package com.ibm.ws.security.openidconnect.client;

import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.openidconnect.client.jose4j.util.OidcTokenImplBase;
import com.ibm.ws.security.openidconnect.clients.common.AttributeToSubject;
import com.ibm.ws.security.openidconnect.clients.common.OidcClientConfig;
import com.ibm.ws.security.openidconnect.token.JsonTokenUtil;
import com.ibm.ws.security.openidconnect.token.Payload;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceMap;
import com.ibm.wsspi.security.oauth20.UserCredentialResolver;
import com.ibm.wsspi.security.oauth20.UserIdentityException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/openidconnect/client/AttributeToSubjectExt.class */
public class AttributeToSubjectExt extends AttributeToSubject {
    public static final String JOBJ_TYPE = "jobj";
    public static final String PAYLOAD_TYPE = "payload";
    public static final String KEY_USER_RESOLVER = "userResolver";
    static final long serialVersionUID = 8470737355531375119L;
    public static final TraceComponent tc = Tr.register(AttributeToSubject.class, "OpenIdConnect", "com.ibm.ws.security.openidconnect.client.internal.resources.OidcClientMessages");
    static ConcurrentServiceReferenceMap<String, UserCredentialResolver> activatedUserResolverRef = new ConcurrentServiceReferenceMap<>("userResolver");

    public static void setActivatedUserResolverRef(ConcurrentServiceReferenceMap<String, UserCredentialResolver> concurrentServiceReferenceMap) {
        activatedUserResolverRef = concurrentServiceReferenceMap;
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "activatedUserResolverRef size():" + activatedUserResolverRef.size(), new Object[0]);
        }
    }

    @FFDCIgnore({UserIdentityException.class, IOException.class})
    public AttributeToSubjectExt(OidcClientConfig oidcClientConfig, JSONObject jSONObject, String str) {
        earlyinit(oidcClientConfig, str);
        if (isTokenMappingSpi()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "activatedUserResolverRef size():" + activatedUserResolverRef.size(), new Object[0]);
            }
            try {
                getTheTokenMappingFromSpi(jSONObject.serialize(), oidcClientConfig);
            } catch (UserIdentityException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPI implementation throws an exception for user mapping!!", new Object[]{jSONObject.toString()});
                }
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
                return;
            } catch (IOException e2) {
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e2.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
                return;
            }
        }
        initialize(oidcClientConfig, jSONObject, str);
    }

    public AttributeToSubjectExt(OidcClientConfig oidcClientConfig, Payload payload, String str) {
        earlyinit(oidcClientConfig, str);
        if (isTokenMappingSpi()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "activatedUserResolverRef size():" + activatedUserResolverRef.size(), new Object[0]);
            }
            try {
                String[] splitTokenString = JsonTokenUtil.splitTokenString(str);
                if (splitTokenString.length > 1) {
                    getTheTokenMappingFromSpi(Base64Coder.base64Decode(splitTokenString[1]), oidcClientConfig);
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.AttributeToSubjectExt", "102", this, new Object[]{oidcClientConfig, payload, str});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPI implementation throws an exception for user mapping!!", new Object[0]);
                }
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
                return;
            } catch (UserIdentityException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.openidconnect.client.AttributeToSubjectExt", "96", this, new Object[]{oidcClientConfig, payload, str});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPI implementation throws an exception for user mapping!!", new Object[0]);
                }
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e2.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
                return;
            }
        }
        initializep(oidcClientConfig, payload, str);
    }

    String getUserFromUserResolver(String str) throws UserIdentityException {
        String str2 = null;
        Iterator services = activatedUserResolverRef.getServices();
        if (services.hasNext()) {
            str2 = ((UserCredentialResolver) services.next()).mapToUser(str);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "spi returns user id = ", new Object[]{str2});
        }
        return str2;
    }

    private String getRealmFromUserResolver(String str) throws UserIdentityException {
        String str2 = null;
        Iterator services = activatedUserResolverRef.getServices();
        if (services.hasNext()) {
            str2 = ((UserCredentialResolver) services.next()).mapToRealm(str);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "spi returns the realm = ", new Object[]{str2});
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isTokenMappingSpi() {
        return activatedUserResolverRef.size() > 0;
    }

    protected void getTheTokenMappingFromSpi(String str, OidcClientConfig oidcClientConfig) throws UserIdentityException {
        Iterator services = activatedUserResolverRef.getServices();
        if (services.hasNext()) {
            UserCredentialResolver userCredentialResolver = (UserCredentialResolver) services.next();
            this.userName = userCredentialResolver.mapToUser(str);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "spi returns user id = ", new Object[]{this.userName});
            }
            if (oidcClientConfig.isMapIdentityToRegistryUser()) {
                return;
            }
            this.realm = userCredentialResolver.mapToRealm(str);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "spi returns the realm = ", new Object[]{this.realm});
            }
            this.uniqueSecurityName = userCredentialResolver.mapToUserUniqueID(str);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "spi returns the unique security name = ", new Object[]{this.uniqueSecurityName});
            }
            List mapToGroups = userCredentialResolver.mapToGroups(str);
            if (mapToGroups == null || mapToGroups.isEmpty()) {
                return;
            }
            this.groupIds = new ArrayList(mapToGroups);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "spi returns the groups and size = ", new Object[]{Integer.valueOf(this.groupIds.size())});
            }
        }
    }

    public AttributeToSubjectExt(OidcClientConfig oidcClientConfig, OidcTokenImplBase oidcTokenImplBase) {
        super(oidcClientConfig, oidcTokenImplBase);
        if (isTokenMappingSpi()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "activatedUserResolverRef size():" + activatedUserResolverRef.size(), new Object[0]);
            }
            try {
                getTheTokenMappingFromSpi(oidcTokenImplBase.getAllClaimsAsJson(), oidcClientConfig);
            } catch (UserIdentityException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.openidconnect.client.AttributeToSubjectExt", "196", this, new Object[]{oidcClientConfig, oidcTokenImplBase});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPI implementation throws an exception for user mapping!!", new Object[0]);
                }
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.security.openidconnect.client.AttributeToSubjectExt", "202", this, new Object[]{oidcClientConfig, oidcTokenImplBase});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "SPI implementation throws an exception for user mapping!!", new Object[0]);
                }
                Tr.error(tc, "PROPAGATION_TOKEN_INTERNAL_ERR", new Object[]{e2.getLocalizedMessage(), oidcClientConfig.getValidationMethod(), oidcClientConfig.getValidationEndpointUrl()});
            }
        }
    }
}
