package org.wso2.carbon.identity.oidc.session.backchannellogout;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.Cookie;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry;
import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenRespDTO;
import org.wso2.carbon.identity.oauth2.dto.OAuth2AuthorizeRespDTO;
import org.wso2.carbon.identity.oauth2.model.HttpRequestHeader;
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
import org.wso2.carbon.identity.oidc.session.OIDCSessionConstants;
import org.wso2.carbon.identity.oidc.session.OIDCSessionState;
import org.wso2.carbon.identity.oidc.session.util.OIDCSessionManagementUtil;
import org.wso2.carbon.identity.openidconnect.ClaimProvider;

/* loaded from: input_file:org/wso2/carbon/identity/oidc/session/backchannellogout/ClaimProviderImpl.class */
public class ClaimProviderImpl implements ClaimProvider {
    private static final Log LOG = LogFactory.getLog(ClaimProviderImpl.class);

    public Map<String, Object> getAdditionalClaims(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext, OAuth2AuthorizeRespDTO oAuth2AuthorizeRespDTO) throws IdentityOAuth2Exception {
        String sidClaim;
        HashMap hashMap = new HashMap();
        OIDCSessionState sessionState = getSessionState(oAuthAuthzReqMessageContext);
        if (sessionState == null) {
            sidClaim = UUID.randomUUID().toString();
            LOG.debug("sid claim is generated for auth request.");
        } else {
            sidClaim = sessionState.getSidClaim();
            LOG.debug("sid claim is found in the session state.");
        }
        hashMap.put("sid", sidClaim);
        oAuth2AuthorizeRespDTO.setOidcSessionId(sidClaim);
        return hashMap;
    }

    private AuthorizationGrantCacheEntry getAuthorizationGrantCacheEntryFromCode(String str) {
        return AuthorizationGrantCache.getInstance().getValueFromCacheByCode(new AuthorizationGrantCacheKey(str));
    }

    public Map<String, Object> getAdditionalClaims(OAuthTokenReqMessageContext oAuthTokenReqMessageContext, OAuth2AccessTokenRespDTO oAuth2AccessTokenRespDTO) throws IdentityOAuth2Exception {
        HashMap hashMap = new HashMap();
        String str = null;
        String authorizationCode = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getAuthorizationCode();
        if (StringUtils.isNotBlank(authorizationCode)) {
            AuthorizationGrantCacheEntry authorizationGrantCacheEntryFromCode = getAuthorizationGrantCacheEntryFromCode(authorizationCode);
            if (authorizationGrantCacheEntryFromCode != null) {
                str = authorizationGrantCacheEntryFromCode.getOidcSessionId();
            }
        } else {
            if (!"refresh_token".equalsIgnoreCase(oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType())) {
                LOG.debug("AccessCode is null. Possibly a back end grant");
                return hashMap;
            }
            OIDCSessionState sessionState = getSessionState(oAuthTokenReqMessageContext);
            if (sessionState != null) {
                str = sessionState.getSidClaim();
            }
        }
        if (str != null) {
            LOG.debug("sid claim is found in the session state");
            hashMap.put("sid", str);
        }
        return hashMap;
    }

    private OIDCSessionState getSessionState(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) {
        Cookie[] cookie = oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getCookie();
        if (cookie == null) {
            return null;
        }
        for (Cookie cookie2 : cookie) {
            if (OIDCSessionConstants.OPBS_COOKIE_ID.equals(cookie2.getName())) {
                return OIDCSessionManagementUtil.getSessionManager().getOIDCSessionState(cookie2.getValue(), oAuthAuthzReqMessageContext.getAuthorizationReqDTO().getLoggedInTenantDomain());
            }
        }
        return null;
    }

    private OIDCSessionState getSessionState(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) {
        HttpRequestHeader[] httpRequestHeaders = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getHttpRequestHeaders();
        if (ArrayUtils.isEmpty(httpRequestHeaders)) {
            return null;
        }
        for (HttpRequestHeader httpRequestHeader : httpRequestHeaders) {
            if ("Cookie".equalsIgnoreCase(httpRequestHeader.getName())) {
                if (ArrayUtils.isEmpty(httpRequestHeader.getValue())) {
                    return null;
                }
                for (String str : httpRequestHeader.getValue()[0].split(";")) {
                    String[] split = str.split("=");
                    if (split.length == 2 && OIDCSessionConstants.OPBS_COOKIE_ID.equals(split[0].trim())) {
                        String str2 = split[1];
                        if (StringUtils.isBlank(str2)) {
                            return null;
                        }
                        return OIDCSessionManagementUtil.getSessionManager().getOIDCSessionState(str2, oAuthTokenReqMessageContext.getAuthorizedUser().getTenantDomain());
                    }
                }
            }
        }
        return null;
    }
}
