package com.sun.identity.workflow;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.config.AMAuthConfigUtils;
import com.sun.identity.authentication.config.AMAuthenticationInstance;
import com.sun.identity.authentication.config.AMAuthenticationManager;
import com.sun.identity.authentication.config.AMConfigurationException;
import com.sun.identity.authentication.config.AuthConfigurationEntry;
import com.sun.identity.common.CaseInsensitiveHashMap;
import com.sun.identity.common.CaseInsensitiveHashSet;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.OrganizationConfigManager;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfig;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.forgerock.json.jose.utils.Utils;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.MapHelper;

/* loaded from: input_file:com/sun/identity/workflow/ConfigureSocialAuthN.class */
public class ConfigureSocialAuthN extends Task {
    private static final Debug DEBUG = Debug.getInstance("workflow");
    private static final String SERVICE_NAME = "socialAuthNService";
    private static final String SERVICE_DISPLAY_NAME = "socialAuthNDisplayName";
    private static final String SERVICE_CHAIN_NAME = "socialAuthNAuthChain";
    private static final String SERVICE_ICON = "socialAuthNIcon";
    private static final String SERVICE_ENABLED = "socialAuthNEnabled";
    private static final String AUTH_MODULE_TYPE = "OAuth";
    static final String WELL_KNOWN_TOKEN_URL = "token_endpoint";
    static final String WELL_KNOWN_AUTH_URL = "authorization_endpoint";
    static final String WELL_KNOWN_PROFILE_URL = "userinfo_endpoint";
    static final String WELL_KNOWN_ISSUER = "issuer";
    static final String WELL_KNOWN_JWK = "jwks_uri";
    static final String AUTH_MODULE_AUTH_URL = "iplanet-am-auth-oauth-auth-service";
    static final String AUTH_MODULE_TOKEN_URL = "iplanet-am-auth-oauth-token-service";
    static final String AUTH_MODULE_USER_PROFILE_URL = "iplanet-am-auth-oauth-user-profile-service";
    static final String AUTH_MODULE_ISSUER = "openam-auth-openidconnect-issuer-name";
    static final String AUTH_MODULE_CLIENT_ID = "iplanet-am-auth-oauth-client-id";
    static final String AUTH_MODULE_CLIENT_SECRET = "iplanet-am-auth-oauth-client-secret";
    static final String AUTH_MODULE_PROXY_URL = "iplanet-am-auth-oauth-sso-proxy-url";
    static final String AUTH_MODULE_CRYPTO_TYPE = "openam-auth-openidconnect-crypto-context-type";
    static final String AUTH_MODULE_CRYPTO_VALUE = "openam-auth-openidconnect-crypto-context-value";
    static final String AUTH_MODULE_CREATE_PASSWORD = "org-forgerock-auth-oauth-prompt-password-flag";

    @Override // com.sun.identity.workflow.ITask
    public String execute(Locale locale, Map map) throws WorkflowException {
        String nonEmptyString = getNonEmptyString(map, ParameterKeys.P_REALM, "missing-realm");
        String nonEmptyString2 = getNonEmptyString(map, ParameterKeys.P_TYPE, "missing-type");
        Map<String, Set<String>> collectAuthModuleAttributes = collectAuthModuleAttributes(locale, nonEmptyString2, map);
        String validatedField = getValidatedField(nonEmptyString2, map, collectAuthModuleAttributes, ParameterKeys.P_PROVIDER_NAME, "missing-provider-name");
        String validatedField2 = getValidatedField(nonEmptyString2, map, collectAuthModuleAttributes, ParameterKeys.P_IMAGE_URL, "missing-image-url");
        String replaceAll = validatedField.replaceAll("\\W", "");
        String str = replaceAll + "SocialAuthentication";
        String str2 = replaceAll + "SocialAuthenticationService";
        if (authModuleExists(nonEmptyString, str)) {
            throw new WorkflowException("auth-module-exists", str);
        }
        if (authChainExists(nonEmptyString, str2)) {
            throw new WorkflowException("auth-chain-exists", str2);
        }
        createAuthModule(nonEmptyString, str, collectAuthModuleAttributes);
        createSocialAuthenticationChain(nonEmptyString, str, str2);
        createOrModifySocialService(nonEmptyString, str2, validatedField, validatedField2);
        return MessageFormat.format(getMessage("social.authn.configured", locale), validatedField, str, str2, SERVICE_NAME);
    }

    private String getNonEmptyString(Map<String, ?> map, String str, String str2) throws WorkflowException {
        String string = getString(map, str);
        if (string == null || string.isEmpty()) {
            throw new WorkflowException(str2, null);
        }
        return string;
    }

    String getValidatedClientSecret(Map<String, ?> map) throws WorkflowException {
        String nonEmptyString = getNonEmptyString(map, ParameterKeys.P_CLIENT_SECRET, "missing-clientSecret");
        if (nonEmptyString.equals(getNonEmptyString(map, ParameterKeys.P_CLIENT_SECRET_CONFIRM, "missing-clientSecretConfirm"))) {
            return nonEmptyString;
        }
        throw new WorkflowException("secrets-doesnt-match", null);
    }

    String getValidatedRedirectUrl(Map<String, ?> map) throws WorkflowException {
        String nonEmptyString = getNonEmptyString(map, ParameterKeys.P_REDIRECT_URL, "missing-redirectUrl");
        try {
            new URL(nonEmptyString);
            return nonEmptyString;
        } catch (MalformedURLException e) {
            throw new WorkflowException("invalid-redirectUrl", null);
        }
    }

    String getValidatedField(String str, Map<String, ?> map, Map<String, Set<String>> map2, String str2, String str3) throws WorkflowException {
        if ("other".equals(str)) {
            return getNonEmptyString(map, str2, str3);
        }
        String mapAttr = CollectionHelper.getMapAttr(map2, str2);
        if (StringUtils.isEmpty(mapAttr)) {
            throw new WorkflowException(str3, null);
        }
        return mapAttr;
    }

    private boolean authModuleExists(String str, String str2) throws WorkflowException {
        try {
            Iterator it = new AMAuthenticationManager(getAdminToken(), str).getAuthenticationInstances().iterator();
            while (it.hasNext()) {
                if (str2.equals(((AMAuthenticationInstance) it.next()).getName())) {
                    return true;
                }
            }
            return false;
        } catch (AMConfigurationException e) {
            DEBUG.error("An error occurred while creating/modifying social authentication module", e);
            throw new WorkflowException("social-service-error", null);
        }
    }

    private boolean authChainExists(String str, String str2) throws WorkflowException {
        try {
            return AMAuthConfigUtils.getAllNamedConfig(str, getAdminToken()).contains(str2);
        } catch (SMSException e) {
            DEBUG.error("An error occurred while creating/modifying social authentication chain", e);
            throw new WorkflowException("social-service-error", null);
        } catch (SSOException e2) {
            DEBUG.warning("A session error occurred while creating/modifying social authentication chain", e2);
            throw new WorkflowException("social-service-error", null);
        }
    }

    Map<String, Set<String>> collectAuthModuleAttributes(Locale locale, String str, Map<String, Set<String>> map) throws WorkflowException {
        CaseInsensitiveHashMap caseInsensitiveHashMap = new CaseInsensitiveHashMap();
        caseInsensitiveHashMap.putAll(readPropertiesFile(str));
        String nonEmptyString = getNonEmptyString(map, ParameterKeys.P_CLIENT_ID, "missing-clientId");
        String validatedClientSecret = getValidatedClientSecret(map);
        String validatedRedirectUrl = getValidatedRedirectUrl(map);
        caseInsensitiveHashMap.put(AUTH_MODULE_CLIENT_ID, CollectionUtils.asSet(new String[]{nonEmptyString}));
        caseInsensitiveHashMap.put(AUTH_MODULE_CLIENT_SECRET, CollectionUtils.asSet(new String[]{validatedClientSecret}));
        caseInsensitiveHashMap.put(AUTH_MODULE_PROXY_URL, CollectionUtils.asSet(new String[]{validatedRedirectUrl}));
        caseInsensitiveHashMap.put(AUTH_MODULE_CRYPTO_TYPE, CollectionUtils.asSet(new String[]{"client_secret"}));
        caseInsensitiveHashMap.put(AUTH_MODULE_CREATE_PASSWORD, CollectionUtils.asSet(new String[]{"false"}));
        String string = getString(map, ParameterKeys.P_OPENID_DISCOVERY_URL);
        if (string == null) {
            string = CollectionHelper.getMapAttr(caseInsensitiveHashMap, ParameterKeys.P_OPENID_DISCOVERY_URL);
        }
        if (string != null) {
            caseInsensitiveHashMap.putAll(readOpenIDWellKnownConfig(locale, string));
        }
        return caseInsensitiveHashMap;
    }

    Map<String, Set<String>> readPropertiesFile(String str) {
        String str2 = str + ".properties";
        try {
            return MapHelper.readMap(ConfigureSocialAuthN.class.getResourceAsStream(str2));
        } catch (IOException e) {
            DEBUG.warning("Caught IOException while reading properties file " + str2, e);
            return Collections.emptyMap();
        }
    }

    Map<String, Set<String>> readOpenIDWellKnownConfig(Locale locale, String str) throws WorkflowException {
        Map parseJson = Utils.parseJson(getWebContent(locale, str));
        CaseInsensitiveHashMap caseInsensitiveHashMap = new CaseInsensitiveHashMap();
        caseInsensitiveHashMap.put(AUTH_MODULE_AUTH_URL, CollectionUtils.asSet(new String[]{(String) parseJson.get(WELL_KNOWN_AUTH_URL)}));
        caseInsensitiveHashMap.put(AUTH_MODULE_TOKEN_URL, CollectionUtils.asSet(new String[]{(String) parseJson.get(WELL_KNOWN_TOKEN_URL)}));
        caseInsensitiveHashMap.put(AUTH_MODULE_USER_PROFILE_URL, CollectionUtils.asSet(new String[]{(String) parseJson.get(WELL_KNOWN_PROFILE_URL)}));
        caseInsensitiveHashMap.put(AUTH_MODULE_ISSUER, CollectionUtils.asSet(new String[]{(String) parseJson.get(WELL_KNOWN_ISSUER)}));
        String str2 = (String) parseJson.get(WELL_KNOWN_JWK);
        if (str2 != null && !str2.isEmpty()) {
            caseInsensitiveHashMap.put(AUTH_MODULE_CRYPTO_TYPE, CollectionUtils.asSet(new String[]{"jwk_url"}));
            caseInsensitiveHashMap.put(AUTH_MODULE_CRYPTO_VALUE, CollectionUtils.asSet(new String[]{str2}));
        }
        return caseInsensitiveHashMap;
    }

    String getWebContent(Locale locale, String str) throws WorkflowException {
        return getWebContent(str, locale);
    }

    private void createAuthModule(String str, String str2, Map<String, Set<String>> map) throws WorkflowException {
        try {
            AMAuthenticationManager aMAuthenticationManager = new AMAuthenticationManager(getAdminToken(), str);
            Map attributeValues = aMAuthenticationManager.getAuthenticationSchema(AUTH_MODULE_TYPE).getAttributeValues();
            for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
                if (attributeValues.containsKey(entry.getKey())) {
                    attributeValues.put(entry.getKey(), entry.getValue());
                }
            }
            aMAuthenticationManager.createAuthenticationInstance(str2, AUTH_MODULE_TYPE, attributeValues);
        } catch (AMConfigurationException e) {
            DEBUG.error("An error occurred while creating/modifying social authentication module", e);
            throw new WorkflowException("social-service-error", null);
        }
    }

    private void createSocialAuthenticationChain(String str, String str2, String str3) throws WorkflowException {
        try {
            String authConfigurationEntryToXMLString = AMAuthConfigUtils.authConfigurationEntryToXMLString(CollectionUtils.asList(new AuthConfigurationEntry[]{new AuthConfigurationEntry(str2, "REQUIRED", (String) null)}));
            HashMap hashMap = new HashMap();
            hashMap.put("iplanet-am-auth-configuration", CollectionUtils.asSet(new String[]{authConfigurationEntryToXMLString}));
            AMAuthConfigUtils.createNamedConfig(str3, 0, hashMap, str, getAdminToken());
        } catch (AMConfigurationException e) {
            DEBUG.error("An error occurred while creating/modifying social authentication chain", e);
            throw new WorkflowException("social-service-error", null);
        } catch (SMSException e2) {
            DEBUG.error("An error occurred while creating/modifying social authentication chain", e2);
            throw new WorkflowException("social-service-error", null);
        } catch (SSOException e3) {
            DEBUG.warning("A session error occurred while creating/modifying social authentication chain", e3);
            throw new WorkflowException("social-service-error", null);
        }
    }

    private void createOrModifySocialService(String str, String str2, String str3, String str4) throws WorkflowException {
        try {
            OrganizationConfigManager organizationConfigManager = new OrganizationConfigManager(getAdminToken(), str);
            HashMap hashMap = new HashMap(4);
            String str5 = "[" + str3 + "]=";
            hashMap.put(SERVICE_DISPLAY_NAME, CollectionUtils.asSet(new String[]{str5 + str3}));
            hashMap.put(SERVICE_CHAIN_NAME, CollectionUtils.asSet(new String[]{str5 + str2}));
            hashMap.put(SERVICE_ICON, CollectionUtils.asSet(new String[]{str5 + str4}));
            hashMap.put(SERVICE_ENABLED, CollectionUtils.asSet(new String[]{str3}));
            if (organizationConfigManager.getAssignedServices().contains(SERVICE_NAME)) {
                ServiceConfig serviceConfig = organizationConfigManager.getServiceConfig(SERVICE_NAME);
                serviceConfig.setAttributes(mergeAttributes(serviceConfig.getAttributesWithoutDefaults(), hashMap));
            } else {
                organizationConfigManager.assignService(SERVICE_NAME, hashMap);
            }
        } catch (SMSException e) {
            DEBUG.error("An error occurred while creating/modifying social authentication service", e);
            throw new WorkflowException("social-service-error", null);
        } catch (SSOException e2) {
            DEBUG.warning("A session error occurred while creating/modifying social authentication service", e2);
            throw new WorkflowException("social-service-error", null);
        }
    }

    private SSOToken getAdminToken() {
        return (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance());
    }

    Map<String, Set<String>> mergeAttributes(Map<String, Set<String>> map, Map<String, Set<String>> map2) {
        CaseInsensitiveHashMap caseInsensitiveHashMap = new CaseInsensitiveHashMap(map);
        for (Map.Entry<String, Set<String>> entry : map2.entrySet()) {
            Set<String> value = entry.getValue();
            CaseInsensitiveHashSet caseInsensitiveHashSet = (Set) caseInsensitiveHashMap.get(entry.getKey());
            if (caseInsensitiveHashSet == null) {
                caseInsensitiveHashSet = new CaseInsensitiveHashSet();
                caseInsensitiveHashMap.put(entry.getKey(), caseInsensitiveHashSet);
            }
            caseInsensitiveHashSet.addAll(value);
        }
        return caseInsensitiveHashMap;
    }
}
