package org.wso2.carbon.idp.mgt;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.idp.mgt.dao.IdPMgtDAO;
import org.wso2.carbon.idp.mgt.dto.TrustedIdPDTO;
import org.wso2.carbon.idp.mgt.exception.IdentityProviderMgtException;
import org.wso2.carbon.idp.mgt.model.TrustedIdPDO;
import org.wso2.carbon.idp.mgt.util.IdentityProviderMgtUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;

/* loaded from: input_file:org/wso2/carbon/idp/mgt/IdentityProviderMgtService.class */
public class IdentityProviderMgtService {
    private static final Log log = LogFactory.getLog(IdentityProviderMgtService.class);
    private IdPMgtDAO dao = new IdPMgtDAO();

    public String[] getTenantIdPs() throws IdentityProviderMgtException {
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        try {
            List<String> tenantIdPs = this.dao.getTenantIdPs(null, CarbonContext.getThreadLocalCarbonContext().getTenantId(), tenantDomain);
            return (String[]) tenantIdPs.toArray(new String[tenantIdPs.size()]);
        } catch (IdentityProviderMgtException e) {
            throw new IdentityProviderMgtException("Error getting Identity DB connection", e);
        }
    }

    public TrustedIdPDTO getTenantIdP(String str) throws IdentityProviderMgtException {
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        TrustedIdPDO tenantIdP = this.dao.getTenantIdP(str, tenantId, tenantDomain);
        TrustedIdPDTO trustedIdPDTO = null;
        if (tenantIdP != null) {
            trustedIdPDTO = new TrustedIdPDTO();
            trustedIdPDTO.setIdPName(tenantIdP.getIdPName());
            trustedIdPDTO.setIdPIssuerId(tenantIdP.getIdPIssuerId());
            trustedIdPDTO.setPrimary(tenantIdP.isPrimary());
            trustedIdPDTO.setIdPUrl(tenantIdP.getIdPUrl());
            if (tenantIdP.getPublicCertThumbPrint() != null) {
                trustedIdPDTO.setPublicCert(IdentityProviderMgtUtil.getEncodedIdPCertFromAlias(tenantIdP.getIdPName(), tenantId, tenantDomain));
            }
            trustedIdPDTO.setRoles((String[]) tenantIdP.getRoles().toArray(new String[tenantIdP.getRoles().size()]));
            ArrayList arrayList = new ArrayList();
            for (Map.Entry<String, String> entry : tenantIdP.getRoleMappings().entrySet()) {
                arrayList.add(entry.getKey() + ":" + entry.getValue());
            }
            trustedIdPDTO.setRoleMappings((String[]) arrayList.toArray(new String[arrayList.size()]));
            trustedIdPDTO.setAudience((String[]) tenantIdP.getAudience().toArray(new String[tenantIdP.getAudience().size()]));
            trustedIdPDTO.setTokenEPAlias(tenantIdP.getTokenEPAlias());
        }
        return trustedIdPDTO;
    }

    public void updateTenantIdP(TrustedIdPDTO trustedIdPDTO, TrustedIdPDTO trustedIdPDTO2) throws IdentityProviderMgtException {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (trustedIdPDTO == null && trustedIdPDTO2 == null) {
            log.error("Arguments are NULL");
            throw new IdentityProviderMgtException("Invalid arguments");
        }
        if (trustedIdPDTO != null && trustedIdPDTO2 == null) {
            doDeleteIdP(trustedIdPDTO, tenantId, tenantDomain);
            return;
        }
        if (trustedIdPDTO == null && trustedIdPDTO2 != null) {
            doAddIdP(trustedIdPDTO2, tenantId, tenantDomain);
            return;
        }
        TrustedIdPDO trustedIdPDO = new TrustedIdPDO();
        TrustedIdPDO trustedIdPDO2 = new TrustedIdPDO();
        if (trustedIdPDTO.getIdPName() == null || trustedIdPDTO.getIdPName().equals("")) {
            log.error("Invalid arguments: IdP Name value is empty");
            throw new IdentityProviderMgtException("Invalid arguments: IdP Name value is empty");
        }
        if (trustedIdPDTO.isPrimary() && !trustedIdPDTO2.isPrimary()) {
            log.error("Invalid arguments: Cannot unset IdP from primary. Alternatively set new IdP to primary");
            throw new IdentityProviderMgtException("Invalid arguments: Cannot unset IdP from primary. Alternatively set new IdP to primary");
        }
        trustedIdPDO2.setIdPName(trustedIdPDTO.getIdPName());
        trustedIdPDO2.setIdPIssuerId(trustedIdPDTO.getIdPIssuerId());
        trustedIdPDO2.setPrimary(trustedIdPDTO.isPrimary());
        trustedIdPDO2.setIdPUrl(trustedIdPDTO.getIdPUrl());
        if (trustedIdPDTO.getPublicCert() != null) {
            trustedIdPDO2.setPublicCertThumbPrint(IdentityProviderMgtUtil.generatedThumbPrint(trustedIdPDTO.getPublicCert()));
        }
        if (trustedIdPDTO.getRoles() != null) {
            trustedIdPDO2.setRoles(new ArrayList(Arrays.asList(trustedIdPDTO.getRoles())));
        } else {
            trustedIdPDO2.setRoles(new ArrayList());
        }
        for (int i = 0; i < trustedIdPDO2.getRoles().size(); i++) {
            if (trustedIdPDO2.getRoles().get(i) == null) {
                log.error("Invalid arguments: role names cannot be 'NULL'");
                throw new IdentityProviderMgtException("Invalid arguments: role names cannot be 'NULL'");
            }
            if (trustedIdPDO2.getRoles().get(i).equals("")) {
                log.error("Invalid arguments: role names cannot be strings of zero length in 'oldTrustedIdP' argument");
                throw new IdentityProviderMgtException("Invalid arguments: role names cannot be strings of zero length in 'oldTrustedIdP' argument");
            }
        }
        HashMap hashMap = new HashMap();
        if (trustedIdPDTO.getRoleMappings() != null) {
            for (String str : trustedIdPDTO.getRoleMappings()) {
                String[] split = str.split(":");
                hashMap.put(split[0], split[1]);
            }
        }
        trustedIdPDO2.setRoleMappings(hashMap);
        if (trustedIdPDTO.getAudience() != null) {
            trustedIdPDO2.setAudience(new ArrayList(Arrays.asList(trustedIdPDTO.getAudience())));
        } else {
            trustedIdPDO2.setAudience(new ArrayList());
        }
        trustedIdPDO2.setTokenEPAlias(trustedIdPDTO.getTokenEPAlias());
        if (trustedIdPDTO2.getIdPName() == null || trustedIdPDTO2.getIdPName().equals("")) {
            log.error("Invalid arguments: IdP Name value is empty");
            throw new IdentityProviderMgtException("Invalid arguments: IdP Name value is empty");
        }
        trustedIdPDO.setIdPName(trustedIdPDTO2.getIdPName());
        trustedIdPDO.setIdPIssuerId(trustedIdPDTO2.getIdPIssuerId());
        trustedIdPDO.setPrimary(trustedIdPDTO2.isPrimary());
        trustedIdPDO.setIdPUrl(trustedIdPDTO2.getIdPUrl());
        if (trustedIdPDTO2.getPublicCert() != null) {
            trustedIdPDO.setPublicCertThumbPrint(IdentityProviderMgtUtil.generatedThumbPrint(trustedIdPDTO2.getPublicCert()));
        }
        if (trustedIdPDTO2.getRoles() != null) {
            trustedIdPDO.setRoles(new ArrayList(Arrays.asList(trustedIdPDTO2.getRoles())));
        } else {
            trustedIdPDO.setRoles(new ArrayList());
        }
        for (int i2 = 0; i2 < trustedIdPDO.getRoles().size(); i2++) {
            if (trustedIdPDO.getRoles().get(i2) == null) {
                log.error("Invalid arguments: role names cannot be 'NULL'");
                throw new IdentityProviderMgtException("Invalid arguments: role names cannot be 'NULL'");
            }
            if (trustedIdPDO.getRoles().get(i2).equals("")) {
                trustedIdPDO.getRoles().remove(i2);
                trustedIdPDO.getRoles().add(i2, null);
            }
        }
        HashMap hashMap2 = new HashMap();
        if (trustedIdPDTO2.getRoleMappings() != null) {
            for (String str2 : trustedIdPDTO2.getRoleMappings()) {
                String[] split2 = str2.split(":");
                try {
                    UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                    if (userStoreManager.isExistingRole(split2[1]) || userStoreManager.isExistingRole(split2[1], true)) {
                        String str3 = "Cannot find tenant role " + split2[1] + " for tenant " + tenantDomain;
                        log.error(str3);
                        throw new IdentityProviderMgtException(str3);
                    }
                    hashMap2.put(split2[0], split2[1]);
                } catch (UserStoreException e) {
                    String str4 = "Error occurred while retrieving UserStoreManager for tenant " + tenantDomain;
                    log.error(str4);
                    throw new IdentityProviderMgtException(str4);
                }
            }
        }
        trustedIdPDO.setRoleMappings(hashMap2);
        if (trustedIdPDTO2.getAudience() != null) {
            trustedIdPDO.setAudience(new ArrayList(Arrays.asList(trustedIdPDTO2.getAudience())));
        } else {
            trustedIdPDO.setAudience(new ArrayList());
        }
        if (trustedIdPDTO2.getTokenEPAlias() == null || trustedIdPDTO2.getTokenEPAlias().equals("")) {
            log.error("Invalid arguments: OAuth2 Token Endpoint name cannot be 'NULL' or empty");
            throw new IdentityProviderMgtException("Invalid arguments: OAuth2 Token Endpoint name cannot be 'NULL' or empty");
        }
        trustedIdPDO.setTokenEPAlias(trustedIdPDTO2.getTokenEPAlias());
        this.dao.updateTenantIdP(trustedIdPDO2, trustedIdPDO, tenantId, tenantDomain);
        if (trustedIdPDO2.getPublicCertThumbPrint() != null && trustedIdPDO.getPublicCertThumbPrint() != null && !trustedIdPDO2.getPublicCertThumbPrint().equals(trustedIdPDO.getPublicCertThumbPrint())) {
            IdentityProviderMgtUtil.updateCertToStore(trustedIdPDTO.getIdPName(), trustedIdPDTO2.getIdPName(), trustedIdPDTO2.getPublicCert(), tenantId, tenantDomain);
            return;
        }
        if (trustedIdPDO2.getPublicCertThumbPrint() == null && trustedIdPDO.getPublicCertThumbPrint() != null) {
            IdentityProviderMgtUtil.importCertToStore(trustedIdPDTO2.getIdPName(), trustedIdPDTO2.getPublicCert(), tenantId, tenantDomain);
        } else {
            if (trustedIdPDO2.getPublicCertThumbPrint() == null || trustedIdPDO.getPublicCertThumbPrint() != null) {
                return;
            }
            IdentityProviderMgtUtil.deleteCertFromStore(trustedIdPDTO.getIdPName(), tenantId, tenantDomain);
        }
    }

    private void doAddIdP(TrustedIdPDTO trustedIdPDTO, int i, String str) throws IdentityProviderMgtException {
        TrustedIdPDO trustedIdPDO = new TrustedIdPDO();
        if (trustedIdPDTO.getIdPName() == null || trustedIdPDTO.getIdPName().equals("")) {
            log.error("Invalid arguments: IdP Name value is empty");
            throw new IdentityProviderMgtException("Invalid arguments: IdP Name value is empty");
        }
        trustedIdPDO.setIdPName(trustedIdPDTO.getIdPName());
        if (this.dao.isTenantIdPExisting(null, trustedIdPDO, i, str) > 0) {
            String str2 = "An IdP has already been registered with the name " + trustedIdPDO.getIdPName() + " for tenant " + str;
            log.error(str2);
            throw new IdentityProviderMgtException(str2);
        }
        trustedIdPDO.setIdPIssuerId(trustedIdPDTO.getIdPIssuerId());
        trustedIdPDO.setPrimary(trustedIdPDTO.isPrimary());
        trustedIdPDO.setIdPUrl(trustedIdPDTO.getIdPUrl());
        if (trustedIdPDTO.getPublicCert() != null) {
            trustedIdPDO.setPublicCertThumbPrint(IdentityProviderMgtUtil.generatedThumbPrint(trustedIdPDTO.getPublicCert()));
        }
        if (trustedIdPDTO.getRoles() == null || trustedIdPDTO.getRoles().length <= 0) {
            trustedIdPDO.setRoles(new ArrayList());
        } else {
            trustedIdPDO.setRoles(new ArrayList(Arrays.asList(trustedIdPDTO.getRoles())));
        }
        Iterator<String> it = trustedIdPDO.getRoles().iterator();
        while (it.hasNext()) {
            if (it.next().equals("")) {
                log.error("Invalid arguments: role name strings cannot be of zero length");
                throw new IdentityProviderMgtException("Invalid arguments: role name strings cannot be of zero length");
            }
        }
        HashMap hashMap = new HashMap();
        if (trustedIdPDTO.getRoleMappings() != null && trustedIdPDTO.getRoleMappings().length > 0) {
            for (String str3 : trustedIdPDTO.getRoleMappings()) {
                String[] split = str3.split(":");
                try {
                    AbstractUserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                    if (!userStoreManager.isExistingRole(split[1]) || (userStoreManager.isSharedGroupEnabled() && !userStoreManager.isExistingRole(split[1], true))) {
                        String str4 = "Cannot find tenant role " + split[1] + " for tenant " + str;
                        log.error(str4);
                        throw new IdentityProviderMgtException(str4);
                    }
                    hashMap.put(split[0], split[1]);
                } catch (UserStoreException e) {
                    String str5 = "Error occurred while retrieving UserStoreManager for tenant " + str;
                    log.error(str5);
                    throw new IdentityProviderMgtException(str5);
                }
            }
        }
        trustedIdPDO.setRoleMappings(hashMap);
        if (trustedIdPDTO.getAudience() != null) {
            trustedIdPDO.setAudience(new ArrayList(Arrays.asList(trustedIdPDTO.getAudience())));
        } else {
            trustedIdPDO.setAudience(new ArrayList());
        }
        if (trustedIdPDTO.getTokenEPAlias() == null || trustedIdPDTO.getTokenEPAlias().equals("")) {
            log.error("Invalid arguments: OAuth2 Token Endpoint name cannot be 'NULL' or empty");
            throw new IdentityProviderMgtException("Invalid arguments: OAuth2 Token Endpoint name cannot be 'NULL' or empty");
        }
        trustedIdPDO.setTokenEPAlias(trustedIdPDTO.getTokenEPAlias());
        this.dao.addTenantIdP(trustedIdPDO, i, str);
        if (trustedIdPDTO.getPublicCert() != null) {
            IdentityProviderMgtUtil.importCertToStore(trustedIdPDTO.getIdPName(), trustedIdPDTO.getPublicCert(), i, str);
        }
    }

    private void doDeleteIdP(TrustedIdPDTO trustedIdPDTO, int i, String str) throws IdentityProviderMgtException {
        TrustedIdPDO trustedIdPDO = new TrustedIdPDO();
        if (trustedIdPDTO.getIdPName() == null || trustedIdPDTO.getIdPName().equals("")) {
            log.error("Invalid arguments: IdP Name value is empty");
            throw new IdentityProviderMgtException("Invalid arguments: IdP Name value is empty");
        }
        trustedIdPDO.setIdPName(trustedIdPDTO.getIdPName());
        trustedIdPDO.setIdPIssuerId(trustedIdPDTO.getIdPIssuerId());
        trustedIdPDO.setIdPUrl(trustedIdPDTO.getIdPUrl());
        this.dao.deleteTenantIdP(trustedIdPDO, i, str);
        IdentityProviderMgtUtil.deleteCertFromStore(trustedIdPDTO.getIdPName(), i, str);
    }
}
