package org.gluu.oxauth.model.token;

import com.google.common.base.Function;
import com.google.common.collect.Lists;
import java.io.UnsupportedEncodingException;
import java.security.PublicKey;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.util.Strings;
import org.gluu.model.GluuAttribute;
import org.gluu.model.attribute.AttributeDataType;
import org.gluu.model.custom.script.conf.CustomScriptConfiguration;
import org.gluu.model.custom.script.type.auth.PersonAuthenticationType;
import org.gluu.oxauth.model.authorize.Claim;
import org.gluu.oxauth.model.common.AbstractToken;
import org.gluu.oxauth.model.common.AccessToken;
import org.gluu.oxauth.model.common.AuthorizationCode;
import org.gluu.oxauth.model.common.IAuthorizationGrant;
import org.gluu.oxauth.model.common.ScopeType;
import org.gluu.oxauth.model.common.SubjectType;
import org.gluu.oxauth.model.common.UnmodifiableAuthorizationGrant;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.config.WebKeysConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.crypto.AbstractCryptoProvider;
import org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm;
import org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm;
import org.gluu.oxauth.model.exception.InvalidClaimException;
import org.gluu.oxauth.model.exception.InvalidJweException;
import org.gluu.oxauth.model.jwe.Jwe;
import org.gluu.oxauth.model.jwe.JweEncrypterImpl;
import org.gluu.oxauth.model.jwk.Algorithm;
import org.gluu.oxauth.model.jwk.JSONWebKeySet;
import org.gluu.oxauth.model.jwk.Use;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.jwt.JwtSubClaimObject;
import org.gluu.oxauth.model.jwt.JwtType;
import org.gluu.oxauth.model.registration.Client;
import org.gluu.oxauth.model.util.JwtUtil;
import org.gluu.oxauth.service.AttributeService;
import org.gluu.oxauth.service.ClientService;
import org.gluu.oxauth.service.PairwiseIdentifierService;
import org.gluu.oxauth.service.ScopeService;
import org.gluu.oxauth.service.ServerCryptoProvider;
import org.gluu.oxauth.service.external.ExternalAuthenticationService;
import org.gluu.oxauth.service.external.ExternalDynamicScopeService;
import org.gluu.oxauth.service.external.context.DynamicScopeExternalContext;
import org.gluu.util.StringHelper;
import org.gluu.util.security.StringEncrypter;
import org.json.JSONArray;
import org.json.JSONObject;
import org.oxauth.persistence.model.PairwiseIdentifier;
import org.oxauth.persistence.model.Scope;
import org.slf4j.Logger;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/model/token/IdTokenFactory.class */
public class IdTokenFactory {

    @Inject
    private Logger log;

    @Inject
    private ExternalDynamicScopeService externalDynamicScopeService;

    @Inject
    private ExternalAuthenticationService externalAuthenticationService;

    @Inject
    private ClientService clientService;

    @Inject
    private ScopeService scopeService;

    @Inject
    private AttributeService attributeService;

    @Inject
    private PairwiseIdentifierService pairwiseIdentifierService;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private WebKeysConfiguration webKeysConfiguration;

    @Inject
    private AbstractCryptoProvider cryptoProvider;

    public Jwt generateSignedIdToken(IAuthorizationGrant iAuthorizationGrant, String str, AuthorizationCode authorizationCode, AccessToken accessToken, String str2, Set<String> set, boolean z, Function<JsonWebResponse, Void> function) throws Exception {
        JwtSigner newJwtSigner = JwtSigner.newJwtSigner(this.appConfiguration, this.webKeysConfiguration, iAuthorizationGrant.getClient());
        Jwt newJwt = newJwtSigner.newJwt();
        int idTokenLifetime = this.appConfiguration.getIdTokenLifetime();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(13, idTokenLifetime);
        newJwt.getClaims().setExpirationTime(calendar.getTime());
        newJwt.getClaims().setIssuedAt(time);
        if (function != null) {
            function.apply(newJwt);
        }
        if (iAuthorizationGrant.getAcrValues() != null) {
            newJwt.getClaims().setClaim("acr", iAuthorizationGrant.getAcrValues());
            setAmrClaim(newJwt, iAuthorizationGrant.getAcrValues());
        }
        if (StringUtils.isNotBlank(str)) {
            newJwt.getClaims().setClaim("nonce", str);
        }
        if (iAuthorizationGrant.getAuthenticationTime() != null) {
            newJwt.getClaims().setClaim("auth_time", iAuthorizationGrant.getAuthenticationTime());
        }
        if (authorizationCode != null) {
            newJwt.getClaims().setClaim("c_hash", AbstractToken.getHash(authorizationCode.getCode(), newJwtSigner.getSignatureAlgorithm()));
        }
        if (accessToken != null) {
            newJwt.getClaims().setClaim("at_hash", AbstractToken.getHash(accessToken.getCode(), newJwtSigner.getSignatureAlgorithm()));
        }
        if (Strings.isNotBlank(str2)) {
            newJwt.getClaims().setClaim("s_hash", AbstractToken.getHash(str2, newJwtSigner.getSignatureAlgorithm()));
        }
        newJwt.getClaims().setClaim("oxOpenIDConnectVersion", this.appConfiguration.getOxOpenIdConnectVersion());
        User user = iAuthorizationGrant.getUser();
        ArrayList arrayList = new ArrayList();
        if (z && iAuthorizationGrant.getClient().isIncludeClaimsInIdToken()) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                Scope scopeById = this.scopeService.getScopeById(it.next());
                if (scopeById == null || ScopeType.DYNAMIC != scopeById.getScopeType()) {
                    Map<String, Object> claims = getClaims(user, scopeById);
                    if (Boolean.TRUE.equals(scopeById.isOxAuthGroupClaims())) {
                        JwtSubClaimObject jwtSubClaimObject = new JwtSubClaimObject();
                        jwtSubClaimObject.setName(scopeById.getId());
                        for (Map.Entry<String, Object> entry : claims.entrySet()) {
                            String key = entry.getKey();
                            Object value = entry.getValue();
                            if (value instanceof List) {
                                jwtSubClaimObject.setClaim(key, (List) value);
                            } else {
                                jwtSubClaimObject.setClaim(key, (String) value);
                            }
                        }
                        newJwt.getClaims().setClaim(scopeById.getId(), jwtSubClaimObject);
                    } else {
                        for (Map.Entry<String, Object> entry2 : claims.entrySet()) {
                            String key2 = entry2.getKey();
                            Object value2 = entry2.getValue();
                            if (value2 instanceof List) {
                                newJwt.getClaims().setClaim(key2, (List) value2);
                            } else if (value2 instanceof Boolean) {
                                newJwt.getClaims().setClaim(key2, (Boolean) value2);
                            } else if (value2 instanceof Date) {
                                newJwt.getClaims().setClaim(key2, Long.valueOf(((Date) value2).getTime()));
                            } else {
                                newJwt.getClaims().setClaim(key2, (String) value2);
                            }
                        }
                    }
                    newJwt.getClaims().setSubjectIdentifier(iAuthorizationGrant.getUser().getAttribute("inum"));
                } else {
                    arrayList.add(scopeById);
                }
            }
        }
        if (iAuthorizationGrant.getJwtAuthorizationRequest() != null && iAuthorizationGrant.getJwtAuthorizationRequest().getIdTokenMember() != null) {
            for (Claim claim : iAuthorizationGrant.getJwtAuthorizationRequest().getIdTokenMember().getClaims()) {
                GluuAttribute byClaimName = this.attributeService.getByClaimName(claim.getName());
                if (byClaimName != null && validateRequesteClaim(byClaimName, iAuthorizationGrant.getClient().getClaims(), set)) {
                    Object attribute = iAuthorizationGrant.getUser().getAttribute(byClaimName.getName(), true, byClaimName.getOxMultiValuedAttribute().booleanValue());
                    if (attribute != null) {
                        if (attribute instanceof JSONArray) {
                            JSONArray jSONArray = (JSONArray) attribute;
                            ArrayList arrayList2 = new ArrayList();
                            for (int i = 0; i < jSONArray.length(); i++) {
                                String optString = jSONArray.optString(i);
                                if (optString != null) {
                                    arrayList2.add(optString);
                                }
                            }
                            newJwt.getClaims().setClaim(claim.getName(), arrayList2);
                        } else {
                            newJwt.getClaims().setClaim(claim.getName(), (String) attribute);
                        }
                    }
                }
            }
        }
        if (iAuthorizationGrant.getClient().getSubjectType() == null || !SubjectType.fromString(iAuthorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE) || (!StringUtils.isNotBlank(iAuthorizationGrant.getClient().getSectorIdentifierUri()) && iAuthorizationGrant.getClient().getRedirectUris() == null)) {
            if (iAuthorizationGrant.getClient().getSubjectType() != null && SubjectType.fromString(iAuthorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
                this.log.warn("Unable to calculate the pairwise subject identifier because the client hasn't a redirect uri. A public subject identifier will be used instead.");
            }
            String openidSubAttribute = this.appConfiguration.getOpenidSubAttribute();
            String attribute2 = iAuthorizationGrant.getUser().getAttribute(openidSubAttribute);
            if (StringHelper.equalsIgnoreCase(openidSubAttribute, "uid")) {
                attribute2 = iAuthorizationGrant.getUser().getUserId();
            }
            newJwt.getClaims().setSubjectIdentifier(attribute2);
        } else {
            String sectorIdentifierUri = StringUtils.isNotBlank(iAuthorizationGrant.getClient().getSectorIdentifierUri()) ? iAuthorizationGrant.getClient().getSectorIdentifierUri() : iAuthorizationGrant.getClient().getRedirectUris()[0];
            String attribute3 = iAuthorizationGrant.getUser().getAttribute("inum");
            String clientId = iAuthorizationGrant.getClientId();
            PairwiseIdentifier findPairWiseIdentifier = this.pairwiseIdentifierService.findPairWiseIdentifier(attribute3, sectorIdentifierUri, clientId);
            if (findPairWiseIdentifier == null) {
                findPairWiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId, attribute3);
                findPairWiseIdentifier.setId(UUID.randomUUID().toString());
                findPairWiseIdentifier.setDn(this.pairwiseIdentifierService.getDnForPairwiseIdentifier(findPairWiseIdentifier.getId(), attribute3));
                this.pairwiseIdentifierService.addPairwiseIdentifier(attribute3, findPairWiseIdentifier);
            }
            newJwt.getClaims().setSubjectIdentifier(findPairWiseIdentifier.getId());
        }
        if (arrayList.size() > 0 && this.externalDynamicScopeService.isEnabled()) {
            this.externalDynamicScopeService.executeExternalUpdateMethods(new DynamicScopeExternalContext(arrayList, newJwt, new UnmodifiableAuthorizationGrant(iAuthorizationGrant)));
        }
        return newJwtSigner.sign();
    }

    private void setAmrClaim(JsonWebResponse jsonWebResponse, String str) {
        Map authenticationMethodClaims;
        ArrayList newArrayList = Lists.newArrayList();
        CustomScriptConfiguration customScriptConfigurationByName = this.externalAuthenticationService.getCustomScriptConfigurationByName(str);
        if (customScriptConfigurationByName != null) {
            newArrayList.add(Integer.toString(customScriptConfigurationByName.getLevel()));
            PersonAuthenticationType externalType = customScriptConfigurationByName.getExternalType();
            if (externalType.getApiVersion() > 3 && (authenticationMethodClaims = externalType.getAuthenticationMethodClaims()) != null) {
                for (String str2 : authenticationMethodClaims.keySet()) {
                    newArrayList.add(str2 + ":" + ((String) authenticationMethodClaims.get(str2)));
                }
            }
        }
        jsonWebResponse.getClaims().setClaim("amr", newArrayList);
    }

    public Jwe generateEncryptedIdToken(IAuthorizationGrant iAuthorizationGrant, String str, AuthorizationCode authorizationCode, AccessToken accessToken, String str2, Set<String> set, boolean z, Function<JsonWebResponse, Void> function) throws Exception {
        Jwe jwe = new Jwe();
        KeyEncryptionAlgorithm fromName = KeyEncryptionAlgorithm.fromName(iAuthorizationGrant.getClient().getIdTokenEncryptedResponseAlg());
        BlockEncryptionAlgorithm fromName2 = BlockEncryptionAlgorithm.fromName(iAuthorizationGrant.getClient().getIdTokenEncryptedResponseEnc());
        jwe.getHeader().setType(JwtType.JWT);
        jwe.getHeader().setAlgorithm(fromName);
        jwe.getHeader().setEncryptionMethod(fromName2);
        jwe.getClaims().setIssuer(this.appConfiguration.getIssuer());
        jwe.getClaims().setAudience(iAuthorizationGrant.getClient().getClientId());
        int idTokenLifetime = this.appConfiguration.getIdTokenLifetime();
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        calendar.add(13, idTokenLifetime);
        jwe.getClaims().setExpirationTime(calendar.getTime());
        jwe.getClaims().setIssuedAt(time);
        if (function != null) {
            function.apply(jwe);
        }
        if (iAuthorizationGrant.getAcrValues() != null) {
            jwe.getClaims().setClaim("acr", iAuthorizationGrant.getAcrValues());
            setAmrClaim(jwe, iAuthorizationGrant.getAcrValues());
        }
        if (StringUtils.isNotBlank(str)) {
            jwe.getClaims().setClaim("nonce", str);
        }
        if (iAuthorizationGrant.getAuthenticationTime() != null) {
            jwe.getClaims().setClaim("auth_time", iAuthorizationGrant.getAuthenticationTime());
        }
        if (authorizationCode != null) {
            jwe.getClaims().setClaim("c_hash", AuthorizationCode.getHash(authorizationCode.getCode(), null));
        }
        if (accessToken != null) {
            jwe.getClaims().setClaim("at_hash", AccessToken.getHash(accessToken.getCode(), null));
        }
        if (Strings.isNotBlank(str2)) {
            jwe.getClaims().setClaim("s_hash", AbstractToken.getHash(str2, null));
        }
        jwe.getClaims().setClaim("oxOpenIDConnectVersion", this.appConfiguration.getOxOpenIdConnectVersion());
        User user = iAuthorizationGrant.getUser();
        ArrayList arrayList = new ArrayList();
        if (z && iAuthorizationGrant.getClient().isIncludeClaimsInIdToken()) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                Scope scopeById = this.scopeService.getScopeById(it.next());
                if (scopeById == null || ScopeType.DYNAMIC != scopeById.getScopeType()) {
                    Map<String, Object> claims = getClaims(user, scopeById);
                    if (Boolean.TRUE.equals(scopeById.isOxAuthGroupClaims())) {
                        JwtSubClaimObject jwtSubClaimObject = new JwtSubClaimObject();
                        jwtSubClaimObject.setName(scopeById.getId());
                        for (Map.Entry<String, Object> entry : claims.entrySet()) {
                            String key = entry.getKey();
                            Object value = entry.getValue();
                            if (value instanceof List) {
                                jwtSubClaimObject.setClaim(key, (List) value);
                            } else {
                                jwtSubClaimObject.setClaim(key, (String) value);
                            }
                        }
                        jwe.getClaims().setClaim(scopeById.getId(), jwtSubClaimObject);
                    } else {
                        for (Map.Entry<String, Object> entry2 : claims.entrySet()) {
                            String key2 = entry2.getKey();
                            Object value2 = entry2.getValue();
                            if (value2 instanceof List) {
                                jwe.getClaims().setClaim(key2, (List) value2);
                            } else if (value2 instanceof Boolean) {
                                jwe.getClaims().setClaim(key2, (Boolean) value2);
                            } else if (value2 instanceof Date) {
                                jwe.getClaims().setClaim(key2, Long.valueOf(((Date) value2).getTime()));
                            } else {
                                jwe.getClaims().setClaim(key2, (String) value2);
                            }
                        }
                    }
                    jwe.getClaims().setSubjectIdentifier(iAuthorizationGrant.getUser().getAttribute("inum"));
                } else {
                    arrayList.add(scopeById);
                }
            }
        }
        if (iAuthorizationGrant.getJwtAuthorizationRequest() != null && iAuthorizationGrant.getJwtAuthorizationRequest().getIdTokenMember() != null) {
            for (Claim claim : iAuthorizationGrant.getJwtAuthorizationRequest().getIdTokenMember().getClaims()) {
                GluuAttribute byClaimName = this.attributeService.getByClaimName(claim.getName());
                if (byClaimName != null && validateRequesteClaim(byClaimName, iAuthorizationGrant.getClient().getClaims(), set)) {
                    Object attribute = iAuthorizationGrant.getUser().getAttribute(byClaimName.getName(), true, byClaimName.getOxMultiValuedAttribute().booleanValue());
                    if (attribute != null) {
                        if (attribute instanceof JSONArray) {
                            JSONArray jSONArray = (JSONArray) attribute;
                            ArrayList arrayList2 = new ArrayList();
                            for (int i = 0; i < jSONArray.length(); i++) {
                                String optString = jSONArray.optString(i);
                                if (optString != null) {
                                    arrayList2.add(optString);
                                }
                            }
                            jwe.getClaims().setClaim(claim.getName(), arrayList2);
                        } else {
                            jwe.getClaims().setClaim(claim.getName(), (String) attribute);
                        }
                    }
                }
            }
        }
        if (iAuthorizationGrant.getClient().getSubjectType() == null || !SubjectType.fromString(iAuthorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE) || (!StringUtils.isNotBlank(iAuthorizationGrant.getClient().getSectorIdentifierUri()) && iAuthorizationGrant.getClient().getRedirectUris() == null)) {
            if (iAuthorizationGrant.getClient().getSubjectType() != null && SubjectType.fromString(iAuthorizationGrant.getClient().getSubjectType()).equals(SubjectType.PAIRWISE)) {
                this.log.warn("Unable to calculate the pairwise subject identifier because the client hasn't a redirect uri. A public subject identifier will be used instead.");
            }
            String openidSubAttribute = this.appConfiguration.getOpenidSubAttribute();
            String attribute2 = iAuthorizationGrant.getUser().getAttribute(openidSubAttribute);
            if (StringHelper.equalsIgnoreCase(openidSubAttribute, "uid")) {
                attribute2 = iAuthorizationGrant.getUser().getUserId();
            }
            jwe.getClaims().setSubjectIdentifier(attribute2);
        } else {
            String sectorIdentifierUri = StringUtils.isNotBlank(iAuthorizationGrant.getClient().getSectorIdentifierUri()) ? iAuthorizationGrant.getClient().getSectorIdentifierUri() : iAuthorizationGrant.getClient().getRedirectUris()[0];
            String attribute3 = iAuthorizationGrant.getUser().getAttribute("inum");
            String clientId = iAuthorizationGrant.getClientId();
            PairwiseIdentifier findPairWiseIdentifier = this.pairwiseIdentifierService.findPairWiseIdentifier(attribute3, sectorIdentifierUri, clientId);
            if (findPairWiseIdentifier == null) {
                findPairWiseIdentifier = new PairwiseIdentifier(sectorIdentifierUri, clientId, attribute3);
                findPairWiseIdentifier.setId(UUID.randomUUID().toString());
                findPairWiseIdentifier.setDn(this.pairwiseIdentifierService.getDnForPairwiseIdentifier(findPairWiseIdentifier.getId(), attribute3));
                this.pairwiseIdentifierService.addPairwiseIdentifier(attribute3, findPairWiseIdentifier);
            }
            jwe.getClaims().setSubjectIdentifier(findPairWiseIdentifier.getId());
        }
        if (arrayList.size() > 0 && this.externalDynamicScopeService.isEnabled()) {
            this.externalDynamicScopeService.executeExternalUpdateMethods(new DynamicScopeExternalContext(arrayList, jwe, new UnmodifiableAuthorizationGrant(iAuthorizationGrant)));
        }
        if (fromName == KeyEncryptionAlgorithm.RSA_OAEP || fromName == KeyEncryptionAlgorithm.RSA1_5) {
            JSONObject jSONWebKeys = JwtUtil.getJSONWebKeys(iAuthorizationGrant.getClient().getJwksUri());
            String keyId = new ServerCryptoProvider(this.cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jSONWebKeys), Algorithm.fromString(fromName.getName()), Use.ENCRYPTION);
            PublicKey publicKey = this.cryptoProvider.getPublicKey(keyId, jSONWebKeys);
            jwe.getHeader().setKeyId(keyId);
            if (publicKey == null) {
                throw new InvalidJweException("The public key is not valid");
            }
            jwe = new JweEncrypterImpl(fromName, fromName2, publicKey).encrypt(jwe);
        } else if (fromName == KeyEncryptionAlgorithm.A128KW || fromName == KeyEncryptionAlgorithm.A256KW) {
            try {
                jwe = new JweEncrypterImpl(fromName, fromName2, this.clientService.decryptSecret(iAuthorizationGrant.getClient().getClientSecret()).getBytes("UTF-8")).encrypt(jwe);
            } catch (StringEncrypter.EncryptionException e) {
                throw new InvalidJweException(e);
            } catch (UnsupportedEncodingException e2) {
                throw new InvalidJweException(e2);
            } catch (Exception e3) {
                throw new InvalidJweException(e3);
            }
        }
        return jwe;
    }

    public JsonWebResponse createJwr(IAuthorizationGrant iAuthorizationGrant, String str, AuthorizationCode authorizationCode, AccessToken accessToken, String str2, Set<String> set, boolean z, Function<JsonWebResponse, Void> function) throws Exception {
        Client client = iAuthorizationGrant.getClient();
        return (client == null || client.getIdTokenEncryptedResponseAlg() == null || client.getIdTokenEncryptedResponseEnc() == null) ? generateSignedIdToken(iAuthorizationGrant, str, authorizationCode, accessToken, str2, set, z, function) : generateEncryptedIdToken(iAuthorizationGrant, str, authorizationCode, accessToken, str2, set, z, function);
    }

    public boolean validateRequesteClaim(GluuAttribute gluuAttribute, String[] strArr, Collection<String> collection) {
        if (gluuAttribute == null) {
            return false;
        }
        if (strArr != null) {
            for (String str : strArr) {
                if (gluuAttribute.getDn().equals(str)) {
                    return true;
                }
            }
        }
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            Scope scopeById = this.scopeService.getScopeById(it.next());
            if (scopeById != null && scopeById.getOxAuthClaims() != null) {
                Iterator it2 = scopeById.getOxAuthClaims().iterator();
                while (it2.hasNext()) {
                    if (gluuAttribute.getDisplayName().equals(this.attributeService.getAttributeByDn((String) it2.next()).getDisplayName())) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public Map<String, Object> getClaims(User user, Scope scope) throws InvalidClaimException, ParseException {
        HashMap hashMap = new HashMap();
        if (scope != null && scope.getOxAuthClaims() != null) {
            Iterator it = scope.getOxAuthClaims().iterator();
            while (it.hasNext()) {
                GluuAttribute attributeByDn = this.attributeService.getAttributeByDn((String) it.next());
                String oxAuthClaimName = attributeByDn.getOxAuthClaimName();
                String name = attributeByDn.getName();
                Object obj = null;
                if (StringUtils.isNotBlank(oxAuthClaimName) && StringUtils.isNotBlank(name)) {
                    if (name.equals("uid")) {
                        obj = user.getUserId();
                    } else if (AttributeDataType.BOOLEAN.equals(attributeByDn.getDataType())) {
                        obj = Boolean.valueOf(Boolean.parseBoolean(String.valueOf(user.getAttribute(attributeByDn.getName(), true, attributeByDn.getOxMultiValuedAttribute().booleanValue()))));
                    } else if (AttributeDataType.DATE.equals(attributeByDn.getDataType())) {
                        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
                        Object attribute = user.getAttribute(attributeByDn.getName(), true, attributeByDn.getOxMultiValuedAttribute().booleanValue());
                        if (attribute != null) {
                            obj = simpleDateFormat.parse(attribute.toString());
                        }
                    } else {
                        obj = user.getAttribute(attributeByDn.getName(), true, attributeByDn.getOxMultiValuedAttribute().booleanValue());
                    }
                    if (obj != null) {
                        if (obj instanceof JSONArray) {
                            JSONArray jSONArray = (JSONArray) obj;
                            ArrayList arrayList = new ArrayList();
                            for (int i = 0; i < jSONArray.length(); i++) {
                                String optString = jSONArray.optString(i);
                                if (optString != null) {
                                    arrayList.add(optString);
                                }
                            }
                            hashMap.put(oxAuthClaimName, arrayList);
                        } else {
                            hashMap.put(oxAuthClaimName, obj);
                        }
                    }
                }
            }
        }
        return hashMap;
    }
}
