package com.ibm.ws.security.mp.jwt.impl.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.ManualTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.jwk.utils.JsonUtils;
import com.ibm.ws.security.mp.jwt.impl.MicroProfileJwtConfigImpl;
import java.util.ArrayList;
import java.util.Map;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/mp/jwt/impl/utils/JwtPrincipalMapping.class */
public class JwtPrincipalMapping {
    private static TraceComponent tc = Tr.register(JwtPrincipalMapping.class, "MPJWT", "com.ibm.ws.security.mp.jwt.resources.MicroProfileJwtMessages");
    protected static final String REALM_CLAIM = "realm";
    String realm;
    String userName;
    static final long serialVersionUID = 45468168077298879L;
    private Map claims = null;
    ArrayList<String> groupIds = null;

    @ManualTrace
    public JwtPrincipalMapping(String str, String str2, String str3, boolean z) {
        this.realm = null;
        this.userName = null;
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "<init>", new Object[]{str, str2, str3, Boolean.valueOf(z)});
        }
        this.userName = getUserName(str2, str);
        if (this.userName == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "<init>");
                return;
            }
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "user name = ", new Object[]{this.userName});
        }
        if (!z) {
            this.realm = getRealm(REALM_CLAIM, str);
            populateGroupIds(str, str3);
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "<init>");
        }
    }

    private String getRealm(String str, String str2) {
        if (str2 == null || str == null) {
            return null;
        }
        Object claim = getClaim(str2, str);
        if (claim instanceof String) {
            return (String) claim;
        }
        return null;
    }

    public boolean isUserNameNull() {
        return this.userName == null || this.userName.isEmpty();
    }

    public String getMappedRealm() {
        return this.realm;
    }

    public String getMappedUser() {
        return this.userName;
    }

    public ArrayList<String> getMappedGroups() {
        return this.groupIds;
    }

    @ManualTrace
    private String getUserName(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getUserName", new Object[]{str, str2});
        }
        if (str2 != null && str != null && !str.isEmpty()) {
            setUserName(str, getClaim(str2, str));
        }
        if (this.userName == null) {
            Tr.error(tc, "PRINCIPAL_MAPPING_MISSING_ATTR", new Object[]{str, MicroProfileJwtConfigImpl.KEY_userNameAttribute});
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getUserName", this.userName);
        }
        return this.userName;
    }

    void setUserName(String str, Object obj) {
        if (obj == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Provided user name object is null. Current user name [" + this.userName + "] will not be changed", new Object[0]);
            }
        } else if (obj instanceof String) {
            this.userName = (String) obj;
        } else {
            Tr.error(tc, "PRINCIPAL_MAPPING_INCORRECT_CLAIM_TYPE", new Object[]{str, MicroProfileJwtConfigImpl.KEY_userNameAttribute});
        }
    }

    @ManualTrace
    void populateGroupIds(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "populateGroupIds", new Object[]{str, str2});
        }
        Object obj = null;
        if (str2 != null) {
            obj = getClaim(str, str2);
        }
        populateGroupIdsFromGroupClaim(obj);
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "populateGroupIds");
        }
    }

    @ManualTrace
    Object getClaim(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "getClaim", new Object[]{str, str2});
        }
        Object obj = null;
        try {
            if (this.claims != null) {
                obj = this.claims.get(str2);
            } else {
                this.claims = JsonUtils.claimsFromJsonObject(str);
                if (this.claims != null) {
                    obj = this.claims.get(str2);
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.utils.JwtPrincipalMapping", "159", this, new Object[]{str, str2});
            Tr.error(tc, "CANNOT_GET_CLAIM_FROM_JSON", new Object[]{str2, e.getLocalizedMessage()});
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "getClaim", obj);
        }
        return obj;
    }

    @ManualTrace
    void populateGroupIdsFromGroupClaim(Object obj) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "populateGroupIdsFromGroupClaim", new Object[]{obj});
        }
        if (obj == null) {
            if (tc.isDebugEnabled()) {
                Tr.exit(tc, "populateGroupIdsFromGroupClaim");
                return;
            }
            return;
        }
        if (obj instanceof ArrayList) {
            setGroupIdArrayList(obj);
        } else {
            setGroupClaimAsOnlyGroupId(obj);
        }
        if (this.groupIds != null && TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "groups size = ", new Object[]{Integer.valueOf(this.groupIds.size())});
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "populateGroupIdsFromGroupClaim");
        }
    }

    @ManualTrace
    void setGroupIdArrayList(Object obj) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setGroupIdArrayList", new Object[]{obj});
        }
        this.groupIds = (ArrayList) obj;
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setGroupIdArrayList");
        }
    }

    @ManualTrace
    void setGroupClaimAsOnlyGroupId(Object obj) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "setGroupClaimAsOnlyGroupId", new Object[]{obj});
        }
        try {
            this.groupIds = new ArrayList<>();
            this.groupIds.add((String) obj);
        } catch (ClassCastException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.mp.jwt.impl.utils.JwtPrincipalMapping", "213", this, new Object[]{obj});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "cannot get meaningful group due to CCE: " + e.getMessage(), new Object[0]);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.exit(tc, "setGroupClaimAsOnlyGroupId");
        }
    }
}
