package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;

import java.io.IOException;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringJoiner;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URIBuilder;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.core.util.AnonymousSessionUtil;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.PostAuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.AbstractPostAuthnHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthnHandlerFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.util.SessionMgtUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim;
import org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerException;
import org.wso2.carbon.user.api.Claim;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreClientException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.constants.UserCoreErrorConstants;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/PostAuthnMissingClaimHandler.class */
public class PostAuthnMissingClaimHandler extends AbstractPostAuthnHandler {
    private static final Log log = LogFactory.getLog(PostAuthnMissingClaimHandler.class);
    private static volatile PostAuthnMissingClaimHandler instance;

    public static PostAuthnMissingClaimHandler getInstance() {
        if (instance == null) {
            synchronized (PostAuthnMissingClaimHandler.class) {
                if (instance == null) {
                    instance = new PostAuthnMissingClaimHandler();
                }
            }
        }
        return instance;
    }

    public int getPriority() {
        return 100;
    }

    public String getName() {
        return "MissingClaimPostAuthnHandler";
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.request.PostAuthenticationHandler
    public PostAuthnHandlerFlowStatus handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        if (log.isDebugEnabled()) {
            log.debug("Post authentication handling for missing claims started");
        }
        if (getAuthenticatedUser(authenticationContext) == null) {
            if (log.isDebugEnabled()) {
                log.debug("No authenticated user found. Hence returning without handling mandatory claims");
            }
            return PostAuthnHandlerFlowStatus.UNSUCCESS_COMPLETED;
        }
        if (!isPostAuthRequestTriggered(authenticationContext)) {
            return handlePostAuthenticationForMissingClaimsRequest(httpServletRequest, httpServletResponse, authenticationContext);
        }
        try {
            handlePostAuthenticationForMissingClaimsResponse(httpServletRequest, httpServletResponse, authenticationContext);
            if (log.isDebugEnabled()) {
                log.debug("Successfully returning from missing claim handler");
            }
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        } catch (PostAuthenticationFailedException e) {
            if (authenticationContext.getProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR) != null) {
                return handlePostAuthenticationForMissingClaimsRequest(httpServletRequest, httpServletResponse, authenticationContext);
            }
            throw e;
        }
    }

    protected boolean isPostAuthRequestTriggered(AuthenticationContext authenticationContext) {
        Object property = authenticationContext.getProperty(FrameworkConstants.POST_AUTHENTICATION_REDIRECTION_TRIGGERED);
        boolean z = false;
        if (property != null && (property instanceof Boolean)) {
            z = ((Boolean) property).booleanValue();
        }
        return z;
    }

    private String getMissingClaimsDisplayNames(Map<String, String> map, List<LocalClaim> list) {
        StringJoiner stringJoiner = new StringJoiner(",");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            Iterator<LocalClaim> it = list.iterator();
            while (true) {
                if (it.hasNext()) {
                    LocalClaim next = it.next();
                    if (entry.getValue().equalsIgnoreCase(next.getClaimURI())) {
                        stringJoiner.add(entry.getKey() + SessionMgtUtils.SQL_QUERY_APPLICATIONS_SPLIT_CHARACTER + ((String) next.getClaimProperties().get("DisplayName")));
                        break;
                    }
                }
            }
        }
        return stringJoiner.toString();
    }

    protected PostAuthnHandlerFlowStatus handlePostAuthenticationForMissingClaimsRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        String[] missingClaims = FrameworkUtils.getMissingClaims(authenticationContext);
        if (!StringUtils.isNotBlank(missingClaims[0])) {
            return PostAuthnHandlerFlowStatus.SUCCESS_COMPLETED;
        }
        if (log.isDebugEnabled()) {
            log.debug("Mandatory claims missing for the application : " + missingClaims[0]);
        }
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            HashMap hashMap = new HashMap();
            hashMap.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
            hashMap.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
            hashMap.put(FrameworkConstants.LogConstants.MISSING_CLAIMS, missingClaims);
            LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap, "FAILED", "Mandatory claims missing for the application: " + authenticationContext.getServiceProviderName(), FrameworkConstants.LogConstants.ActionIDs.HANDLE_MISSING_CLAIMS, (Map) null);
        }
        try {
            ClaimManager claimManager = getUserRealm(authenticationContext.getTenantDomain()).getClaimManager();
            Map<String, String> missingClaimsMap = FrameworkUtils.getMissingClaimsMap(authenticationContext);
            for (Map.Entry<String, String> entry : missingClaimsMap.entrySet()) {
                Claim claim = claimManager.getClaim(entry.getValue());
                if (claim != null && claim.isReadOnly()) {
                    if (LoggerUtils.isDiagnosticLogsEnabled()) {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
                        hashMap2.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
                        hashMap2.put(FrameworkConstants.LogConstants.MISSING_CLAIMS, entry);
                        LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap2, "FAILED", "One or more read-only claim is missing in the requested claim set", FrameworkConstants.LogConstants.ActionIDs.HANDLE_MISSING_CLAIMS, (Map) null);
                    }
                    throw new PostAuthenticationFailedException("One or more read-only claim is missing in the requested claim set. Please contact your administrator for more information about this issue.", "One or more read-only claim is missing in the requested claim set");
                }
            }
            String missingClaimsDisplayNames = getMissingClaimsDisplayNames(missingClaimsMap, getClaimMetadataManagementService().getLocalClaims(authenticationContext.getTenantDomain()));
            URIBuilder uRIBuilder = new URIBuilder(ConfigurationFacade.getInstance().getAuthenticationEndpointMissingClaimsURL());
            uRIBuilder.addParameter(FrameworkConstants.MISSING_CLAIMS, missingClaims[0]);
            uRIBuilder.addParameter(FrameworkConstants.DISPLAY_NAMES, missingClaimsDisplayNames);
            uRIBuilder.addParameter("sessionDataKey", authenticationContext.getContextIdentifier());
            uRIBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_SP, authenticationContext.getSequenceConfig().getApplicationConfig().getApplicationName());
            if (authenticationContext.getProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR) != null) {
                uRIBuilder.addParameter(FrameworkConstants.ERROR_MESSAGE, authenticationContext.getProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR).toString());
                authenticationContext.removeProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR);
            }
            if (authenticationContext.getProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR_CODE) != null) {
                uRIBuilder.addParameter("errorCode", authenticationContext.getProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR_CODE).toString());
                authenticationContext.removeProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR_CODE);
            }
            httpServletResponse.sendRedirect(uRIBuilder.build().toString());
            authenticationContext.setProperty(FrameworkConstants.POST_AUTHENTICATION_REDIRECTION_TRIGGERED, true);
            if (log.isDebugEnabled()) {
                log.debug("Redirecting to outside to pick mandatory claims");
            }
            return PostAuthnHandlerFlowStatus.INCOMPLETE;
        } catch (ClaimMetadataException e) {
            throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while retrieving claim metadata.", e);
        } catch (URISyntaxException e2) {
            throw new PostAuthenticationFailedException("Error while handling missing mandatory claims. Error in redirect URI.", "Error while building redirect URI", e2);
        } catch (UserStoreException e3) {
            throw new PostAuthenticationFailedException("Error while handling missing mandatory claims. Error in retrieving claim.", "Error while retrieving claim from claim URI.", e3);
        } catch (IOException e4) {
            throw new PostAuthenticationFailedException("Error while handling missing mandatory claims", "Error while redirecting to request claims page", e4);
        }
    }

    protected void handlePostAuthenticationForMissingClaimsResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws PostAuthenticationFailedException {
        if (log.isDebugEnabled()) {
            log.debug("Starting to process the response with missing claims");
        }
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        boolean z = false;
        AuthenticatedUser authenticatedUser = authenticationContext.getSequenceConfig().getAuthenticatedUser();
        HashMap hashMap3 = new HashMap();
        Object property = authenticationContext.getProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING);
        if (property instanceof Map) {
            for (Map.Entry entry : ((Map) property).entrySet()) {
                hashMap3.put((String) entry.getValue(), (String) entry.getKey());
            }
        }
        boolean z2 = false;
        Iterator it = parameterMap.entrySet().iterator();
        while (true) {
            if (it.hasNext()) {
                if (((String) ((Map.Entry) it.next()).getKey()).startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
                    z2 = true;
                    break;
                }
            } else {
                break;
            }
        }
        if (!z2) {
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                HashMap hashMap4 = new HashMap();
                hashMap4.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
                hashMap4.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
                LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap4, "FAILED", "Mandatory missing claims are not found", FrameworkConstants.LogConstants.ActionIDs.HANDLE_MISSING_CLAIMS, (Map) null);
            }
            throw new PostAuthenticationFailedException("Mandatory missing claims are not found", "Mandatory missing claims are not found in the request for the session with context identifier: " + authenticationContext.getContextIdentifier());
        }
        ArrayList arrayList = new ArrayList();
        for (Map.Entry entry2 : parameterMap.entrySet()) {
            if (((String) entry2.getKey()).startsWith(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX)) {
                String substring = ((String) entry2.getKey()).substring(FrameworkConstants.RequestParams.MANDOTARY_CLAIM_PREFIX.length());
                if (StringUtils.isBlank(((String[]) entry2.getValue())[0])) {
                    arrayList.add(substring);
                } else {
                    hashMap.put(substring, ((String[]) entry2.getValue())[0]);
                    if (property != null) {
                        hashMap2.put((String) hashMap3.get(substring), ((String[]) entry2.getValue())[0]);
                    } else {
                        hashMap2.put(substring, ((String[]) entry2.getValue())[0]);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(arrayList)) {
            String join = StringUtils.join(arrayList, ",");
            if (log.isDebugEnabled()) {
                log.debug("Claim values for the mandatory claims: " + join + " are empty");
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                HashMap hashMap5 = new HashMap();
                hashMap5.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
                hashMap5.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
                hashMap5.put(FrameworkConstants.LogConstants.MISSING_CLAIMS, join);
                LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap5, "FAILED", "Mandatory claim is not found. Claim values for the claim URIs: " + join + " are empty", FrameworkConstants.LogConstants.ActionIDs.HANDLE_MISSING_CLAIMS, (Map) null);
            }
            throw new PostAuthenticationFailedException("Mandatory claim is not found", "Claim values for the claim URIs: " + join + " are empty");
        }
        Map<ClaimMapping, String> buildClaimMappings = FrameworkUtils.buildClaimMappings(hashMap2);
        buildClaimMappings.putAll(authenticatedUser.getUserAttributes());
        Iterator<Map.Entry<Integer, StepConfig>> it2 = authenticationContext.getSequenceConfig().getStepMap().entrySet().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            StepConfig value = it2.next().getValue();
            if (value.isSubjectAttributeStep()) {
                if (value.getAuthenticatedUser() != null) {
                    authenticatedUser = value.getAuthenticatedUser();
                }
                if (authenticatedUser.isFederatedUser()) {
                    String authenticatedSubjectIdentifier = authenticatedUser.getAuthenticatedSubjectIdentifier();
                    try {
                        String userForFederatedAssociation = FrameworkUtils.getFederatedAssociationManager().getUserForFederatedAssociation(authenticationContext.getTenantDomain(), value.getAuthenticatedIdP(), authenticatedSubjectIdentifier);
                        if (StringUtils.isNotBlank(userForFederatedAssociation)) {
                            String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(userForFederatedAssociation + "@" + authenticationContext.getTenantDomain());
                            UserCoreUtil.setDomainInThreadLocal(UserCoreUtil.extractDomainFromName(userForFederatedAssociation));
                            authenticatedUser = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(prependUserStoreDomainToName);
                            z = true;
                        }
                    } catch (FederatedAssociationManagerException | FrameworkException e) {
                        throw new PostAuthenticationFailedException("Error while handling missing mandatory claims. Error in association.", "Error while getting association for " + authenticatedSubjectIdentifier, e);
                    }
                } else {
                    z = true;
                }
            }
        }
        if (z) {
            if (log.isDebugEnabled()) {
                log.debug("Local user mapping found. Claims will be persisted");
            }
            try {
                Map<String, String> claimMappings = authenticationContext.getSequenceConfig().getApplicationConfig().getClaimMappings();
                HashMap hashMap6 = new HashMap();
                for (Map.Entry entry3 : hashMap.entrySet()) {
                    hashMap6.put(claimMappings.get(entry3.getKey()), (String) entry3.getValue());
                }
                if (log.isDebugEnabled()) {
                    log.debug("Updating user profile of user : " + authenticatedUser.getLoggableUserId());
                }
                getUserRealm(authenticatedUser.getTenantDomain()).getUserStoreManager().setUserClaimValuesWithID(authenticatedUser.getUserId(), hashMap6, (String) null);
            } catch (UserIdNotFoundException e2) {
                throw new PostAuthenticationFailedException("User id not found", "User id not found for local user. Could not update profile", e2);
            } catch (org.wso2.carbon.user.core.UserStoreException e3) {
                if (e3 instanceof UserStoreClientException) {
                    authenticationContext.setProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR, e3.getMessage());
                    if (StringUtils.isNotBlank(e3.getErrorCode())) {
                        authenticationContext.setProperty(FrameworkConstants.POST_AUTH_MISSING_CLAIMS_ERROR_CODE, e3.getErrorCode());
                    }
                    if (FrameworkConstants.ERROR_CODE_INVALID_ATTRIBUTE_UPDATE.equals(e3.getErrorCode())) {
                        authenticationContext.getSequenceConfig().getAuthenticatedUser().setUserAttributes(buildClaimMappings);
                        return;
                    }
                }
                if (!UserCoreErrorConstants.ErrorMessages.ERROR_CODE_READONLY_USER_STORE.getCode().equals(e3.getErrorCode())) {
                    throw new PostAuthenticationFailedException(e3.getMessage(), "Error while updating claims for local user. Could not update profile", e3);
                }
                authenticationContext.getSequenceConfig().getAuthenticatedUser().setUserAttributes(buildClaimMappings);
                return;
            }
        }
        authenticationContext.getSequenceConfig().getAuthenticatedUser().setUserAttributes(buildClaimMappings);
    }

    protected UserRealm getUserRealm(String str) throws PostAuthenticationFailedException {
        try {
            return AnonymousSessionUtil.getRealmByTenantDomain(FrameworkServiceComponent.getRegistryService(), FrameworkServiceComponent.getRealmService(), str);
        } catch (CarbonException e) {
            throw new PostAuthenticationFailedException("Error while handling missing mandatory claims. Error in realm.", "Error occurred while retrieving the Realm for " + str + " to handle local claims", e);
        }
    }

    protected AuthenticatedUser getAuthenticatedUser(AuthenticationContext authenticationContext) {
        return authenticationContext.getSequenceConfig().getAuthenticatedUser();
    }

    private ClaimMetadataManagementService getClaimMetadataManagementService() {
        return FrameworkServiceDataHolder.getInstance().getClaimMetadataManagementService();
    }
}
