package org.wso2.carbon.identity.entitlement.pip;

import java.net.URI;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.balana.attr.AttributeValue;
import org.wso2.balana.attr.BagAttribute;
import org.wso2.balana.cond.EvaluationResult;
import org.wso2.balana.ctx.EvaluationCtx;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.entitlement.PDPConstants;
import org.wso2.carbon.user.api.ClaimMapping;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/entitlement/pip/DefaultAttributeFinder.class */
public class DefaultAttributeFinder extends AbstractPIPAttributeFinder {
    private static final Log log = LogFactory.getLog(DefaultAttributeFinder.class);
    private Set<String> supportedAttrs = new HashSet();
    private boolean mapFederatedUsersToLocal = false;
    private static final String MAP_FEDERATED_USERS_TO_LOCAL = "MapFederatedUsersToLocal";
    private static final String FEDERATED_USER_DOMAIN = "FEDERATED";

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public void init(Properties properties) throws Exception {
        this.mapFederatedUsersToLocal = Boolean.parseBoolean(properties.getProperty(MAP_FEDERATED_USERS_TO_LOCAL));
        if (log.isDebugEnabled()) {
            log.debug("DefaultAttributeFinder is initialized successfully");
        }
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public String getModuleName() {
        return "Default Attribute Finder";
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.AbstractPIPAttributeFinder, org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public Set<String> getAttributeValues(URI uri, URI uri2, URI uri3, String str, EvaluationCtx evaluationCtx) throws Exception {
        Set<String> set = null;
        EvaluationResult attribute = evaluationCtx.getAttribute(new URI(PDPConstants.STRING_DATA_TYPE), new URI(PDPConstants.USER_TYPE_ID), str, new URI(PDPConstants.USER_CATEGORY));
        String str2 = null;
        if (attribute != null && attribute.getAttributeValue() != null && attribute.getAttributeValue().isBag()) {
            BagAttribute attributeValue = attribute.getAttributeValue();
            if (attributeValue.size() > 0) {
                str2 = ((AttributeValue) attributeValue.iterator().next()).encode();
                if (log.isDebugEnabled()) {
                    log.debug(String.format("The user type of the user is %s", str2));
                }
            }
        }
        if (!StringUtils.equalsIgnoreCase(str2, FEDERATED_USER_DOMAIN)) {
            set = super.getAttributeValues(uri, uri2, uri3, str, evaluationCtx);
        } else if (this.mapFederatedUsersToLocal) {
            set = super.getAttributeValues(uri, uri2, uri3, str, evaluationCtx);
        }
        return set;
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.AbstractPIPAttributeFinder
    public Set<String> getAttributeValues(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        HashSet hashSet = new HashSet();
        if (log.isDebugEnabled()) {
            log.debug("Retrieving attribute values of subjectId '" + str + "'with attributeId '" + str5 + "'");
        }
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("subjectId value is null or empty. Returning empty attribute set");
            }
            return hashSet;
        }
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
        if ("http://wso2.org/claims/role".equals(str5)) {
            if (log.isDebugEnabled()) {
                log.debug("Looking for roles via DefaultAttributeFinder");
            }
            String[] roleListOfUser = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getRoleListOfUser(tenantAwareUsername);
            if (roleListOfUser != null && roleListOfUser.length > 0) {
                for (String str7 : roleListOfUser) {
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("User %1$s belongs to the Role %2$s", tenantAwareUsername, str7));
                    }
                    hashSet.add(str7);
                }
            }
        } else {
            String str8 = null;
            try {
                str8 = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager().getUserClaimValue(tenantAwareUsername, str5, (String) null);
                if (log.isDebugEnabled()) {
                    log.debug("Claim '" + str8 + "' retrieved for attributeId '" + str5 + "' for subjectId '" + tenantAwareUsername + "'");
                }
            } catch (UserStoreException e) {
                if (!e.getMessage().startsWith("UserNotFound")) {
                    throw e;
                }
                if (log.isDebugEnabled()) {
                    log.debug("User: " + tenantAwareUsername + " not found in user store");
                }
            }
            if (str8 == null && log.isDebugEnabled()) {
                log.debug(String.format("Request attribute %1$s not found", str5));
            }
            if (str8 != null) {
                String userStoreProperty = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getUserStoreProperty("MultiAttributeSeparator");
                if (StringUtils.isBlank(userStoreProperty)) {
                    userStoreProperty = ",,,";
                }
                if (str8.contains(userStoreProperty)) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str8, userStoreProperty);
                    while (stringTokenizer.hasMoreElements()) {
                        String obj = stringTokenizer.nextElement().toString();
                        if (StringUtils.isNotBlank(obj)) {
                            hashSet.add(obj);
                        }
                    }
                } else {
                    hashSet.add(str8);
                }
            }
        }
        return hashSet;
    }

    @Override // org.wso2.carbon.identity.entitlement.pip.PIPAttributeFinder
    public Set<String> getSupportedAttributes() {
        try {
            for (ClaimMapping claimMapping : CarbonContext.getThreadLocalCarbonContext().getUserRealm().getClaimManager().getAllClaimMappings("http://wso2.org/claims")) {
                this.supportedAttrs.add(claimMapping.getClaim().getClaimUri());
            }
        } catch (Exception e) {
        }
        return this.supportedAttrs;
    }
}
