package org.wso2.carbon.identity.provisioning;

import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.ProvisioningConnectorConfig;
import org.wso2.carbon.identity.application.common.model.RoleMapping;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.application.mgt.ApplicationInfoProvider;
import org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCache;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheEntry;
import org.wso2.carbon.identity.provisioning.cache.ServiceProviderProvisioningConnectorCacheKey;
import org.wso2.carbon.identity.provisioning.dao.CacheBackedProvisioningMgtDAO;
import org.wso2.carbon.identity.provisioning.dao.ProvisioningManagementDAO;
import org.wso2.carbon.identity.provisioning.internal.IdentityProvisionServiceComponent;
import org.wso2.carbon.identity.provisioning.listener.DefaultInboundUserProvisioningListener;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.idp.mgt.util.IdPManagementUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/provisioning/OutboundProvisioningManager.class */
public class OutboundProvisioningManager {
    private static final Log log = LogFactory.getLog(OutboundProvisioningManager.class);
    private static CacheBackedProvisioningMgtDAO dao = new CacheBackedProvisioningMgtDAO(new ProvisioningManagementDAO());
    private static OutboundProvisioningManager provisioningManager = new OutboundProvisioningManager();

    private OutboundProvisioningManager() {
    }

    public static OutboundProvisioningManager getInstance() {
        return provisioningManager;
    }

    /* JADX WARN: Finally extract failed */
    private Map<String, RuntimeProvisioningConfig> getOutboundProvisioningConnectors(ServiceProvider serviceProvider, String str) throws UserStoreException {
        HashMap hashMap = new HashMap();
        String str2 = null;
        int i = -1234;
        if (CarbonContext.getThreadLocalCarbonContext() != null) {
            str2 = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            i = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        }
        try {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            threadLocalCarbonContext.setTenantId(-1234);
            threadLocalCarbonContext.setTenantDomain("carbon.super");
            ServiceProviderProvisioningConnectorCacheKey serviceProviderProvisioningConnectorCacheKey = new ServiceProviderProvisioningConnectorCacheKey(serviceProvider.getApplicationName(), str2);
            ServiceProviderProvisioningConnectorCacheEntry serviceProviderProvisioningConnectorCacheEntry = (ServiceProviderProvisioningConnectorCacheEntry) ServiceProviderProvisioningConnectorCache.getInstance().getValueFromCache(serviceProviderProvisioningConnectorCacheKey);
            if (serviceProviderProvisioningConnectorCacheEntry != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Provisioning cache HIT for " + serviceProvider + " of " + str);
                }
                Map<String, RuntimeProvisioningConfig> connectors = serviceProviderProvisioningConnectorCacheEntry.getConnectors();
                PrivilegedCarbonContext.endTenantFlow();
                if (str2 != null) {
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
                }
                return connectors;
            }
            PrivilegedCarbonContext.endTenantFlow();
            if (str2 != null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
            }
            Map<String, AbstractProvisioningConnectorFactory> connectorFactories = IdentityProvisionServiceComponent.getConnectorFactories();
            OutboundProvisioningConfig outboundProvisioningConfig = serviceProvider.getOutboundProvisioningConfig();
            if (outboundProvisioningConfig == null) {
                if (log.isDebugEnabled()) {
                    log.debug("No outbound provisioning configuration defined for local service provider.");
                }
                return new HashMap();
            }
            IdentityProvider[] provisioningIdentityProviders = outboundProvisioningConfig.getProvisioningIdentityProviders();
            if (provisioningIdentityProviders != null && provisioningIdentityProviders.length > 0) {
                for (IdentityProvider identityProvider : provisioningIdentityProviders) {
                    try {
                        ProvisioningConnectorConfig defaultProvisioningConnectorConfig = identityProvider.getDefaultProvisioningConnectorConfig();
                        if (defaultProvisioningConnectorConfig != null) {
                            String name = identityProvider.getDefaultProvisioningConnectorConfig().getName();
                            boolean z = false;
                            if (identityProvider.getJustInTimeProvisioningConfig() != null && identityProvider.getJustInTimeProvisioningConfig().isProvisioningEnabled()) {
                                z = true;
                            }
                            AbstractOutboundProvisioningConnector outboundProvisioningConnector = getOutboundProvisioningConnector(identityProvider, connectorFactories, str, z);
                            if (outboundProvisioningConnector != null) {
                                RuntimeProvisioningConfig runtimeProvisioningConfig = new RuntimeProvisioningConfig();
                                runtimeProvisioningConfig.setProvisioningConnectorEntry(new AbstractMap.SimpleEntry(name, outboundProvisioningConnector));
                                runtimeProvisioningConfig.setBlocking(defaultProvisioningConnectorConfig.isBlocking());
                                hashMap.put(identityProvider.getIdentityProviderName(), runtimeProvisioningConfig);
                            }
                        }
                    } catch (IdentityApplicationManagementException e) {
                        throw new UserStoreException("Error while retrieving idp configuration for " + identityProvider.getIdentityProviderName(), e);
                    }
                }
            }
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext2 = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext2.setTenantId(-1234);
                threadLocalCarbonContext2.setTenantDomain("carbon.super");
                ServiceProviderProvisioningConnectorCacheEntry serviceProviderProvisioningConnectorCacheEntry2 = new ServiceProviderProvisioningConnectorCacheEntry();
                serviceProviderProvisioningConnectorCacheEntry2.setConnectors(hashMap);
                ServiceProviderProvisioningConnectorCache.getInstance().addToCache(serviceProviderProvisioningConnectorCacheKey, serviceProviderProvisioningConnectorCacheEntry2);
                PrivilegedCarbonContext.endTenantFlow();
                if (str2 != null) {
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                    PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Entry added successfully ");
                }
                return hashMap;
            } catch (Throwable th) {
                throw th;
            }
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
            if (str2 != null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(str2);
                PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(i);
            }
        }
    }

    private AbstractOutboundProvisioningConnector getOutboundProvisioningConnector(IdentityProvider identityProvider, Map<String, AbstractProvisioningConnectorFactory> map, String str, boolean z) throws IdentityApplicationManagementException, UserStoreException {
        String identityProviderName = identityProvider.getIdentityProviderName();
        String name = identityProvider.getDefaultProvisioningConnectorConfig().getName();
        IdentityProvider enabledIdPByName = IdentityProviderManager.getInstance().getEnabledIdPByName(identityProviderName, str);
        if (enabledIdPByName == null) {
            throw new UserStoreException("Provisioning identity provider not available in the system. Idp Name : " + identityProviderName);
        }
        ProvisioningConnectorConfig[] provisioningConnectorConfigs = enabledIdPByName.getProvisioningConnectorConfigs();
        if (provisioningConnectorConfigs == null || provisioningConnectorConfigs.length <= 0) {
            return null;
        }
        for (ProvisioningConnectorConfig provisioningConnectorConfig : provisioningConnectorConfigs) {
            if (name.equals(provisioningConnectorConfig.getName()) && provisioningConnectorConfig.isEnabled()) {
                AbstractProvisioningConnectorFactory abstractProvisioningConnectorFactory = map.get(name);
                Property[] provisioningProperties = provisioningConnectorConfig.getProvisioningProperties();
                if (z) {
                    Property property = new Property();
                    property.setName(IdentityProvisioningConstants.JIT_PROVISIONING_ENABLED);
                    property.setValue("1");
                    provisioningProperties = IdentityApplicationManagementUtil.concatArrays(provisioningProperties, new Property[]{property});
                }
                return abstractProvisioningConnectorFactory.getConnector(identityProviderName, provisioningProperties, str);
            }
        }
        return null;
    }

    public void provision(ProvisioningEntity provisioningEntity, String str, String str2, String str3, boolean z) throws IdentityProvisioningException {
        try {
            ServiceProvider serviceProvider = ApplicationInfoProvider.getInstance().getServiceProvider(str, str3);
            if (serviceProvider == null) {
                throw new IdentityProvisioningException("Invalid service provider name : " + str);
            }
            ClaimMapping[] claimMappingArr = null;
            if (str2 == null && serviceProvider.getClaimConfig() != null) {
                claimMappingArr = serviceProvider.getClaimConfig().getClaimMappings();
            }
            Map<String, RuntimeProvisioningConfig> outboundProvisioningConnectors = getOutboundProvisioningConnectors(serviceProvider, str3);
            ExecutorService newFixedThreadPool = outboundProvisioningConnectors.size() > 0 ? Executors.newFixedThreadPool(outboundProvisioningConnectors.size()) : null;
            for (Map.Entry<String, RuntimeProvisioningConfig> entry : outboundProvisioningConnectors.entrySet()) {
                Map.Entry<String, AbstractOutboundProvisioningConnector> provisioningConnectorEntry = entry.getValue().getProvisioningConnectorEntry();
                AbstractOutboundProvisioningConnector value = provisioningConnectorEntry.getValue();
                String key = provisioningConnectorEntry.getKey();
                String key2 = entry.getKey();
                IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(key2, str3);
                if (idPByName == null) {
                    throw new IdentityProvisioningException("Invalid identity provider name : " + key2);
                }
                String claimDialectUri = value.getClaimDialectUri();
                if (claimDialectUri == null && (idPByName.getClaimConfig() == null || idPByName.getClaimConfig().isLocalClaimDialect())) {
                    claimDialectUri = DefaultInboundUserProvisioningListener.WSO2_CARBON_DIALECT;
                }
                Map<ClaimMapping, List<String>> mappedClaims = getMappedClaims(str2, claimDialectUri, provisioningEntity, claimMappingArr, idPByName.getClaimConfig() != null ? idPByName.getClaimConfig().getClaimMappings() : null, str3);
                if (idPByName.getPermissionAndRoleConfig() != null) {
                    updateProvisioningUserWithMappedRoles(provisioningEntity, idPByName.getPermissionAndRoleConfig().getRoleMappings());
                }
                ProvisionedIdentifier provisionedEntityIdentifier = getProvisionedEntityIdentifier(key2, key, provisioningEntity, str3);
                ProvisioningOperation operation = provisioningEntity.getOperation();
                if (provisionedEntityIdentifier == null || provisionedEntityIdentifier.getIdentifier() == null) {
                    operation = ProvisioningOperation.POST;
                }
                String[] strArr = new String[0];
                if (idPByName.getProvisioningRole() != null) {
                    strArr = idPByName.getProvisioningRole().split(IdentityProvisioningConstants.PropertyConfig.DELIMATOR);
                }
                if (!canUserBeProvisioned(provisioningEntity, strArr, str3)) {
                    if (canUserBeDeProvisioned(provisionedEntityIdentifier)) {
                        operation = ProvisioningOperation.DELETE;
                    }
                }
                ProvisioningEntity provisioningEntity2 = new ProvisioningEntity(provisioningEntity.getEntityType(), provisioningEntity.getEntityName(), operation, mappedClaims);
                provisioningEntity2.setIdentifier(provisionedEntityIdentifier);
                provisioningEntity2.setJitProvisioning(z);
                ProvisioningThread provisioningThread = new ProvisioningThread(provisioningEntity2, str3, value, key, key2, dao);
                if (entry.getValue().isBlocking()) {
                    provisioningThread.run();
                } else {
                    newFixedThreadPool.execute(provisioningThread);
                }
            }
            if (newFixedThreadPool != null) {
                newFixedThreadPool.shutdown();
            }
        } catch (Exception e) {
            log.error("Error while out-bound provisioning.", e);
        }
    }

    private void updateProvisioningUserWithMappedRoles(ProvisioningEntity provisioningEntity, RoleMapping[] roleMappingArr) {
        List<String> groupNames;
        if (provisioningEntity.getEntityType() != ProvisioningEntityType.USER || roleMappingArr == null || roleMappingArr.length == 0 || (groupNames = getGroupNames(provisioningEntity.getAttributes())) == null || groupNames.size() == 0) {
            return;
        }
        HashMap hashMap = new HashMap();
        for (RoleMapping roleMapping : roleMappingArr) {
            hashMap.put(roleMapping.getLocalRole().getLocalRoleName(), roleMapping.getRemoteRole());
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = groupNames.iterator();
        while (it.hasNext()) {
            String str = (String) hashMap.get(it.next());
            if (str != null) {
                arrayList.add(str);
            }
        }
        ProvisioningUtil.setClaimValue(IdentityProvisioningConstants.GROUP_CLAIM_URI, provisioningEntity.getAttributes(), arrayList);
    }

    private Map<ClaimMapping, List<String>> getMappedClaims(String str, String str2, ProvisioningEntity provisioningEntity, ClaimMapping[] claimMappingArr, ClaimMapping[] claimMappingArr2, String str3) throws IdentityApplicationManagementException {
        Map<String, String> inboundAttributes = provisioningEntity.getInboundAttributes();
        return str2 != null ? str == null ? IdentityApplicationManagementUtil.getMappedClaims(str2, inboundAttributes, claimMappingArr, provisioningEntity.getAttributes(), str3) : IdentityApplicationManagementUtil.getMappedClaims(str2, inboundAttributes, str, provisioningEntity.getAttributes(), str3) : str == null ? IdentityApplicationManagementUtil.getMappedClaims(claimMappingArr2, inboundAttributes, claimMappingArr, provisioningEntity.getAttributes()) : IdentityApplicationManagementUtil.getMappedClaims(claimMappingArr2, inboundAttributes, str, provisioningEntity.getAttributes(), str3);
    }

    protected List<String> getGroupNames(Map<ClaimMapping, List<String>> map) {
        return ProvisioningUtil.getClaimValues(map, IdentityProvisioningConstants.GROUP_CLAIM_URI, null);
    }

    private String getUserName(Map<ClaimMapping, List<String>> map) {
        List<String> claimValues = ProvisioningUtil.getClaimValues(map, IdentityProvisioningConstants.USERNAME_CLAIM_URI, null);
        if (claimValues == null || claimValues.size() <= 0) {
            return null;
        }
        return claimValues.get(0);
    }

    protected boolean canUserBeProvisioned(ProvisioningEntity provisioningEntity, String[] strArr, String str) throws UserStoreException, CarbonException {
        if (provisioningEntity.getEntityType() != ProvisioningEntityType.USER || strArr == null || strArr.length == 0) {
            return true;
        }
        List<String> userRoles = getUserRoles(getUserName(provisioningEntity.getAttributes()), str);
        for (String str2 : strArr) {
            if (userRoles.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    protected boolean canUserBeDeProvisioned(ProvisionedIdentifier provisionedIdentifier) throws UserStoreException, CarbonException, IdentityApplicationManagementException {
        return (provisionedIdentifier == null || provisionedIdentifier.getIdentifier() == null) ? false : true;
    }

    private List<String> getUserRoles(String str, String str2) throws CarbonException, UserStoreException {
        return Arrays.asList(AnonymousSessionUtil.getRealmByTenantDomain(IdentityProvisionServiceComponent.getRegistryService(), IdentityProvisionServiceComponent.getRealmService(), str2).getUserStoreManager().getRoleListOfUser(str));
    }

    private ProvisionedIdentifier getProvisionedEntityIdentifier(String str, String str2, ProvisioningEntity provisioningEntity, String str3) throws IdentityApplicationManagementException {
        return dao.getProvisionedIdentifier(str, str2, provisioningEntity, getTenantIdOfDomain(str3), str3);
    }

    private static int getTenantIdOfDomain(String str) throws IdentityApplicationManagementException {
        try {
            return IdPManagementUtil.getTenantIdOfDomain(str);
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new IdentityApplicationManagementException("Error occurred while getting Tenant Id from Tenant domain " + str);
        }
    }
}
