package com.sun.identity.saml2.plugins;

import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.profile.IDPCache;
import com.sun.identity.saml2.profile.IDPSSOUtil;
import com.sun.identity.saml2.profile.IDPSession;
import com.sun.identity.saml2.profile.NameIDandSPpair;
import com.sun.identity.shared.encode.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.utils.AttributeUtils;

/* loaded from: input_file:com/sun/identity/saml2/plugins/DefaultIDPAccountMapper.class */
public class DefaultIDPAccountMapper extends DefaultAccountMapper implements IDPAccountMapper {
    public DefaultIDPAccountMapper() {
        debug.message("DefaultIDPAccountMapper.constructor");
        this.role = SAML2Constants.IDP_ROLE;
    }

    @Override // com.sun.identity.saml2.plugins.IDPAccountMapper
    public NameID getNameID(Object obj, String str, String str2, String str3, String str4) throws SAML2Exception {
        IDPSession iDPSession;
        List<NameIDandSPpair> nameIDandSPpairs;
        try {
            String principalName = SessionManager.getProvider().getPrincipalName(obj);
            String str5 = null;
            if (str4.equals(SAML2Constants.NAMEID_TRANSIENT_FORMAT)) {
                String sessionIndex = IDPSSOUtil.getSessionIndex(obj);
                if (sessionIndex != null && (iDPSession = IDPCache.idpSessionsByIndices.get(sessionIndex)) != null && (nameIDandSPpairs = iDPSession.getNameIDandSPpairs()) != null) {
                    Iterator<NameIDandSPpair> it = nameIDandSPpairs.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        NameIDandSPpair next = it.next();
                        if (next.getSPEntityID().equals(str2)) {
                            str5 = next.getNameID().getValue();
                            break;
                        }
                    }
                }
                if (str5 == null) {
                    str5 = getNameIDValueFromUserProfile(str3, str, principalName, str4);
                    if (str5 == null) {
                        str5 = SAML2Utils.createNameIdentifier();
                    }
                }
            } else {
                str5 = getNameIDValueFromUserProfile(str3, str, principalName, str4);
                if (str5 == null) {
                    if (!str4.equals(SAML2Constants.PERSISTENT)) {
                        throw new SAML2Exception(bundle.getString("unableToGenerateNameIDValue"));
                    }
                    if (!shouldPersistNameIDFormat(str3, str, str2, str4)) {
                        throw new SAML2InvalidNameIDPolicyException(bundle.getString("unableToGenerateNameIDValuePersistenceDisabled"));
                    }
                    str5 = SAML2Utils.createNameIdentifier();
                }
            }
            NameID createNameID = AssertionFactory.getInstance().createNameID();
            createNameID.setValue(str5);
            createNameID.setFormat(str4);
            createNameID.setNameQualifier(str);
            createNameID.setSPNameQualifier(str2);
            createNameID.setSPProvidedID(null);
            return createNameID;
        } catch (SessionException e) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
        }
    }

    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable, com.sun.identity.plugin.datastore.DataStoreProviderException] */
    @Override // com.sun.identity.saml2.plugins.IDPAccountMapper
    public String getIdentity(NameID nameID, String str, String str2, String str3) throws SAML2Exception {
        if (nameID == null) {
            return null;
        }
        if (str == null) {
            throw new SAML2Exception(bundle.getString("nullHostEntityID"));
        }
        if (str2 == null) {
            throw new SAML2Exception(bundle.getString("nullRemoteEntityID"));
        }
        if (str3 == null) {
            throw new SAML2Exception(bundle.getString("nullRealm"));
        }
        if (debug.messageEnabled()) {
            debug.message("DefaultIDPAccountMapper.getIdentity: realm = " + str3 + ", hostEntityID = " + str + ", remoteEntityID = " + str2);
        }
        try {
            return dsProvider.getUserID(str3, SAML2Utils.getNameIDKeyMap(nameID, str, str2, str3, this.role));
        } catch (DataStoreProviderException e) {
            debug.error("DefaultIDPAccountMapper.getIdentity(NameIDMappingRequest): ", (Throwable) e);
            throw new SAML2Exception(e.getMessage());
        }
    }

    @Override // com.sun.identity.saml2.plugins.IDPAccountMapper
    public boolean shouldPersistNameIDFormat(String str, String str2, String str3, String str4) {
        return (Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.IDP_ROLE, SAML2Constants.IDP_DISABLE_NAMEID_PERSISTENCE)) || Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSSOConfig(str, str3, SAML2Constants.SP_ROLE, SAML2Constants.SP_DO_NOT_WRITE_FEDERATION_INFO))) ? false : true;
    }

    protected String getNameIDValueFromUserProfile(String str, String str2, String str3, String str4) {
        String str5 = null;
        String str6 = getFormatAttributeMap(str, str2).get(str4);
        if (str6 != null) {
            try {
                if (AttributeUtils.isBinaryAttribute(str6)) {
                    byte[][] binaryAttribute = dsProvider.getBinaryAttribute(str3, AttributeUtils.removeBinaryAttributeFlag(str6));
                    if (binaryAttribute != null && binaryAttribute.length > 0) {
                        str5 = Base64.encode(binaryAttribute[0]);
                    }
                } else {
                    Set<String> attribute = dsProvider.getAttribute(str3, str6);
                    if (attribute != null && !attribute.isEmpty()) {
                        str5 = attribute.iterator().next();
                    }
                }
            } catch (DataStoreProviderException e) {
                if (debug.warningEnabled()) {
                    debug.warning("DefaultIDPAccountMapper.getNameIDValueFromUserProfile:", e);
                }
            }
        }
        return str5;
    }

    private Map<String, String> getFormatAttributeMap(String str, String str2) {
        String str3 = str2 + "|" + str;
        Map<String, String> map = IDPCache.formatAttributeHash.get(str3);
        if (map != null) {
            return map;
        }
        HashMap hashMap = new HashMap();
        List<String> allAttributeValueFromSSOConfig = SAML2Utils.getAllAttributeValueFromSSOConfig(str, str2, this.role, SAML2Constants.NAME_ID_FORMAT_MAP);
        if (allAttributeValueFromSSOConfig != null) {
            for (String str4 : allAttributeValueFromSSOConfig) {
                int indexOf = str4.indexOf(61);
                if (indexOf != -1) {
                    String trim = str4.substring(0, indexOf).trim();
                    String trim2 = str4.substring(indexOf + 1).trim();
                    if (!trim.isEmpty() && !trim2.isEmpty()) {
                        hashMap.put(trim, trim2);
                    }
                }
            }
        }
        IDPCache.formatAttributeHash.put(str3, hashMap);
        return hashMap;
    }
}
