package com.sun.identity.saml2.plugins;

import com.iplanet.am.util.Misc;
import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.common.DataStoreProviderException;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.EncryptedAttribute;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.key.KeyUtil;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:122983-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/plugins/DefaultSPAccountMapper.class */
public class DefaultSPAccountMapper extends DefaultAccountMapper implements SPAccountMapper {
    private PrivateKey decryptionKey = null;

    public DefaultSPAccountMapper() {
        debug.message("DefaultSPAccountMapper.constructor: ");
        this.role = SAML2Constants.SP_ROLE;
    }

    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, com.sun.identity.common.DataStoreProviderException] */
    @Override // com.sun.identity.saml2.plugins.SPAccountMapper
    public String getIdentity(Assertion assertion, String str, String str2) throws SAML2Exception {
        NameID decrypt;
        if (assertion == null) {
            throw new SAML2Exception(bundle.getString("nullAssertion"));
        }
        if (str == null) {
            throw new SAML2Exception(bundle.getString("nullHostEntityID"));
        }
        if (str2 == null) {
            throw new SAML2Exception(bundle.getString("nullRealm"));
        }
        EncryptedID encryptedID = assertion.getSubject().getEncryptedID();
        if (encryptedID != null) {
            try {
                this.decryptionKey = KeyUtil.getDecryptionKey(SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str2, str));
                decrypt = encryptedID.decrypt(this.decryptionKey);
            } catch (SSOException e) {
                throw new SAML2Exception(e.getMessage());
            }
        } else {
            decrypt = assertion.getSubject().getNameID();
        }
        String str3 = null;
        String format = decrypt.getFormat();
        boolean z = false;
        if (format != null && format.equals(SAML2Constants.NAMEID_TRANSIENT_FORMAT)) {
            z = true;
            str3 = getTransientUser(str2, str);
        }
        if (str3 != null && str3.length() != 0) {
            return str3;
        }
        if (!z) {
            String value = assertion.getIssuer().getValue();
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("DefaultSPAccountMapper.getIdentity(Assertion): realm = ").append(str2).append(" hostEntitID = ").append(str).toString());
            }
            try {
                String userID = dsProvider.getUserID(str2, getNameIDKeyMap(decrypt, str, value), null);
                if (userID != null) {
                    return userID;
                }
            } catch (DataStoreProviderException e2) {
                debug.error("DefaultSPAccountMapper.getIdentity(Assertion): DataStoreProviderException", (Throwable) e2);
                throw new SAML2Exception(e2.getMessage());
            }
        }
        return getAutoFedUser(str2, str, assertion);
    }

    protected String getTransientUser(String str, String str2) {
        return getAttribute(str, str2, SAML2Constants.TRANSIENT_FED_USER);
    }

    protected String getAutoFedUser(String str, String str2, Assertion assertion) throws SAML2Exception {
        List attributeStatements = assertion.getAttributeStatements();
        if (attributeStatements == null || attributeStatements.size() == 0) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultSPAccountMapper.getAutoFedUser: Assertion does not have attribute statements.");
            return null;
        }
        String attribute = getAttribute(str, str2, SAML2Constants.AUTO_FED_ENABLED);
        if (attribute == null || attribute.equals(SAML2Constants.FALSE)) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultSPAccountMapper.getAutoFedUser: Auto federation is disabled.");
            return null;
        }
        String attribute2 = getAttribute(str, str2, SAML2Constants.AUTO_FED_ATTRIBUTE);
        if (attribute2 == null || attribute2.length() == 0) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultSPAccountMapper.getAutoFedUser: Auto federation attribute is not configured.");
            return null;
        }
        Set set = null;
        Iterator it = attributeStatements.iterator();
        while (it.hasNext()) {
            set = getAttribute((AttributeStatement) it.next(), attribute2, str, str2);
            if (set != null && !set.isEmpty()) {
                break;
            }
        }
        if (set == null || set.isEmpty()) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultSPAccountMapper.getAutoFedUser: Auto federation attribute is not specified in the assertion.");
            return null;
        }
        Map configAttributeMap = new DefaultSPAttributeMapper().getConfigAttributeMap(str, str2);
        if (configAttributeMap == null && configAttributeMap.isEmpty() && debug.messageEnabled()) {
            debug.message("DefaultSPAccountMapper.getAutoFedUser: attribute map is not configured.");
        }
        String str3 = (String) configAttributeMap.get(attribute2);
        if (str3 == null) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("DefaultSPAccountMapper.getAutoFedUser: Auto federation attribute map is not specified in config.");
            return null;
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(str3, set);
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("DefaultSPAccountMapper.getAutoFedUser: Search map: ").append(hashMap).toString());
            }
            String userID = dsProvider.getUserID(str, hashMap, null);
            if (userID != null && userID.length() != 0) {
                return userID;
            }
            if (!isDynamicalOrIgnoredProfile(str)) {
                return null;
            }
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("DefaultSPAccountMapper: dynamical user creation or ignore profile enabled : uid=").append(set).toString());
            }
            return (String) set.iterator().next();
        } catch (DataStoreProviderException e) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("DefaultSPAccountMapper.getAutoFedUser: Datastore provider exception", e);
            return null;
        }
    }

    protected boolean isDynamicalOrIgnoredProfile(String str) {
        try {
            String mapAttr = Misc.getMapAttr(AuthD.getAuth().getOrgConfigManager(str).getServiceConfig("iPlanetAMAuthService").getAttributes(), "iplanet-am-auth-dynamic-profile-creation");
            if (debug.messageEnabled()) {
                debug.message(new StringBuffer().append("dynamicalCreationEnabled, attr=").append(mapAttr).toString());
            }
            if (mapAttr == null) {
                return false;
            }
            if (mapAttr.equalsIgnoreCase("createAlias") || mapAttr.equalsIgnoreCase(SAML2Constants.TRUE)) {
                return true;
            }
            return mapAttr.equalsIgnoreCase("ignore");
        } catch (Exception e) {
            debug.error("dynamicalCreationEnabled, unable to get attribute", e);
            return false;
        }
    }

    private Set getAttribute(AttributeStatement attributeStatement, String str, String str2, String str3) {
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("DefaultSPAccountMapper.getAttribute: attributeName =").append(str).toString());
        }
        List<Attribute> attribute = attributeStatement.getAttribute();
        List encryptedAttribute = attributeStatement.getEncryptedAttribute();
        if (encryptedAttribute != null && encryptedAttribute.size() != 0) {
            Iterator it = encryptedAttribute.iterator();
            while (it.hasNext()) {
                if (attribute == null) {
                    attribute = new ArrayList();
                }
                try {
                    if (this.decryptionKey == null) {
                        this.decryptionKey = KeyUtil.getDecryptionKey(SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str2, str3));
                    }
                    attribute.add(((EncryptedAttribute) it.next()).decrypt(this.decryptionKey));
                } catch (SSOException e) {
                    debug.error("Couldn't get sp sso config.");
                    return null;
                } catch (SAML2Exception e2) {
                    debug.error("Decryption error:", e2);
                    return null;
                }
            }
        }
        for (Attribute attribute2 : attribute) {
            if (str.equalsIgnoreCase(attribute2.getName())) {
                List attributeValueString = attribute2.getAttributeValueString();
                if (attributeValueString == null || attributeValueString.size() == 0) {
                    return null;
                }
                HashSet hashSet = new HashSet();
                hashSet.addAll(attributeValueString);
                return hashSet;
            }
        }
        return null;
    }
}
