package org.wso2.carbon.identity.mgt.listener;

import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim;
import org.wso2.carbon.identity.core.AbstractIdentityUserOperationEventListener;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.mgt.internal.IdentityMgtServiceDataHolder;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.UserStoreManager;

/* loaded from: input_file:org/wso2/carbon/identity/mgt/listener/IdentityClaimValueEncryptionListener.class */
public class IdentityClaimValueEncryptionListener extends AbstractIdentityUserOperationEventListener {
    private static final Log LOG = LogFactory.getLog(IdentityClaimValueEncryptionListener.class);
    private static final String CLAIM_VALUE = "ClaimValue";
    private static final String CLAIM_URI = "claimURI";

    public int getExecutionOrderId() {
        int orderId = getOrderId();
        if (orderId != -1) {
            return orderId;
        }
        return 96;
    }

    public boolean doPreAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        try {
            if (!isEnable() || userStoreManager == null) {
                return true;
            }
            updateClaimValues(map, userStoreManager);
            return true;
        } catch (org.wso2.carbon.user.api.UserStoreException e) {
            LOG.error("Error while retrieving tenant ID", e);
            return false;
        } catch (CryptoException e2) {
            return false;
        }
    }

    public boolean doPreAddUserWithID(String str, Object obj, String[] strArr, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return doPreAddUser(null, obj, strArr, map, str2, userStoreManager);
    }

    public boolean doPreSetUserClaimValues(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable() || userStoreManager == null) {
            return true;
        }
        try {
            updateClaimValues(map, userStoreManager);
            return true;
        } catch (CryptoException e) {
            LOG.error("Error occurred while encrypting claim value", e);
            return false;
        }
    }

    public boolean doPreSetUserClaimValuesWithID(String str, Map<String, String> map, String str2, UserStoreManager userStoreManager) throws UserStoreException {
        return doPreSetUserClaimValues(null, map, str2, userStoreManager);
    }

    public boolean doPreSetUserClaimValue(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable() || userStoreManager == null || !checkEnableEncryption(str2, userStoreManager)) {
            return true;
        }
        ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_URI);
        ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_VALUE);
        ((Map) IdentityUtil.threadLocalProperties.get()).put(CLAIM_URI, str2);
        ((Map) IdentityUtil.threadLocalProperties.get()).put(CLAIM_VALUE, str3);
        return true;
    }

    public boolean doPreSetUserClaimValueWithID(String str, String str2, String str3, String str4, UserStoreManager userStoreManager) throws UserStoreException {
        return doPreSetUserClaimValue(null, str2, str3, str4, userStoreManager);
    }

    public boolean doPostSetUserClaimValue(String str, UserStoreManager userStoreManager) throws UserStoreException {
        if (!isEnable() || userStoreManager == null) {
            return true;
        }
        try {
            String str2 = (String) ((Map) IdentityUtil.threadLocalProperties.get()).get(CLAIM_URI);
            String str3 = (String) ((Map) IdentityUtil.threadLocalProperties.get()).get(CLAIM_VALUE);
            if (StringUtils.isNotBlank(str2) && StringUtils.isNotBlank(str3)) {
                HashMap hashMap = new HashMap();
                hashMap.put(str2, str3);
                userStoreManager.setUserClaimValues(str, hashMap, (String) null);
            }
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_URI);
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_VALUE);
            return true;
        } catch (Throwable th) {
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_URI);
            ((Map) IdentityUtil.threadLocalProperties.get()).remove(CLAIM_VALUE);
            throw th;
        }
    }

    public boolean doPostSetUserClaimValueWithID(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return doPostSetUserClaimValue(null, userStoreManager);
    }

    private void updateClaimValues(Map<String, String> map, UserStoreManager userStoreManager) throws UserStoreException, CryptoException {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            if (checkEnableEncryption(key, userStoreManager)) {
                try {
                    map.put(key, encryptClaimValue(entry.getValue()));
                } catch (CryptoException e) {
                    LOG.error("Error occurred while encrypting claim value of claim " + key, e);
                    throw new CryptoException("Error occurred while encrypting claim value of claim " + key, e);
                }
            }
        }
    }

    private String encryptClaimValue(String str) throws CryptoException {
        return str.isEmpty() ? str : CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(str.getBytes(StandardCharsets.UTF_8));
    }

    private boolean checkEnableEncryption(String str, UserStoreManager userStoreManager) throws UserStoreException {
        return Boolean.parseBoolean(getClaimProperties(IdentityTenantUtil.getTenantDomain(userStoreManager.getTenantId()), str).get("EnableEncryption"));
    }

    private Map<String, String> getClaimProperties(String str, String str2) {
        try {
        } catch (ClaimMetadataException e) {
            LOG.error("Error while retrieving local claim meta data.", e);
        }
        if (IdentityMgtServiceDataHolder.getClaimManagementService() == null) {
            LOG.error("ClaimManagementService is null");
            throw new ClaimMetadataException("ClaimManagementService is null");
        }
        List<LocalClaim> localClaims = IdentityMgtServiceDataHolder.getClaimManagementService().getLocalClaims(str);
        if (localClaims == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Returned claim list from ClaimManagementService is null");
            }
            return Collections.emptyMap();
        }
        for (LocalClaim localClaim : localClaims) {
            if (StringUtils.equalsIgnoreCase(str2, localClaim.getClaimURI())) {
                return localClaim.getClaimProperties();
            }
        }
        return Collections.emptyMap();
    }
}
