package com.ibm.ws.security.oauth20.plugins.jose4j;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.claims.UserClaims;
import com.ibm.ws.security.oauth20.util.ConfigUtils;
import com.ibm.ws.security.oauth20.util.OIDCConstants;
import com.ibm.ws.security.wim.VMMService;
import com.ibm.ws.webcontainer.security.openidconnect.OidcServerConfig;
import com.ibm.wsspi.security.registry.RegistryHelper;
import com.ibm.wsspi.security.wim.model.Entity;
import com.ibm.wsspi.security.wim.model.IdentifierType;
import com.ibm.wsspi.security.wim.model.PersonAccount;
import com.ibm.wsspi.security.wim.model.PropertyControl;
import com.ibm.wsspi.security.wim.model.Root;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.oauth.2.0_1.1.18.jar:com/ibm/ws/security/oauth20/plugins/jose4j/OidcUserClaims.class */
public class OidcUserClaims extends UserClaims {
    private static final TraceComponent tc = Tr.register((Class<?>) OidcUserClaims.class, "OAUTH", "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages");
    static final long serialVersionUID = 2661549095006601624L;

    public OidcUserClaims(UserClaims userClaims) {
        super(userClaims.asMap(), userClaims.getUserName(), userClaims.getGroupIdentifier());
    }

    public void addExtraClaims(OidcServerConfig oidcServerConfig) {
        if (oidcServerConfig.isCustomClaimsEnabled()) {
            Set<String> customClaims = oidcServerConfig.getCustomClaims();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "extraCustomClaims length: " + customClaims.size(), new Object[0]);
            }
            if (customClaims == null || customClaims.size() <= 0) {
                return;
            }
            Map<String, Object> hashMap = new HashMap();
            try {
                hashMap = getUserinfoFromRegistryMap(oidcServerConfig, customClaims, hashMap, false);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.jose4j.OidcUserClaims", "74", this, new Object[]{oidcServerConfig});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "extraCustomClaims get unexpected Exception", e);
                }
            }
            this.claimsMap.putAll(hashMap);
        }
    }

    public Map<String, Object> getUserinfoFromRegistryMap(OidcServerConfig oidcServerConfig, Set<String> set, Map<String, Object> map, boolean z) throws Exception {
        String str = this.userName;
        VMMService vMMService = ConfigUtils.getVMMService();
        if (vMMService != null) {
            PropertyControl propertyControl = new PropertyControl();
            Properties properties = new Properties();
            if (!set.isEmpty()) {
                Properties claimToUserRegistryMap = oidcServerConfig.getClaimToUserRegistryMap();
                for (String str2 : set) {
                    String property = claimToUserRegistryMap.getProperty(str2);
                    if (property == null) {
                        property = str2;
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            Tr.debug(tc, "claim: " + str2 + "  is not mapped to a vmm property, using the claim name as the vmm property name", new Object[0]);
                        }
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "claim: " + str2 + "  mapped to vmmProperty: " + property, new Object[0]);
                    }
                    properties.put(str2, property);
                    propertyControl.getProperties().add(property);
                }
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "claimsToVMMProperties: " + properties, new Object[0]);
                Tr.debug(tc, "getting VMM properties: " + propertyControl.getProperties(), new Object[0]);
            }
            if (!propertyControl.getProperties().isEmpty()) {
                IdentifierType identifierType = new IdentifierType();
                identifierType.setUniqueName(RegistryHelper.getUserRegistry(null).getUniqueUserId(str));
                Entity entity = new Entity();
                entity.setIdentifier(identifierType);
                Root root = new Root();
                root.getEntities().add(entity);
                root.getControls().add(propertyControl);
                PersonAccount personAccount = (PersonAccount) vMMService.get(root).getEntities().get(0);
                for (Map.Entry entry : properties.entrySet()) {
                    String str3 = (String) entry.getKey();
                    String str4 = (String) entry.getValue();
                    Object obj = personAccount.get(str4);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "get for claim: " + str3 + "  vmmProperty: " + str4 + ", returned: " + obj, new Object[0]);
                    }
                    String vmmPropertyToString = vmmPropertyToString(obj);
                    if (vmmPropertyToString != null && !vmmPropertyToString.isEmpty()) {
                        if (z && str3.equals(OIDCConstants.OIDC_DISC_SCOPES_SUPP_ADDRESS)) {
                            JSONObject jSONObject = new JSONObject();
                            jSONObject.put("formatted", vmmPropertyToString);
                            map.put(str3, jSONObject);
                        } else {
                            map.put(str3, vmmPropertyToString);
                        }
                    }
                }
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "VMM service not available - returning sub and groupIds claims", new Object[0]);
        }
        return map;
    }

    public JSONObject getUserinfoFromRegistry(OidcServerConfig oidcServerConfig, JSONObject jSONObject, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashSet<String> hashSet) throws IOException {
        Map<String, Object> hashMap = new HashMap();
        try {
            hashMap = getUserinfoFromRegistryMap(oidcServerConfig, hashSet, hashMap, true);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.oauth20.plugins.jose4j.OidcUserClaims", "187", this, new Object[]{oidcServerConfig, jSONObject, httpServletRequest, httpServletResponse, hashSet});
            httpServletResponse.sendError(500, TraceNLS.getFormattedMessage(getClass(), "com.ibm.ws.security.oauth20.internal.resources.OAuthMessages", "OIDC_SERVER_USERINFO_INTERNAL_ERROR", new Object[]{e.getClass(), httpServletRequest.getRequestURI()}, "CWWKS1620E: An internal server error occurred while processing a userinfo request. The error was {0}. The request URI was {1}."));
            Tr.error(tc, "OIDC_SERVER_USERINFO_INTERNAL_ERROR", e.getMessage(), httpServletRequest.getRequestURI());
        }
        return mapToJson(hashMap, jSONObject);
    }

    public JSONObject mapToJson(Map<String, Object> map, JSONObject jSONObject) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            jSONObject.put(entry.getKey(), entry.getValue());
        }
        return jSONObject;
    }

    public String vmmPropertyToString(Object obj) {
        String str = null;
        if (obj == null || (obj instanceof String)) {
            str = (String) obj;
        } else if (obj instanceof List) {
            StringBuffer stringBuffer = null;
            Iterator it = ((List) obj).iterator();
            while (it.hasNext()) {
                String obj2 = it.next().toString();
                if (obj2 != null) {
                    if (stringBuffer == null) {
                        stringBuffer = new StringBuffer();
                    } else {
                        stringBuffer.append(" ");
                    }
                    stringBuffer.append(obj2);
                }
            }
            if (stringBuffer != null) {
                str = stringBuffer.toString();
            }
        } else {
            str = obj.toString();
        }
        return str;
    }
}
