package org.wso2.carbon.appfactory.application.mgt.listners;

import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.appfactory.common.AppFactoryException;
import org.wso2.carbon.appfactory.common.util.AppFactoryUtil;
import org.wso2.carbon.appfactory.core.ApplicationEventsHandler;
import org.wso2.carbon.appfactory.core.dto.Application;
import org.wso2.carbon.appfactory.core.dto.UserInfo;
import org.wso2.carbon.appfactory.core.dto.Version;
import org.wso2.carbon.appfactory.eventing.AppFactoryEventException;
import org.wso2.carbon.appfactory.eventing.Event;
import org.wso2.carbon.appfactory.eventing.EventNotifier;
import org.wso2.carbon.appfactory.eventing.builder.utils.AppCreationEventBuilderUtil;
import org.wso2.carbon.appfactory.utilities.security.authorization.RemoteAuthorizationMgtClient;
import org.wso2.carbon.user.core.Permission;

/* loaded from: input_file:org/wso2/carbon/appfactory/application/mgt/listners/EnvironmentAuthorizationListener.class */
public class EnvironmentAuthorizationListener extends ApplicationEventsHandler {
    private static Log log = LogFactory.getLog(EnvironmentAuthorizationListener.class);

    public EnvironmentAuthorizationListener(String str, int i) {
        super(str, i);
    }

    public void onCreation(Application application, String str, String str2, boolean z) throws AppFactoryException {
        log.info("EnvironmentAuthorizationListener was called for application:" + application.getId() + " creation event.");
        authorizeRole(AppFactoryUtil.getRoleNameForApplication(application.getId()), str, new Permission[]{new Permission("/permission/admin/appfactory/belongs/toapplication", "ui.execute")});
        try {
            EventNotifier.getInstance().notify(AppCreationEventBuilderUtil.buildApplicationCreationEvent("Application " + application.getName() + " is successfully authorized for all Cloud environments", "", Event.Category.INFO));
        } catch (AppFactoryEventException e) {
            log.error("Failed to notify Cloud environment authorization events", e);
        }
    }

    public void onDeletion(Application application, String str, String str2) throws AppFactoryException {
        clearRoleAuthorization(AppFactoryUtil.getRoleNameForApplication(application.getId()), str);
    }

    public void onUserAddition(Application application, UserInfo userInfo, String str) throws AppFactoryException {
    }

    public void onUserDeletion(Application application, UserInfo userInfo, String str) throws AppFactoryException {
    }

    public void onUserUpdate(Application application, UserInfo userInfo, String str) throws AppFactoryException {
    }

    public void onRevoke(Application application, String str) throws AppFactoryException {
    }

    public void onVersionCreation(Application application, Version version, Version version2, String str, String str2) throws AppFactoryException {
    }

    public void onLifeCycleStageChange(Application application, Version version, String str, String str2, String str3) throws AppFactoryException {
    }

    public boolean hasExecuted(Application application, String str, String str2) throws AppFactoryException {
        return isRoleAuthorized(AppFactoryUtil.getRoleNameForApplication(application.getId()), str, new Permission[]{new Permission("/permission/admin/appfactory/belongs/toapplication", "ui.execute")});
    }

    private void authorizeRole(String str, String str2, Permission[] permissionArr) throws AppFactoryException {
        boolean z = false;
        Map baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
        if (baseAccessURLs.isEmpty()) {
            log.error("Could not find any remote server URLs configured for cloud environments.");
            throw new AppFactoryException("Could not find any remote server URLs configured for cloud environments.");
        }
        for (Map.Entry entry : baseAccessURLs.entrySet()) {
            String str3 = (String) entry.getKey();
            try {
                String str4 = (String) entry.getValue();
                RemoteAuthorizationMgtClient remoteAuthorizationMgtClient = new RemoteAuthorizationMgtClient(!str4.endsWith("/") ? str4 + "/services/" : str4 + "services/");
                AppFactoryUtil.setAuthHeaders(remoteAuthorizationMgtClient.getStub()._getServiceClient(), str2);
                for (Permission permission : permissionArr) {
                    try {
                        remoteAuthorizationMgtClient.authorizeRole(str, permission.getResourceId(), permission.getAction());
                    } catch (Exception e) {
                        log.error("Failed to authorize role:" + str + " ,permission:" + permission.getResourceId() + " ,action:" + permission.getAction() + " on stage:" + str3, e);
                        z = true;
                    }
                }
            } catch (Exception e2) {
                log.error("Failed to authorize role:" + str + " on stage:" + str3, e2);
                z = true;
            }
        }
        if (z) {
            throw new AppFactoryException("Failed to authorize role:" + str);
        }
    }

    private void clearRoleAuthorization(String str, String str2) throws AppFactoryException {
        boolean z = false;
        Map baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
        if (baseAccessURLs.isEmpty()) {
            log.error("Could not find any remote server URLs configured for cloud environments.");
            throw new AppFactoryException("Could not find any remote server URLs configured for cloud environments.");
        }
        for (Map.Entry entry : baseAccessURLs.entrySet()) {
            String str3 = (String) entry.getKey();
            try {
                String str4 = (String) entry.getValue();
                RemoteAuthorizationMgtClient remoteAuthorizationMgtClient = new RemoteAuthorizationMgtClient(!str4.endsWith("/") ? str4 + "/services/" : str4 + "services/");
                AppFactoryUtil.setAuthHeaders(remoteAuthorizationMgtClient.getStub()._getServiceClient(), str2);
                try {
                    remoteAuthorizationMgtClient.clearAllRoleAuthorization(str);
                } catch (Exception e) {
                    String str5 = "Failed to clear authorization for role:" + str + " on stage:" + str3;
                    log.error(str5);
                    if (log.isDebugEnabled()) {
                        log.debug(str5, e);
                    }
                    z = true;
                }
            } catch (Exception e2) {
                String str6 = "Failed to clear role:" + str + " on stage:" + str3;
                log.error(str6);
                if (log.isDebugEnabled()) {
                    log.debug(str6, e2);
                }
                z = true;
            }
        }
        if (z) {
            throw new AppFactoryException("Failed to clear role:" + str);
        }
    }

    private boolean isRoleAuthorized(String str, String str2, Permission[] permissionArr) throws AppFactoryException {
        boolean z = true;
        Map baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
        if (baseAccessURLs.isEmpty()) {
            log.error("Could not find any remote server URLs configured for cloud environments.");
            throw new AppFactoryException("Could not find any remote server URLs configured for cloud environments.");
        }
        for (Map.Entry entry : baseAccessURLs.entrySet()) {
            String str3 = (String) entry.getKey();
            try {
                String str4 = (String) entry.getValue();
                RemoteAuthorizationMgtClient remoteAuthorizationMgtClient = new RemoteAuthorizationMgtClient(!str4.endsWith("/") ? str4 + "/services/" : str4 + "services/");
                AppFactoryUtil.setAuthHeaders(remoteAuthorizationMgtClient.getStub()._getServiceClient(), str2);
                for (Permission permission : permissionArr) {
                    try {
                        z = remoteAuthorizationMgtClient.isRoleAuthorized(str, permission.getResourceId(), permission.getAction());
                        if (!z) {
                            return z;
                        }
                    } catch (Exception e) {
                        log.error("Failed to authorize role:" + str + " ,permission:" + permission.getResourceId() + " ,action:" + permission.getAction() + " on stage:" + str3, e);
                        z = false;
                        return false;
                    }
                }
            } catch (Exception e2) {
                log.error("Failed to clear role:" + str + " on stage:" + str3, e2);
            }
        }
        return z;
    }

    public void onFork(Application application, String str, String str2, String str3, String[] strArr) throws AppFactoryException {
    }
}
