package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;

import java.io.IOException;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URIBuilder;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthenticationHandler;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileAdmin;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultPostAuthenticationHandler.class */
public class DefaultPostAuthenticationHandler implements PostAuthenticationHandler {
    private static final Log log = LogFactory.getLog(DefaultPostAuthenticationHandler.class);
    private static final Log AUDIT_LOG = CarbonConstants.AUDIT_LOG;
    private static volatile DefaultPostAuthenticationHandler instance;

    public static DefaultPostAuthenticationHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultPostAuthenticationHandler.class) {
                if (instance == null) {
                    instance = new DefaultPostAuthenticationHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthenticationHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Post authentication handling for missing claims started");
        }
        Object property = authenticationContext.getProperty(FrameworkConstants.POST_AUTHENTICATION_REDIRECTION_TRIGGERED);
        boolean z = false;
        if (property != null && (property instanceof Boolean)) {
            z = ((Boolean) property).booleanValue();
        }
        if (z) {
            handlePostAuthenticationForMissingClaimsResponse(httpServletRequest, httpServletResponse, authenticationContext);
        } else {
            handlePostAuthenticationForMissingClaimsRequest(httpServletRequest, httpServletResponse, authenticationContext);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v65, types: [java.util.Map] */
    private void handlePostAuthenticationForMissingClaimsRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        AuthenticatedUser authenticatedUser = authenticationContext.getSequenceConfig().getAuthenticatedUser();
        if (authenticatedUser == null) {
            authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED, true);
            return;
        }
        HashMap hashMap = new HashMap();
        Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
        if (userAttributes != null) {
            HashMap hashMap2 = new HashMap();
            Object property = authenticationContext.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
            if (property != null && (property instanceof Map)) {
                hashMap2 = (Map) property;
            }
            for (Map.Entry<ClaimMapping, String> entry : userAttributes.entrySet()) {
                String claimUri = entry.getKey().getLocalClaim().getClaimUri();
                if (MapUtils.isNotEmpty(hashMap2) && hashMap2.get(claimUri) != null) {
                    claimUri = (String) hashMap2.get(claimUri);
                }
                hashMap.put(claimUri, entry.getValue());
            }
        }
        String missingClaims = getMissingClaims(hashMap, authenticationContext.getSequenceConfig().getApplicationConfig().getMandatoryClaimMappings());
        if (!StringUtils.isNotBlank(missingClaims)) {
            authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED, true);
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Mandatory claims missing for the application : " + missingClaims);
        }
        httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
        authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED, false);
        try {
            URIBuilder uRIBuilder = new URIBuilder("/authenticationendpoint/claims.do");
            uRIBuilder.addParameter(FrameworkConstants.MISSING_CLAIMS, missingClaims);
            uRIBuilder.addParameter("sessionDataKey", authenticationContext.getContextIdentifier());
            uRIBuilder.addParameter("spName", authenticationContext.getSequenceConfig().getApplicationConfig().getApplicationName());
            httpServletResponse.sendRedirect(uRIBuilder.build().toString());
            authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_REDIRECTION_TRIGGERED, true);
            if (log.isDebugEnabled()) {
                log.debug("Redirecting to outside to pick mandatory claims");
            }
        } catch (IOException e) {
            throw new FrameworkException("Error while redirecting to request claims", e);
        } catch (URISyntaxException e2) {
            throw new FrameworkException("Error while building redirect URI", e2);
        }
    }

    private void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Starting to process the response with missing claims");
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        boolean z = false;
        AuthenticatedUser authenticatedUser = authenticationContext.getSequenceConfig().getAuthenticatedUser();
        HashMap hashMap3 = new HashMap();
        Object property = authenticationContext.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
        if (property instanceof Map) {
            for (Map.Entry entry : ((Map) property).entrySet()) {
                hashMap3.put(entry.getValue(), entry.getKey());
            }
        }
        for (String str : parameterMap.keySet()) {
            if (str.startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
                String substring = str.substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
                hashMap.put(substring, ((String[]) parameterMap.get(str))[0]);
                if (property != null) {
                    hashMap2.put((String) hashMap3.get(substring), ((String[]) parameterMap.get(str))[0]);
                } else {
                    hashMap2.put(str.substring(str.lastIndexOf(47) + 1), ((String[]) parameterMap.get(str))[0]);
                }
            }
        }
        Map<ClaimMapping, String> buildClaimMappings = FrameworkUtils.buildClaimMappings(hashMap2);
        buildClaimMappings.putAll(authenticatedUser.getUserAttributes());
        Iterator<Map.Entry<Integer, StepConfig>> it = authenticationContext.getSequenceConfig().getStepMap().entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            StepConfig value = it.next().getValue();
            if (value.isSubjectAttributeStep()) {
                if (value.getAuthenticatedUser() != null) {
                    authenticatedUser = value.getAuthenticatedUser();
                }
                if (authenticatedUser.isFederatedUser()) {
                    UserProfileAdmin userProfileAdmin = UserProfileAdmin.getInstance();
                    String authenticatedSubjectIdentifier = authenticatedUser.getAuthenticatedSubjectIdentifier();
                    try {
                        String nameAssociatedWith = userProfileAdmin.getNameAssociatedWith(value.getAuthenticatedIdP(), authenticatedSubjectIdentifier);
                        if (StringUtils.isNotBlank(nameAssociatedWith)) {
                            authenticatedUser = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(FrameworkUtils.prependUserStoreDomainToName(nameAssociatedWith + "@" + authenticationContext.getTenantDomain()));
                            z = true;
                        }
                    } catch (UserProfileException e) {
                        throw new FrameworkException("Error while getting association for " + authenticatedSubjectIdentifier, (Throwable) e);
                    }
                } else {
                    z = true;
                }
            }
        }
        if (z) {
            if (log.isDebugEnabled()) {
                log.debug("Local user mapping found. Claims will be persisted");
            }
            try {
                Map serviceProviderToLocalIdPClaimMapping = ApplicationManagementServiceImpl.getInstance().getServiceProviderToLocalIdPClaimMapping(authenticationContext.getSequenceConfig().getApplicationConfig().getApplicationName(), authenticationContext.getSequenceConfig().getApplicationConfig().getServiceProvider().getOwner().getTenantDomain());
                HashMap hashMap4 = new HashMap();
                for (Map.Entry entry2 : hashMap.entrySet()) {
                    hashMap4.put((String) serviceProviderToLocalIdPClaimMapping.get(entry2.getKey()), entry2.getValue());
                }
                if (log.isDebugEnabled()) {
                    log.debug("Updating user profile of user : " + authenticatedUser.getUserName());
                }
                getUserRealm(authenticatedUser.getTenantDomain()).getUserStoreManager().getSecondaryUserStoreManager(authenticatedUser.getUserStoreDomain()).setUserClaimValues(authenticatedUser.getUserName(), hashMap4, (String) null);
            } catch (UserStoreException e2) {
                throw new FrameworkException("Error while updating claims for local user. Could not update profile", (Throwable) e2);
            } catch (IdentityApplicationManagementException e3) {
                throw new FrameworkException("Error while retrieving application claim mapping. Could not update profile", (Throwable) e3);
            }
        }
        authenticationContext.getSequenceConfig().getAuthenticatedUser().setUserAttributes(buildClaimMappings);
        authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED, true);
    }

    private String getMissingClaims(Map<String, String> map, Map<String, String> map2) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map2.entrySet()) {
            if (map.get(entry.getValue()) == null) {
                sb.append(entry.getKey());
                sb.append(",");
            }
        }
        return sb.toString();
    }

    private UserRealm getUserRealm(String str) throws FrameworkException {
        try {
            return AnonymousSessionUtil.getRealmByTenantDomain(FrameworkServiceComponent.getRegistryService(), FrameworkServiceComponent.getRealmService(), str);
        } catch (CarbonException e) {
            throw new FrameworkException("Error occurred while retrieving the Realm for " + str + " to handle local claims", (Throwable) e);
        }
    }
}
