package org.wso2.carbon.identity.openidconnect;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import net.minidev.json.JSONArray;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.RequestObjectException;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeReqDTO;
import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.token.handlers.grant.RefreshGrantHandler;
import org.wso2.carbon.identity.openidconnect.internal.OpenIDConnectServiceComponentHolder;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.class */
public class DefaultOIDCClaimsCallbackHandler implements CustomClaimsCallbackHandler {
    private static final String OAUTH2 = "oauth2";
    private static final String OIDC_DIALECT = "http://wso2.org/oidc/claim";
    private static final Log log = LogFactory.getLog(DefaultOIDCClaimsCallbackHandler.class);
    private static final String ATTRIBUTE_SEPARATOR = FrameworkUtils.getMultiAttributeSeparator();

    @Override // org.wso2.carbon.identity.openidconnect.CustomClaimsCallbackHandler
    public JWTClaimsSet handleCustomClaims(JWTClaimsSet.Builder builder, OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        try {
            return setClaimsToJwtClaimSet(builder, getUserClaimsInOIDCDialect(oAuthTokenReqMessageContext));
        } catch (OAuthSystemException e) {
            log.error("Error occurred while adding claims of user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " to the JWTClaimSet used to build the id_token.", e);
            return null;
        }
    }

    @Override // org.wso2.carbon.identity.openidconnect.CustomClaimsCallbackHandler
    public JWTClaimsSet handleCustomClaims(JWTClaimsSet.Builder builder, OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        try {
            return setClaimsToJwtClaimSet(builder, getUserClaimsInOIDCDialect(oAuthAuthzReqMessageContext));
        } catch (OAuthSystemException e) {
            log.error("Error occurred while adding claims of user: " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser() + " to the JWTClaimSet used to build the id_token.", e);
            return null;
        }
    }

    protected Map<String, Object> filterClaimsByScope(Map<String, Object> map, String[] strArr, String str, String str2) {
        return OpenIDConnectServiceComponentHolder.getInstance().getHighestPriorityOpenIDConnectClaimFilter().getClaimsFilteredByOIDCScopes(map, strArr, str, str2);
    }

    private Map<String, Object> getUserClaimsInOIDCDialect(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws OAuthSystemException, IdentityOAuth2Exception {
        Map<String, Object> oIDCClaimMapFromUserAttributes;
        Map<ClaimMapping, String> cachedUserAttributes = getCachedUserAttributes(oAuthTokenReqMessageContext);
        if (MapUtils.isEmpty(cachedUserAttributes) && isLocalUser(oAuthTokenReqMessageContext.getAuthorizedUser())) {
            if (log.isDebugEnabled()) {
                log.debug("User attributes not found in cache against the access token or authorization code. Retrieving claims for local user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " from userstore.");
            }
            oIDCClaimMapFromUserAttributes = retrieveClaimsForLocalUser(oAuthTokenReqMessageContext);
        } else {
            oIDCClaimMapFromUserAttributes = getOIDCClaimMapFromUserAttributes(cachedUserAttributes);
        }
        Object property = oAuthTokenReqMessageContext.getProperty(OIDCConstants.HAS_NON_OIDC_CLAIMS);
        return (isPreserverClaimUrisInAssertion(oAuthTokenReqMessageContext) || (property != null && ((Boolean) property).booleanValue())) ? oIDCClaimMapFromUserAttributes : filterOIDCClaims(oAuthTokenReqMessageContext, oIDCClaimMapFromUserAttributes);
    }

    private Map<String, Object> filterOIDCClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, Map<String, Object> map) throws OAuthSystemException {
        AuthenticatedUser authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
        String clientId = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId();
        String tenantDomain = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getTenantDomain();
        return filterOIDCClaims(getAccessToken(oAuthTokenReqMessageContext), getAuthorizationCode(oAuthTokenReqMessageContext), oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType(), map, authorizedUser, oAuthTokenReqMessageContext.getScope(), clientId, tenantDomain);
    }

    private Map<String, Object> filterOIDCClaims(String str, String str2, String str3, Map<String, Object> map, AuthenticatedUser authenticatedUser, String[] strArr, String str4, String str5) throws OAuthSystemException {
        Map<String, Object> filterClaimsByScope = filterClaimsByScope(map, strArr, str4, str5);
        if (str != null && StringUtils.isNotBlank(str2)) {
            AuthorizationGrantCacheEntry valueFromCacheByCode = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(new AuthorizationGrantCacheKey(str2));
            if (valueFromCacheByCode != null && valueFromCacheByCode.isRequestObjectFlow()) {
                filterClaimsByScope.putAll(filterClaimsFromRequestObject(map, str));
            } else if (log.isDebugEnabled()) {
                log.debug("The request does not contains request object. So skipping filterClaimsFromRequestObject");
            }
        }
        return getUserConsentedClaims(filterClaimsByScope, authenticatedUser, str3, str4, str5);
    }

    private boolean isPreserverClaimUrisInAssertion(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        return !OAuthServerConfiguration.getInstance().isConvertOriginalClaimsFromAssertionsToOIDCDialect() && oAuthTokenReqMessageContext.getAuthorizedUser().isFederatedUser();
    }

    private Map<String, Object> filterClaimsFromRequestObject(Map<String, Object> map, String str) throws OAuthSystemException {
        try {
            return OpenIDConnectServiceComponentHolder.getInstance().getHighestPriorityOpenIDConnectClaimFilter().getClaimsFilteredByEssentialClaims(map, OpenIDConnectServiceComponentHolder.getRequestObjectService().getRequestedClaimsForIDToken(str));
        } catch (RequestObjectException e) {
            throw new OAuthSystemException("Unable to retrieve requested claims from Request Object." + e);
        }
    }

    private Map<String, Object> getUserConsentedClaims(Map<String, Object> map, AuthenticatedUser authenticatedUser, String str, String str2, String str3) throws OAuthSystemException {
        try {
            return OIDCClaimUtil.filterUserClaimsBasedOnConsent(map, authenticatedUser, str2, str3, str, getServiceProvider(str3, str2));
        } catch (IdentityApplicationManagementException e) {
            throw new OAuthSystemException("Error while obtaining service provider for tenant domain: " + str3 + " client id: " + str2, e);
        }
    }

    private Map<ClaimMapping, String> getCachedUserAttributes(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        Map<ClaimMapping, String> userAttributesCachedAgainstToken = getUserAttributesCachedAgainstToken(getAccessToken(oAuthTokenReqMessageContext));
        if (log.isDebugEnabled()) {
            log.debug("Retrieving claims cached against access_token for user: " + oAuthTokenReqMessageContext.getAuthorizedUser());
        }
        if (MapUtils.isEmpty(userAttributesCachedAgainstToken)) {
            if (log.isDebugEnabled()) {
                log.debug("No claims cached against the access_token for user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + ". Retrieving claims cached against the authorization code.");
            }
            userAttributesCachedAgainstToken = getUserAttributesCachedAgainstAuthorizationCode(getAuthorizationCode(oAuthTokenReqMessageContext));
            if (log.isDebugEnabled()) {
                log.debug("Retrieving claims cached against authorization_code for user: " + oAuthTokenReqMessageContext.getAuthorizedUser());
            }
        }
        if (MapUtils.isEmpty(userAttributesCachedAgainstToken)) {
            if (log.isDebugEnabled()) {
                log.debug("No claims found in authorization cache. Retrieving claims from attributes of user : " + oAuthTokenReqMessageContext.getAuthorizedUser());
            }
            AuthenticatedUser authorizedUser = oAuthTokenReqMessageContext.getAuthorizedUser();
            userAttributesCachedAgainstToken = authorizedUser != null ? authorizedUser.getUserAttributes() : null;
        }
        if (MapUtils.isEmpty(userAttributesCachedAgainstToken)) {
            if (log.isDebugEnabled()) {
                log.debug("No claims found in user in user attributes for user : " + oAuthTokenReqMessageContext.getAuthorizedUser());
            }
            Object property = oAuthTokenReqMessageContext.getProperty(RefreshGrantHandler.PREV_ACCESS_TOKEN);
            if (property != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Retrieving claims from previous access token of user : " + oAuthTokenReqMessageContext.getAuthorizedUser());
                }
                RefreshTokenValidationDataDO refreshTokenValidationDataDO = (RefreshTokenValidationDataDO) property;
                userAttributesCachedAgainstToken = getUserAttributesCachedAgainstToken(refreshTokenValidationDataDO.getAccessToken());
                oAuthTokenReqMessageContext.addProperty(OIDCConstants.HAS_NON_OIDC_CLAIMS, Boolean.valueOf(isTokenHasCustomUserClaims(refreshTokenValidationDataDO)));
            }
        }
        return userAttributesCachedAgainstToken;
    }

    private Map<String, Object> retrieveClaimsForLocalUser(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception {
        try {
            return getUserClaimsInOIDCDialect(getServiceProviderTenantDomain(oAuthTokenReqMessageContext), oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId(), oAuthTokenReqMessageContext.getAuthorizedUser());
        } catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
            if (!FrameworkUtils.isContinueOnClaimHandlingErrorAllowed()) {
                throw new IdentityOAuth2Exception("Error occurred while getting claims for user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " from userstore.", e);
            }
            log.error("Error occurred while getting claims for user: " + oAuthTokenReqMessageContext.getAuthorizedUser() + " from userstore.", e);
            return new HashMap();
        }
    }

    private Map<ClaimMapping, String> getUserAttributesCachedAgainstAuthorizationCode(String str) {
        Map<ClaimMapping, String> emptyMap = Collections.emptyMap();
        if (str != null) {
            emptyMap = getUserAttributesFromCacheUsingCode(str);
        }
        return emptyMap;
    }

    private Map<ClaimMapping, String> getUserAttributesCachedAgainstToken(String str) {
        Map<ClaimMapping, String> emptyMap = Collections.emptyMap();
        if (str != null) {
            emptyMap = getUserAttributesFromCacheUsingToken(str);
        }
        return emptyMap;
    }

    private Map<String, Object> getUserClaimsInOIDCDialect(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws OAuthSystemException, IdentityOAuth2Exception {
        Map<String, Object> oIDCClaimMapFromUserAttributes;
        Map<ClaimMapping, String> userAttributesCachedAgainstToken = getUserAttributesCachedAgainstToken(getAccessToken(oAuthAuthzReqMessageContext));
        if (!MapUtils.isEmpty(userAttributesCachedAgainstToken)) {
            oIDCClaimMapFromUserAttributes = getOIDCClaimMapFromUserAttributes(userAttributesCachedAgainstToken);
        } else if (isLocalUser(oAuthAuthzReqMessageContext)) {
            if (log.isDebugEnabled()) {
                log.debug("User attributes not found in cache. Trying to retrieve attribute for local user: " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser());
            }
            oIDCClaimMapFromUserAttributes = retrieveClaimsForLocalUser(oAuthAuthzReqMessageContext);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User attributes not found in cache. Trying to retrieve attribute for federated user: " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser());
            }
            oIDCClaimMapFromUserAttributes = retrieveClaimsForFederatedUser(oAuthAuthzReqMessageContext);
        }
        return filterOIDCClaims(oAuthAuthzReqMessageContext, oIDCClaimMapFromUserAttributes);
    }

    private Map<String, Object> retrieveClaimsForFederatedUser(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        OAuth2AuthorizeReqDTO authorizationReqDTO = oAuthAuthzReqMessageContext.getAuthorizationReqDTO();
        HashMap hashMap = new HashMap();
        if (authorizationReqDTO == null) {
            if (log.isDebugEnabled()) {
                log.debug("OAuth2AuthorizeReqDTO is NULL for federated user: " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser());
            }
            return hashMap;
        }
        AuthenticatedUser user = authorizationReqDTO.getUser();
        if (user != null) {
            return getOIDCClaimMapFromUserAttributes(user.getUserAttributes());
        }
        if (log.isDebugEnabled()) {
            log.debug("Authenticated User is not available in the request");
        }
        return hashMap;
    }

    private Map<String, Object> filterOIDCClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, Map<String, Object> map) throws OAuthSystemException {
        AuthenticatedUser user = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser();
        String consumerKey = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getConsumerKey();
        String tenantDomain = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getTenantDomain();
        return filterOIDCClaims(getAccessToken(oAuthAuthzReqMessageContext), "", "implicit", map, user, oAuthAuthzReqMessageContext.getApprovedScope(), consumerKey, tenantDomain);
    }

    private Map<String, Object> retrieveClaimsForLocalUser(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception {
        try {
            return getUserClaimsInOIDCDialect(getServiceProviderTenantDomain(oAuthAuthzReqMessageContext), oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getConsumerKey(), oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser());
        } catch (UserStoreException | IdentityApplicationManagementException | IdentityException e) {
            if (!FrameworkUtils.isContinueOnClaimHandlingErrorAllowed()) {
                throw new IdentityOAuth2Exception("Error occurred while getting claims for user " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser(), e);
            }
            log.error("Error occurred while getting claims for user " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser(), e);
            return new HashMap();
        }
    }

    private Map<String, Object> getOIDCClaimMapFromUserAttributes(Map<ClaimMapping, String> map) {
        HashMap hashMap = new HashMap();
        if (MapUtils.isNotEmpty(map)) {
            for (Map.Entry<ClaimMapping, String> entry : map.entrySet()) {
                hashMap.put(entry.getKey().getRemoteClaim().getClaimUri(), entry.getValue());
            }
        }
        return hashMap;
    }

    private Map<String, Object> getUserClaimsInOIDCDialect(String str, String str2, AuthenticatedUser authenticatedUser) throws IdentityApplicationManagementException, IdentityException, UserStoreException {
        HashMap hashMap = new HashMap();
        ServiceProvider serviceProvider = getServiceProvider(str, str2);
        if (serviceProvider == null) {
            log.warn("Unable to find a service provider associated with client_id: " + str2 + " in tenantDomain: " + str + ". Returning empty claim map for user.");
            return hashMap;
        }
        ClaimMapping[] requestedClaimMappings = getRequestedClaimMappings(serviceProvider);
        if (ArrayUtils.isEmpty(requestedClaimMappings)) {
            if (log.isDebugEnabled()) {
                log.debug("No requested claims configured for service provider: " + serviceProvider.getApplicationName() + " of tenantDomain: " + str + ". No claims returned for user: " + authenticatedUser);
            }
            return hashMap;
        }
        String tenantDomain = authenticatedUser.getTenantDomain();
        String fullQualifiedUsername = authenticatedUser.toFullQualifiedUsername();
        UserRealm realm = IdentityTenantUtil.getRealm(tenantDomain, fullQualifiedUsername);
        if (realm == null) {
            log.warn("Invalid tenant domain: " + tenantDomain + " provided. Cannot get claims for user: " + fullQualifiedUsername);
            return hashMap;
        }
        Map<String, String> userClaimsInLocalDialect = getUserClaimsInLocalDialect(fullQualifiedUsername, realm, getRequestedClaimUris(requestedClaimMappings));
        if (MapUtils.isEmpty(userClaimsInLocalDialect)) {
            if (log.isDebugEnabled()) {
                log.debug("No claims found for " + fullQualifiedUsername + " from user store.");
            }
            return hashMap;
        }
        if (log.isDebugEnabled()) {
            log.debug("Number of user claims retrieved for " + fullQualifiedUsername + " from user store: " + userClaimsInLocalDialect.size());
        }
        handleServiceProviderRoleMappings(serviceProvider, ATTRIBUTE_SEPARATOR, userClaimsInLocalDialect);
        hashMap.putAll(getUserClaimsInOIDCDialect(str, userClaimsInLocalDialect));
        return hashMap;
    }

    private ClaimMapping[] getRequestedClaimMappings(ServiceProvider serviceProvider) {
        return serviceProvider.getClaimConfig() == null ? new ClaimMapping[0] : serviceProvider.getClaimConfig().getClaimMappings();
    }

    private Map<String, Object> getUserClaimsInOIDCDialect(String str, Map<String, String> map) throws ClaimMetadataException {
        return getUserClaimsInOidcDialect(ClaimMetadataHandler.getInstance().getMappingsMapFromOtherDialectToCarbon(OIDC_DIALECT, (Set) null, str, false), map);
    }

    private Map<String, String> getUserClaimsInLocalDialect(String str, org.wso2.carbon.user.api.UserRealm userRealm, List<String> list) throws UserStoreException {
        return userRealm.getUserStoreManager().getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), (String[]) list.toArray(new String[list.size()]), (String) null);
    }

    private void handleServiceProviderRoleMappings(ServiceProvider serviceProvider, String str, Map<String, String> map) throws FrameworkException {
        Iterator it = IdentityUtil.getRoleGroupClaims().iterator();
        while (it.hasNext()) {
            handleSPRoleMapping(serviceProvider, str, map, (String) it.next());
        }
    }

    private void handleSPRoleMapping(ServiceProvider serviceProvider, String str, Map<String, String> map, String str2) throws FrameworkException {
        if (MapUtils.isNotEmpty(map) && map.containsKey(str2)) {
            map.put(str2, OIDCClaimUtil.getServiceProviderMappedUserRoles(serviceProvider, Arrays.asList(map.get(str2).split(Pattern.quote(str))), str));
        }
    }

    private String getServiceProviderTenantDomain(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        String str = (String) oAuthTokenReqMessageContext.getProperty("tenantDomain");
        if (str == null) {
            str = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getTenantDomain();
        }
        return str;
    }

    private String getServiceProviderTenantDomain(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        String str = (String) oAuthAuthzReqMessageContext.getProperty("tenantDomain");
        if (str == null) {
            str = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getTenantDomain();
        }
        return str;
    }

    private List<String> getRequestedClaimUris(ClaimMapping[] claimMappingArr) {
        ArrayList arrayList = new ArrayList();
        for (ClaimMapping claimMapping : claimMappingArr) {
            if (claimMapping.isRequested()) {
                arrayList.add(claimMapping.getLocalClaim().getClaimUri());
            }
        }
        return arrayList;
    }

    private ServiceProvider getServiceProvider(String str, String str2) throws IdentityApplicationManagementException {
        ApplicationManagementService applicationMgtService = OAuth2ServiceComponentHolder.getApplicationMgtService();
        String serviceProviderNameByClientId = applicationMgtService.getServiceProviderNameByClientId(str2, "oauth2", str);
        if (log.isDebugEnabled()) {
            log.debug("Retrieving service provider for clientId: " + str2 + " in tenantDomain: " + str);
        }
        return applicationMgtService.getApplicationExcludingFileBasedSPs(serviceProviderNameByClientId, str);
    }

    private Map<String, Object> getUserClaimsInOidcDialect(Map<String, String> map, Map<String, String> map2) {
        HashMap hashMap = new HashMap();
        if (MapUtils.isNotEmpty(map2)) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                String str = map2.get(entry.getValue());
                if (str != null) {
                    String key = entry.getKey();
                    hashMap.put(key, str);
                    if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserClaims")) {
                        log.debug("Mapped claim: key - " + key + " value - " + str);
                    }
                }
            }
        }
        return hashMap;
    }

    private boolean isTokenHasCustomUserClaims(RefreshTokenValidationDataDO refreshTokenValidationDataDO) {
        AuthorizationGrantCacheEntry valueFromCacheByToken = AuthorizationGrantCache.getInstance().getValueFromCacheByToken(new AuthorizationGrantCacheKey(refreshTokenValidationDataDO.getAccessToken()));
        boolean z = valueFromCacheByToken != null && valueFromCacheByToken.isHasNonOIDCClaims();
        if (log.isDebugEnabled()) {
            log.debug("hasNonOIDCClaims is set to " + z + " for the access token of the user : " + refreshTokenValidationDataDO.getAuthorizedUser());
        }
        return valueFromCacheByToken != null && valueFromCacheByToken.isHasNonOIDCClaims();
    }

    private Map<ClaimMapping, String> getUserAttributesFromCacheUsingToken(String str) {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AccessToken")) {
                log.debug("Retrieving user attributes cached against access token: " + str);
            } else {
                log.debug("Retrieving user attributes cached against access token.");
            }
        }
        AuthorizationGrantCacheEntry valueFromCacheByToken = AuthorizationGrantCache.getInstance().getValueFromCacheByToken(new AuthorizationGrantCacheKey(str));
        return valueFromCacheByToken == null ? new HashMap() : valueFromCacheByToken.getUserAttributes();
    }

    private Map<ClaimMapping, String> getUserAttributesFromCacheUsingCode(String str) {
        if (log.isDebugEnabled()) {
            if (IdentityUtil.isTokenLoggable("AuthorizationCode")) {
                log.debug("Retrieving user attributes cached against authorization code: " + str);
            } else {
                log.debug("Retrieving user attributes cached against authorization code.");
            }
        }
        AuthorizationGrantCacheEntry valueFromCacheByCode = AuthorizationGrantCache.getInstance().getValueFromCacheByCode(new AuthorizationGrantCacheKey(str));
        return valueFromCacheByCode == null ? new HashMap() : valueFromCacheByCode.getUserAttributes();
    }

    private JWTClaimsSet setClaimsToJwtClaimSet(JWTClaimsSet.Builder builder, Map<String, Object> map) {
        JWTClaimsSet build = builder.build();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String obj = entry.getValue().toString();
            String key = entry.getKey();
            if (isMultiValuedAttribute(obj)) {
                JSONArray jSONArray = new JSONArray();
                for (String str : obj.split(Pattern.quote(ATTRIBUTE_SEPARATOR))) {
                    if (StringUtils.isNotBlank(str)) {
                        jSONArray.add(str);
                    }
                }
                if (build.getClaim(key) == null) {
                    builder.claim(entry.getKey(), jSONArray);
                }
            } else if (build.getClaim(key) == null) {
                builder.claim(entry.getKey(), entry.getValue());
            }
        }
        return builder.build();
    }

    private String getAuthorizationCode(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        return (String) oAuthTokenReqMessageContext.getProperty("AuthorizationCode");
    }

    private String getAccessToken(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        return (String) oAuthTokenReqMessageContext.getProperty("accessToken");
    }

    private String getAccessToken(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        return (String) oAuthAuthzReqMessageContext.getProperty("accessToken");
    }

    private boolean isLocalUser(AuthenticatedUser authenticatedUser) {
        return !authenticatedUser.isFederatedUser();
    }

    private boolean isLocalUser(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        return !oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getUser().isFederatedUser();
    }

    private boolean isMultiValuedAttribute(String str) {
        return StringUtils.contains(str, ATTRIBUTE_SEPARATOR);
    }
}
