package com.sun.identity.saml2.plugins;

import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.EncryptedAttribute;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.key.KeyUtil;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:com/sun/identity/saml2/plugins/DefaultLibrarySPAccountMapper.class */
public class DefaultLibrarySPAccountMapper extends DefaultAccountMapper implements SPAccountMapper {
    public DefaultLibrarySPAccountMapper() {
        debug.message("DefaultLibrarySPAccountMapper.constructor: ");
        this.role = SAML2Constants.SP_ROLE;
    }

    @Override // com.sun.identity.saml2.plugins.SPAccountMapper
    public String getIdentity(Assertion assertion, String str, String str2) throws SAML2Exception {
        NameID nameID;
        if (assertion == null) {
            throw new SAML2Exception(bundle.getString("nullAssertion"));
        }
        if (str == null) {
            throw new SAML2Exception(bundle.getString("nullHostEntityID"));
        }
        if (str2 == null) {
            throw new SAML2Exception(bundle.getString("nullRealm"));
        }
        EncryptedID encryptedID = assertion.getSubject().getEncryptedID();
        Set<PrivateKey> set = null;
        if (encryptedID != null) {
            set = KeyUtil.getDecryptionKeys(getSSOConfig(str2, str));
            nameID = encryptedID.decrypt(set);
        } else {
            nameID = assertion.getSubject().getNameID();
        }
        String str3 = null;
        if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameID.getFormat())) {
            str3 = getTransientUser(str2, str);
        }
        if (StringUtils.isNotEmpty(str3)) {
            return str3;
        }
        String autoFedUser = getAutoFedUser(str2, str, assertion, nameID.getValue(), set);
        if (StringUtils.isNotEmpty(autoFedUser)) {
            return autoFedUser;
        }
        if (!useNameIDAsSPUserID(str2, str) || isAutoFedEnabled(str2, str)) {
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getIdentity: use NameID value as userID: " + nameID.getValue());
        }
        return nameID.getValue();
    }

    @Override // com.sun.identity.saml2.plugins.SPAccountMapper
    public boolean shouldPersistNameIDFormat(String str, String str2, String str3, String str4) {
        return !Boolean.parseBoolean(SAML2Utils.getAttributeValueFromSSOConfig(str, str2, SAML2Constants.SP_ROLE, SAML2Constants.SP_DO_NOT_WRITE_FEDERATION_INFO));
    }

    protected String getTransientUser(String str, String str2) {
        return getAttribute(str, str2, SAML2Constants.TRANSIENT_FED_USER);
    }

    private boolean useNameIDAsSPUserID(String str, String str2) {
        return Boolean.parseBoolean(getAttribute(str, str2, SAML2Constants.USE_NAMEID_AS_SP_USERID));
    }

    private boolean isAutoFedEnabled(String str, String str2) {
        return Boolean.parseBoolean(getAttribute(str, str2, SAML2Constants.AUTO_FED_ENABLED));
    }

    protected String getAutoFedUser(String str, String str2, Assertion assertion, String str3, Set<PrivateKey> set) throws SAML2Exception {
        if (!isAutoFedEnabled(str, str2)) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation is disabled.");
            return null;
        }
        String attribute = getAttribute(str, str2, SAML2Constants.AUTO_FED_ATTRIBUTE);
        if (attribute == null || attribute.isEmpty()) {
            debug.error("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation is enabled but the auto federation attribute is not configured.");
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute is set to: " + attribute);
        }
        Set<String> set2 = null;
        List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
        if (attributeStatements != null && !attributeStatements.isEmpty()) {
            Iterator<AttributeStatement> it = attributeStatements.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                set2 = getAttribute(it.next(), attribute, set);
                if (set2 != null && !set2.isEmpty()) {
                    if (debug.messageEnabled()) {
                        debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Found auto federation attribute value in Assertion: " + set2);
                    }
                }
            }
        } else if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Assertion does not have any attribute statements.");
        }
        if (set2 == null || set2.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute is not specified as an attribute.");
            }
            if (!useNameIDAsSPUserID(str, str2)) {
                if (!debug.messageEnabled()) {
                    return null;
                }
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: NameID as SP UserID was not enabled  and auto federation attribute " + attribute + " was not found in the Assertion");
                return null;
            }
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Trying now to autofederate with nameID, nameID =" + str3);
            }
            set2 = CollectionUtils.asSet(new String[]{str3});
        }
        String str4 = null;
        Map<String, String> configAttributeMap = new DefaultSPAttributeMapper().getConfigAttributeMap(str, str2, SAML2Constants.SP_ROLE);
        if (configAttributeMap != null && !configAttributeMap.isEmpty()) {
            str4 = configAttributeMap.get(attribute);
        } else if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: attribute map is not configured.");
        }
        if (str4 == null) {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Auto federation attribute map is not specified in config.");
            }
            str4 = attribute;
        }
        try {
            HashMap hashMap = new HashMap(1);
            hashMap.put(str4, set2);
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getAutoFedUser: Search map: " + hashMap);
            }
            String userID = dsProvider.getUserID(str, hashMap);
            if (userID != null && !userID.isEmpty()) {
                return userID;
            }
            if (!isDynamicalOrIgnoredProfile(str)) {
                return null;
            }
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper: dynamical user creation or ignore profile enabled : uid=" + set2);
            }
            return set2.iterator().next();
        } catch (DataStoreProviderException e) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("DefaultLibrarySPAccountMapper.getAutoFedUser: Datastore provider exception", e);
            return null;
        }
    }

    protected boolean isDynamicalOrIgnoredProfile(String str) {
        return true;
    }

    private Set<String> getAttribute(AttributeStatement attributeStatement, String str, Set<PrivateKey> set) {
        if (debug.messageEnabled()) {
            debug.message("DefaultLibrarySPAccountMapper.getAttribute: attribute Name =" + str);
        }
        List<Attribute> attribute = attributeStatement.getAttribute();
        List<EncryptedAttribute> encryptedAttribute = attributeStatement.getEncryptedAttribute();
        if (encryptedAttribute != null && !encryptedAttribute.isEmpty()) {
            ArrayList arrayList = new ArrayList();
            if (attribute != null) {
                arrayList.addAll(attribute);
            }
            attribute = arrayList;
            Iterator<EncryptedAttribute> it = encryptedAttribute.iterator();
            while (it.hasNext()) {
                try {
                    attribute.add(it.next().decrypt(set));
                } catch (SAML2Exception e) {
                    debug.error("Decryption error:", e);
                    return null;
                }
            }
        }
        for (Attribute attribute2 : attribute) {
            if (str.equalsIgnoreCase(attribute2.getName())) {
                List attributeValueString = attribute2.getAttributeValueString();
                if (attributeValueString == null || attributeValueString.isEmpty()) {
                    return null;
                }
                return new HashSet(attributeValueString);
            }
        }
        return null;
    }
}
