package org.wso2.carbon.identity.provider;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.StringTokenizer;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.rahas.impl.util.SAMLAttributeCallback;
import org.apache.rahas.impl.util.SAMLCallback;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.opensaml.Configuration;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLException;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.IdentityClaimManager;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent;
import org.wso2.carbon.identity.provider.openid.OpenIDConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.Claim;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/provider/AttributeCallbackHandler.class */
public class AttributeCallbackHandler implements SAMLCallbackHandler {
    private static final Log log = LogFactory.getLog(AttributeCallbackHandler.class);
    protected Map<String, RequestedClaimData> requestedClaims = new HashMap();
    protected Map<String, String> requestedClaimValues = new HashMap();
    protected Map<String, Claim> supportedClaims = new HashMap();
    private String userAttributeSeparator = ",,,";

    public void handle(SAMLCallback sAMLCallback) throws SAMLException {
        if (sAMLCallback instanceof SAMLAttributeCallback) {
            SAMLAttributeCallback sAMLAttributeCallback = (SAMLAttributeCallback) sAMLCallback;
            RahasData data = sAMLAttributeCallback.getData();
            OMElement claimElem = data.getClaimElem();
            String claimDialect = data.getClaimDialect();
            String name = data.getPrincipal().getName();
            String appliesToAddress = data.getAppliesToAddress();
            String str = data.getInMessageContext().getProperty("spTenantDomain") != null ? (String) data.getInMessageContext().getProperty("spTenantDomain") : "carbon.super";
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) data.getInMessageContext().getProperty("AuthenticatedUser");
            if (name != null) {
                String[] split = name.split(",")[0].split("=");
                if (split.length == 2) {
                    name = split[1];
                }
            }
            if (StringUtils.isNotEmpty(claimDialect) && claimElem != null) {
                try {
                    processClaimData(data, claimElem);
                    loadClaims(claimElem, str);
                    populateClaimValues(name, sAMLAttributeCallback);
                } catch (IdentityProviderException e) {
                    log.error("Error occurred while populating claim data", e);
                }
                for (IdentityAttributeService identityAttributeService : IdentityAttributeServiceStore.getAttributeServices()) {
                    try {
                        identityAttributeService.handle(sAMLAttributeCallback);
                    } catch (Exception e2) {
                        log.error("Error occurred while calling attribute callback", e2);
                    }
                }
                return;
            }
            try {
                ClaimMapping[] claimMappings = IdentityProviderServiceComponent.getApplicationManagementService().getServiceProviderByClientId(appliesToAddress, "wstrust", CarbonContext.getThreadLocalCarbonContext().getTenantDomain()).getClaimConfig().getClaimMappings();
                for (int i = 0; i < claimMappings.length; i++) {
                    String claimUri = claimMappings[i].getLocalClaim().getClaimUri();
                    String claimUri2 = claimMappings[i].getRemoteClaim().getClaimUri();
                    if (StringUtils.isNotBlank(claimUri) && StringUtils.isNotBlank(claimUri2)) {
                        String substring = claimUri2.substring(claimUri2.lastIndexOf(47) + 1);
                        String substring2 = claimUri2.substring(0, claimUri2.lastIndexOf(47));
                        String str2 = null;
                        if (StringUtils.isNotBlank(substring) && StringUtils.isNotBlank(substring2)) {
                            if (isHandlerCalledFromWSTrustSTSFlow(sAMLAttributeCallback)) {
                                str2 = IdentityProviderServiceComponent.getRealmService().getBootstrapRealm().getUserStoreManager().getUserClaimValue(name, claimUri, OpenIDConstants.SessionAttribute.DEFAULT_PROFILE);
                            } else if (!authenticatedUser.isFederatedUser()) {
                                if (log.isDebugEnabled()) {
                                    log.debug("Loading claim values from local UserStore for user: " + authenticatedUser.toString());
                                }
                                str2 = IdentityProviderServiceComponent.getRealmService().getBootstrapRealm().getUserStoreManager().getUserClaimValue(name, claimUri, OpenIDConstants.SessionAttribute.DEFAULT_PROFILE);
                            }
                            if (StringUtils.isEmpty(str2)) {
                                str2 = new String();
                                if (log.isDebugEnabled()) {
                                    log.debug("Claim Values haven't properly set");
                                }
                            }
                            sAMLAttributeCallback.addAttributes(new SAMLAttribute(substring, substring2, (QName) null, -1L, Arrays.asList(str2)));
                        }
                    }
                }
            } catch (UserStoreException e3) {
                throw new SAMLException("Error while loading claims of the user", e3);
            } catch (IdentityApplicationManagementException e4) {
                throw new SAMLException("Error while loading SP specific claims", e4);
            }
        }
    }

    private Attribute getSAML2Attribute(String str, String str2, String str3) {
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        Attribute buildObject = builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setName(str);
        buildObject.setNameFormat(str3);
        XSString buildObject2 = builderFactory.getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
        buildObject2.setValue(str2);
        buildObject.getAttributeValues().add(buildObject2);
        return buildObject;
    }

    private void loadClaims(OMElement oMElement, String str) throws IdentityProviderException {
        String attributeValue = oMElement.getNamespace() != null ? oMElement.getAttributeValue(new QName(oMElement.getNamespace().getNamespaceURI(), "Dialect")) : null;
        if (attributeValue == null || attributeValue.trim().length() == 0) {
            attributeValue = "http://wso2.org/claims";
        }
        if (log.isDebugEnabled()) {
            log.debug("Loading claims");
        }
        try {
            for (Claim claim : IdentityClaimManager.getInstance().getAllSupportedClaims(attributeValue, IdentityTenantUtil.getRealm(str, (String) null))) {
                this.supportedClaims.put(claim.getClaimUri(), claim);
            }
        } catch (IdentityException e) {
            log.error("Error while loading claims", e);
            throw new IdentityProviderException("Error while loading claims", e);
        }
    }

    protected void loadClaims(String str) throws IdentityProviderException {
        if (log.isDebugEnabled()) {
            log.debug("Loading claims");
        }
        try {
            for (Claim claim : IdentityClaimManager.getInstance().getAllSupportedClaims("http://wso2.org/claims", IdentityTenantUtil.getRealm((String) null, str))) {
                this.supportedClaims.put(claim.getClaimUri(), claim);
            }
        } catch (IdentityException e) {
            log.error("Error while loading claims", e);
            throw new IdentityProviderException("Error while loading claims", e);
        }
    }

    protected void processClaimData(RahasData rahasData, OMElement oMElement) throws IdentityProviderException {
        if (oMElement == null) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Processing claim data");
        }
        Iterator childrenWithName = oMElement.getChildrenWithName(new QName("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType"));
        while (childrenWithName.hasNext()) {
            OMElement oMElement2 = (OMElement) childrenWithName.next();
            RequestedClaimData requestedClaim = getRequestedClaim();
            String attributeValue = oMElement2.getAttributeValue(new QName(null, "Uri"));
            if (attributeValue == null) {
                log.error("Empty claim uri found while procession claim data");
                throw new IdentityProviderException("Empty claim uri found while procession claim data");
            }
            if (attributeValue.startsWith("{") && attributeValue.endsWith("}") && attributeValue.lastIndexOf("|") == attributeValue.indexOf("|")) {
                attributeValue = attributeValue.substring(1, attributeValue.indexOf("|"));
                this.requestedClaimValues.put(attributeValue, attributeValue.substring(attributeValue.indexOf("|") + 1, attributeValue.length() - 1));
            }
            requestedClaim.setUri(attributeValue);
            String attributeValue2 = oMElement2.getAttributeValue(new QName(null, "Optional"));
            if (StringUtils.isNotBlank(attributeValue2)) {
                requestedClaim.setBOptional("true".equals(attributeValue2));
            } else {
                requestedClaim.setBOptional(true);
            }
            this.requestedClaims.put(requestedClaim.getUri(), requestedClaim);
        }
    }

    protected void populateClaimValues(String str, SAMLAttributeCallback sAMLAttributeCallback) throws IdentityProviderException {
        String uri;
        String str2;
        if (log.isDebugEnabled()) {
            log.debug("Populating claim values");
        }
        if (this.requestedClaims.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        RahasData data = sAMLAttributeCallback.getData();
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) data.getInMessageContext().getProperty("AuthenticatedUser");
        for (RequestedClaimData requestedClaimData : this.requestedClaims.values()) {
            if (requestedClaimData != null && !requestedClaimData.getUri().equals("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier")) {
                arrayList.add(requestedClaimData.getUri());
            }
        }
        String[] strArr = new String[arrayList.size()];
        Map<String, String> map = null;
        try {
            if (MapUtils.isEmpty(this.requestedClaimValues)) {
                try {
                    if (isHandlerCalledFromWSTrustSTSFlow(sAMLAttributeCallback)) {
                        map = IdentityTenantUtil.getRealm((String) null, str).getUserStoreManager().getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), (String[]) arrayList.toArray(strArr), (String) null);
                    } else if (!authenticatedUser.isFederatedUser()) {
                        if (log.isDebugEnabled()) {
                            log.debug("Loading claim values from local UserStore for user: " + authenticatedUser.toString());
                        }
                        map = IdentityTenantUtil.getRealm(authenticatedUser.getTenantDomain(), (String) null).getUserStoreManager().getUserClaimValues(MultitenantUtils.getTenantAwareUsername(str), (String[]) arrayList.toArray(strArr), (String) null);
                    }
                } catch (org.wso2.carbon.user.api.UserStoreException e) {
                    throw new IdentityProviderException("Error while instantiating IdentityUserStore", e);
                }
            } else {
                map = this.requestedClaimValues;
            }
            String str3 = map.get("MultiAttributeSeparator");
            if (StringUtils.isNotBlank(str3)) {
                this.userAttributeSeparator = str3;
                map.remove("MultiAttributeSeparator");
            }
            for (RequestedClaimData requestedClaimData2 : this.requestedClaims.values()) {
                requestedClaimData2.setValue(map.get(requestedClaimData2.getUri()));
                if (requestedClaimData2.getValue() != null) {
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(data.getTokenType())) {
                        sAMLAttributeCallback.addAttributes(getSAML2Attribute(requestedClaimData2.getUri(), requestedClaimData2.getValue(), requestedClaimData2.getUri()));
                    } else {
                        if (this.supportedClaims.get(requestedClaimData2.getUri()) != null) {
                            str2 = this.supportedClaims.get(requestedClaimData2.getUri()).getDisplayTag();
                            uri = requestedClaimData2.getUri();
                        } else {
                            uri = requestedClaimData2.getUri();
                            if (!uri.contains("/") || uri.length() <= uri.lastIndexOf("/") + 1) {
                                str2 = uri;
                            } else {
                                str2 = uri.substring(uri.lastIndexOf("/") + 1);
                                uri = uri.substring(0, uri.lastIndexOf("/"));
                            }
                        }
                        ArrayList arrayList2 = new ArrayList();
                        if (requestedClaimData2.getValue().contains(this.userAttributeSeparator)) {
                            StringTokenizer stringTokenizer = new StringTokenizer(requestedClaimData2.getValue(), this.userAttributeSeparator);
                            while (stringTokenizer.hasMoreElements()) {
                                String obj = stringTokenizer.nextElement().toString();
                                if (obj != null && obj.trim().length() > 0) {
                                    arrayList2.add(obj);
                                }
                            }
                        } else {
                            arrayList2.add(requestedClaimData2.getValue());
                        }
                        sAMLAttributeCallback.addAttributes(new SAMLAttribute(str2, uri, (QName) null, -1L, arrayList2));
                    }
                }
            }
        } catch (Exception e2) {
            throw new IdentityProviderException(e2.getMessage(), e2);
        }
    }

    protected RequestedClaimData getRequestedClaim() {
        return new RequestedClaimData();
    }

    private boolean isHandlerCalledFromWSTrustSTSFlow(SAMLAttributeCallback sAMLAttributeCallback) {
        return !(sAMLAttributeCallback.getData().getInMessageContext().getProperty("AuthenticatedUser") instanceof AuthenticatedUser);
    }
}
