package org.wso2.carbon.identity.role.v2.mgt.core;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
import org.wso2.carbon.identity.application.common.model.Scope;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.ExpressionNode;
import org.wso2.carbon.identity.core.model.FilterTreeBuilder;
import org.wso2.carbon.identity.core.model.Node;
import org.wso2.carbon.identity.core.model.OperationNode;
import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.RoleConstants;
import org.wso2.carbon.identity.role.v2.mgt.core.dao.RoleDAO;
import org.wso2.carbon.identity.role.v2.mgt.core.dao.RoleMgtDAOFactory;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementClientException;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementServerException;
import org.wso2.carbon.identity.role.v2.mgt.core.internal.RoleManagementServiceComponentHolder;
import org.wso2.carbon.identity.role.v2.mgt.core.listener.RoleManagementListener;
import org.wso2.carbon.identity.role.v2.mgt.core.model.GroupBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission;
import org.wso2.carbon.identity.role.v2.mgt.core.model.Role;
import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo;
import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/role/v2/mgt/core/RoleManagementServiceImpl.class */
public class RoleManagementServiceImpl implements RoleManagementService {
    private static final Log log = LogFactory.getLog(RoleManagementServiceImpl.class);
    private final RoleDAO roleDAO = RoleMgtDAOFactory.getInstance().getRoleDAO();

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo addRole(String str, List<String> list, List<String> list2, List<Permission> list3, String str2, String str3, String str4) throws IdentityRoleManagementException {
        if (StringUtils.startsWithIgnoreCase(str, "system_")) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_REQUEST.getCode(), String.format("Invalid role name: %s. Role names with the prefix: %s, is not allowed to be created from externally in the system.", str, "system_"));
        }
        if (isDomainSeparatorPresent(str)) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Invalid character: " + UserCoreConstants.DOMAIN_SEPARATOR + " contains in the role name: " + str + ".");
        }
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.preAddRole(str, list, list2, list3, str2, str3, str4);
            }
        }
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreAddRoleWithException(str, list, list2, list3, str2, str3, str4);
        if (!StringUtils.isNotEmpty(str2)) {
            str2 = RoleConstants.ORGANIZATION;
            str3 = getOrganizationIdByTenantDomain(str4);
        } else {
            if (!RoleConstants.ORGANIZATION.equalsIgnoreCase(str2) && !RoleConstants.APPLICATION.equalsIgnoreCase(str2)) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_AUDIENCE.getCode(), "Invalid role audience");
            }
            if (RoleConstants.ORGANIZATION.equalsIgnoreCase(str2)) {
                validateOrganizationRoleAudience(str3, str4);
                str2 = RoleConstants.ORGANIZATION;
            }
            if (RoleConstants.APPLICATION.equalsIgnoreCase(str2)) {
                str2 = RoleConstants.APPLICATION;
            }
        }
        validatePermissions(list3, str2, str3, str4);
        RoleBasicInfo addRole = this.roleDAO.addRole(str, list, list2, list3, str2, str3, str4);
        roleManagementEventPublisherProxy.publishPostAddRole(addRole.getId(), str, list, list2, list3, str2, str3, str4);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s add role of name : %s successfully.", getUser(str4), str));
        }
        RoleBasicInfo roleBasicInfoById = this.roleDAO.getRoleBasicInfoById(addRole.getId(), str4);
        for (RoleManagementListener roleManagementListener2 : roleManagementListenerList) {
            if (roleManagementListener2.isEnable()) {
                roleManagementListener2.postAddRole(roleBasicInfoById, str, list, list2, list3, str2, str3, str4);
            }
        }
        return roleBasicInfoById;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<RoleBasicInfo> getRoles(Integer num, Integer num2, String str, String str2, String str3) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetRolesWithException(num, num2, str, str2, str3);
        List<RoleBasicInfo> roles = this.roleDAO.getRoles(num, num2, str, str2, str3);
        roleManagementEventPublisherProxy.publishPostGetRoles(num, num2, str, str2, str3);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoles(roles, num, num2, str, str2, str3);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get roles successfully.", getUser(str3)));
        }
        return roles;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<RoleBasicInfo> getRoles(String str, Integer num, Integer num2, String str2, String str3, String str4) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetRolesWithException(str, num, num2, str2, str3, str4);
        List<RoleBasicInfo> roles = this.roleDAO.getRoles(getExpressionNodes(str), num, num2, str2, str3, str4);
        roleManagementEventPublisherProxy.publishPostGetRoles(str, num, num2, str2, str3, str4);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoles(roles, str, num, num2, str2, str3, str4);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get filtered roles successfully.", getUser(str4)));
        }
        return roles;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public Role getRole(String str, String str2) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetRoleWithException(str, str2);
        Role role = this.roleDAO.getRole(str, str2);
        roleManagementEventPublisherProxy.publishPostGetRole(str, str2);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRole(role, str, str2);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get role of id : %s successfully.", getUser(str2), str));
        }
        return role;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo getRoleBasicInfoById(String str, String str2) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        RoleBasicInfo roleBasicInfoById = this.roleDAO.getRoleBasicInfoById(str, str2);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoleBasicInfo(roleBasicInfoById, str, str2);
            }
        }
        return roleBasicInfoById;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo updateRoleName(String str, String str2, String str3) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreUpdateRoleNameWithException(str, str2, str3);
        if (isDomainSeparatorPresent(str2)) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Invalid character: " + UserCoreConstants.DOMAIN_SEPARATOR + " contains in the role name: " + str2 + ".");
        }
        this.roleDAO.updateRoleName(str, str2, str3);
        roleManagementEventPublisherProxy.publishPostUpdateRoleName(str, str2, str3);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s updated role name of role id : %s successfully.", getUser(str3), str));
        }
        return this.roleDAO.getRoleBasicInfoById(str, str3);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public void deleteRole(String str, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreDeleteRoleWithException(str, str2);
        doPreValidateRoleDeletion(str, str2);
        this.roleDAO.deleteRole(str, str2);
        roleManagementEventPublisherProxy.publishPostDeleteRole(str, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s deleted role of id : %s successfully.", getUser(str2), str));
        }
    }

    private void doPreValidateRoleDeletion(String str, String str2) throws IdentityRoleManagementException {
        if (!RoleConstants.APPLICATION.equalsIgnoreCase(getRoleBasicInfoById(str, str2).getAudience()) && CollectionUtils.isNotEmpty(getAssociatedApplicationByRoleId(str, str2))) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Unable to delete the role since it is associated with applications.");
        }
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<UserBasicInfo> getUserListOfRole(String str, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetUserListOfRoleWithException(str, str2);
        List<UserBasicInfo> userListOfRole = this.roleDAO.getUserListOfRole(str, str2);
        roleManagementEventPublisherProxy.publishPostGetUserListOfRole(str, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get list of users of role of id : %s successfully.", getUser(str2), str));
        }
        return userListOfRole;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo updateUserListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreUpdateUserListOfRoleWithException(str, list, list2, str2);
        this.roleDAO.updateUserListOfRole(str, list, list2, str2);
        roleManagementEventPublisherProxy.publishPostUpdateUserListOfRole(str, list, list2, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s updated list of users of role of id : %s successfully.", getUser(str2), str));
        }
        return this.roleDAO.getRoleBasicInfoById(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<GroupBasicInfo> getGroupListOfRole(String str, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetGroupListOfRoleWithException(str, str2);
        List<GroupBasicInfo> groupListOfRole = this.roleDAO.getGroupListOfRole(str, str2);
        roleManagementEventPublisherProxy.publishPostGetGroupListOfRole(str, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get list of groups of role of id : %s successfully.", getUser(str2), str));
        }
        return groupListOfRole;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo updateGroupListOfRole(String str, List<String> list, List<String> list2, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreUpdateGroupListOfRoleWithException(str, list, list2, str2);
        this.roleDAO.updateGroupListOfRole(str, list, list2, str2);
        roleManagementEventPublisherProxy.publishPostUpdateGroupListOfRole(str, list, list2, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s updated list of groups of role of id : %s successfully.", getUser(str2), str));
        }
        return this.roleDAO.getRoleBasicInfoById(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<IdpGroup> getIdpGroupListOfRole(String str, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetIdpGroupListOfRoleWithException(str, str2);
        List<IdpGroup> idpGroupListOfRole = this.roleDAO.getIdpGroupListOfRole(str, str2);
        roleManagementEventPublisherProxy.publishPostIdpGetGroupListOfRole(str, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get list of idp groups of role of id : %s successfully.", getUser(str2), str));
        }
        return idpGroupListOfRole;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo updateIdpGroupListOfRole(String str, List<IdpGroup> list, List<IdpGroup> list2, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreUpdateIdpGroupListOfRoleWithException(str, list, list2, str2);
        removeSimilarIdpGroups(list, list2);
        this.roleDAO.updateIdpGroupListOfRole(str, list, list2, str2);
        roleManagementEventPublisherProxy.publishPostUpdateIdpGroupListOfRole(str, list, list2, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s updated list of idp groups of role of id : %s successfully.", getUser(str2), str));
        }
        return this.roleDAO.getRoleBasicInfoById(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<Permission> getPermissionListOfRole(String str, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetPermissionListOfRoleWithException(str, str2);
        List<Permission> permissionListOfRole = this.roleDAO.getPermissionListOfRole(str, str2);
        roleManagementEventPublisherProxy.publishPostGetPermissionListOfRole(str, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get list of permissions of role of id : %s successfully.", getUser(str2), str));
        }
        return permissionListOfRole;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<String> getPermissionListOfRoles(List<String> list, String str) throws IdentityRoleManagementException {
        return this.roleDAO.getPermissionListOfRoles(list, str);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public RoleBasicInfo updatePermissionListOfRole(String str, List<Permission> list, List<Permission> list2, String str2) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreUpdatePermissionsForRoleWithException(str, list, list2, str2);
        removeSimilarPermissions(list, list2);
        RoleBasicInfo roleBasicInfoById = this.roleDAO.getRoleBasicInfoById(str, str2);
        validatePermissions(list, roleBasicInfoById.getAudience(), roleBasicInfoById.getAudienceId(), str2);
        this.roleDAO.updatePermissionListOfRole(str, list, list2, str2);
        roleManagementEventPublisherProxy.publishPostUpdatePermissionsForRole(str, list, list2, str2);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s set list of permissions of role of id : %s successfully.", getUser(str2), str));
        }
        return this.roleDAO.getRoleBasicInfoById(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public boolean isExistingRole(String str, String str2) throws IdentityRoleManagementException {
        return this.roleDAO.isExistingRoleID(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public boolean isExistingRoleName(String str, String str2, String str3, String str4) throws IdentityRoleManagementException {
        return this.roleDAO.isExistingRoleName(str, str2, str3, str4);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public Set<String> getSystemRoles() {
        return this.roleDAO.getSystemRoles();
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public int getRolesCount(String str) throws IdentityRoleManagementException {
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetRolesCountWithException(str);
        int rolesCount = this.roleDAO.getRolesCount(str);
        roleManagementEventPublisherProxy.publishPostGetRolesCount(str);
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s get roles count successfully.", getUser(str)));
        }
        return rolesCount;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public Role getRoleWithoutUsers(String str, String str2) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        RoleManagementEventPublisherProxy roleManagementEventPublisherProxy = RoleManagementEventPublisherProxy.getInstance();
        roleManagementEventPublisherProxy.publishPreGetRoleWithException(str, str2);
        Role roleWithoutUsers = this.roleDAO.getRoleWithoutUsers(str, str2);
        roleManagementEventPublisherProxy.publishPostGetRole(str, str2);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRole(roleWithoutUsers, str, str2);
            }
        }
        return roleWithoutUsers;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public String getRoleNameByRoleId(String str, String str2) throws IdentityRoleManagementException {
        return this.roleDAO.getRoleNameByID(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public String getRoleIdByName(String str, String str2, String str3, String str4) throws IdentityRoleManagementException {
        return this.roleDAO.getRoleIdByName(str, str2, str3, str4);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public void addMainRoleToSharedRoleRelationship(String str, String str2, String str3, String str4) throws IdentityRoleManagementException {
        this.roleDAO.addMainRoleToSharedRoleRelationship(str, str2, str3, str4);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<RoleBasicInfo> getRoleListOfUser(String str, String str2) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        List<RoleBasicInfo> roleListOfUser = this.roleDAO.getRoleListOfUser(str, str2);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoleListOfUser(roleListOfUser, str, str2);
            }
        }
        return roleListOfUser;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<RoleBasicInfo> getRoleListOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        List<RoleBasicInfo> roleListOfGroups = this.roleDAO.getRoleListOfGroups(list, str);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoleListOfGroups(roleListOfGroups, list, str);
            }
        }
        return roleListOfGroups;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<RoleBasicInfo> getRoleListOfIdpGroups(List<String> list, String str) throws IdentityRoleManagementException {
        List<RoleManagementListener> roleManagementListenerList = RoleManagementServiceComponentHolder.getInstance().getRoleManagementListenerList();
        List<RoleBasicInfo> roleListOfIdpGroups = this.roleDAO.getRoleListOfIdpGroups(list, str);
        for (RoleManagementListener roleManagementListener : roleManagementListenerList) {
            if (roleManagementListener.isEnable()) {
                roleManagementListener.postGetRoleListOfIdpGroups(roleListOfIdpGroups, list, str);
            }
        }
        return roleListOfIdpGroups;
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<String> getRoleIdListOfUser(String str, String str2) throws IdentityRoleManagementException {
        return this.roleDAO.getRoleIdListOfUser(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<String> getRoleIdListOfGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return this.roleDAO.getRoleIdListOfGroups(list, str);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<String> getRoleIdListOfIdpGroups(List<String> list, String str) throws IdentityRoleManagementException {
        return this.roleDAO.getRoleIdListOfIdpGroups(list, str);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public void deleteRolesByApplication(String str, String str2) throws IdentityRoleManagementException {
        this.roleDAO.deleteRolesByApplication(str, str2);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public Map<String, String> getMainRoleToSharedRoleMappingsBySubOrg(List<String> list, String str) throws IdentityRoleManagementException {
        return this.roleDAO.getMainRoleToSharedRoleMappingsBySubOrg(list, str);
    }

    @Override // org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService
    public List<String> getAssociatedApplicationByRoleId(String str, String str2) throws IdentityRoleManagementException {
        return this.roleDAO.getAssociatedApplicationIdsByRoleId(str, str2);
    }

    private String getUser(String str) {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        return StringUtils.isNotBlank(username) ? UserCoreUtil.addTenantDomainToEntry(username, str) : "wso2.system.user";
    }

    private String getOrganizationIdByTenantDomain(String str) throws IdentityRoleManagementException {
        try {
            return RoleManagementServiceComponentHolder.getInstance().getOrganizationManager().resolveOrganizationId(str);
        } catch (OrganizationManagementException e) {
            throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), "Error while retrieving the organization id for the given tenantDomain: " + str, e);
        }
    }

    private void validateOrganizationRoleAudience(String str, String str2) throws IdentityRoleManagementException {
        try {
            OrganizationManager organizationManager = RoleManagementServiceComponentHolder.getInstance().getOrganizationManager();
            String resolveOrganizationId = organizationManager.resolveOrganizationId(str2);
            if (resolveOrganizationId == null || !resolveOrganizationId.equalsIgnoreCase(str)) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_AUDIENCE.getCode(), "Invalid audience. Given Organization id: " + str + " is invalid");
            }
            if (!organizationManager.isOrganizationExistById(str)) {
                throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_AUDIENCE.getCode(), "Invalid audience. No organization found with organization id: " + str);
            }
        } catch (OrganizationManagementException e) {
            throw new IdentityRoleManagementServerException(RoleConstants.Error.UNEXPECTED_SERVER_ERROR.getCode(), "Error while checking the organization exist by id : " + str, e);
        }
    }

    private void validatePermissions(List<Permission> list, String str, String str2, String str3) throws IdentityRoleManagementException {
        if (str.equals(RoleConstants.ORGANIZATION)) {
            validatePermissionsForOrganization(list, str3);
        }
    }

    private void validatePermissionsForOrganization(List<Permission> list, String str) throws IdentityRoleManagementException {
        try {
            List scopesByTenantDomain = RoleManagementServiceComponentHolder.getInstance().getApiResourceManager().getScopesByTenantDomain(str, "");
            ArrayList arrayList = new ArrayList();
            Iterator it = scopesByTenantDomain.iterator();
            while (it.hasNext()) {
                arrayList.add(((Scope) it.next()).getName());
            }
            for (Permission permission : list) {
                if (!arrayList.contains(permission.getName())) {
                    throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_PERMISSION.getCode(), "Permission: " + permission.getName() + " not found");
                }
            }
        } catch (APIResourceMgtException e) {
            throw new IdentityRoleManagementException("Error while retrieving scopes", "Error while retrieving scopes for tenantDomain: " + str, e);
        }
    }

    private boolean isDomainSeparatorPresent(String str) {
        return str.contains(UserCoreConstants.DOMAIN_SEPARATOR);
    }

    private void removeSimilarPermissions(List<Permission> list, List<Permission> list2) {
        ArrayList arrayList = new ArrayList(list);
        arrayList.retainAll(list2);
        list.removeAll(arrayList);
        list2.removeAll(arrayList);
    }

    private void removeSimilarIdpGroups(List<IdpGroup> list, List<IdpGroup> list2) {
        ArrayList arrayList = new ArrayList(list);
        arrayList.retainAll(list2);
        list.removeAll(arrayList);
        list2.removeAll(arrayList);
    }

    private List<ExpressionNode> getExpressionNodes(String str) throws IdentityRoleManagementException {
        ArrayList arrayList = new ArrayList();
        String str2 = StringUtils.isBlank(str) ? "" : str;
        try {
            if (StringUtils.isNotBlank(str2)) {
                setExpressionNodeList(new FilterTreeBuilder(str2).buildTree(), arrayList);
            }
            return arrayList;
        } catch (IOException | IdentityException e) {
            throw new IdentityRoleManagementClientException(RoleConstants.Error.INVALID_REQUEST.getCode(), "Invalid filter");
        }
    }

    private void setExpressionNodeList(Node node, List<ExpressionNode> list) {
        if (node instanceof ExpressionNode) {
            if (StringUtils.isNotBlank(((ExpressionNode) node).getAttributeValue())) {
                list.add((ExpressionNode) node);
            }
        } else if (node instanceof OperationNode) {
            setExpressionNodeList(node.getLeftNode(), list);
            setExpressionNodeList(node.getRightNode(), list);
        }
    }
}
