package org.wso2.carbon.idp.mgt;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.ProvisioningConnectorService;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.IdentityProviderProperty;
import org.wso2.carbon.identity.application.common.model.LocalRole;
import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig;
import org.wso2.carbon.identity.application.common.model.RoleMapping;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO;
import org.wso2.carbon.idp.mgt.dao.FileBasedIdPMgtDAO;
import org.wso2.carbon.idp.mgt.dao.IdPManagementDAO;
import org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent;
import org.wso2.carbon.idp.mgt.listener.IdentityProviderMgtListener;
import org.wso2.carbon.idp.mgt.util.IdPManagementConstants;
import org.wso2.carbon.idp.mgt.util.IdPManagementUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/idp/mgt/IdentityProviderManager.class */
public class IdentityProviderManager {
    private static final Log log = LogFactory.getLog(IdentityProviderManager.class);
    private static CacheBackedIdPMgtDAO dao = new CacheBackedIdPMgtDAO(new IdPManagementDAO());
    private static volatile IdentityProviderManager instance = new IdentityProviderManager();

    private IdentityProviderManager() {
    }

    public static IdentityProviderManager getInstance() {
        return instance;
    }

    public IdentityProvider getResidentIdP(String str) throws IdentityProviderManagementException {
        String str2 = "carbon.super".equalsIgnoreCase(str) ? "" : "t/" + str + "/";
        String property = IdentityUtil.getProperty("OpenID.OpenIDServerUrl");
        String property2 = IdentityUtil.getProperty("SSOService.IdentityProviderURL");
        String str3 = property2;
        String property3 = IdentityUtil.getProperty("OAuth.OAuth1RequestTokenUrl");
        String property4 = IdentityUtil.getProperty("OAuth.OAuth1AuthorizeUrl");
        String property5 = IdentityUtil.getProperty("OAuth.OAuth1AccessTokenUrl");
        String property6 = IdentityUtil.getProperty("OAuth.OAuth2AuthzEPUrl");
        String property7 = IdentityUtil.getProperty("OAuth.OAuth2TokenEPUrl");
        String property8 = IdentityUtil.getProperty("OAuth.OAuth2UserInfoEPUrl");
        String property9 = IdentityUtil.getProperty("PassiveSTS.IdentityProviderURL");
        String property10 = IdentityUtil.getProperty("SecurityTokenService.IdentityProviderURL");
        String property11 = IdentityUtil.getProperty("SCIM.UserEPUrl");
        String property12 = IdentityUtil.getProperty("SCIM.GroupEPUrl");
        String property13 = IdentityUtil.getProperty("OAuth.OAuth2RevokeEPUrl");
        if (StringUtils.isBlank(property)) {
            property = IdentityUtil.getServerURL("openid", true, true);
        }
        if (StringUtils.isBlank(property2)) {
            property2 = IdentityUtil.getServerURL("samlsso", true, true);
        }
        if (StringUtils.isBlank(str3)) {
            str3 = IdentityUtil.getServerURL("samlsso", true, true);
        }
        if (StringUtils.isBlank(property3)) {
            property3 = IdentityUtil.getServerURL("oauth/request-token", true, true);
        }
        if (StringUtils.isBlank(property4)) {
            property4 = IdentityUtil.getServerURL("oauth/authorize-url", true, true);
        }
        if (StringUtils.isBlank(property5)) {
            property5 = IdentityUtil.getServerURL("oauth/access-token", true, true);
        }
        if (StringUtils.isBlank(property6)) {
            property6 = IdentityUtil.getServerURL("oauth2/authorize", true, false);
        }
        if (StringUtils.isBlank(property7)) {
            property7 = IdentityUtil.getServerURL("oauth2/token", true, false);
        }
        if (StringUtils.isBlank(property13)) {
            property13 = IdentityUtil.getServerURL("oauth2/revoke", true, false);
        }
        if (StringUtils.isBlank(property8)) {
            property8 = IdentityUtil.getServerURL("oauth2/userinfo", true, false);
        }
        if (StringUtils.isBlank(property9)) {
            property9 = IdentityUtil.getServerURL("passivests", true, true);
        }
        String replace = StringUtils.isNotBlank(property10) ? property10.replace("wso2carbon-sts", str2 + "wso2carbon-sts") : IdentityUtil.getServerURL("services/" + str2 + "wso2carbon-sts", true, true);
        if (StringUtils.isBlank(property11)) {
            property11 = IdentityUtil.getServerURL("wso2/scim/Users", true, false);
        }
        if (StringUtils.isBlank(property12)) {
            property12 = IdentityUtil.getServerURL("wso2/scim/Groups", true, false);
        }
        IdentityProvider idPByName = dao.getIdPByName(null, "LOCAL", IdentityTenantUtil.getTenantId(str), str);
        if (idPByName == null) {
            throw new IdentityProviderManagementException("Could not find Resident Identity Provider for tenant " + str);
        }
        try {
            int tenantId = IdPManagementServiceComponent.getRealmService().getTenantManager().getTenantId(str);
            try {
                try {
                    IdentityTenantUtil.initializeRegistry(tenantId, str);
                    PrivilegedCarbonContext.startTenantFlow();
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str, true);
                    KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                    X509Certificate defaultPrimaryCertificate = !"carbon.super".equals(str) ? (X509Certificate) keyStoreManager.getKeyStore(str.trim().replace(IdPManagementConstants.MULTI_VALUED_PROPERTY_CHARACTER, "-") + ".jks").getCertificate(str) : keyStoreManager.getDefaultPrimaryCertificate();
                    PrivilegedCarbonContext.endTenantFlow();
                    if (defaultPrimaryCertificate == null) {
                        throw new IdentityProviderManagementException("Cannot find the primary certificate for tenant " + str);
                    }
                    try {
                        idPByName.setCertificate(Base64.encode(defaultPrimaryCertificate.getEncoded()));
                        ArrayList arrayList = new ArrayList();
                        FederatedAuthenticatorConfig federatedAuthenticator = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "openid");
                        if (federatedAuthenticator == null) {
                            federatedAuthenticator = new FederatedAuthenticatorConfig();
                            federatedAuthenticator.setName("openid");
                        }
                        ArrayList arrayList2 = new ArrayList(Arrays.asList(federatedAuthenticator.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator.getProperties(), "OpenIdUrl") == null) {
                            Property property14 = new Property();
                            property14.setName("OpenIdUrl");
                            property14.setValue(property);
                            arrayList2.add(property14);
                        }
                        federatedAuthenticator.setProperties((Property[]) arrayList2.toArray(new Property[arrayList2.size()]));
                        arrayList.add(federatedAuthenticator);
                        FederatedAuthenticatorConfig federatedAuthenticator2 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "samlsso");
                        if (federatedAuthenticator2 == null) {
                            federatedAuthenticator2 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator2.setName("samlsso");
                        }
                        ArrayList arrayList3 = new ArrayList(Arrays.asList(federatedAuthenticator2.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator2.getProperties(), "SSOUrl") == null) {
                            Property property15 = new Property();
                            property15.setName("SSOUrl");
                            property15.setValue(property2);
                            arrayList3.add(property15);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator2.getProperties(), "LogoutReqUrl") == null) {
                            Property property16 = new Property();
                            property16.setName("LogoutReqUrl");
                            property16.setValue(str3);
                            arrayList3.add(property16);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator2.getProperties(), "IdPEntityId") == null) {
                            Property property17 = new Property();
                            property17.setName("IdPEntityId");
                            property17.setValue(IdPManagementUtil.getResidentIdPEntityId());
                            arrayList3.add(property17);
                        }
                        federatedAuthenticator2.setProperties((Property[]) arrayList3.toArray(new Property[arrayList3.size()]));
                        arrayList.add(federatedAuthenticator2);
                        FederatedAuthenticatorConfig federatedAuthenticator3 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "oauth10a");
                        if (federatedAuthenticator3 == null) {
                            federatedAuthenticator3 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator3.setName("oauth10a");
                        }
                        ArrayList arrayList4 = new ArrayList(Arrays.asList(federatedAuthenticator3.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator3.getProperties(), "OAuth1RequestTokenUrl") == null) {
                            Property property18 = new Property();
                            property18.setName("OAuth1RequestTokenUrl");
                            property18.setValue(property3);
                            arrayList4.add(property18);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator3.getProperties(), "OAuth1AuthorizeUrl") == null) {
                            Property property19 = new Property();
                            property19.setName("OAuth1AuthorizeUrl");
                            property19.setValue(property4);
                            arrayList4.add(property19);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator3.getProperties(), "OAuth1AccessTokenUrl") == null) {
                            Property property20 = new Property();
                            property20.setName("OAuth1AccessTokenUrl");
                            property20.setValue(property5);
                            arrayList4.add(property20);
                        }
                        federatedAuthenticator3.setProperties((Property[]) arrayList4.toArray(new Property[arrayList4.size()]));
                        arrayList.add(federatedAuthenticator3);
                        FederatedAuthenticatorConfig federatedAuthenticator4 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "openidconnect");
                        if (federatedAuthenticator4 == null) {
                            federatedAuthenticator4 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator4.setName("openidconnect");
                        }
                        ArrayList arrayList5 = new ArrayList(Arrays.asList(federatedAuthenticator4.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator4.getProperties(), "OAuth2AuthzEPUrl") == null) {
                            Property property21 = new Property();
                            property21.setName("OAuth2AuthzEPUrl");
                            property21.setValue(property6);
                            arrayList5.add(property21);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator4.getProperties(), "OAuth2TokenEPUrl") == null) {
                            Property property22 = new Property();
                            property22.setName("OAuth2TokenEPUrl");
                            property22.setValue(property7);
                            arrayList5.add(property22);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator4.getProperties(), "OAuth2RevokeEPUrl") == null) {
                            Property property23 = new Property();
                            property23.setName("OAuth2RevokeEPUrl");
                            property23.setValue(property13);
                            arrayList5.add(property23);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator4.getProperties(), "OAuth2UserInfoEPUrl") == null) {
                            Property property24 = new Property();
                            property24.setName("OAuth2UserInfoEPUrl");
                            property24.setValue(property8);
                            arrayList5.add(property24);
                        }
                        federatedAuthenticator4.setProperties((Property[]) arrayList5.toArray(new Property[arrayList5.size()]));
                        arrayList.add(federatedAuthenticator4);
                        FederatedAuthenticatorConfig federatedAuthenticator5 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "passivests");
                        if (federatedAuthenticator5 == null) {
                            federatedAuthenticator5 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator5.setName("passivests");
                        }
                        ArrayList arrayList6 = new ArrayList(Arrays.asList(federatedAuthenticator5.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator5.getProperties(), "IdentityProviderUrl") == null) {
                            Property property25 = new Property();
                            property25.setName("IdentityProviderUrl");
                            property25.setValue(property9);
                            arrayList6.add(property25);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator5.getProperties(), "IdPEntityId") == null) {
                            Property property26 = new Property();
                            property26.setName("IdPEntityId");
                            property26.setValue(IdPManagementUtil.getResidentIdPEntityId());
                            arrayList6.add(property26);
                        }
                        federatedAuthenticator5.setProperties((Property[]) arrayList6.toArray(new Property[arrayList6.size()]));
                        arrayList.add(federatedAuthenticator5);
                        FederatedAuthenticatorConfig federatedAuthenticator6 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "wstrust");
                        if (federatedAuthenticator6 == null) {
                            federatedAuthenticator6 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator6.setName("wstrust");
                        }
                        ArrayList arrayList7 = new ArrayList(Arrays.asList(federatedAuthenticator6.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator6.getProperties(), "IDENTITY_PROVIDER_URL") == null) {
                            Property property27 = new Property();
                            property27.setName("IDENTITY_PROVIDER_URL");
                            property27.setValue(replace);
                            arrayList7.add(property27);
                        }
                        federatedAuthenticator6.setProperties((Property[]) arrayList7.toArray(new Property[arrayList7.size()]));
                        arrayList.add(federatedAuthenticator6);
                        new ArrayList();
                        FederatedAuthenticatorConfig federatedAuthenticator7 = IdentityApplicationManagementUtil.getFederatedAuthenticator(idPByName.getFederatedAuthenticatorConfigs(), "IDPProperties");
                        if (federatedAuthenticator7 == null) {
                            federatedAuthenticator7 = new FederatedAuthenticatorConfig();
                            federatedAuthenticator7.setName("IDPProperties");
                        }
                        ArrayList arrayList8 = new ArrayList(Arrays.asList(federatedAuthenticator7.getProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator7.getProperties(), "CleanUpPeriod") == null) {
                            Property property28 = new Property();
                            property28.setName("CleanUpPeriod");
                            String property29 = IdentityUtil.getProperty("JDBCPersistenceManager.SessionDataPersist.SessionDataCleanUp.CleanUpPeriod");
                            if (StringUtils.isBlank(property29)) {
                                property29 = "1140";
                            } else if (!StringUtils.isNumeric(property29)) {
                                log.warn("PersistanceCleanUpPeriod in identity.xml should be a numeric value");
                                property29 = "1140";
                            }
                            property28.setValue(property29);
                            arrayList8.add(property28);
                        }
                        federatedAuthenticator7.setProperties((Property[]) arrayList8.toArray(new Property[arrayList8.size()]));
                        arrayList.add(federatedAuthenticator7);
                        idPByName.setFederatedAuthenticatorConfigs((FederatedAuthenticatorConfig[]) arrayList.toArray(new FederatedAuthenticatorConfig[arrayList.size()]));
                        ProvisioningConnectorConfig provisioningConnector = IdentityApplicationManagementUtil.getProvisioningConnector(idPByName.getProvisioningConnectorConfigs(), "scim");
                        if (provisioningConnector == null) {
                            provisioningConnector = new ProvisioningConnectorConfig();
                            provisioningConnector.setName("scim");
                        }
                        ArrayList arrayList9 = new ArrayList(Arrays.asList(provisioningConnector.getProvisioningProperties()));
                        if (IdentityApplicationManagementUtil.getProperty(provisioningConnector.getProvisioningProperties(), "scimUserEndpoint") == null) {
                            Property property30 = new Property();
                            property30.setName("scimUserEndpoint");
                            property30.setValue(property11);
                            arrayList9.add(property30);
                        }
                        if (IdentityApplicationManagementUtil.getProperty(provisioningConnector.getProvisioningProperties(), "scimUserEndpoint") == null) {
                            Property property31 = new Property();
                            property31.setName("scimGroupEndpoint");
                            property31.setValue(property12);
                            arrayList9.add(property31);
                        }
                        provisioningConnector.setProvisioningProperties((Property[]) arrayList9.toArray(new Property[arrayList9.size()]));
                        idPByName.setProvisioningConnectorConfigs(new ProvisioningConnectorConfig[]{provisioningConnector});
                        return idPByName;
                    } catch (CertificateEncodingException e) {
                        throw new IdentityProviderManagementException("Error occurred while encoding primary certificate for tenant domain " + str, e);
                    }
                } catch (Exception e2) {
                    throw new IdentityProviderManagementException("Error retrieving primary certificate for tenant : " + str, e2);
                }
            } catch (Throwable th) {
                PrivilegedCarbonContext.endTenantFlow();
                throw th;
            }
        } catch (UserStoreException e3) {
            throw new IdentityProviderManagementException("Exception occurred while retrieving Tenant ID from Tenant Domain " + str, e3);
        }
    }

    public void addResidentIdP(IdentityProvider identityProvider, String str) throws IdentityProviderManagementException {
        Collection<IdentityProviderMgtListener> idpMgtListeners = IdPManagementServiceComponent.getIdpMgtListeners();
        for (IdentityProviderMgtListener identityProviderMgtListener : idpMgtListeners) {
            if (identityProviderMgtListener.isEnable() && !identityProviderMgtListener.doPreAddResidentIdP(identityProvider, str)) {
                return;
            }
        }
        if (identityProvider.getFederatedAuthenticatorConfigs() == null) {
            identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
        }
        FederatedAuthenticatorConfig federatedAuthenticator = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), "samlsso");
        if (federatedAuthenticator == null) {
            federatedAuthenticator = new FederatedAuthenticatorConfig();
            federatedAuthenticator.setName("samlsso");
        }
        if (federatedAuthenticator.getProperties() == null) {
            federatedAuthenticator.setProperties(new Property[0]);
        }
        boolean z = false;
        for (Property property : federatedAuthenticator.getProperties()) {
            if ("IdPEntityId".equals(property.getName())) {
                z = true;
            }
        }
        if (!z) {
            Property property2 = new Property();
            property2.setName("IdPEntityId");
            property2.setValue(IdPManagementUtil.getResidentIdPEntityId());
            if (federatedAuthenticator.getProperties().length > 0) {
                List asList = Arrays.asList(federatedAuthenticator.getProperties());
                asList.add(property2);
                federatedAuthenticator.setProperties((Property[]) asList.toArray());
            } else {
                federatedAuthenticator.setProperties(new Property[]{property2});
            }
        }
        FederatedAuthenticatorConfig federatedAuthenticator2 = IdentityApplicationManagementUtil.getFederatedAuthenticator(identityProvider.getFederatedAuthenticatorConfigs(), "IDPProperties");
        if (federatedAuthenticator2 == null) {
            federatedAuthenticator2 = new FederatedAuthenticatorConfig();
            federatedAuthenticator2.setName("IDPProperties");
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(federatedAuthenticator2.getProperties()));
        if (IdentityApplicationManagementUtil.getProperty(federatedAuthenticator2.getProperties(), "CleanUpPeriod") == null) {
            Property property3 = new Property();
            property3.setName("CleanUpPeriod");
            String property4 = IdentityUtil.getProperty("JDBCPersistenceManager.SessionDataPersist.SessionDataCleanUp.CleanUpPeriod");
            if (StringUtils.isBlank(property4)) {
                property4 = "1140";
            } else if (!StringUtils.isNumeric(property4)) {
                log.warn("PersistanceCleanUpPeriod in identity.xml should be a numeric value");
                property4 = "1140";
            }
            property3.setValue(property4);
            arrayList.add(property3);
        }
        federatedAuthenticator2.setProperties((Property[]) arrayList.toArray(new Property[arrayList.size()]));
        Property property5 = new Property();
        property5.setName("IdPEntityId");
        property5.setValue(IdPManagementUtil.getResidentIdPEntityId());
        FederatedAuthenticatorConfig federatedAuthenticatorConfig = new FederatedAuthenticatorConfig();
        federatedAuthenticatorConfig.setProperties(new Property[]{property5});
        federatedAuthenticatorConfig.setName("passivests");
        identityProvider.setFederatedAuthenticatorConfigs(IdentityApplicationManagementUtil.concatArrays(identityProvider.getFederatedAuthenticatorConfigs(), new FederatedAuthenticatorConfig[]{federatedAuthenticator, federatedAuthenticator2, federatedAuthenticatorConfig}));
        IdentityProviderProperty[] identityProviderPropertyArr = new IdentityProviderProperty[2];
        IdentityProviderProperty identityProviderProperty = new IdentityProviderProperty();
        String property6 = IdentityUtil.getProperty("TimeConfig.RememberMeTimeout");
        if (StringUtils.isBlank(property6) || !StringUtils.isNumeric(property6) || Integer.parseInt(property6) <= 0) {
            log.warn("RememberMeTimeout in identity.xml should be a numeric value");
            property6 = "20160";
        }
        identityProviderProperty.setName("RememberMeTimeout");
        identityProviderProperty.setValue(property6);
        IdentityProviderProperty identityProviderProperty2 = new IdentityProviderProperty();
        String property7 = IdentityUtil.getProperty("TimeConfig.SessionIdleTimeout");
        if (StringUtils.isBlank(property7) || !StringUtils.isNumeric(property7) || Integer.parseInt(property7) <= 0) {
            log.warn("SessionIdleTimeout in identity.xml should be a numeric value");
            property7 = "15";
        }
        identityProviderProperty2.setName("SessionIdleTimeout");
        identityProviderProperty2.setValue(property7);
        identityProviderPropertyArr[0] = identityProviderProperty;
        identityProviderPropertyArr[1] = identityProviderProperty2;
        identityProvider.setIdpProperties(identityProviderPropertyArr);
        dao.addIdP(identityProvider, IdentityTenantUtil.getTenantId(str), str);
        for (IdentityProviderMgtListener identityProviderMgtListener2 : idpMgtListeners) {
            if (identityProviderMgtListener2.isEnable() && !identityProviderMgtListener2.doPostAddResidentIdP(identityProvider, str)) {
                return;
            }
        }
    }

    public void updateResidentIdP(IdentityProvider identityProvider, String str) throws IdentityProviderManagementException {
        for (IdentityProviderProperty identityProviderProperty : identityProvider.getIdpProperties()) {
            if (StringUtils.equals(identityProviderProperty.getName(), "SessionIdleTimeout")) {
                if (StringUtils.isBlank(identityProviderProperty.getValue()) || !StringUtils.isNumeric(identityProviderProperty.getValue()) || Integer.parseInt(identityProviderProperty.getValue().trim()) <= 0) {
                    throw new IdentityProviderManagementException("SessionIdleTimeout of ResidentIdP should be a numeric value greater than 0 ");
                }
            } else if (StringUtils.equals(identityProviderProperty.getName(), "RememberMeTimeout") && (StringUtils.isBlank(identityProviderProperty.getValue()) || !StringUtils.isNumeric(identityProviderProperty.getValue()) || Integer.parseInt(identityProviderProperty.getValue().trim()) <= 0)) {
                throw new IdentityProviderManagementException("RememberMeTimeout of ResidentIdP should be a numeric value greater than 0 ");
            }
        }
        Collection<IdentityProviderMgtListener> idpMgtListeners = IdPManagementServiceComponent.getIdpMgtListeners();
        for (IdentityProviderMgtListener identityProviderMgtListener : idpMgtListeners) {
            if (identityProviderMgtListener.isEnable() && !identityProviderMgtListener.doPreUpdateResidentIdP(identityProvider, str)) {
                return;
            }
        }
        if (identityProvider.getFederatedAuthenticatorConfigs() == null) {
            identityProvider.setFederatedAuthenticatorConfigs(new FederatedAuthenticatorConfig[0]);
        }
        IdentityProvider idPByName = getInstance().getIdPByName("LOCAL", str, true);
        int tenantId = IdentityTenantUtil.getTenantId(str);
        validateUpdateOfIdPEntityId(idPByName.getFederatedAuthenticatorConfigs(), identityProvider.getFederatedAuthenticatorConfigs(), tenantId, str);
        dao.updateIdP(identityProvider, idPByName, tenantId, str);
        for (IdentityProviderMgtListener identityProviderMgtListener2 : idpMgtListeners) {
            if (identityProviderMgtListener2.isEnable() && !identityProviderMgtListener2.doPostUpdateResidentIdP(identityProvider, str)) {
                return;
            }
        }
    }

    public List<IdentityProvider> getIdPs(String str) throws IdentityProviderManagementException {
        return dao.getIdPs(null, IdentityTenantUtil.getTenantId(str), str);
    }

    public List<IdentityProvider> getEnabledIdPs(String str) throws IdentityProviderManagementException {
        ArrayList arrayList = new ArrayList();
        for (IdentityProvider identityProvider : getIdPs(str)) {
            if (identityProvider.isEnable()) {
                arrayList.add(identityProvider);
            }
        }
        return arrayList;
    }

    public IdentityProvider getIdPByName(String str, String str2, boolean z) throws IdentityProviderManagementException {
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Name value is empty");
        }
        IdentityProvider idPByName = dao.getIdPByName(null, str, tenantId, str2);
        if (!z) {
            if (idPByName == null) {
                idPByName = new FileBasedIdPMgtDAO().getIdPByName(str, str2);
            }
            if (idPByName == null) {
                idPByName = IdPManagementServiceComponent.getFileBasedIdPs().get("default");
            }
        }
        return idPByName;
    }

    public IdentityProvider getEnabledIdPByName(String str, String str2, boolean z) throws IdentityProviderManagementException {
        IdentityProvider idPByName = getIdPByName(str, str2, z);
        if (idPByName == null || !idPByName.isEnable()) {
            return null;
        }
        return idPByName;
    }

    public IdentityProvider getIdPByName(String str, String str2) throws IdentityProviderManagementException {
        return getIdPByName(str, str2, false);
    }

    public IdentityProvider getIdPByAuthenticatorPropertyValue(String str, String str2, String str3, boolean z) throws IdentityProviderManagementException {
        int tenantId = IdentityTenantUtil.getTenantId(str3);
        if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
            throw new IdentityProviderManagementException("Invalid argument: Authenticator property or property value is empty");
        }
        IdentityProvider idPByAuthenticatorPropertyValue = dao.getIdPByAuthenticatorPropertyValue(null, str, str2, tenantId, str3);
        if (idPByAuthenticatorPropertyValue == null && !z) {
            idPByAuthenticatorPropertyValue = new FileBasedIdPMgtDAO().getIdPByAuthenticatorPropertyValue(str, str2, str3);
        }
        return idPByAuthenticatorPropertyValue;
    }

    public IdentityProvider getEnabledIdPByName(String str, String str2) throws IdentityProviderManagementException {
        IdentityProvider idPByName = getIdPByName(str, str2);
        if (idPByName == null || !idPByName.isEnable()) {
            return null;
        }
        return idPByName;
    }

    public IdentityProvider getIdPByRealmId(String str, String str2) throws IdentityProviderManagementException {
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Home Realm Identifier value is empty");
        }
        IdentityProvider idPByRealmId = dao.getIdPByRealmId(str, tenantId, str2);
        if (idPByRealmId == null) {
            idPByRealmId = new FileBasedIdPMgtDAO().getIdPByRealmId(str, str2);
        }
        return idPByRealmId;
    }

    public IdentityProvider getEnabledIdPByRealmId(String str, String str2) throws IdentityProviderManagementException {
        IdentityProvider idPByRealmId = getIdPByRealmId(str, str2);
        if (idPByRealmId == null || !idPByRealmId.isEnable()) {
            return null;
        }
        return idPByRealmId;
    }

    public Set<ClaimMapping> getMappedLocalClaims(String str, String str2, List<String> list) throws IdentityProviderManagementException {
        ClaimMapping[] claimMappings;
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Name value is empty");
        }
        IdentityProvider idPByName = dao.getIdPByName(null, str, tenantId, str2);
        if (idPByName == null) {
            idPByName = new FileBasedIdPMgtDAO().getIdPByName(str, str2);
        }
        if (idPByName == null) {
            idPByName = IdPManagementServiceComponent.getFileBasedIdPs().get("default");
        }
        ClaimConfig claimConfig = idPByName.getClaimConfig();
        if (claimConfig == null || (claimMappings = claimConfig.getClaimMappings()) == null || claimMappings.length <= 0 || list == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (String str3 : list) {
            int length = claimMappings.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    ClaimMapping claimMapping = claimMappings[i];
                    if (claimMapping.getRemoteClaim().getClaimUri().equals(str3)) {
                        hashSet.add(claimMapping);
                        break;
                    }
                    i++;
                }
            }
        }
        return hashSet;
    }

    public Map<String, String> getMappedLocalClaimsMap(String str, String str2, List<String> list) throws IdentityProviderManagementException {
        Set<ClaimMapping> mappedLocalClaims = getMappedLocalClaims(str, str2, list);
        HashMap hashMap = new HashMap();
        for (ClaimMapping claimMapping : mappedLocalClaims) {
            hashMap.put(claimMapping.getRemoteClaim().getClaimUri(), claimMapping.getLocalClaim().getClaimUri());
        }
        return hashMap;
    }

    public Set<ClaimMapping> getMappedIdPClaims(String str, String str2, List<String> list) throws IdentityProviderManagementException {
        ClaimMapping[] claimMappings;
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Name value is empty");
        }
        IdentityProvider idPByName = dao.getIdPByName(null, str, tenantId, str2);
        if (idPByName == null) {
            idPByName = new FileBasedIdPMgtDAO().getIdPByName(str, str2);
        }
        if (idPByName == null) {
            idPByName = IdPManagementServiceComponent.getFileBasedIdPs().get("default");
        }
        ClaimConfig claimConfig = idPByName.getClaimConfig();
        if (claimConfig == null || (claimMappings = claimConfig.getClaimMappings()) == null || claimMappings.length <= 0 || list == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (String str3 : list) {
            int length = claimMappings.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    ClaimMapping claimMapping = claimMappings[i];
                    if (claimMapping.equals(str3)) {
                        hashSet.add(claimMapping);
                        break;
                    }
                    i++;
                }
            }
        }
        return hashSet;
    }

    public Map<String, String> getMappedIdPClaimsMap(String str, String str2, List<String> list) throws IdentityProviderManagementException {
        Set<ClaimMapping> mappedIdPClaims = getMappedIdPClaims(str, str2, list);
        HashMap hashMap = new HashMap();
        for (ClaimMapping claimMapping : mappedIdPClaims) {
            hashMap.put(claimMapping.getLocalClaim().getClaimUri(), claimMapping.getRemoteClaim().getClaimUri());
        }
        return hashMap;
    }

    public Set<RoleMapping> getMappedLocalRoles(String str, String str2, String[] strArr) throws IdentityProviderManagementException {
        RoleMapping[] roleMappings;
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Name value is empty");
        }
        IdentityProvider idPByName = dao.getIdPByName(null, str, tenantId, str2);
        if (idPByName == null) {
            idPByName = new FileBasedIdPMgtDAO().getIdPByName(str, str2);
        }
        if (idPByName == null) {
            idPByName = IdPManagementServiceComponent.getFileBasedIdPs().get("default");
        }
        PermissionsAndRoleConfig permissionAndRoleConfig = idPByName.getPermissionAndRoleConfig();
        if (permissionAndRoleConfig == null || (roleMappings = permissionAndRoleConfig.getRoleMappings()) == null || roleMappings.length <= 0 || strArr == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (String str3 : strArr) {
            int length = roleMappings.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    RoleMapping roleMapping = roleMappings[i];
                    if (roleMapping.getRemoteRole().equals(str3)) {
                        hashSet.add(roleMapping);
                        break;
                    }
                    i++;
                }
            }
        }
        return hashSet;
    }

    public Map<String, LocalRole> getMappedLocalRolesMap(String str, String str2, String[] strArr) throws IdentityProviderManagementException {
        Set<RoleMapping> mappedLocalRoles = getMappedLocalRoles(str, str2, strArr);
        HashMap hashMap = new HashMap();
        for (RoleMapping roleMapping : mappedLocalRoles) {
            hashMap.put(roleMapping.getRemoteRole(), roleMapping.getLocalRole());
        }
        return hashMap;
    }

    public Set<RoleMapping> getMappedIdPRoles(String str, String str2, LocalRole[] localRoleArr) throws IdentityProviderManagementException {
        RoleMapping[] roleMappings;
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        if (StringUtils.isEmpty(str)) {
            throw new IdentityProviderManagementException("Invalid argument: Identity Provider Name value is empty");
        }
        IdentityProvider idPByName = dao.getIdPByName(null, str, tenantId, str2);
        if (idPByName == null) {
            idPByName = new FileBasedIdPMgtDAO().getIdPByName(str, str2);
        }
        if (idPByName == null) {
            idPByName = IdPManagementServiceComponent.getFileBasedIdPs().get("default");
        }
        PermissionsAndRoleConfig permissionAndRoleConfig = idPByName.getPermissionAndRoleConfig();
        if (permissionAndRoleConfig == null || (roleMappings = permissionAndRoleConfig.getRoleMappings()) == null || roleMappings.length <= 0 || localRoleArr == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet();
        for (LocalRole localRole : localRoleArr) {
            int length = roleMappings.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    RoleMapping roleMapping = roleMappings[i];
                    if (roleMapping.getLocalRole().equals(localRole)) {
                        hashSet.add(roleMapping);
                        break;
                    }
                    i++;
                }
            }
        }
        return hashSet;
    }

    public Map<LocalRole, String> getMappedIdPRolesMap(String str, String str2, LocalRole[] localRoleArr) throws IdentityProviderManagementException {
        Set<RoleMapping> mappedIdPRoles = getMappedIdPRoles(str, str2, localRoleArr);
        HashMap hashMap = new HashMap();
        for (RoleMapping roleMapping : mappedIdPRoles) {
            hashMap.put(roleMapping.getLocalRole(), roleMapping.getRemoteRole());
        }
        return hashMap;
    }

    public void addIdP(IdentityProvider identityProvider, String str) throws IdentityProviderManagementException {
        Collection<IdentityProviderMgtListener> idpMgtListeners = IdPManagementServiceComponent.getIdpMgtListeners();
        for (IdentityProviderMgtListener identityProviderMgtListener : idpMgtListeners) {
            if (identityProviderMgtListener.isEnable() && !identityProviderMgtListener.doPreAddIdP(identityProvider, str)) {
                return;
            }
        }
        int tenantId = IdentityTenantUtil.getTenantId(str);
        if (IdPManagementServiceComponent.getFileBasedIdPs().containsKey(identityProvider.getIdentityProviderName()) && !identityProvider.getIdentityProviderName().startsWith(IdPManagementConstants.SHARED_IDP_PREFIX)) {
            throw new IdentityProviderManagementException("Identity provider with the name" + identityProvider.getIdentityProviderName() + "exists in the file system.");
        }
        PermissionsAndRoleConfig permissionAndRoleConfig = identityProvider.getPermissionAndRoleConfig();
        if (permissionAndRoleConfig != null && permissionAndRoleConfig.getRoleMappings() != null) {
            for (RoleMapping roleMapping : permissionAndRoleConfig.getRoleMappings()) {
                try {
                    UserStoreManager userStoreManager = IdPManagementServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
                    String str2 = roleMapping.getLocalRole().getUserStoreId() != null ? roleMapping.getLocalRole().getUserStoreId() + "/" + roleMapping.getLocalRole().getLocalRoleName() : null;
                    if (!userStoreManager.isExistingRole(str2)) {
                        throw new IdentityProviderManagementException("Cannot find tenant role " + str2 + " for tenant " + str);
                    }
                } catch (UserStoreException e) {
                    throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + str, e);
                }
            }
        }
        if (getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, true) != null) {
            throw new IdentityProviderManagementException("An Identity Provider has already been registered with the name " + identityProvider.getIdentityProviderName() + " for tenant " + str);
        }
        validateIdPEntityId(identityProvider.getFederatedAuthenticatorConfigs(), tenantId, str);
        dao.addIdP(identityProvider, tenantId, str);
        for (IdentityProviderMgtListener identityProviderMgtListener2 : idpMgtListeners) {
            if (identityProviderMgtListener2.isEnable() && !identityProviderMgtListener2.doPostAddIdP(identityProvider, str)) {
                return;
            }
        }
    }

    public void deleteIdP(String str, String str2) throws IdentityProviderManagementException {
        Collection<IdentityProviderMgtListener> idpMgtListeners = IdPManagementServiceComponent.getIdpMgtListeners();
        for (IdentityProviderMgtListener identityProviderMgtListener : idpMgtListeners) {
            if (identityProviderMgtListener.isEnable() && !identityProviderMgtListener.doPreDeleteIdP(str, str2)) {
                return;
            }
        }
        dao.deleteIdP(str, IdentityTenantUtil.getTenantId(str2), str2);
        for (IdentityProviderMgtListener identityProviderMgtListener2 : idpMgtListeners) {
            if (identityProviderMgtListener2.isEnable() && !identityProviderMgtListener2.doPostDeleteIdP(str, str2)) {
                return;
            }
        }
    }

    public void updateIdP(String str, IdentityProvider identityProvider, String str2) throws IdentityProviderManagementException {
        Collection<IdentityProviderMgtListener> idpMgtListeners = IdPManagementServiceComponent.getIdpMgtListeners();
        for (IdentityProviderMgtListener identityProviderMgtListener : idpMgtListeners) {
            if (identityProviderMgtListener.isEnable() && !identityProviderMgtListener.doPreUpdateIdP(str, identityProvider, str2)) {
                return;
            }
        }
        if (IdPManagementServiceComponent.getFileBasedIdPs().containsKey(identityProvider.getIdentityProviderName())) {
            throw new IdentityProviderManagementException("Identity provider with the same name exists in the file system.");
        }
        IdentityProvider idPByName = getIdPByName(str, str2, true);
        if (idPByName == null) {
            throw new IdentityProviderManagementException("Identity Provider with name " + str + " does not exist");
        }
        if (idPByName.isPrimary() && !identityProvider.isPrimary()) {
            throw new IdentityProviderManagementException("Invalid argument: Cannot unset Identity Provider from primary. Alternatively set new Identity Provider to primary");
        }
        if (identityProvider.getPermissionAndRoleConfig() != null && identityProvider.getPermissionAndRoleConfig().getRoleMappings() != null) {
            for (RoleMapping roleMapping : identityProvider.getPermissionAndRoleConfig().getRoleMappings()) {
                try {
                    UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                    String localRoleName = roleMapping.getLocalRole().getUserStoreId() != null ? roleMapping.getLocalRole().getUserStoreId() + "/" + roleMapping.getLocalRole().getLocalRoleName() : roleMapping.getLocalRole().getLocalRoleName();
                    if (!userStoreManager.isExistingRole(localRoleName)) {
                        throw new IdentityProviderManagementException("Cannot find tenant role " + localRoleName + " for tenant " + str2);
                    }
                } catch (UserStoreException e) {
                    throw new IdentityProviderManagementException("Error occurred while retrieving UserStoreManager for tenant " + str2, e);
                }
            }
        }
        int tenantId = IdentityTenantUtil.getTenantId(str2);
        validateUpdateOfIdPEntityId(idPByName.getFederatedAuthenticatorConfigs(), identityProvider.getFederatedAuthenticatorConfigs(), tenantId, str2);
        dao.updateIdP(identityProvider, idPByName, tenantId, str2);
        for (IdentityProviderMgtListener identityProviderMgtListener2 : idpMgtListeners) {
            if (identityProviderMgtListener2.isEnable() && !identityProviderMgtListener2.doPostUpdateIdP(str, identityProvider, str2)) {
                return;
            }
        }
    }

    public FederatedAuthenticatorConfig[] getAllFederatedAuthenticators() throws IdentityProviderManagementException {
        List federatedAuthenticators = ApplicationAuthenticatorService.getInstance().getFederatedAuthenticators();
        return CollectionUtils.isNotEmpty(federatedAuthenticators) ? (FederatedAuthenticatorConfig[]) federatedAuthenticators.toArray(new FederatedAuthenticatorConfig[federatedAuthenticators.size()]) : new FederatedAuthenticatorConfig[0];
    }

    public ProvisioningConnectorConfig[] getAllProvisioningConnectors() throws IdentityProviderManagementException {
        List provisioningConnectorConfigs = ProvisioningConnectorService.getInstance().getProvisioningConnectorConfigs();
        if (provisioningConnectorConfigs == null || provisioningConnectorConfigs.size() <= 0) {
            return null;
        }
        return (ProvisioningConnectorConfig[]) provisioningConnectorConfigs.toArray(new ProvisioningConnectorConfig[provisioningConnectorConfigs.size()]);
    }

    private boolean validateIdPEntityId(FederatedAuthenticatorConfig[] federatedAuthenticatorConfigArr, int i, String str) throws IdentityProviderManagementException {
        Property[] properties;
        if (federatedAuthenticatorConfigArr == null) {
            return true;
        }
        for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : federatedAuthenticatorConfigArr) {
            if (("SAMLSSOAuthenticator".equals(federatedAuthenticatorConfig.getName()) || "samlsso".equals(federatedAuthenticatorConfig.getName())) && (properties = federatedAuthenticatorConfig.getProperties()) != null) {
                for (Property property : properties) {
                    if ("IdPEntityId".equals(property.getName())) {
                        if (dao.isIdPAvailableForAuthenticatorProperty(federatedAuthenticatorConfig.getName(), "IdPEntityId", property.getValue(), i)) {
                            throw new IdentityProviderManagementException("An Identity Provider Entity Id has already been registered with the name '" + property.getValue() + "' for tenant '" + str + "'");
                        }
                        return true;
                    }
                }
            }
        }
        return true;
    }

    private boolean validateUpdateOfIdPEntityId(FederatedAuthenticatorConfig[] federatedAuthenticatorConfigArr, FederatedAuthenticatorConfig[] federatedAuthenticatorConfigArr2, int i, String str) throws IdentityProviderManagementException {
        String str2 = null;
        if (federatedAuthenticatorConfigArr != null) {
            for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : federatedAuthenticatorConfigArr) {
                if ("SAMLSSOAuthenticator".equals(federatedAuthenticatorConfig.getName()) || "samlsso".equals(federatedAuthenticatorConfig.getName())) {
                    Property[] properties = federatedAuthenticatorConfig.getProperties();
                    if (properties != null) {
                        int length = properties.length;
                        int i2 = 0;
                        while (true) {
                            if (i2 >= length) {
                                break;
                            }
                            Property property = properties[i2];
                            if ("IdPEntityId".equals(property.getName())) {
                                str2 = property.getValue();
                                break;
                            }
                            i2++;
                        }
                    }
                }
            }
        }
        if (federatedAuthenticatorConfigArr2 == null) {
            return true;
        }
        for (FederatedAuthenticatorConfig federatedAuthenticatorConfig2 : federatedAuthenticatorConfigArr2) {
            if ("SAMLSSOAuthenticator".equals(federatedAuthenticatorConfig2.getName()) || "samlsso".equals(federatedAuthenticatorConfig2.getName())) {
                Property[] properties2 = federatedAuthenticatorConfig2.getProperties();
                if (properties2 == null) {
                    return true;
                }
                for (Property property2 : properties2) {
                    if ("IdPEntityId".equals(property2.getName())) {
                        if ((str2 == null || !str2.equals(property2.getValue())) && dao.isIdPAvailableForAuthenticatorProperty(federatedAuthenticatorConfig2.getName(), "IdPEntityId", property2.getValue(), i)) {
                            throw new IdentityProviderManagementException("An Identity Provider Entity Id has already been registered with the name '" + property2.getValue() + "' for tenant '" + str + "'");
                        }
                        return true;
                    }
                }
                return true;
            }
        }
        return true;
    }
}
