package org.wso2.carbon.identity.oidc.session.backchannellogout;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.Cookie;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.common.exception.InvalidOAuthClientException;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
import org.wso2.carbon.identity.oidc.session.OIDCSessionConstants;
import org.wso2.carbon.identity.oidc.session.OIDCSessionState;
import org.wso2.carbon.identity.oidc.session.cache.OIDCBackChannelAuthCodeCache;
import org.wso2.carbon.identity.oidc.session.cache.OIDCBackChannelAuthCodeCacheEntry;
import org.wso2.carbon.identity.oidc.session.cache.OIDCBackChannelAuthCodeCacheKey;
import org.wso2.carbon.identity.oidc.session.util.OIDCSessionManagementUtil;
import org.wso2.carbon.identity.openidconnect.ClaimProvider;

/* loaded from: input_file:org/wso2/carbon/identity/oidc/session/backchannellogout/ClaimProviderImpl.class */
public class ClaimProviderImpl implements ClaimProvider {
    private static final Log log = LogFactory.getLog(ClaimProviderImpl.class);

    public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO) throws IdentityOAuth2Exception {
        String sidClaim;
        HashMap hashMap = new HashMap();
        OIDCSessionState sessionState = getSessionState(oAuthAuthzReqMessageContext);
        if (sessionState == null) {
            sidClaim = UUID.randomUUID().toString();
            if (log.isDebugEnabled()) {
                log.debug("sid claim is generated for auth request. ");
            }
        } else {
            sidClaim = sessionState.getSidClaim();
            if (log.isDebugEnabled()) {
                log.debug("sid claim is found in the session state");
            }
        }
        hashMap.put("sid", sidClaim);
        addSidToCacheWhenIDTokenIsEncrypted(oAuthAuthzReqMessageContext, sidClaim);
        return hashMap;
    }

    private void addSidToCacheWhenIDTokenIsEncrypted(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, String str) throws IdentityOAuth2Exception {
        try {
            if (OAuth2Util.getAppInformationByClientId(oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getConsumerKey()).isIdTokenEncryptionEnabled()) {
                OIDCBackChannelAuthCodeCacheKey oIDCBackChannelAuthCodeCacheKey = new OIDCBackChannelAuthCodeCacheKey("sid");
                OIDCBackChannelAuthCodeCacheEntry oIDCBackChannelAuthCodeCacheEntry = new OIDCBackChannelAuthCodeCacheEntry();
                oIDCBackChannelAuthCodeCacheEntry.setSessionId(str);
                OIDCBackChannelAuthCodeCache.getInstance().addToCache(oIDCBackChannelAuthCodeCacheKey, oIDCBackChannelAuthCodeCacheEntry);
                if (log.isDebugEnabled()) {
                    log.debug("Adding sid to OIDCBackChannelAuthCodeCache since id token encryption is enabled.");
                }
            }
        } catch (InvalidOAuthClientException e) {
            throw new IdentityOAuth2Exception("Retrieving OAuthAppDO failed for the client id: " + oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getConsumerKey(), e);
        }
    }

    public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO) throws IdentityOAuth2Exception {
        HashMap hashMap = new HashMap();
        String str = null;
        OIDCBackChannelAuthCodeCacheEntry oIDCBackChannelAuthCodeCacheEntry = getOIDCBackChannelAuthCodeCacheEntry(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getAuthorizationCode());
        if (oIDCBackChannelAuthCodeCacheEntry != null) {
            str = oIDCBackChannelAuthCodeCacheEntry.getSessionId();
        }
        if (str != null) {
            if (log.isDebugEnabled()) {
                log.debug("sid claim is found in the session state");
            }
            hashMap.put("sid", str);
        }
        return hashMap;
    }

    private OIDCSessionState getSessionState(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        Cookie[] cookie = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getCookie();
        if (cookie == null) {
            return null;
        }
        for (Cookie cookie2 : cookie) {
            if (OIDCSessionConstants.OPBS_COOKIE_ID.equals(cookie2.getName())) {
                return OIDCSessionManagementUtil.getSessionManager().getOIDCSessionState(cookie2.getValue());
            }
        }
        return null;
    }

    private OIDCBackChannelAuthCodeCacheEntry getOIDCBackChannelAuthCodeCacheEntry(String str) {
        if (!StringUtils.isBlank(str)) {
            return OIDCBackChannelAuthCodeCache.getInstance().getValueFromCache(new OIDCBackChannelAuthCodeCacheKey(str));
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("getOIDCBackChannelAuthCodeCacheEntry returned null.");
        return null;
    }
}
