package org.wso2.carbon.identity.api.server.organization.selfservice.v1.core;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ResourceLoader;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants;
import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationModel;
import org.wso2.carbon.identity.api.server.application.management.v1.core.ServerApplicationManagementService;
import org.wso2.carbon.identity.api.server.organization.selfservice.common.SelfServiceMgtServiceHolder;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.exceptions.SelfServiceMgtEndpointException;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.model.Error;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.model.PropertyPatchReq;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.model.PropertyReq;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.model.PropertyRes;
import org.wso2.carbon.identity.api.server.organization.selfservice.v1.util.SelfServiceMgtConstants;
import org.wso2.carbon.identity.api.server.userstore.v1.core.ServerUserStoreService;
import org.wso2.carbon.identity.api.server.userstore.v1.model.UserStoreReq;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.APIResource;
import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
import org.wso2.carbon.identity.application.common.model.AuthorizedAPI;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.Scope;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.governance.IdentityGovernanceService;
import org.wso2.carbon.identity.governance.bean.ConnectorConfig;
import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementConfigUtil;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.organization.selfservice.v1-1.2.127.jar:org/wso2/carbon/identity/api/server/organization/selfservice/v1/core/SelfServiceMgtService.class */
public class SelfServiceMgtService {
    private static final Log LOG = LogFactory.getLog(SelfServiceMgtService.class);

    @Autowired
    private ServerApplicationManagementService applicationManagementService;

    @Autowired
    private ResourceLoader resourceLoader;

    @Autowired
    private ServerUserStoreService serverUserStoreService;

    public List<PropertyRes> getOrganizationGovernanceConfigs() {
        try {
            return buildConnectorResDTO(getIdentityGovernanceService().getConnectorWithConfigs(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(), SelfServiceMgtConstants.SELF_SERVICE_GOVERNANCE_CONNECTOR));
        } catch (IdentityGovernanceException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_RETRIEVING_SELF_SERVICE_CONFIG.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_RETRIEVING_SELF_SERVICE_CONFIG.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_RETRIEVING_SELF_SERVICE_CONFIG.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_RETRIEVING_SELF_SERVICE_CONFIG.getDescription()));
        }
    }

    public void updateOrganizationGovernanceConfigs(PropertyPatchReq propertyPatchReq, Boolean bool) {
        try {
            HashMap hashMap = new HashMap();
            for (PropertyReq propertyReq : propertyPatchReq.getProperties()) {
                hashMap.put(propertyReq.getName(), propertyReq.getValue());
            }
            HashMap hashMap2 = new HashMap(hashMap);
            getIdentityGovernanceService().updateConfiguration(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(), hashMap);
            if (bool.booleanValue()) {
                doPostConfigurationUpdate(hashMap2);
            }
        } catch (IdentityGovernanceException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_SELF_SERVICE_CONFIG.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_SELF_SERVICE_CONFIG.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_SELF_SERVICE_CONFIG.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_SELF_SERVICE_CONFIG.getDescription()));
        }
    }

    private void doPostConfigurationUpdate(Map<String, String> map) {
        processSelfServiceEnablement(map);
        processEmailVerification(map);
    }

    private void processSelfServiceEnablement(Map<String, String> map) {
        boolean parseBoolean = Boolean.parseBoolean(map.getOrDefault(SelfServiceMgtConstants.SELF_SERVICE_ENABLE_PROPERTY_NAME, "false"));
        if (map.containsKey(SelfServiceMgtConstants.SELF_SERVICE_ENABLE_PROPERTY_NAME)) {
            if (parseBoolean) {
                createSystemApplication();
            } else {
                deleteSystemApplication();
            }
        }
    }

    private void processEmailVerification(Map<String, String> map) {
        boolean parseBoolean = Boolean.parseBoolean(map.getOrDefault(SelfServiceMgtConstants.SELF_SERVICE_ADMIN_EMAIL_VERIFICATION_PROPERTY_NAME, "false"));
        boolean parseBoolean2 = Boolean.parseBoolean(map.getOrDefault(SelfServiceMgtConstants.SELF_SERVICE_ONBOARD_ADMIN_TO_SUB_ORG_PROPERTY_NAME, "false"));
        boolean containsKey = map.containsKey(SelfServiceMgtConstants.SELF_SERVICE_ADMIN_EMAIL_VERIFICATION_PROPERTY_NAME);
        boolean containsKey2 = map.containsKey(SelfServiceMgtConstants.SELF_SERVICE_ONBOARD_ADMIN_TO_SUB_ORG_PROPERTY_NAME);
        if (containsKey2 || containsKey) {
            if (!containsKey2) {
                try {
                    parseBoolean2 = Boolean.parseBoolean(getGovernanceConfigValue(SelfServiceMgtConstants.SELF_SERVICE_ONBOARD_ADMIN_TO_SUB_ORG_PROPERTY_NAME));
                } catch (IdentityGovernanceException e) {
                    parseBoolean2 = false;
                }
            } else if (!containsKey) {
                try {
                    parseBoolean = Boolean.parseBoolean(getGovernanceConfigValue(SelfServiceMgtConstants.SELF_SERVICE_ADMIN_EMAIL_VERIFICATION_PROPERTY_NAME));
                } catch (IdentityGovernanceException e2) {
                    parseBoolean = false;
                }
            }
            if (parseBoolean2 && parseBoolean) {
                onboardLiteUserStore();
            } else {
                removeLiteUserStore();
            }
        }
    }

    private void removeLiteUserStore() {
        this.serverUserStoreService.deleteUserStore(new String(Base64.getEncoder().encode(getConfigProperty(SelfServiceMgtConstants.LITE_USER_USER_STORE_NAME).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        updateLiteUserStoreConnectorConfigs(false);
    }

    private void onboardLiteUserStore() {
        try {
            InputStream inputStream = this.resourceLoader.getResource(SelfServiceMgtConstants.CREATE_LITE_USER_STORE_REQUEST_JSON).getInputStream();
            ObjectMapper objectMapper = new ObjectMapper();
            JsonNode readTree = objectMapper.readTree(inputStream);
            updateOnboardConfigValues(readTree);
            this.serverUserStoreService.addUserStore((UserStoreReq) objectMapper.readValue(objectMapper.writeValueAsString(readTree), UserStoreReq.class));
            updateLiteUserStoreConnectorConfigs(true);
        } catch (IOException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_ONBOARDING_LITE_USER_STORE.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_ONBOARDING_LITE_USER_STORE.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_ONBOARDING_LITE_USER_STORE.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_ONBOARDING_LITE_USER_STORE.getDescription()));
        }
    }

    private void updateLiteUserStoreConnectorConfigs(boolean z) {
        try {
            InputStream inputStream = (z ? this.resourceLoader.getResource(SelfServiceMgtConstants.ENABLE_LITE_USER_REQUEST_JSON) : this.resourceLoader.getResource(SelfServiceMgtConstants.DISABLE_LITE_USER_REQUEST_JSON)).getInputStream();
            ObjectMapper objectMapper = new ObjectMapper();
            updateOrganizationGovernanceConfigs((PropertyPatchReq) objectMapper.readValue(objectMapper.writeValueAsString(objectMapper.readTree(inputStream)), PropertyPatchReq.class), false);
        } catch (IOException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_GOVERNANCE_CONFIG.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_GOVERNANCE_CONFIG.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_GOVERNANCE_CONFIG.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_UPDATING_GOVERNANCE_CONFIG.getDescription()));
        }
    }

    private void createSystemApplication() {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        String configProperty = getConfigProperty(SelfServiceMgtConstants.SELF_SERVICE_DEFAULT_APP_NAME);
        try {
            if (isSSAppExists(tenantDomain, username, configProperty)) {
                return;
            }
            InputStream inputStream = this.resourceLoader.getResource(SelfServiceMgtConstants.CREATE_SELF_SERVICE_APP_REQUEST_JSON).getInputStream();
            ObjectMapper objectMapper = new ObjectMapper();
            JsonNode readTree = objectMapper.readTree(inputStream);
            updateAppConfigValues(readTree);
            this.applicationManagementService.createApplication((ApplicationModel) objectMapper.readValue(objectMapper.writeValueAsString(readTree), ApplicationModel.class), null);
            if (isLegacyAuthzRuntime()) {
                return;
            }
            ApplicationBasicInfo applicationBasicInfoByName = getApplicationManagementService().getApplicationBasicInfoByName(configProperty, tenantDomain);
            if (applicationBasicInfoByName == null) {
                LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getDescription());
                throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getDescription()));
            }
            String applicationResourceId = applicationBasicInfoByName.getApplicationResourceId();
            for (Map.Entry<String, List<String>> entry : getAuthorizedAPIsAndScopeNamesForSSApp().entrySet()) {
                authorizeAPItoSelfServiceApp(entry.getKey(), entry.getValue(), tenantDomain, applicationResourceId);
            }
            ServiceProvider serviceProvider = getApplicationManagementService().getServiceProvider(applicationBasicInfoByName.getApplicationId());
            shareWithOrganizations(serviceProvider);
            getApplicationManagementService().updateApplication(serviceProvider, tenantDomain, username);
        } catch (IOException | IdentityApplicationManagementException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_CREATING_SYSTEM_APP.getDescription()));
        }
    }

    private void deleteSystemApplication() {
        String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
        String configProperty = getConfigProperty(SelfServiceMgtConstants.SELF_SERVICE_DEFAULT_APP_NAME);
        try {
            if (isSSAppExists(tenantDomain, username, configProperty)) {
                getApplicationManagementService().deleteApplication(configProperty, tenantDomain, username);
            }
        } catch (IdentityApplicationManagementException e) {
            LOG.error(SelfServiceMgtConstants.ErrorMessage.ERROR_DELETING_SYSTEM_APP.getDescription(), e);
            throw new SelfServiceMgtEndpointException(Response.Status.INTERNAL_SERVER_ERROR, getError(SelfServiceMgtConstants.ErrorMessage.ERROR_DELETING_SYSTEM_APP.getCode(), SelfServiceMgtConstants.ErrorMessage.ERROR_DELETING_SYSTEM_APP.getMessage(), SelfServiceMgtConstants.ErrorMessage.ERROR_DELETING_SYSTEM_APP.getDescription()));
        }
    }

    private boolean isSSAppExists(String str, String str2, String str3) throws IdentityApplicationManagementException {
        return getApplicationManagementService().getApplicationBasicInfo(str, str2, str3).length == 1;
    }

    private void updateAppConfigValues(JsonNode jsonNode) {
        String configProperty = getConfigProperty(SelfServiceMgtConstants.SELF_SERVICE_DEFAULT_APP_NAME);
        String configProperty2 = getConfigProperty(SelfServiceMgtConstants.SELF_SERVICE_DEFAULT_TOKEN_EXPIRY_TIME);
        if (jsonNode.get("name") != null) {
            ((ObjectNode) jsonNode).put("name", configProperty);
        }
        if (jsonNode.get(SelfServiceMgtConstants.PROPERTY_INBOUND_PROTOCOL) != null) {
            jsonNode.path(SelfServiceMgtConstants.PROPERTY_INBOUND_PROTOCOL).path(SelfServiceMgtConstants.PROPERTY_OIDC_PROTOCOL).path("accessToken").put(SelfServiceMgtConstants.PROPERTY_TOKEN_EXPIRY, Integer.valueOf(configProperty2));
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x00f8 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x0104 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0111 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x011e A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x003d A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void updateOnboardConfigValues(com.fasterxml.jackson.databind.JsonNode r5) {
        /*
            Method dump skipped, instructions count: 327
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.api.server.organization.selfservice.v1.core.SelfServiceMgtService.updateOnboardConfigValues(com.fasterxml.jackson.databind.JsonNode):void");
    }

    private List<PropertyRes> buildConnectorResDTO(ConnectorConfig connectorConfig) throws IdentityGovernanceException {
        ArrayList arrayList = new ArrayList();
        if (connectorConfig == null || connectorConfig.getProperties() == null) {
            throw new IdentityGovernanceException(SelfServiceMgtConstants.CONFIGS_NOT_FOUND_ERROR);
        }
        for (Property property : connectorConfig.getProperties()) {
            PropertyRes propertyRes = new PropertyRes();
            propertyRes.setName(property.getName());
            propertyRes.setValue(property.getValue());
            propertyRes.setDisplayName(property.getDisplayName());
            propertyRes.setDescription(property.getDescription() != null ? property.getDescription() : "");
            arrayList.add(propertyRes);
        }
        return arrayList;
    }

    private String getGovernanceConfigValue(String str) throws IdentityGovernanceException {
        return getIdentityGovernanceService().getConfiguration(new String[]{str}, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain())[0].getValue();
    }

    private String getConfigProperty(String str) {
        return OrganizationManagementConfigUtil.getProperty(str);
    }

    private IdentityGovernanceService getIdentityGovernanceService() {
        return SelfServiceMgtServiceHolder.getIdentityGovernanceService();
    }

    private ApplicationManagementService getApplicationManagementService() {
        return SelfServiceMgtServiceHolder.getApplicationManagementService();
    }

    private APIResourceManager getAPIResourcesManager() {
        return SelfServiceMgtServiceHolder.getAPIResourceManager();
    }

    private AuthorizedAPIManagementService getAuthorizedAPIManagementService() {
        return SelfServiceMgtServiceHolder.getAuthorizedAPIManagementService();
    }

    private Error getError(String str, String str2, String str3) {
        Error error = new Error();
        error.setCode(str);
        error.setMessage(str2);
        error.setDescription(str3);
        return error;
    }

    private Map<String, List<String>> getAuthorizedAPIsAndScopeNamesForSSApp() {
        HashMap hashMap = new HashMap();
        hashMap.put("/api/server/v1/organizations", new ArrayList(Arrays.asList("internal_organization_view", "internal_organization_create")));
        hashMap.put("/scim2/Users", new ArrayList(Arrays.asList("internal_user_mgt_view", "internal_user_mgt_create")));
        hashMap.put("/o/scim2/Users", new ArrayList(Collections.singletonList("internal_org_user_mgt_create")));
        hashMap.put("/o/scim2/Roles", new ArrayList(Arrays.asList("internal_org_role_mgt_view", "internal_org_role_mgt_update")));
        return hashMap;
    }

    private void authorizeAPItoSelfServiceApp(String str, List<String> list, String str2, String str3) {
        try {
            List aPIResources = getAPIResourcesManager().getAPIResources((String) null, (String) null, 1, "identifier eq " + str, "ASC", str2).getAPIResources();
            if (aPIResources != null && !aPIResources.isEmpty()) {
                APIResource aPIResource = (APIResource) aPIResources.get(0);
                List<Scope> aPIScopesById = getAPIResourcesManager().getAPIScopesById(aPIResource.getId(), str2);
                ArrayList arrayList = new ArrayList();
                for (Scope scope : aPIScopesById) {
                    if (list.contains(scope.getName())) {
                        arrayList.add(scope);
                    }
                }
                getAuthorizedAPIManagementService().addAuthorizedAPI(str3, new AuthorizedAPI.AuthorizedAPIBuilder().apiId(aPIResource.getId()).appId(str3).scopes(arrayList).policyId(ApplicationManagementConstants.RBAC).build(), str2);
            }
        } catch (APIResourceMgtException | IdentityApplicationManagementException e) {
            LOG.error("Error while authorizing APIs to the Organization Self Service application.", e);
        }
    }

    private void shareWithOrganizations(ServiceProvider serviceProvider) {
        ServiceProviderProperty[] spProperties = serviceProvider.getSpProperties();
        ServiceProviderProperty[] serviceProviderPropertyArr = new ServiceProviderProperty[spProperties.length + 1];
        System.arraycopy(spProperties, 0, serviceProviderPropertyArr, 0, spProperties.length);
        ServiceProviderProperty serviceProviderProperty = new ServiceProviderProperty();
        serviceProviderProperty.setName("shareWithAllChildren");
        serviceProviderProperty.setValue(Boolean.TRUE.toString());
        serviceProviderPropertyArr[spProperties.length] = serviceProviderProperty;
        serviceProvider.setSpProperties(serviceProviderPropertyArr);
    }

    public static boolean isLegacyAuthzRuntime() {
        return CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME.booleanValue();
    }
}
