package org.wso2.carbon.identity.scim.provider.impl;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import org.wso2.charon.core.encoder.Decoder;
import org.wso2.charon.core.encoder.Encoder;
import org.wso2.charon.core.encoder.json.JSONDecoder;
import org.wso2.charon.core.encoder.json.JSONEncoder;
import org.wso2.charon.core.exceptions.CharonException;
import org.wso2.charon.core.exceptions.FormatNotSupportedException;
import org.wso2.charon.core.exceptions.UnauthorizedException;
import org.wso2.charon.core.extensions.AuthenticationHandler;
import org.wso2.charon.core.extensions.AuthenticationInfo;
import org.wso2.charon.core.extensions.CharonManager;
import org.wso2.charon.core.extensions.TenantDTO;
import org.wso2.charon.core.extensions.TenantManager;
import org.wso2.charon.core.extensions.UserManager;
import org.wso2.charon.core.protocol.endpoints.AbstractResourceEndpoint;

/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/identity/scim/provider/impl/IdentitySCIMManager.class */
public class IdentitySCIMManager implements CharonManager {
    private static final String INSTANCE = "instance";
    private static volatile IdentitySCIMManager identitySCIMManager;
    private static Log log = LogFactory.getLog(IdentitySCIMManager.class);
    private static Map<String, Encoder> encoderMap = new HashMap();
    private static Map<String, Decoder> decoderMap = new HashMap();
    private static Map<String, Map> authenticators = new HashMap();
    private static Map<String, String> endpointURLs = new HashMap();

    private IdentitySCIMManager() throws CharonException {
        init();
    }

    public static IdentitySCIMManager getInstance() throws CharonException {
        if (identitySCIMManager != null) {
            return identitySCIMManager;
        }
        synchronized (IdentitySCIMManager.class) {
            if (identitySCIMManager != null) {
                return identitySCIMManager;
            }
            identitySCIMManager = new IdentitySCIMManager();
            return identitySCIMManager;
        }
    }

    private void init() throws CharonException {
        encoderMap.put("json", new JSONEncoder());
        decoderMap.put("json", new JSONDecoder());
        registerCoders();
        endpointURLs.put("/Users", SCIMCommonUtils.getSCIMUserURL());
        endpointURLs.put("/Groups", SCIMCommonUtils.getSCIMGroupURL());
        registerEndpointURLs();
    }

    public Encoder getEncoder(String str) throws FormatNotSupportedException {
        if (encoderMap.containsKey(str)) {
            return encoderMap.get(str);
        }
        throw new FormatNotSupportedException(406, "Requested format is not supported.");
    }

    public Decoder getDecoder(String str) throws FormatNotSupportedException {
        if (decoderMap.containsKey(str)) {
            return decoderMap.get(str);
        }
        throw new FormatNotSupportedException(406, "Requested format is not supported.");
    }

    public AuthenticationHandler getAuthenticationHandler(String str) throws CharonException {
        if (MapUtils.isNotEmpty(authenticators)) {
            Map map = authenticators.get(str);
            if (MapUtils.isNotEmpty(map)) {
                return (AuthenticationHandler) map.get(INSTANCE);
            }
        }
        throw new CharonException("Requested authentication mechanism is not supported.");
    }

    public UserManager getUserManager(String str) throws CharonException {
        SCIMUserManager sCIMUserManager = null;
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            RealmService realmService = (RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class);
            if (realmService == null) {
                throw new CharonException("Can not obtain carbon realm service..");
            }
            UserRealm tenantUserRealm = realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(tenantDomain));
            if (tenantUserRealm != null) {
                ClaimManager claimManager = tenantUserRealm.getClaimManager();
                if (!tenantUserRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, "/permission/admin/configure/security/usermgt/provisioning", "ui.execute")) {
                    log.error("User is not authorized to perform provisioning");
                    throw new CharonException("User is not authorized to perform provisioning");
                }
                if (PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() == null) {
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
                    if (log.isDebugEnabled()) {
                        log.debug("User read from carbon context is null, hence setting authenticated user: " + tenantAwareUsername);
                    }
                }
                sCIMUserManager = new SCIMUserManager(tenantUserRealm.getUserStoreManager(), str, claimManager);
            }
            return sCIMUserManager;
        } catch (UserStoreException e) {
            throw new CharonException("Error obtaining user realm for the user: " + str, e);
        }
    }

    public UserManager getUserManager(String str, String str2) throws CharonException {
        SCIMUserManager sCIMUserManager = null;
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        try {
            RealmService realmService = (RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class);
            if (realmService == null) {
                throw new CharonException("Can not obtain carbon realm service..");
            }
            UserRealm tenantUserRealm = realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(tenantDomain));
            if (tenantUserRealm != null) {
                ClaimManager claimManager = tenantUserRealm.getClaimManager();
                if (!tenantUserRealm.getAuthorizationManager().isUserAuthorized(tenantAwareUsername, str2, "ui.execute")) {
                    log.error("User is not authorized to perform provisioning");
                    throw new CharonException("User is not authorized to perform provisioning");
                }
                if (PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() == null) {
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(tenantAwareUsername);
                    if (log.isDebugEnabled()) {
                        log.debug("User read from carbon context is null, hence setting authenticated user: " + tenantAwareUsername);
                    }
                }
                sCIMUserManager = new SCIMUserManager(tenantUserRealm.getUserStoreManager(), str, claimManager);
            }
            return sCIMUserManager;
        } catch (UserStoreException e) {
            throw new CharonException("Error obtaining user realm for the user: " + str, e);
        }
    }

    public TenantManager getTenantManager() {
        return null;
    }

    public AuthenticationInfo registerTenant(TenantDTO tenantDTO) throws CharonException {
        return null;
    }

    public boolean isAuthenticationSupported(String str) {
        return false;
    }

    public AuthenticationInfo handleAuthentication(Map<String, String> map) throws UnauthorizedException {
        AuthenticationHandler authenticationHandler;
        try {
            Map map2 = authenticators.get(identifyAuthType(map));
            if (map == null || (authenticationHandler = (AuthenticationHandler) map2.get(INSTANCE)) == null) {
                throw new UnauthorizedException();
            }
            authenticationHandler.setCharonManager(this);
            authenticationHandler.isAuthenticated(map);
            return authenticationHandler.getAuthenticationInfo();
        } catch (CharonException e) {
            if (log.isDebugEnabled()) {
                log.debug("CharonException in handle authentication. ", e);
            }
            throw new UnauthorizedException("Error in handling authentication");
        }
    }

    private void registerCoders() throws CharonException {
        if (!encoderMap.isEmpty()) {
            for (Map.Entry<String, Encoder> entry : encoderMap.entrySet()) {
                AbstractResourceEndpoint.registerEncoder(entry.getKey(), entry.getValue());
            }
        }
        if (encoderMap.isEmpty()) {
            return;
        }
        for (Map.Entry<String, Decoder> entry2 : decoderMap.entrySet()) {
            AbstractResourceEndpoint.registerDecoder(entry2.getKey(), entry2.getValue());
        }
    }

    private void registerEndpointURLs() {
        if (MapUtils.isNotEmpty(endpointURLs)) {
            AbstractResourceEndpoint.registerResourceEndpointURLs(endpointURLs);
        }
    }

    public String identifyAuthType(Map<String, String> map) throws CharonException, UnauthorizedException {
        String str = map.get("Authorization");
        if (str == null) {
            log.error("No Authorization header found");
            throw new UnauthorizedException();
        }
        String str2 = str.split(" ")[0];
        if ("Basic".equals(str2)) {
            return "Basic";
        }
        if ("Bearer".equals(str2)) {
            return "Bearer";
        }
        if (map.get("Auth_Type") != null) {
            return map.get("Auth_Type");
        }
        throw new CharonException("Provided authentication headers do not contain supported authentication headers.");
    }
}
