package org.wso2.carbon.appfactory.ext;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.appfactory.common.AppFactoryException;
import org.wso2.carbon.appfactory.common.util.AppFactoryUtil;
import org.wso2.carbon.appfactory.ext.authorization.AppFactorySecurityPermission;
import org.wso2.carbon.appfactory.ext.internal.AuthorizationMetaDataHolder;
import org.wso2.carbon.appfactory.ext.internal.ServiceHolder;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.multitenancy.utils.TenantAxisUtils;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/appfactory/ext/Util.class */
public class Util {
    private static final Log log = LogFactory.getLog(Util.class);

    public static String getCurrentArtifactName() {
        String applicationName = CarbonContext.getThreadLocalCarbonContext().getApplicationName();
        String str = null;
        if (applicationName != null && applicationName.contains("-")) {
            str = applicationName.substring(0, applicationName.indexOf("-"));
        }
        return str;
    }

    public static boolean pathContainsCurrentArtifactName(String str) {
        return Pattern.compile(".*/" + getCurrentArtifactName() + "/.*").matcher(str).matches();
    }

    public static boolean isCurrentTenantLoaded() throws UserStoreException {
        try {
            return TenantAxisUtils.getLastAccessed(CarbonContext.getThreadLocalCarbonContext().getTenantDomain(), ServiceHolder.getInstance().getConfigContextService().getServerConfigContext()) != -1;
        } catch (Exception e) {
            throw new UserStoreException("Failed to get active list of tenants.", e);
        }
    }

    public static boolean isApplicationSpecificRequest() throws UserStoreException {
        String applicationName = CarbonContext.getThreadLocalCarbonContext().getApplicationName();
        if (log.isDebugEnabled()) {
            log.debug("Current application name in carbon context:" + applicationName);
        }
        return (applicationName == null || AuthorizationMetaDataHolder.getInstance().getAdminServices().contains(applicationName) || AuthorizationMetaDataHolder.getInstance().getHiddenServices().contains(applicationName)) ? false : true;
    }

    public static boolean isUserMgtPermissionsAllowed() throws UserStoreException {
        boolean z = false;
        RealmService realmService = ServiceHolder.getInstance().getRealmService();
        try {
            String applicationName = CarbonContext.getThreadLocalCarbonContext().getApplicationName();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setApplicationName((String) null);
            AuthorizationManager authorizationManager = realmService.getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()).getAuthorizationManager();
            String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
            if (username != null) {
                z = authorizationManager.isUserAuthorized(username, "/permission/admin", "ui.execute");
            }
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setApplicationName(applicationName);
            return z;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            String str = "Failed to get the tenant user realm of tenant:" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            log.error(str, e);
            throw new UserStoreException(str, e);
        }
    }

    public static void checkAuthorizationForUserRealm() throws UserStoreException {
        RealmService realmService = ServiceHolder.getInstance().getRealmService();
        String roleNameForApplication = AppFactoryUtil.getRoleNameForApplication(getCurrentArtifactName());
        try {
            String applicationName = CarbonContext.getThreadLocalCarbonContext().getApplicationName();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setApplicationName((String) null);
            boolean isRoleAuthorized = realmService.getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()).getAuthorizationManager().isRoleAuthorized(roleNameForApplication, "/permission/admin/appfactory/realm", "consume");
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setApplicationName(applicationName);
            if (isRoleAuthorized) {
                return;
            }
            String str = "Application:" + getCurrentArtifactName() + " is trying to perform user realm actions. Application must have been authorized by privileged user to allow user realm actions.";
            log.warn(str);
            throw new UserStoreException(str);
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            String str2 = "Failed to check role:" + roleNameForApplication + " authorization for resource:/permission/admin/appfactory/realm on action:consume";
            log.error(str2, e);
            throw new UserStoreException(str2, e);
        }
    }

    public static void checkNonModifiablePermissions(String str) throws UserStoreException {
        if (str != null) {
            try {
                if (AuthorizationMetaDataHolder.getInstance().getAppFactoryPermissions().contains(str.trim())) {
                    String str2 = getCurrentArtifactName() + " is trying to modify AppFactory specific system permissions. Applications are not allowed to modify AppFactory specific system permissions.";
                    log.warn(str2);
                    throw new UserStoreException(str2);
                }
            } catch (AppFactoryException e) {
                log.error("Failed to get appfactory permissions.", e);
                throw new UserStoreException("Failed to get appfactory permissions.", e);
            }
        }
    }

    public static void checkNonModifiableRoles(String[] strArr) throws UserStoreException {
        if (strArr != null) {
            if (!Collections.disjoint(AuthorizationMetaDataHolder.getInstance().getSecuredRoles(), new HashSet(Arrays.asList(strArr)))) {
                String str = getCurrentArtifactName() + " is trying to modify AppFactory specific system roles. Applications are not allowed to modify AppFactory specific system roles.";
                log.warn(str);
                throw new UserStoreException(str);
            }
            for (String str2 : strArr) {
                if (AppFactoryUtil.isAppRole(str2)) {
                    String str3 = getCurrentArtifactName() + " is trying to modify AppFactory application specific system role:" + str2 + " Applications are not allowed to modify AppFactory application specific system roles.";
                    log.warn(str3);
                    throw new UserStoreException(str3);
                }
            }
        }
    }

    public static void checkUserInNonModifiableRole(String str) throws UserStoreException {
        if (str != null) {
            try {
                UserRealm tenantUserRealm = ServiceHolder.getInstance().getRealmService().getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId());
                HashSet hashSet = new HashSet(Arrays.asList(tenantUserRealm.getUserStoreManager().getRoleListOfUser(str)));
                String everyOneRoleName = tenantUserRealm.getRealmConfiguration().getEveryOneRoleName();
                if (hashSet.contains(everyOneRoleName)) {
                    hashSet.remove(everyOneRoleName);
                }
                checkNonModifiableRoles((String[]) hashSet.toArray(new String[hashSet.size()]));
            } catch (org.wso2.carbon.user.api.UserStoreException e) {
                String str2 = "Failed to get the tenant user realm of tenant:" + CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                log.error(str2, e);
                throw new UserStoreException(str2, e);
            }
        }
    }

    public static boolean isRequestFromSystemCode() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null) {
            return true;
        }
        try {
            securityManager.checkPermission(new AppFactorySecurityPermission("RegistryPermission"));
            return true;
        } catch (RuntimeException e) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug(e);
            return false;
        }
    }
}
