package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.AbstractPostAuthnHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkErrorConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileAdmin;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileException;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthAssociationHandler.class */
public class PostAuthAssociationHandler extends AbstractPostAuthnHandler {
    private static final Log log = LogFactory.getLog(PostAuthAssociationHandler.class);
    private static PostAuthAssociationHandler instance = new PostAuthAssociationHandler();
    private static final String USER_TENANT_DOMAIN = "user-tenant-domain";

    public static PostAuthAssociationHandler getInstance() {
        return instance;
    }

    protected PostAuthAssociationHandler() {
    }

    public int getPriority() {
        int priority = super.getPriority();
        if (priority == -1) {
            priority = 25;
        }
        return priority;
    }

    public String getName() {
        return "PostAuthAssociationHandler";
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthenticationHandler
    public PostAuthnHandlerFlowStatus handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        if (!FrameworkUtils.isStepBasedSequenceHandlerExecuted(authenticationContext)) {
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        Iterator<Map.Entry<Integer, StepConfig>> it = sequenceConfig.getStepMap().entrySet().iterator();
        while (it.hasNext()) {
            StepConfig value = it.next().getValue();
            AuthenticatorConfig authenticatedAutenticator = value.getAuthenticatedAutenticator();
            if (authenticatedAutenticator != null) {
                ApplicationAuthenticator applicationAuthenticator = authenticatedAutenticator.getApplicationAuthenticator();
                if ((applicationAuthenticator instanceof FederatedApplicationAuthenticator) && value.isSubjectIdentifierStep()) {
                    if (log.isDebugEnabled()) {
                        log.debug(applicationAuthenticator.getName() + " has been set up for subject identifier step.");
                    }
                    String str = null;
                    if (sequenceConfig.getApplicationConfig().isAlwaysSendMappedLocalSubjectId()) {
                        str = getUserNameAssociatedWith(authenticationContext, value);
                    }
                    if (StringUtils.isNotEmpty(str)) {
                        if (log.isDebugEnabled()) {
                            log.debug("AlwaysSendMappedLocalSubjectID is selected in service provider level, equavlent local user : " + str);
                        }
                        setAssociatedLocalUserToContext(str, authenticationContext, value);
                    }
                }
            }
        }
        return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
    }

    private void setAssociatedLocalUserToContext(String str, AuthenticationContext authenticationContext, StepConfig stepConfig) throws PostAuthenticationFailedException {
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(str + "@" + authenticationContext.getTenantDomain());
        UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(str));
        sequenceConfig.setAuthenticatedUser(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(prependUserStoreDomainToName));
        sequenceConfig.getApplicationConfig().setMappedSubjectIDSelected(true);
        Map<ClaimMapping, String> claimMapping = getClaimMapping(stepConfig, authenticationContext);
        if (MapUtils.isNotEmpty(claimMapping)) {
            sequenceConfig.getAuthenticatedUser().setUserAttributes(claimMapping);
            if (log.isDebugEnabled()) {
                log.debug("Local claims from the local user: " + str + ", set as user attributed for the federated scenario");
            }
        }
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        Map<String, Object> properties = authenticationContext.getProperties();
        if (properties == null) {
            properties = new HashMap();
            authenticationContext.setProperties(properties);
        }
        properties.put(USER_TENANT_DOMAIN, tenantDomain);
        if (log.isDebugEnabled()) {
            log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
            log.debug("Authenticated User Tenant Domain: " + tenantDomain);
        }
    }

    private String getUserNameAssociatedWith(AuthenticationContext authenticationContext, StepConfig stepConfig) throws PostAuthenticationFailedException {
        UserProfileAdmin userProfileAdmin = UserProfileAdmin.getInstance();
        String authenticatedSubjectIdentifier = stepConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
        try {
            try {
                FrameworkUtils.startTenantFlow(authenticationContext.getTenantDomain());
                String nameAssociatedWith = userProfileAdmin.getNameAssociatedWith(stepConfig.getAuthenticatedIdP(), authenticatedSubjectIdentifier);
                if (StringUtils.isNotBlank(nameAssociatedWith)) {
                    if (log.isDebugEnabled()) {
                        log.debug("User : " + stepConfig.getAuthenticatedUser() + " has an associated account as " + nameAssociatedWith + ". Hence continuing as " + nameAssociatedWith);
                    }
                    stepConfig.getAuthenticatedUser().setUserName(nameAssociatedWith);
                    stepConfig.getAuthenticatedUser().setTenantDomain(authenticationContext.getTenantDomain());
                    stepConfig.setAuthenticatedUser(stepConfig.getAuthenticatedUser());
                } else if (log.isDebugEnabled()) {
                    log.debug("User " + stepConfig.getAuthenticatedUser() + " doesn't have an associated account. Hence continuing as the same user.");
                }
                FrameworkUtils.endTenantFlow();
                return nameAssociatedWith;
            } catch (UserProfileException e) {
                throw new PostAuthenticationFailedException(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_LOCAL_USER_ID.getCode(), String.format(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_IDP_BY_NAME.getMessage(), authenticatedSubjectIdentifier), e);
            }
        } catch (Throwable th) {
            FrameworkUtils.endTenantFlow();
            throw th;
        }
    }

    private Map<ClaimMapping, String> getClaimMapping(StepConfig stepConfig, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        Map<ClaimMapping, String> map = null;
        try {
            Map<String, String> handleClaimMappings = FrameworkUtils.getClaimHandler().handleClaimMappings(stepConfig, authenticationContext, null, false);
            Map<String, String> map2 = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
            Map<String, String> map3 = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
            if (authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings() == null || authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings().isEmpty()) {
                if (MapUtils.isNotEmpty(map2)) {
                    handleClaimMappings = map2;
                } else if (MapUtils.isNotEmpty(map3)) {
                    handleClaimMappings = map3;
                }
            }
            if (MapUtils.isNotEmpty(handleClaimMappings)) {
                map = FrameworkUtils.buildClaimMappings(handleClaimMappings);
            }
            return map;
        } catch (FrameworkException e) {
            throw new PostAuthenticationFailedException(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getCode(), String.format(FrameworkErrorConstants.ErrorMessages.ERROR_WHILE_GETTING_CLAIM_MAPPINGS.getMessage(), authenticationContext.getSequenceConfig().getAuthenticatedUser().getUserName()), e);
        }
    }
}
