package org.gluu.oxauth.service;

import java.net.URI;
import java.util.UUID;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.model.common.BackchannelTokenDeliveryMode;
import org.gluu.oxauth.model.common.CIBAGrant;
import org.gluu.oxauth.model.common.IAuthorizationGrant;
import org.gluu.oxauth.model.common.SubjectType;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.registration.Client;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.util.StringHelper;
import org.oxauth.persistence.model.PairwiseIdentifier;
import org.oxauth.persistence.model.SectorIdentifier;
import org.slf4j.Logger;

@Stateless
@Named
/* loaded from: input_file:org/gluu/oxauth/service/SectorIdentifierService.class */
public class SectorIdentifierService {

    @Inject
    private Logger log;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private PairwiseIdentifierService pairwiseIdentifierService;

    @Inject
    protected AppConfiguration appConfiguration;

    public SectorIdentifier getSectorIdentifierById(String str) {
        SectorIdentifier sectorIdentifier = null;
        try {
            sectorIdentifier = (SectorIdentifier) this.ldapEntryManager.find(SectorIdentifier.class, getDnForSectorIdentifier(str));
        } catch (Exception e) {
            this.log.error("Failed to find sector identifier by oxId " + str, e);
        }
        return sectorIdentifier;
    }

    public String getDnForSectorIdentifier(String str) {
        String sectorIdentifiers = this.staticConfiguration.getBaseDn().getSectorIdentifiers();
        return StringHelper.isEmpty(str) ? sectorIdentifiers : String.format("oxId=%s,%s", str, sectorIdentifiers);
    }

    public String getSub(IAuthorizationGrant iAuthorizationGrant) {
        Client client = iAuthorizationGrant.getClient();
        User user = iAuthorizationGrant.getUser();
        if (user == null) {
            this.log.trace("User is null, return blank sub");
            return "";
        }
        if (client != null) {
            return getSub(client, user, iAuthorizationGrant instanceof CIBAGrant);
        }
        this.log.trace("Client is null, return blank sub.");
        return "";
    }

    public String getSub(Client client, User user, boolean z) {
        String backchannelClientNotificationEndpoint;
        if (user == null) {
            this.log.trace("User is null, return blank sub");
            return "";
        }
        if (client == null) {
            this.log.trace("Client is null, return blank sub.");
            return "";
        }
        if (SubjectType.PAIRWISE.equals(SubjectType.fromString(client.getSubjectType()))) {
            if (StringUtils.isNotBlank(client.getSectorIdentifierUri())) {
                backchannelClientNotificationEndpoint = client.getSectorIdentifierUri();
            } else if (z) {
                backchannelClientNotificationEndpoint = client.getBackchannelTokenDeliveryMode() == BackchannelTokenDeliveryMode.PUSH ? client.getBackchannelClientNotificationEndpoint() : client.getJwksUri();
            } else {
                backchannelClientNotificationEndpoint = !ArrayUtils.isEmpty(client.getRedirectUris()) ? client.getRedirectUris()[0] : null;
            }
            String attribute = user.getAttribute("inum");
            try {
                if (StringUtils.isNotBlank(backchannelClientNotificationEndpoint)) {
                    String host = URI.create(backchannelClientNotificationEndpoint).getHost();
                    if (this.appConfiguration.getSubjectIdentifierBasedOnWholeUriBackwardCompatibility().booleanValue()) {
                        host = backchannelClientNotificationEndpoint;
                    }
                    PairwiseIdentifier findPairWiseIdentifier = this.pairwiseIdentifierService.findPairWiseIdentifier(attribute, host, client.getClientId());
                    if (findPairWiseIdentifier == null) {
                        findPairWiseIdentifier = new PairwiseIdentifier(host, client.getClientId(), attribute);
                        findPairWiseIdentifier.setId(UUID.randomUUID().toString());
                        findPairWiseIdentifier.setDn(this.pairwiseIdentifierService.getDnForPairwiseIdentifier(findPairWiseIdentifier.getId(), attribute));
                        this.pairwiseIdentifierService.addPairwiseIdentifier(attribute, findPairWiseIdentifier);
                    }
                    return findPairWiseIdentifier.getId();
                }
                this.log.trace("Sector identifier uri is blank for client: " + client.getClientId());
            } catch (Exception e) {
                this.log.error("Failed to get sub claim. PairwiseIdentifierService failed to find pair wise identifier.", e);
                return "";
            }
        }
        String openidSubAttribute = this.appConfiguration.getOpenidSubAttribute();
        return StringHelper.equalsIgnoreCase(openidSubAttribute, "uid") ? user.getUserId() : user.getAttribute(openidSubAttribute);
    }
}
