package org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.claim.mgt.ClaimManagerHandler;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandler.class */
public class DefaultClaimHandler implements ClaimHandler {
    private static Log log = LogFactory.getLog(DefaultClaimHandler.class);
    private static volatile DefaultClaimHandler instance;

    public static DefaultClaimHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultClaimHandler.class) {
                if (instance == null) {
                    instance = new DefaultClaimHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler
    public Map<String, String> handleClaimMappings(StepConfig stepConfig, AuthenticationContext authenticationContext, Map<String, String> map, boolean z) throws FrameworkException {
        if (!z) {
            return handleLocalClaims(stepConfig != null ? stepConfig.getAuthenticatedUser() : authenticationContext.getSequenceConfig().getAuthenticatedUser(), authenticationContext);
        }
        String requestType = authenticationContext.getRequestType();
        ExternalIdPConfig externalIdP = authenticationContext.getExternalIdP();
        ApplicationConfig applicationConfig = authenticationContext.getSequenceConfig().getApplicationConfig();
        return handleFederatedClaims(getDialectUri(requestType, applicationConfig.getRequestedClaimMappings() != null && applicationConfig.getRequestedClaimMappings().size() > 0), applicationConfig.getClaimMappings(), stepConfig.getAuthenticatedAutenticator().getApplicationAuthenticator().getClaimDialectURI(), externalIdP.getClaimMappings(), map, externalIdP.useDefaultLocalIdpDialect(), applicationConfig.getRequestedClaimMappings(), authenticationContext.getTenantDomain(), authenticationContext);
    }

    private Map<String, String> getFilteredAttributes(Map<String, String> map, Map<String, String> map2, boolean z) {
        boolean z2 = false;
        if (map2 != null && map2.size() > 0) {
            z2 = true;
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (z || entry.getKey() == null || !z2 || !map2.containsKey(entry.getKey())) {
                hashMap.put(entry.getKey(), entry.getValue());
            } else {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    protected Map<String, String> handleFederatedClaims(String str, Map<String, String> map, String str2, ClaimMapping[] claimMappingArr, Map<String, String> map2, boolean z, Map<String, String> map3, String str3, AuthenticationContext authenticationContext) throws FrameworkException {
        Map<String, String> claimMappings;
        Map<String, String> map4;
        String str4;
        String str5;
        HashMap hashMap = new HashMap();
        if (map2 != null) {
            try {
                if (!map2.isEmpty()) {
                    if (str2 != null && str != null && str.equals(str2)) {
                        log.debug("Federated IDP and SP are using common dialect. NO claim mapping required. Continuing!");
                        return getFilteredAttributes(map2, map3, str != null);
                    }
                    if (str2 == null && z) {
                        str2 = "http://wso2.org/claims";
                    }
                    if (str2 != null) {
                        claimMappings = getClaimMappings(str2, map2.keySet(), str3, true);
                    } else {
                        if (claimMappingArr == null || claimMappingArr.length <= 0) {
                            return map2;
                        }
                        claimMappings = FrameworkUtils.getClaimMappings(claimMappingArr, false);
                    }
                    if (str == null && (map == null || map.size() == 0)) {
                        str = "http://wso2.org/claims";
                    }
                    if (str != null) {
                        map4 = getClaimMappings(str, null, str3, false);
                    } else {
                        if (map == null || map.size() <= 0) {
                            return map2;
                        }
                        map4 = map;
                    }
                    HashMap hashMap2 = new HashMap();
                    for (Map.Entry<String, String> entry : map4.entrySet()) {
                        if (entry.getValue() != null && (str4 = claimMappings.get(entry.getValue())) != null && (str5 = map2.get(str4)) != null) {
                            hashMap.put(entry.getKey(), str5);
                            hashMap2.put(entry.getValue(), str5);
                        }
                    }
                    authenticationContext.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, hashMap2);
                    return getFilteredAttributes(hashMap, map3, str != null);
                }
            } catch (Exception e) {
                throw new FrameworkException("Error while claim mapping", e);
            }
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("No attributes given. Returning");
        return null;
    }

    private Map<String, String> getClaimMappings(String str, Set<String> set, String str2, boolean z) throws Exception {
        Map<String, String> mappingsMapFromOtherDialectToCarbon = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(str, set, str2, z);
        if (mappingsMapFromOtherDialectToCarbon == null) {
            mappingsMapFromOtherDialectToCarbon = new HashMap();
        }
        return mappingsMapFromOtherDialectToCarbon;
    }

    protected Map<String, String> handleLocalClaims(String str, AuthenticationContext authenticationContext) throws FrameworkException {
        try {
            UserRealm realmByTenantDomain = AnonymousSessionUtil.getRealmByTenantDomain(FrameworkServiceComponent.getRegistryService(), FrameworkServiceComponent.getRealmService(), MultitenantUtils.getTenantDomain(authenticationContext.getSequenceConfig().getAuthenticatedUser()));
            if (realmByTenantDomain == null) {
                log.warn("No valid tenant domain provider. Empty claim returned back");
                return new HashMap();
            }
            ClaimManager claimManager = realmByTenantDomain.getClaimManager();
            String requestType = authenticationContext.getRequestType();
            ApplicationConfig applicationConfig = authenticationContext.getSequenceConfig().getApplicationConfig();
            Map<String, String> claimMappings = applicationConfig.getClaimMappings();
            Map<String, String> requestedClaimMappings = applicationConfig.getRequestedClaimMappings();
            String dialectUri = getDialectUri(requestType, requestedClaimMappings != null && requestedClaimMappings.size() > 0);
            UserStoreManager userStoreManager = realmByTenantDomain.getUserStoreManager();
            ArrayList arrayList = new ArrayList();
            if (dialectUri != null) {
                if ("http://wso2.org/claims".equals(dialectUri) && requestedClaimMappings != null && requestedClaimMappings.size() > 0) {
                    Iterator<String> it = requestedClaimMappings.keySet().iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next());
                    }
                } else if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(requestType)) {
                    for (org.wso2.carbon.user.api.ClaimMapping claimMapping : claimManager.getAllClaimMappings("http://wso2.org/claims")) {
                        arrayList.add(claimMapping.getClaim().getClaimUri());
                    }
                } else {
                    Map mappingsMapFromOtherDialectToCarbon = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(dialectUri, requestedClaimMappings.keySet(), authenticationContext.getTenantDomain(), true);
                    if (mappingsMapFromOtherDialectToCarbon != null && mappingsMapFromOtherDialectToCarbon.size() > 0) {
                        Iterator it2 = mappingsMapFromOtherDialectToCarbon.keySet().iterator();
                        while (it2.hasNext()) {
                            arrayList.add(it2.next());
                        }
                    }
                }
                claimMappings = ClaimManagerHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(dialectUri, (Set) null, authenticationContext.getTenantDomain(), false);
            } else if (requestedClaimMappings != null && requestedClaimMappings.size() > 0) {
                for (Map.Entry<String, String> entry : requestedClaimMappings.entrySet()) {
                    if (entry.getValue() != null) {
                        arrayList.add(entry.getValue());
                    }
                }
            }
            if (claimMappings == null || (claimMappings.size() == 0 && dialectUri == null)) {
                return new HashMap();
            }
            Map userClaimValues = userStoreManager.getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), (String[]) arrayList.toArray(new String[arrayList.size()]), (String) null);
            if (userClaimValues == null || userClaimValues.size() == 0) {
                return new HashMap();
            }
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (Map.Entry<String, String> entry2 : claimMappings.entrySet()) {
                String str2 = (String) userClaimValues.get(entry2.getValue());
                if (str2 != null) {
                    hashMap.put(entry2.getKey(), str2);
                    if (dialectUri != null && requestedClaimMappings != null && requestedClaimMappings.containsValue(entry2.getValue())) {
                        hashMap2.put(entry2.getKey(), str2);
                    }
                }
            }
            authenticationContext.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, hashMap);
            return dialectUri == null ? getFilteredAttributes(hashMap, requestedClaimMappings, false) : requestedClaimMappings.size() > 0 ? hashMap2 : hashMap;
        } catch (Exception e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    protected String getDialectUri(String str, boolean z) {
        if (FrameworkConstants.RequestType.CLAIM_TYPE_OIDC.equals(str)) {
            return "http://wso2.org/oidc/claim";
        }
        if (FrameworkConstants.RequestType.CLAIM_TYPE_STS.equals(str)) {
            return "http://schemas.xmlsoap.org/ws/2005/05/identity";
        }
        if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(str)) {
            return "http://axschema.org";
        }
        if (FrameworkConstants.RequestType.CLAIM_TYPE_SCIM.equals(str)) {
            return "urn:scim:schemas:core:1.0";
        }
        if (FrameworkConstants.RequestType.CLAIM_TYPE_WSO2.equals(str)) {
            return "http://wso2.org/claims";
        }
        if (!FrameworkConstants.RequestType.CLAIM_TYPE_SAML_SSO.equals(str) || z) {
            return null;
        }
        return "http://wso2.org/claims";
    }
}
