package ru.org.openam.oauth.v2.data;

import com.google.common.base.Joiner;
import com.google.inject.Key;
import com.google.inject.TypeLiteral;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.sm.DNMapper;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.sts.TokenCreationException;
import org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig;
import org.forgerock.openam.sts.tokengeneration.config.TokenGenerationServiceInjectorHolder;
import org.forgerock.openam.sts.tokengeneration.oidc.DefaultOpenIdConnectTokenClaimMapper;
import org.forgerock.openam.sts.tokengeneration.state.RestSTSInstanceState;
import org.forgerock.openam.sts.tokengeneration.state.STSInstanceStateProvider;
import org.forgerock.openam.utils.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ru/org/openam/oauth/v2/data/STSMapper.class */
public class STSMapper extends DefaultOpenIdConnectTokenClaimMapper {
    private static final Logger logger = LoggerFactory.getLogger(STSMapper.class);

    public Map<String, String> getCustomClaims(SSOToken sSOToken, Map<String, String> map) throws TokenCreationException {
        HashMap hashMap = new HashMap();
        try {
            Permission fromString = Permission.fromString(sSOToken.getProperty("am.protected.oauth2.accept", true));
            String orgNameToRealmName = DNMapper.orgNameToRealmName(fromString.org);
            AMIdentity identity = fromString.getIdentity();
            Boolean bool = false;
            if (identity != null) {
                OpenIdConnectTokenConfig openIdConnectTokenConfig = ((STSInstanceStateProvider) TokenGenerationServiceInjectorHolder.getInstance(Key.get(new TypeLiteral<STSInstanceStateProvider<RestSTSInstanceState>>() { // from class: ru.org.openam.oauth.v2.data.STSMapper.1
                }))).getSTSInstanceState(orgNameToRealmName.substring(1) + "/jwt", orgNameToRealmName).getConfig().getOpenIdConnectTokenConfig();
                hashMap.put("exp", new Long((System.currentTimeMillis() / 1000) + openIdConnectTokenConfig.getTokenLifetimeInSeconds()).toString());
                try {
                    Map claimMap = openIdConnectTokenConfig.getClaimMap();
                    HashMap hashMap2 = new HashMap();
                    bool = Boolean.valueOf(identity.isExists());
                    if (bool.booleanValue()) {
                        hashMap2.putAll(identity.getAttributes(new HashSet(claimMap.values())));
                    } else if (StringUtils.isNotBlank(identity.getName())) {
                        hashMap2.put("uid", Collections.singleton(identity.getName()));
                    }
                    Map<String, String> joinMultiValues = joinMultiValues(hashMap2);
                    for (Map.Entry entry : claimMap.entrySet()) {
                        if (((String) entry.getValue()).isEmpty() || "null".equals(entry.getValue())) {
                            hashMap.put(entry.getKey(), null);
                        } else if (((String) entry.getValue()).matches("\"(.*)\"")) {
                            hashMap.put(entry.getKey(), ((String) entry.getValue()).replaceAll("\"(.*)\"", "$1"));
                        } else if (!StringUtils.isEmpty(joinMultiValues.get(entry.getValue()))) {
                            hashMap.put(entry.getKey(), joinMultiValues.get(entry.getValue()));
                        } else if (StringUtils.isEmpty(fromString.props.get(entry.getValue()))) {
                            hashMap.put(entry.getKey(), sSOToken.getProperty((String) entry.getValue(), true));
                        } else {
                            hashMap.put(entry.getKey(), fromString.props.get(entry.getValue()));
                        }
                    }
                } catch (IdRepoException | SSOException e) {
                    throw new TokenCreationException(500, "Exception encountered in claim attribute lookup: " + e, e);
                }
            }
            if (hashMap.get("sub") == null) {
                hashMap.put("sub", fromString.sub());
            }
            hashMap.put("client_id", fromString.aud);
            hashMap.put("aud", fromString.aud);
            hashMap.put("realm", orgNameToRealmName);
            hashMap.put("scope", String.join(" ", fromString.sc));
            if (!hashMap.containsKey("trust")) {
                hashMap.put("trust", fromString.trust.toString());
            }
            if (!hashMap.containsKey("status") && hashMap.get("status") == null) {
                hashMap.put("status", "" + (bool.booleanValue() ? identity.isActive() : true));
            }
            return hashMap;
        } catch (IOException | SSOException | IdRepoException e2) {
            logger.warn("error get am.protected.oauth2.accept from {}: {}", sSOToken, e2.toString());
            return hashMap;
        }
    }

    protected Map<String, String> joinMultiValues(Map<String, Set<String>> map) {
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), Joiner.on(" ").skipNulls().join(entry.getValue()));
        }
        return hashMap;
    }
}
