package org.wso2.carbon.identity.relyingparty;

import com.google.step2.Step2;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.util.UUIDGenerator;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.core.AbstractAdmin;
import org.wso2.carbon.core.services.util.CarbonAuthenticationUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.IdentityClaimManager;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.core.util.IdentityConfigParser;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.relyingparty.dto.ClaimDTO;
import org.wso2.carbon.identity.relyingparty.dto.OpenIDAuthInfoDTO;
import org.wso2.carbon.identity.relyingparty.dto.OpenIDDTO;
import org.wso2.carbon.identity.relyingparty.dto.OpenIDSignInDTO;
import org.wso2.carbon.identity.relyingparty.internal.IdentityRPServiceComponent;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreManager;
import org.wso2.carbon.user.core.claim.Claim;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/relyingparty/RelyingPartyService.class */
public class RelyingPartyService extends AbstractAdmin {
    private static final Log log = LogFactory.getLog(RelyingPartyService.class);
    private static final String GOOGLE_APPS_IDP_NAME = "GoogleApps";

    public OpenIDSignInDTO signInWithOpenID(OpenIDDTO openIDDTO) throws Exception {
        OpenIDSignInDTO openIDSignInDTO = new OpenIDSignInDTO();
        HttpSession session = ((HttpServletRequest) MessageContext.getCurrentMessageContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        String userNameFromOpenID = getUserNameFromOpenID(openIDDTO.getOpenID());
        String str = null;
        if (userNameFromOpenID != null) {
            str = MultitenantUtils.getDomainNameFromOpenId(openIDDTO.getOpenID());
        }
        UserRealm realm = IdentityTenantUtil.getRealm(str, userNameFromOpenID);
        Registry registry = IdentityTenantUtil.getRegistry(str, userNameFromOpenID);
        RealmService realmService = IdentityRPServiceComponent.getRealmService();
        if (userNameFromOpenID == null || !realm.getUserStoreManager().isExistingUser(userNameFromOpenID)) {
            IdentityPersistenceManager persistanceManager = IdentityPersistenceManager.getPersistanceManager();
            if (persistanceManager.hasSignedUpForOpenId(registry, realm, openIDDTO.getOpenID())) {
                String userIdForOpenIDSignUp = persistanceManager.getUserIdForOpenIDSignUp(registry, realm, openIDDTO.getOpenID());
                if (realm.getUserStoreManager().isExistingUser(userIdForOpenIDSignUp)) {
                    String tenantDomain = MultitenantUtils.getTenantDomain(userIdForOpenIDSignUp);
                    CarbonAuthenticationUtil.onSuccessAdminLogin(session, userIdForOpenIDSignUp, realmService.getTenantManager().getTenantId(tenantDomain), tenantDomain, "OpenID login");
                    openIDSignInDTO.setAuthenticated(true);
                    openIDSignInDTO.setUserID(userIdForOpenIDSignUp);
                }
            }
        } else {
            onUserLogin(userNameFromOpenID, str, session);
            openIDSignInDTO.setAuthenticated(true);
            openIDSignInDTO.setUserID(userNameFromOpenID);
            CarbonAuthenticationUtil.onSuccessAdminLogin(session, userNameFromOpenID, realmService.getTenantManager().getTenantId(str), str, "Info card login");
        }
        return openIDSignInDTO;
    }

    public OpenIDAuthInfoDTO getOpenIDAuthInfo(String str) throws Exception {
        Claim[] allSupportedClaims = IdentityClaimManager.getInstance().getAllSupportedClaims(str, IdentityTenantUtil.getRealm((String) null, (String) null));
        String str2 = (String) IdentityConfigParser.getInstance().getConfiguration().get("OpenIDRealm");
        boolean parseBoolean = Boolean.parseBoolean((String) IdentityConfigParser.getInstance().getConfiguration().get("RequestClaimsFromIdP"));
        if (allSupportedClaims == null || allSupportedClaims.length == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Claim claim : allSupportedClaims) {
            if (claim.isRequired()) {
                arrayList.add(claim.getClaimUri());
            } else {
                arrayList2.add(claim.getClaimUri());
            }
        }
        OpenIDAuthInfoDTO openIDAuthInfoDTO = new OpenIDAuthInfoDTO();
        openIDAuthInfoDTO.setOptionalClaims((String[]) arrayList2.toArray(new String[arrayList2.size()]));
        openIDAuthInfoDTO.setRequiredClaims((String[]) arrayList.toArray(new String[arrayList.size()]));
        openIDAuthInfoDTO.setRequestTypes(new String[]{"sreg"});
        openIDAuthInfoDTO.setRealm(str2);
        openIDAuthInfoDTO.setRequestClaimsFromIdP(parseBoolean);
        return openIDAuthInfoDTO;
    }

    public static String getUserNameFromOpenID(String str) throws Exception {
        String str2 = null;
        String property = IdentityUtil.getProperty("OpenID.OpenIDUserPattern");
        if (str.length() > property.length()) {
            str2 = str.substring(property.length());
            if (!str.equals(property + str2)) {
                return null;
            }
        }
        return str2;
    }

    public boolean addOpenIdToProfile(OpenIDDTO openIDDTO) throws IdentityException, RegistryException {
        UserRealm realm = IdentityTenantUtil.getRealm(MultitenantUtils.getDomainNameFromOpenId(openIDDTO.getOpenID()), openIDDTO.getUserName());
        try {
            if (!realm.getUserStoreManager().isExistingUser(openIDDTO.getUserName())) {
                return false;
            }
            if (openIDDTO.getPassword() != null && !realm.getUserStoreManager().authenticate(openIDDTO.getUserName(), openIDDTO.getPassword())) {
                return false;
            }
            return doOpenIDSignUp(openIDDTO.getUserName(), openIDDTO.getOpenID());
        } catch (Exception e) {
            throw new IdentityException(e.getMessage(), e);
        }
    }

    public void signInGAppUser(OpenIDDTO openIDDTO, String str) throws Exception {
        try {
            String str2 = null;
            String str3 = null;
            String str4 = null;
            for (ClaimDTO claimDTO : openIDDTO.getClaims()) {
                if (claimDTO.getClaimUri().equals(Step2.AxSchema.EMAIL.getUri())) {
                    str2 = claimDTO.getClaimValue();
                } else if (claimDTO.getClaimUri().equals(Step2.AxSchema.FIRST_NAME.getUri())) {
                    str3 = claimDTO.getClaimValue();
                } else if (claimDTO.getClaimUri().equals(Step2.AxSchema.LAST_NAME.getUri())) {
                    str4 = claimDTO.getClaimValue();
                }
            }
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str2);
            if (tenantAwareUsername == null) {
                log.error("The username is null");
                throw new Exception("The username is null");
            }
            int tenantId = IdentityRPServiceComponent.getRealmService().getTenantManager().getTenantId(str);
            if (tenantId == -1) {
                throw new Exception("Your google app domain " + str + " is not setup for Stratos. Please contact your Goole Apps administrator and ask him to setup Stratos via Google Apps Marketplace.");
            }
            UserRealm realm = IdentityTenantUtil.getRealm(str, (String) null);
            if (!realm.getUserStoreManager().isExistingUser(tenantAwareUsername)) {
                if (!GOOGLE_APPS_IDP_NAME.equals(realm.getRealmConfiguration().getUserStoreProperties().get("ExternalIdP"))) {
                    throw new Exception("The domain you are trying to login already exist. If you can prove your rights to this domain please contact administrator.");
                }
                String uuid = UUIDGenerator.getUUID();
                UserStoreManager userStoreManager = realm.getUserStoreManager();
                if (!userStoreManager.isExistingRole("identity")) {
                    userStoreManager.addRole("identity", (String[]) null, new Permission[]{new Permission("/permission/admin/login", "ui.execute")});
                }
                userStoreManager.addUser(tenantAwareUsername, uuid, new String[]{"identity"}, (Map) null, (String) null);
                IdentityPersistenceManager.getPersistanceManager().doOpenIdSignUp(IdentityRPServiceComponent.getRegistryService().getConfigSystemRegistry(tenantId), realm, openIDDTO.getOpenID(), tenantAwareUsername);
                addUserClaims(tenantAwareUsername, str3, str4, str2, tenantId);
            }
        } catch (Exception e) {
            log.error("An error occured while signing in gapp user " + e.getMessage());
            throw e;
        }
    }

    private void onUserLogin(String str, String str2, HttpSession httpSession) throws Exception {
        httpSession.setAttribute("wso2carbon.admin.logged.in", str);
        PrivilegedCarbonContext currentContext = PrivilegedCarbonContext.getCurrentContext(httpSession);
        currentContext.setTenantDomain(str2);
        int tenantId = IdentityRPServiceComponent.getRealmService().getTenantManager().getTenantId(str2);
        currentContext.setTenantId(tenantId);
        currentContext.setRegistry(RegistryType.SYSTEM_CONFIGURATION, IdentityRPServiceComponent.getRegistryService().getConfigSystemRegistry(tenantId));
        currentContext.setRegistry(RegistryType.USER_CONFIGURATION, IdentityRPServiceComponent.getRegistryService().getConfigUserRegistry(str, tenantId));
        currentContext.setRegistry(RegistryType.USER_GOVERNANCE, IdentityRPServiceComponent.getRegistryService().getGovernanceUserRegistry(str, tenantId));
        currentContext.setRegistry(RegistryType.SYSTEM_GOVERNANCE, IdentityRPServiceComponent.getRegistryService().getGovernanceSystemRegistry(tenantId));
        currentContext.setUserRealm(IdentityRPServiceComponent.getRegistryService().getGovernanceUserRegistry(str, tenantId).getUserRealm());
    }

    private boolean doOpenIDSignUp(String str, String str2) throws Exception {
        IdentityPersistenceManager persistanceManager = IdentityPersistenceManager.getPersistanceManager();
        String domainNameFromOpenId = MultitenantUtils.getDomainNameFromOpenId(str2);
        return persistanceManager.doOpenIdSignUp(IdentityTenantUtil.getRegistry(domainNameFromOpenId, str), IdentityTenantUtil.getRealm(domainNameFromOpenId, str), str2, str);
    }

    private void addUserClaims(String str, String str2, String str3, String str4, int i) throws Exception {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("http://wso2.org/claims/givenname", str2);
            hashMap.put("http://wso2.org/claims/lastname", str3);
            hashMap.put("http://wso2.org/claims/emailaddress", str4);
            IdentityRPServiceComponent.getRealmService().getTenantUserRealm(i).getUserStoreManager().setUserClaimValues(str, hashMap, "default");
        } catch (Exception e) {
            log.error("Error in adding claims to the user.", e);
            throw new Exception("Error in adding claims to the user.", e);
        }
    }
}
