package org.wso2.carbon.identity.scim.common.listener;

import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.scim.common.config.SCIMProvisioningConfigManager;
import org.wso2.carbon.identity.scim.common.group.SCIMGroupHandler;
import org.wso2.carbon.identity.scim.common.utils.AttributeMapper;
import org.wso2.carbon.identity.scim.common.utils.IdentitySCIMException;
import org.wso2.carbon.identity.scim.common.utils.SCIMCommonConstants;
import org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.ClaimManager;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.listener.UserOperationEventListener;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.charon.core.exceptions.CharonException;
import org.wso2.charon.core.exceptions.NotFoundException;
import org.wso2.charon.core.objects.Group;
import org.wso2.charon.core.objects.User;
import org.wso2.charon.core.provisioning.ProvisioningHandler;
import org.wso2.charon.core.util.AttributeUtil;

/* loaded from: input_file:org/wso2/carbon/identity/scim/common/listener/SCIMUserOperationListener.class */
public class SCIMUserOperationListener implements UserOperationEventListener {
    private static Log log = LogFactory.getLog(SCIMUserOperationListener.class);
    private ExecutorService provisioningThreadPool = Executors.newCachedThreadPool();
    private String provisioningHandlerImplClass = SCIMProvisioningConfigManager.getProvisioningHandlers()[0];

    public int getExecutionOrderId() {
        return 1;
    }

    public boolean doPreAuthenticate(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostAuthenticate(String str, boolean z, UserStoreManager userStoreManager) throws UserStoreException {
        String userClaimValue;
        try {
            if (!userStoreManager.isSCIMEnabled() || (userClaimValue = userStoreManager.getUserClaimValue(str, "urn:scim:schemas:core:1.0:active", (String) null)) == null) {
                return true;
            }
            if (Boolean.parseBoolean(userClaimValue)) {
                return z;
            }
            log.error("Trying to login from an inactive account of user: " + str);
            return false;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            throw new UserStoreException(e);
        }
    }

    public boolean doPreAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        User user;
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            Map<String, String> map2 = null;
            try {
                if (userStoreManager.isSCIMEnabled()) {
                    ClaimMapping[] allClaimMappings = userStoreManager.getClaimManager().getAllClaimMappings(SCIMCommonUtils.SCIM_CLAIM_DIALECT);
                    ArrayList arrayList = new ArrayList();
                    for (ClaimMapping claimMapping : allClaimMappings) {
                        arrayList.add(claimMapping.getClaim().getClaimUri());
                    }
                    map2 = userStoreManager.getUserClaimValues(str, (String[]) arrayList.toArray(new String[arrayList.size()]), (String) null);
                    if (map2 == null || map2.isEmpty()) {
                        userStoreManager.setUserClaimValues(str, getSCIMAttributes(str, null), (String) null);
                    } else if (!map2.containsKey("urn:scim:schemas:core:1.0:id")) {
                        Map<String, String> sCIMAttributes = getSCIMAttributes(str, map2);
                        SCIMCommonUtils.setThreadLocalToSkipSetUserClaimsListeners(true);
                        userStoreManager.setUserClaimValues(str, sCIMAttributes, (String) null);
                    } else if (!map2.containsKey("urn:scim:schemas:core:1.0:userName")) {
                        map2.put("urn:scim:schemas:core:1.0:userName", str);
                    }
                }
                try {
                    try {
                        String sCIMConsumerId = getSCIMConsumerId();
                        if (sCIMConsumerId != null && isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                            if (map2 == null || map2.size() == 0) {
                                user = new User();
                                user.setUserName(str);
                            } else {
                                user = (User) AttributeMapper.constructSCIMObjectFromAttributes(map2, 1);
                            }
                            user.setPassword((String) obj);
                            new HashMap();
                            this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromUser(sCIMConsumerId, user, 2, null));
                        }
                        return true;
                    } catch (NotFoundException e) {
                        throw new UserStoreException("Error in constructing SCIM object from attributes when provisioning.");
                    }
                } catch (CharonException e2) {
                    throw new UserStoreException("Error in constructing SCIM object from attributes when provisioning.");
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e3) {
                throw new UserStoreException("Error when updating SCIM attributes of the user.");
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e4) {
            throw new UserStoreException(e4);
        }
    }

    public boolean doPreUpdateCredential(String str, Object obj, Object obj2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateCredential(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        return doPostUpdateCredentialByAdmin(CarbonContext.getThreadLocalCarbonContext().getUsername(), obj, userStoreManager);
    }

    public boolean doPreUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateCredentialByAdmin(String str, Object obj, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            try {
                if (userStoreManager.isSCIMEnabled()) {
                    userStoreManager.setUserClaimValue(str, "urn:scim:schemas:core:1.0:meta.lastModified", AttributeUtil.formatDateTime(new Date()), (String) null);
                }
                try {
                    String sCIMConsumerId = getSCIMConsumerId();
                    String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
                    if (username != null) {
                        boolean z = username.equals(str);
                        if (!z) {
                            z = isProvisioningActionAuthorized(false, null);
                        }
                        if (z && isSCIMConsumerEnabled(sCIMConsumerId)) {
                            User user = new User();
                            user.setUserName(str);
                            user.setPassword((String) obj);
                            this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromUser(sCIMConsumerId, user, 4, null));
                        }
                    }
                    return true;
                } catch (CharonException e) {
                    throw new UserStoreException("Error in provisioning 'update credential by admin' operation");
                }
            } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                log.debug(e2);
                throw new UserStoreException("Error in obtaining user store information: isSCIMEnabled", e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw new UserStoreException(e3);
        }
    }

    public boolean doPreDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            try {
                String sCIMConsumerId = getSCIMConsumerId();
                if (isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                    User user = new User();
                    user.setUserName(str);
                    this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromUser(sCIMConsumerId, user, 3, null));
                }
                return true;
            } catch (CharonException e) {
                throw new UserStoreException("Error in provisioning delete operation");
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e2) {
            throw new UserStoreException(e2);
        }
    }

    public boolean doPostDeleteUser(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostSetUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        ClaimManager claimManager;
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            if ((SCIMCommonUtils.getThreadLocalToSkipSetUserClaimsListeners() == null || SCIMCommonUtils.getThreadLocalToSkipSetUserClaimsListeners().booleanValue()) && SCIMCommonUtils.getThreadLocalToSkipSetUserClaimsListeners() != null) {
                return true;
            }
            try {
                if (userStoreManager.isSCIMEnabled()) {
                    userStoreManager.setUserClaimValue(str, "urn:scim:schemas:core:1.0:meta.lastModified", AttributeUtil.formatDateTime(new Date()), (String) null);
                    String userClaimValue = userStoreManager.getUserClaimValue(str, "urn:scim:schemas:core:1.0:userName", (String) null);
                    String sCIMConsumerId = getSCIMConsumerId();
                    if (isProvisioningActionAuthorized(true, userClaimValue) && isSCIMConsumerEnabled(sCIMConsumerId) && map != null && map.size() != 0 && (claimManager = userStoreManager.getClaimManager()) != null) {
                        ClaimMapping[] allClaimMappings = claimManager.getAllClaimMappings(SCIMCommonUtils.SCIM_CLAIM_DIALECT);
                        ArrayList arrayList = new ArrayList();
                        for (ClaimMapping claimMapping : allClaimMappings) {
                            arrayList.add(claimMapping.getClaim().getClaimUri());
                        }
                        Map userClaimValues = userStoreManager.getUserClaimValues(str, (String[]) arrayList.toArray(new String[arrayList.size()]), (String) null);
                        if (!userClaimValues.containsKey("urn:scim:schemas:core:1.0:userName")) {
                            userClaimValues.put("urn:scim:schemas:core:1.0:userName", str);
                        }
                        this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromUser(sCIMConsumerId, (User) AttributeMapper.constructSCIMObjectFromAttributes(userClaimValues, 1), 4, null));
                    }
                }
                return true;
            } catch (CharonException e) {
                throw new UserStoreException("Error in constructing SCIM User object from claimswhile provisioning 'update user' operation.");
            } catch (org.wso2.carbon.user.api.UserStoreException e2) {
                throw new UserStoreException("Error in retrieving claim values while provisioning 'update user' operation.");
            } catch (NotFoundException e3) {
                throw new UserStoreException("Error in constructing SCIM User object from claimswhile provisioning 'update user' operation.");
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e4) {
            throw new UserStoreException(e4);
        }
    }

    public boolean doPreDeleteUserClaimValues(String str, String[] strArr, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostDeleteUserClaimValues(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPreDeleteUserClaimValue(String str, String str2, String str3, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostDeleteUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPreAddRole(String str, String[] strArr, Permission[] permissionArr, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostAddRole(String str, String[] strArr, Permission[] permissionArr, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
            String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
            if (domainName == null) {
                domainName = "PRIMARY";
            }
            String str2 = domainName + "/" + str;
            try {
                if (!sCIMGroupHandler.isGroupExisting(str2)) {
                    sCIMGroupHandler.addMandatoryAttributes(str2);
                }
                try {
                    String sCIMConsumerId = getSCIMConsumerId();
                    if (isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                        Group group = new Group();
                        group.setDisplayName(str);
                        if (strArr != null && strArr.length != 0) {
                            for (String str3 : strArr) {
                                HashMap hashMap = new HashMap();
                                hashMap.put("display", str3);
                                group.setMember(hashMap);
                            }
                        }
                        this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromGroup(sCIMConsumerId, group, 2, null));
                    }
                    return true;
                } catch (CharonException e) {
                    throw new UserStoreException("Error in constructing SCIM object from attributes when provisioning.");
                }
            } catch (IdentitySCIMException e2) {
                throw new UserStoreException("Error retrieving group information from SCIM Tables.", e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw new UserStoreException(e3);
        }
    }

    public boolean doPreDeleteRole(String str, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
            String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
            if (domainName == null) {
                domainName = "PRIMARY";
            }
            try {
                sCIMGroupHandler.deleteGroupAttributes(domainName + "/" + str);
                try {
                    String sCIMConsumerId = getSCIMConsumerId();
                    if (isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                        Group group = new Group();
                        group.setDisplayName(str);
                        this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromGroup(sCIMConsumerId, group, 3, null));
                    }
                    return true;
                } catch (CharonException e) {
                    throw new UserStoreException("Error in provisioning delete operation");
                }
            } catch (IdentitySCIMException e2) {
                throw new UserStoreException("Error retrieving group information from SCIM Tables.", e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw new UserStoreException(e3);
        }
    }

    public boolean doPostDeleteRole(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPreUpdateRoleName(String str, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateRoleName(String str, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            SCIMGroupHandler sCIMGroupHandler = new SCIMGroupHandler(userStoreManager.getTenantId());
            String domainName = UserCoreUtil.getDomainName(userStoreManager.getRealmConfiguration());
            if (domainName == null) {
                domainName = "PRIMARY";
            }
            try {
                sCIMGroupHandler.updateRoleName(domainName + "/" + str, domainName + "/" + str2);
                try {
                    String sCIMConsumerId = getSCIMConsumerId();
                    if (isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                        HashMap hashMap = new HashMap();
                        hashMap.put(SCIMCommonConstants.IS_ROLE_NAME_CHANGED_ON_UPDATE, true);
                        hashMap.put(SCIMCommonConstants.OLD_GROUP_NAME, str);
                        Group group = new Group();
                        group.setDisplayName(str2);
                        this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromGroup(sCIMConsumerId, group, 4, hashMap));
                    }
                    return true;
                } catch (CharonException e) {
                    throw new UserStoreException("Error in provisioning delete operation");
                }
            } catch (IdentitySCIMException e2) {
                throw new UserStoreException("Error updating group information in SCIM Tables.", e2);
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e3) {
            throw new UserStoreException(e3);
        }
    }

    public boolean doPreUpdateUserListOfRole(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateUserListOfRole(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!userStoreManager.isSCIMEnabled()) {
                return true;
            }
            try {
                String sCIMConsumerId = getSCIMConsumerId();
                if (isProvisioningActionAuthorized(false, null) && isSCIMConsumerEnabled(sCIMConsumerId)) {
                    Group group = new Group();
                    group.setDisplayName(str);
                    String[] userListOfRole = userStoreManager.getUserListOfRole(str);
                    if (userListOfRole != null && userListOfRole.length != 0) {
                        for (String str2 : userListOfRole) {
                            HashMap hashMap = new HashMap();
                            hashMap.put("display", str2);
                            group.setMember(hashMap);
                        }
                    }
                    this.provisioningThreadPool.submit((Runnable) getProvisioningHandlerFromGroup(sCIMConsumerId, group, 4, null));
                }
                return true;
            } catch (CharonException e) {
                throw new UserStoreException("Error in provisioning delete operation");
            }
        } catch (org.wso2.carbon.user.api.UserStoreException e2) {
            throw new UserStoreException(e2);
        }
    }

    public boolean doPreUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public boolean doPostUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2, UserStoreManager userStoreManager) throws UserStoreException {
        return true;
    }

    public Map<String, String> getSCIMAttributes(String str, Map<String, String> map) {
        Map<String, String> hashMap = (map == null || map.isEmpty()) ? new HashMap() : map;
        hashMap.put("urn:scim:schemas:core:1.0:id", UUID.randomUUID().toString());
        String formatDateTime = AttributeUtil.formatDateTime(new Date());
        hashMap.put("urn:scim:schemas:core:1.0:meta.created", formatDateTime);
        hashMap.put("urn:scim:schemas:core:1.0:meta.lastModified", formatDateTime);
        hashMap.put("urn:scim:schemas:core:1.0:userName", str);
        return hashMap;
    }

    private boolean isSCIMConsumerEnabled(String str) {
        return SCIMProvisioningConfigManager.isConsumerRegistered(str);
    }

    private String getSCIMConsumerId() throws CharonException {
        String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (log.isDebugEnabled()) {
            log.debug("Provisioning consumer info: based on carbon context details:user name: " + username + ", tenant domain: " + tenantDomain);
        }
        return (SCIMCommonUtils.getThreadLocalIsManagedThroughSCIMEP() == null || !SCIMCommonUtils.getThreadLocalIsManagedThroughSCIMEP().booleanValue()) ? tenantDomain : username + "@" + tenantDomain;
    }

    private boolean isProvisioningActionAuthorized(boolean z, String str) throws UserStoreException {
        String str2 = null;
        String str3 = null;
        try {
            str2 = CarbonContext.getThreadLocalCarbonContext().getUsername();
            str3 = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            if (str2 == null || str3 == null) {
                return false;
            }
            RealmService realmService = (RealmService) PrivilegedCarbonContext.getThreadLocalCarbonContext().getOSGiService(RealmService.class);
            AuthorizationManager authorizationManager = realmService.getTenantUserRealm(realmService.getTenantManager().getTenantId(str3)).getAuthorizationManager();
            boolean isUserAuthorized = authorizationManager.isUserAuthorized(str2, SCIMCommonConstants.PROVISIONING_ADMIN_PERMISSION, SCIMCommonConstants.RESOURCE_TO_BE_AUTHORIZED);
            if (isUserAuthorized) {
                return true;
            }
            if (!isUserAuthorized && z && str2.equals(str)) {
                return authorizationManager.isUserAuthorized(str2, SCIMCommonConstants.PROVISIONING_USER_PERMISSION, SCIMCommonConstants.RESOURCE_TO_BE_AUTHORIZED);
            }
            return false;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            throw new UserStoreException("Error in authorizing user: " + str2 + str3 + " for provisioning.");
        }
    }

    private ProvisioningHandler getProvisioningHandlerFromUser(String str, User user, int i, Map<String, Object> map) {
        ProvisioningHandler provisioningHandler = null;
        try {
            provisioningHandler = (ProvisioningHandler) Class.forName(this.provisioningHandlerImplClass).getConstructor(String.class, User.class, Integer.TYPE, Map.class).newInstance(str, user, Integer.valueOf(i), map);
        } catch (ClassNotFoundException e) {
            log.error("Cannot find class: " + this.provisioningHandlerImplClass);
        } catch (IllegalAccessException e2) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        } catch (InstantiationException e3) {
            log.error("Error instantiating: " + this.provisioningHandlerImplClass);
        } catch (NoSuchMethodException e4) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        } catch (InvocationTargetException e5) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        }
        return provisioningHandler;
    }

    private ProvisioningHandler getProvisioningHandlerFromGroup(String str, Group group, int i, Map<String, Object> map) {
        ProvisioningHandler provisioningHandler = null;
        try {
            provisioningHandler = (ProvisioningHandler) Class.forName(this.provisioningHandlerImplClass).getConstructor(String.class, Group.class, Integer.TYPE, Map.class).newInstance(str, group, Integer.valueOf(i), map);
        } catch (ClassNotFoundException e) {
            log.error("Cannot find class: " + this.provisioningHandlerImplClass);
        } catch (IllegalAccessException e2) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        } catch (InstantiationException e3) {
            log.error("Error instantiating: " + this.provisioningHandlerImplClass);
        } catch (NoSuchMethodException e4) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        } catch (InvocationTargetException e5) {
            log.error("Error while initializing " + this.provisioningHandlerImplClass);
        }
        return provisioningHandler;
    }
}
