
    private Boolean isCaseSensitiveUserName;
    private List<PurposeDAO> purposeDAOs;
    private List<PurposeCategoryDAO> purposeCategoryDAOs;
    private List<PIICategoryDAO> piiCategoryDAOs;
    private List<ReceiptDAO> receiptDAOs;
    private ConsentConfigParser configParser;
    private List<PIIController> piiControllers;
    private RealmService realmService;

    public ConsentManagerImpl(ConsentManagerConfigurationHolder consentManagerConfigurationHolder) {
        this.purposeDAOs = consentManagerConfigurationHolder.getPurposeDAOs();
        this.purposeCategoryDAOs = consentManagerConfigurationHolder.getPurposeCategoryDAOs();
        this.piiCategoryDAOs = consentManagerConfigurationHolder.getPiiCategoryDAOs();
        this.receiptDAOs = consentManagerConfigurationHolder.getReceiptDAOs();
        this.piiControllers = consentManagerConfigurationHolder.getPiiControllers();
        this.configParser = consentManagerConfigurationHolder.getConfigParser();
        this.realmService = consentManagerConfigurationHolder.getRealmService();
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public Purpose addPurpose(Purpose purpose) throws ConsentManagementException {
        validateInputParameters(purpose);
        return populatePiiCategories(getPurposeDAO(this.purposeDAOs).addPurpose(purpose));
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public Purpose getPurpose(int i) throws ConsentManagementException {
        Purpose purposeById = getPurposeById(i);
        if (purposeById == null) {
            if (log.isDebugEnabled()) {
                log.debug("No purpose found for the Id: " + i);
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_ID_INVALID, String.valueOf(i));
        }
        ArrayList arrayList = new ArrayList();
        purposeById.getPurposePIICategories().forEach(LambdaExceptionUtils.rethrowConsumer(purposePIICategory -> {
            arrayList.add(getPurposePIICategory(purposePIICategory));
        }));
        purposeById.setPurposePIICategories(arrayList);
        return purposeById;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public Purpose getPurposeByName(String str, String str2, String str3) throws ConsentManagementException {
        Purpose purposeFromName = getPurposeFromName(str, str2, str3);
        if (purposeFromName != null) {
            return getPurposeById(purposeFromName.getId().intValue());
        }
        if (log.isDebugEnabled()) {
            log.debug("No purpose found as the name: " + str + " in tenant domain: " + ConsentUtils.getTenantDomainFromCarbonContext());
        }
        throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_NAME_INVALID, str);
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<Purpose> listPurposes(int i, int i2) throws ConsentManagementException {
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        return getPurposeDAO(this.purposeDAOs).listPurposes(i, i2, ConsentUtils.getTenantIdFromCarbonContext());
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<Purpose> listPurposes(String str, String str2, int i, int i2) throws ConsentManagementException {
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        return getPurposeDAO(this.purposeDAOs).listPurposes(str, str2, i, i2, ConsentUtils.getTenantIdFromCarbonContext());
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public void deletePurpose(int i) throws ConsentManagementException {
        if (i == 0 || i < 0) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose Id is not found in the request or invalid purpose Id");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_ID_REQUIRED, null);
        }
        if (getPurposeById(i) == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_ID_INVALID, String.valueOf(i));
        }
        if (getPurposeDAO(this.purposeDAOs).isPurposeUsed(i)) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_IS_ASSOCIATED, String.valueOf(i));
        }
        int deletePurpose = getPurposeDAO(this.purposeDAOs).deletePurpose(i);
        if (log.isDebugEnabled()) {
            log.debug("Purpose deleted successfully. ID: " + deletePurpose);
        }
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public boolean isPurposeExists(String str, String str2, String str3) throws ConsentManagementException {
        return getPurposeFromName(str, str2, str3) != null;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PurposeCategory addPurposeCategory(PurposeCategory purposeCategory) throws ConsentManagementException {
        validateInputParameters(purposeCategory);
        PurposeCategory addPurposeCategory = getPurposeCategoryDAO(this.purposeCategoryDAOs).addPurposeCategory(purposeCategory);
        if (log.isDebugEnabled()) {
            log.debug("Purpose category created successfully with the name: " + addPurposeCategory.getName());
        }
        return addPurposeCategory;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PurposeCategory getPurposeCategory(int i) throws ConsentManagementException {
        PurposeCategory purposeCategoryById = getPurposeCategoryById(i);
        if (purposeCategoryById != null) {
            return purposeCategoryById;
        }
        if (log.isDebugEnabled()) {
            log.debug("No purpose category found for the Id: " + i);
        }
        throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CATEGORY_ID_INVALID, String.valueOf(i));
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PurposeCategory getPurposeCategoryByName(String str) throws ConsentManagementException {
        PurposeCategory purposeCategoryFromName = getPurposeCategoryFromName(str);
        if (purposeCategoryFromName != null) {
            return purposeCategoryFromName;
        }
        if (log.isDebugEnabled()) {
            log.debug("No purpose category found for the name: " + str);
        }
        throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CAT_NAME_INVALID, str);
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<PurposeCategory> listPurposeCategories(int i, int i2) throws ConsentManagementException {
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        return getPurposeCategoryDAO(this.purposeCategoryDAOs).listPurposeCategories(i, i2, ConsentUtils.getTenantIdFromCarbonContext());
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public void deletePurposeCategory(int i) throws ConsentManagementException {
        if (i == 0 || i < 0) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose Category Id is not found in the request or invalid Id");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CATEGORY_ID_REQUIRED, null);
        }
        if (getPurposeCategoryById(i) == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CATEGORY_ID_INVALID, String.valueOf(i));
        }
        int deletePurposeCategory = getPurposeCategoryDAO(this.purposeCategoryDAOs).deletePurposeCategory(i);
        if (log.isDebugEnabled()) {
            log.debug("Purpose category deleted successfully. ID: " + deletePurposeCategory);
        }
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public boolean isPurposeCategoryExists(String str) throws ConsentManagementException {
        return getPurposeCategoryFromName(str) != null;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PIICategory addPIICategory(PIICategory pIICategory) throws ConsentManagementException {
        validateInputParameters(pIICategory);
        PIICategory addPIICategory = getPiiCategoryDAO(this.piiCategoryDAOs).addPIICategory(pIICategory);
        if (log.isDebugEnabled()) {
            log.debug("PII category added successfully with the name: " + addPIICategory.getName());
        }
        return addPIICategory;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PIICategory getPIICategoryByName(String str) throws ConsentManagementException {
        PIICategory piiCategoryFromName = getPiiCategoryFromName(str);
        if (piiCategoryFromName != null) {
            return piiCategoryFromName;
        }
        if (log.isDebugEnabled()) {
            log.debug("No PII category found with the name: " + str);
        }
        throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CAT_NAME_INVALID, str);
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public PIICategory getPIICategory(int i) throws ConsentManagementException {
        PIICategory piiCategoryById = getPiiCategoryById(i);
        if (piiCategoryById != null) {
            return piiCategoryById;
        }
        if (log.isDebugEnabled()) {
            log.debug("No PII category found with the Id: " + i);
        }
        throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_ID_INVALID, String.valueOf(i));
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<PIICategory> listPIICategories(int i, int i2) throws ConsentManagementException {
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        return getPiiCategoryDAO(this.piiCategoryDAOs).listPIICategories(i, i2, ConsentUtils.getTenantIdFromCarbonContext());
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public void deletePIICategory(int i) throws ConsentManagementException {
        if (i == 0 || i < 0) {
            if (log.isDebugEnabled()) {
                log.debug("PII Category Id is not found in the request or invalid PII category Id");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_ID_REQUIRED, null);
        }
        if (getPiiCategoryById(i) == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_ID_INVALID, String.valueOf(i));
        }
        if (getPiiCategoryDAO(this.piiCategoryDAOs).isPIICategoryUsed(i)) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_IS_ASSOCIATED, String.valueOf(i));
        }
        int deletePIICategory = getPiiCategoryDAO(this.piiCategoryDAOs).deletePIICategory(i);
        if (log.isDebugEnabled()) {
            log.debug("PII Category deleted successfully. ID: " + deletePIICategory);
        }
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public boolean isPIICategoryExists(String str) throws ConsentManagementException {
        return getPiiCategoryFromName(str) != null;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public AddReceiptResponse addConsent(ReceiptInput receiptInput) throws ConsentManagementException {
        validateInputParameters(receiptInput);
        receiptInput.setConsentReceiptId(generateConsentReceiptId());
        setAPIVersion(receiptInput);
        setPIIControllerInfo(receiptInput);
        if (!isUserNameCaseSensitive(receiptInput.getPiiPrincipalId())) {
            receiptInput.setPiiPrincipalId(getLowerCaseUserName(receiptInput.getPiiPrincipalId()));
        }
        getReceiptsDAO(this.receiptDAOs).addReceipt(receiptInput);
        if (log.isDebugEnabled()) {
            log.debug("Consent stored successfully with the Id: " + receiptInput.getConsentReceiptId());
        }
        return new AddReceiptResponse(receiptInput.getConsentReceiptId(), receiptInput.getCollectionMethod(), receiptInput.getLanguage(), receiptInput.getPiiPrincipalId(), receiptInput.getTenantDomain());
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public Receipt getReceipt(String str) throws ConsentManagementException {
        Receipt receipt = getReceiptsDAO(this.receiptDAOs).getReceipt(str);
        if (receipt == null || receipt.getConsentReceiptId() == null) {
            if (log.isDebugEnabled()) {
                log.debug("No receipt found with the Id: " + str);
            }
            throw new ConsentManagementClientException(String.format(ConsentConstants.ErrorMessages.ERROR_CODE_RECEIPT_ID_INVALID.getMessage(), str) + " in tenant: " + ConsentUtils.getTenantDomainFromCarbonContext(), ConsentConstants.ErrorMessages.ERROR_CODE_RECEIPT_ID_INVALID.getCode());
        }
        populateTenantDomain(receipt);
        setPIIControllerInfo(receipt);
        setPublicKey(receipt);
        return receipt;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<ReceiptListResponse> searchReceipts(int i, int i2, String str, String str2, String str3, String str4) throws ConsentManagementException {
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        List<ReceiptListResponse> searchReceipts = searchReceipts(i, i2, str, str2, str3, str4, ConsentUtils.getTenantDomainFromCarbonContext());
        searchReceipts.forEach(LambdaExceptionUtils.rethrowConsumer(receiptListResponse -> {
            receiptListResponse.setTenantDomain(ConsentUtils.getTenantDomain(this.realmService, receiptListResponse.getTenantId()));
        }));
        return searchReceipts;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public List<ReceiptListResponse> searchReceipts(int i, int i2, String str, String str2, String str3, String str4, String str5) throws ConsentManagementException {
        int i3 = 0;
        int i4 = 0;
        if (StringUtils.isNotBlank(str2)) {
            i3 = ConsentUtils.getTenantId(this.realmService, str2);
        }
        if (StringUtils.isNotBlank(str5)) {
            i4 = ConsentUtils.getTenantId(this.realmService, str5);
        }
        validatePaginationParameters(i, i2);
        if (i == 0) {
            i = getDefaultLimitFromConfig();
            if (log.isDebugEnabled()) {
                log.debug("Limit is not defied the request, default to: " + i);
            }
        }
        if (!isUserNameCaseSensitive(str)) {
            str = getLowerCaseUserName(str);
        }
        List<ReceiptListResponse> searchReceipts = getReceiptsDAO(this.receiptDAOs).searchReceipts(i, i2, str, i3, str3, str4, i4);
        searchReceipts.forEach(LambdaExceptionUtils.rethrowConsumer(receiptListResponse -> {
            receiptListResponse.setTenantDomain(ConsentUtils.getTenantDomain(this.realmService, receiptListResponse.getTenantId()));
        }));
        return searchReceipts;
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public void revokeReceipt(String str) throws ConsentManagementException {
        getReceiptsDAO(this.receiptDAOs).revokeReceipt(str);
        if (log.isDebugEnabled()) {
            log.debug("Receipt revoked successfully with the Id: " + str);
        }
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public void deleteReceipt(String str) throws ConsentManagementException {
        getReceiptsDAO(this.receiptDAOs).deleteReceipt(str);
        if (log.isDebugEnabled()) {
            log.debug("Receipt deleted successfully with the Id: " + str);
        }
    }

    @Override // org.wso2.carbon.consent.mgt.core.ConsentManager
    public boolean isReceiptExist(String str, String str2, int i) throws ConsentManagementException {
        if (!isUserNameCaseSensitive(str2)) {
            str2 = getLowerCaseUserName(str2);
        }
        return getReceiptsDAO(this.receiptDAOs).isReceiptExist(str, str2, i);
    }

    private Purpose getPurposeFromName(String str, String str2, String str3) throws ConsentManagementException {
        return getPurposeDAO(this.purposeDAOs).getPurposeByName(str, str2, str3, ConsentUtils.getTenantIdFromCarbonContext());
    }

    private PIIController getPIIController(List<PIIController> list) throws ConsentManagementServerException {
        if (CollectionUtils.isNotEmpty(list)) {
            return list.get(list.size() - 1);
        }
        throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GET_DAO, PII_CONTROLLER);
    }

    private void setPublicKey(Receipt receipt) throws ConsentManagementException {
        receipt.setPublicKey(getPublicKey(receipt.getTenantDomain()));
    }

    private PIICategory getPiiCategoryById(int i) throws ConsentManagementException {
        return getPiiCategoryDAO(this.piiCategoryDAOs).getPIICategoryById(i);
    }

    private PurposeCategory getPurposeCategoryFromName(String str) throws ConsentManagementException {
        return getPurposeCategoryDAO(this.purposeCategoryDAOs).getPurposeCategoryByName(str, ConsentUtils.getTenantIdFromCarbonContext());
    }

    private PurposeCategory getPurposeCategoryById(int i) throws ConsentManagementException {
        return getPurposeCategoryDAO(this.purposeCategoryDAOs).getPurposeCategoryById(i);
    }

    private PIICategory getPiiCategoryFromName(String str) throws ConsentManagementException {
        return getPiiCategoryDAO(this.piiCategoryDAOs).getPIICategoryByName(str, ConsentUtils.getTenantIdFromCarbonContext());
    }

    private ReceiptDAO getReceiptsDAO(List<ReceiptDAO> list) throws ConsentManagementServerException {
        if (CollectionUtils.isNotEmpty(list)) {
            return list.get(list.size() - 1);
        }
        throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GET_DAO, RECEIPT_DAO);
    }

    private Purpose getPurposeById(int i) throws ConsentManagementException {
        return getPurposeDAO(this.purposeDAOs).getPurposeById(i);
    }

    private PIICategoryDAO getPiiCategoryDAO(List<PIICategoryDAO> list) throws ConsentManagementServerException {
        if (CollectionUtils.isNotEmpty(list)) {
            return list.get(list.size() - 1);
        }
        throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GET_DAO, PII_CATEGORY_DAO);
    }

    private PurposeCategoryDAO getPurposeCategoryDAO(List<PurposeCategoryDAO> list) throws ConsentManagementServerException {
        if (CollectionUtils.isNotEmpty(list)) {
            return list.get(list.size() - 1);
        }
        throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GET_DAO, PURPOSE_CATEGORY_DAO);
    }

    private PurposeDAO getPurposeDAO(List<PurposeDAO> list) throws ConsentManagementServerException {
        if (CollectionUtils.isNotEmpty(list)) {
            return list.get(list.size() - 1);
        }
        throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GET_DAO, PURPOSE_DAO);
    }

    protected void setAPIVersion(ReceiptInput receiptInput) {
        receiptInput.setVersion(ConsentConstants.API_VERSION);
    }

    protected String generateConsentReceiptId() {
        String uuid = UUID.randomUUID().toString();
        if (log.isDebugEnabled()) {
            log.debug("Consent receipt Id generated: " + uuid);
        }
        return uuid;
    }

    private void setPIIControllerInfo(Receipt receipt) {
        JSONObject jSONObject = new JSONObject(receipt.getPiiController());
        receipt.setPiiControllers(Arrays.asList(getPiiController(jSONObject, getAddress(jSONObject))));
    }

    private PiiController getPiiController(JSONObject jSONObject, Address address) {
        return new PiiController(jSONObject.optString(ConsentConstants.PIIControllerElements.PII_CONTROLLER_NAME), jSONObject.getBoolean(ConsentConstants.PIIControllerElements.ON_BEHALF), jSONObject.optString(ConsentConstants.PIIControllerElements.CONTACT), jSONObject.optString(ConsentConstants.PIIControllerElements.EMAIL), jSONObject.optString(ConsentConstants.PIIControllerElements.PHONE), jSONObject.optString(ConsentConstants.PIIControllerElements.PII_CONTROLLER_URL), address);
    }

    private Address getAddress(JSONObject jSONObject) {
        JSONObject optJSONObject = jSONObject.optJSONObject(ConsentConstants.PIIControllerElements.ADDRESS);
        return new Address(optJSONObject.optString(ConsentConstants.PIIControllerElements.ADDRESS_COUNTRY), optJSONObject.optString(ConsentConstants.PIIControllerElements.ADDRESS_LOCALITY), optJSONObject.optString(ConsentConstants.PIIControllerElements.ADDRESS_REGION), optJSONObject.optString(ConsentConstants.PIIControllerElements.POST_OFFICE_BOX_NUMBER), optJSONObject.optString(ConsentConstants.PIIControllerElements.POSTAL_CODE), optJSONObject.optString(ConsentConstants.PIIControllerElements.STREET_ADDRESS));
    }

    private void setPIIControllerInfo(ReceiptInput receiptInput) throws ConsentManagementException {
        PiiController controllerInfo = getPIIController(this.piiControllers).getControllerInfo(receiptInput.getTenantDomain());
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(ConsentConstants.PIIControllerElements.PII_CONTROLLER_NAME, controllerInfo.getPiiController());
        jSONObject.put(ConsentConstants.PIIControllerElements.ON_BEHALF, controllerInfo.isOnBehalf());
        jSONObject.put(ConsentConstants.PIIControllerElements.CONTACT, controllerInfo.getContact());
        jSONObject.put(ConsentConstants.PIIControllerElements.EMAIL, controllerInfo.getEmail());
        jSONObject.put(ConsentConstants.PIIControllerElements.PHONE, controllerInfo.getPhone());
        jSONObject.put(ConsentConstants.PIIControllerElements.PII_CONTROLLER_URL, controllerInfo.getPiiControllerUrl());
        Address address = controllerInfo.getAddress();
        if (address != null) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put(ConsentConstants.PIIControllerElements.ADDRESS_COUNTRY, address.getAddressCountry());
            jSONObject2.put(ConsentConstants.PIIControllerElements.ADDRESS_LOCALITY, address.getAddressLocality());
            jSONObject2.put(ConsentConstants.PIIControllerElements.ADDRESS_REGION, address.getAddressRegion());
            jSONObject2.put(ConsentConstants.PIIControllerElements.POST_OFFICE_BOX_NUMBER, address.getPostOfficeBoxNumber());
            jSONObject2.put(ConsentConstants.PIIControllerElements.POSTAL_CODE, address.getPostalCode());
            jSONObject2.put(ConsentConstants.PIIControllerElements.STREET_ADDRESS, address.getStreetAddress());
            jSONObject.put(ConsentConstants.PIIControllerElements.ADDRESS, jSONObject2);
        }
        receiptInput.setPiiControllerInfo(jSONObject.toString());
    }

    private String getPublicKey(String str) throws ConsentManagementException {
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(ConsentUtils.getTenantId(this.realmService, str));
            return Base64.encode((isNotSuperTenant(str) ? getPublicKey(str, keyStoreManager, getJKSName(str)) : keyStoreManager.getDefaultPublicKey()).getEncoded());
        } catch (Exception e) {
            throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GETTING_PUBLIC_CERT, str);
        }
    }

    private PublicKey getPublicKey(String str, KeyStoreManager keyStoreManager, String str2) throws Exception {
        return keyStoreManager.getKeyStore(str2).getCertificate(str).getPublicKey();
    }

    private String getJKSName(String str) {
        return str.trim().replace(".", "-") + ".jks";
    }

    private boolean isNotSuperTenant(String str) {
        return !"carbon.super".equals(str);
    }

    private void validateInputParameters(ReceiptInput receiptInput) throws ConsentManagementException {
        if (StringUtils.isBlank(receiptInput.getPiiPrincipalId())) {
            receiptInput.setPiiPrincipalId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername());
        }
        if (StringUtils.isBlank(receiptInput.getTenantDomain())) {
            receiptInput.setTenantId(ConsentUtils.getTenantIdFromCarbonContext());
            receiptInput.setTenantDomain(ConsentUtils.getTenantDomainFromCarbonContext());
        } else {
            receiptInput.setTenantId(ConsentUtils.getTenantId(this.realmService, receiptInput.getTenantDomain()));
        }
        validateRequiredParametersInConsent(receiptInput);
        receiptInput.getServices().forEach(LambdaExceptionUtils.rethrowConsumer(receiptServiceInput -> {
            validateRequiredParametersInService(receiptServiceInput);
            receiptServiceInput.getPurposes().forEach(LambdaExceptionUtils.rethrowConsumer(receiptPurposeInput -> {
                validateRequiredParametersInPurpose(receiptServiceInput, receiptPurposeInput);
            }));
        }));
        if (log.isDebugEnabled()) {
            log.debug("Consent adding request validation success");
        }
    }

    private void validateRequiredParametersInConsent(ReceiptInput receiptInput) throws ConsentManagementClientException {
        if (StringUtils.isBlank(receiptInput.getPiiPrincipalId())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_PRINCIPAL_ID_REQUIRED, null);
        }
        if (StringUtils.isBlank(receiptInput.getCollectionMethod())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_COLLECTION_METHOD_REQUIRED, null);
        }
        if (CollectionUtils.isEmpty(receiptInput.getServices())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_AT_LEAST_ONE_SERVICE_REQUIRED, null);
        }
    }

    private void validateRequiredParametersInService(ReceiptServiceInput receiptServiceInput) throws ConsentManagementException {
        if (StringUtils.isBlank(receiptServiceInput.getService())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_SERVICE_NAME_REQUIRED, null);
        }
        if (CollectionUtils.isEmpty(receiptServiceInput.getPurposes())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_AT_LEAST_ONE_PURPOSE_REQUIRED, null);
        }
        if (!StringUtils.isBlank(receiptServiceInput.getTenantDomain())) {
            receiptServiceInput.setTenantId(ConsentUtils.getTenantId(this.realmService, receiptServiceInput.getTenantDomain()));
        } else {
            receiptServiceInput.setTenantId(ConsentUtils.getTenantIdFromCarbonContext());
            receiptServiceInput.setTenantDomain(ConsentUtils.getTenantDomainFromCarbonContext());
        }
    }

    private void validateRequiredParametersInPurpose(ReceiptServiceInput receiptServiceInput, ReceiptPurposeInput receiptPurposeInput) throws ConsentManagementException {
        String service = receiptServiceInput.getService();
        if (receiptPurposeInput.getPurposeId() == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_ID_MANDATORY, service);
        }
        receiptPurposeInput.setPurposeName(getPurpose(receiptPurposeInput.getPurposeId().intValue()).getName());
        if (StringUtils.isBlank(receiptPurposeInput.getConsentType())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_CONSENT_TYPE_MANDATORY, service);
        }
        if (CollectionUtils.isEmpty(receiptPurposeInput.getPurposeCategoryId())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_AT_LEAST_ONE_CATEGORY_ID_REQUIRED, service);
        }
        receiptPurposeInput.getPurposeCategoryId().forEach(LambdaExceptionUtils.rethrowConsumer((v1) -> {
            getPurposeCategory(v1);
        }));
        if (CollectionUtils.isEmpty(receiptPurposeInput.getPiiCategory())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_AT_LEAST_ONE_PII_CATEGORY_ID_REQUIRED, service);
        }
        receiptPurposeInput.getPiiCategory().forEach(LambdaExceptionUtils.rethrowConsumer(pIICategoryValidity -> {
            getPIICategory(pIICategoryValidity.getId().intValue());
        }));
        if (receiptPurposeInput.isPrimaryPurpose() == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_IS_PRIMARY_PURPOSE_IS_REQUIRED, service);
        }
        if (StringUtils.isBlank(receiptPurposeInput.getTermination())) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_TERMINATION_IS_REQUIRED, service);
        }
        if (receiptPurposeInput.isThirdPartyDisclosure() == null) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_THIRD_PARTY_DISCLOSURE_IS_REQUIRED, service);
        }
    }

    private int getDefaultLimitFromConfig() {
        int i = DEFAULT_SEARCH_LIMIT;
        if (this.configParser.getConfiguration().get(ConsentConstants.PURPOSE_SEARCH_LIMIT_PATH) != null) {
            i = Integer.parseInt(this.configParser.getConfiguration().get(ConsentConstants.PURPOSE_SEARCH_LIMIT_PATH).toString());
        }
        return i;
    }

    private void validatePaginationParameters(int i, int i2) throws ConsentManagementClientException {
        if (i < 0 || i2 < 0) {
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_INVALID_ARGUMENTS_FOR_LIM_OFFSET, null);
        }
    }

    private void validateInputParameters(PurposeCategory purposeCategory) throws ConsentManagementException {
        if (StringUtils.isBlank(purposeCategory.getName())) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose Category name cannot be empty");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CATEGORY_NAME_REQUIRED, null);
        }
        if (isPurposeCategoryExists(purposeCategory.getName())) {
            if (log.isDebugEnabled()) {
                log.debug("A purpose category already exists with name: " + purposeCategory.getName());
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_CATEGORY_ALREADY_EXIST, purposeCategory.getName());
        }
        if (StringUtils.isBlank(purposeCategory.getTenantDomain())) {
            purposeCategory.setTenantId(ConsentUtils.getTenantIdFromCarbonContext());
            purposeCategory.setTenantDomain(ConsentUtils.getTenantDomainFromCarbonContext());
        } else {
            purposeCategory.setTenantId(ConsentUtils.getTenantId(this.realmService, purposeCategory.getTenantDomain()));
        }
        if (log.isDebugEnabled()) {
            log.debug("PurposeCategory request validation success: " + purposeCategory.getName());
        }
    }

    private void validateInputParameters(Purpose purpose) throws ConsentManagementException {
        if (StringUtils.isBlank(purpose.getName())) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose name cannot be empty");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_NAME_REQUIRED, null);
        }
        if (isPurposeExists(purpose.getName(), purpose.getGroup(), purpose.getGroupType())) {
            if (log.isDebugEnabled()) {
                log.debug("A purpose already exists with name: " + purpose.getName());
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_ALREADY_EXIST, purpose.getName());
        }
        if (StringUtils.isBlank(purpose.getGroup())) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose group is empty for: " + purpose.getName());
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_GROUP_REQUIRED, null);
        }
        if (StringUtils.isBlank(purpose.getGroupType())) {
            if (log.isDebugEnabled()) {
                log.debug("Purpose group type is empty for: " + purpose.getName());
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_GROUP_TYPE_REQUIRED, null);
        }
        if (StringUtils.isBlank(purpose.getTenantDomain())) {
            purpose.setTenantId(ConsentUtils.getTenantIdFromCarbonContext());
            purpose.setTenantDomain(ConsentUtils.getTenantDomainFromCarbonContext());
        } else {
            purpose.setTenantId(ConsentUtils.getTenantId(this.realmService, purpose.getTenantDomain()));
        }
        if (CollectionUtils.isNotEmpty(purpose.getPurposePIICategories())) {
            purpose.getPurposePIICategories().forEach(LambdaExceptionUtils.rethrowConsumer(purposePIICategory -> {
                int intValue = purposePIICategory.getId().intValue();
                if (getPiiCategoryById(intValue) == null) {
                    throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_ID_INVALID, String.valueOf(intValue));
                }
                if (purposePIICategory.getMandatory() == null) {
                    throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PURPOSE_PII_CONSTRAINT_REQUIRED, String.valueOf(intValue));
                }
            }));
        }
        if (log.isDebugEnabled()) {
            log.debug("Purpose request validation success: " + purpose.getName());
        }
    }

    private void validateInputParameters(PIICategory pIICategory) throws ConsentManagementException {
        if (StringUtils.isBlank(pIICategory.getName())) {
            if (log.isDebugEnabled()) {
                log.debug("PII Category name cannot be empty");
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_NAME_REQUIRED, null);
        }
        if (isPIICategoryExists(pIICategory.getName())) {
            if (log.isDebugEnabled()) {
                log.debug("A PII Category already exists with name: " + pIICategory.getName());
            }
            throw ConsentUtils.handleClientException(ConsentConstants.ErrorMessages.ERROR_CODE_PII_CATEGORY_ALREADY_EXIST, pIICategory.getName());
        }
        if (pIICategory.getSensitive() == null) {
            pIICategory.setSensitive(false);
        }
        if (StringUtils.isBlank(pIICategory.getTenantDomain())) {
            pIICategory.setTenantId(ConsentUtils.getTenantIdFromCarbonContext());
            pIICategory.setTenantDomain(ConsentUtils.getTenantDomainFromCarbonContext());
        } else {
            pIICategory.setTenantId(ConsentUtils.getTenantId(this.realmService, pIICategory.getTenantDomain()));
        }
        if (log.isDebugEnabled()) {
            log.debug("PII category request validation success: " + pIICategory.getName());
        }
    }

    private void populateTenantDomain(Receipt receipt) throws ConsentManagementServerException {
        receipt.setTenantDomain(ConsentUtils.getTenantDomain(this.realmService, receipt.getTenantId()));
        receipt.getServices().forEach(LambdaExceptionUtils.rethrowConsumer(receiptService -> {
            receiptService.setTenantDomain(ConsentUtils.getTenantDomain(this.realmService, receiptService.getTenantId()));
        }));
    }

    private Purpose populatePiiCategories(Purpose purpose) {
        ArrayList arrayList = new ArrayList();
        purpose.getPurposePIICategories().forEach(LambdaExceptionUtils.rethrowConsumer(purposePIICategory -> {
            arrayList.add(getPurposePIICategory(purposePIICategory));
        }));
        purpose.setPurposePIICategories(arrayList);
        if (log.isDebugEnabled()) {
            log.debug("Purpose created successfully with the name: " + purpose.getName());
        }
        return purpose;
    }

    private PurposePIICategory getPurposePIICategory(PurposePIICategory purposePIICategory) throws ConsentManagementException {
        return new PurposePIICategory(getPiiCategoryById(purposePIICategory.getId().intValue()), purposePIICategory.getMandatory());
    }

    private boolean isUserNameCaseSensitive(String str) throws ConsentManagementException {
        try {
            UserStoreManager userStoreManager = null;
            UserRealm userRealm = getUserRealm();
            if (this.realmService == null || userRealm == null) {
                return false;
            }
            AbstractUserStoreManager userStoreManager2 = userRealm.getUserStoreManager();
            if (userStoreManager2 != null) {
                userStoreManager = userStoreManager2.getSecondaryUserStoreManager(UserCoreUtil.extractDomainFromName(str));
            }
            if (userStoreManager == null || userStoreManager.getRealmConfiguration() == null) {
                return false;
            }
            String userStoreProperty = userStoreManager.getRealmConfiguration().getUserStoreProperty(USE_CASE_SENSITIVE_USERNAME_FOR_CACHE_KEYS);
            if (userStoreProperty != null) {
                this.isCaseSensitiveUserName = Boolean.valueOf(Boolean.parseBoolean(userStoreProperty));
                return this.isCaseSensitiveUserName.booleanValue();
            }
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("User store property: UseCaseSensitiveUsernameForCacheKeys not configured. Considering username as case sensitive.");
            return false;
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while reading user store property: UseCaseSensitiveUsernameForCacheKeys. Considering username as case sensitive.");
            }
            throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GETTING_USER_STORE_MANAGER, str, e);
        }
    }

    private String getLowerCaseUserName(String str) {
        if (str == null) {
            return null;
        }
        String removeDomainFromName = UserCoreUtil.removeDomainFromName(str);
        return UserCoreUtil.addDomainToName(removeDomainFromName.toLowerCase(), UserCoreUtil.extractDomainFromName(str));
    }

    private UserRealm getUserRealm() throws ConsentManagementException {
        String tenantDomainFromCarbonContext = ConsentUtils.getTenantDomainFromCarbonContext();
        try {
            return this.realmService.getTenantUserRealm(this.realmService.getTenantManager().getTenantId(tenantDomainFromCarbonContext));
        } catch (UserStoreException e) {
            throw ConsentUtils.handleServerException(ConsentConstants.ErrorMessages.ERROR_CODE_GETTING_TENANT_ID, tenantDomainFromCarbonContext, e);
        }
    }
}
