package org.forgerock.openam.rest.audit;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import java.util.Set;
import org.forgerock.oauth2.core.IntrospectableToken;
import org.forgerock.oauth2.core.OAuth2RequestFactory;
import org.forgerock.oauth2.core.Token;
import org.forgerock.openam.audit.AuditConstants;
import org.forgerock.openam.audit.AuditEventFactory;
import org.forgerock.openam.audit.AuditEventPublisher;
import org.forgerock.openam.audit.context.AuditRequestContext;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openidconnect.OpenIdConnectToken;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.Restlet;
import org.restlet.ext.servlet.ServletUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openam/rest/audit/OAuth2AbstractAccessAuditFilter.class */
public abstract class OAuth2AbstractAccessAuditFilter extends AbstractRestletAccessAuditFilter {
    private final OAuth2RequestFactory requestFactory;
    private final Logger logger;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2AbstractAccessAuditFilter(AuditConstants.Component component, Restlet restlet, AuditEventPublisher auditEventPublisher, AuditEventFactory auditEventFactory, OAuth2RequestFactory oAuth2RequestFactory, RestletBodyAuditor restletBodyAuditor, RestletBodyAuditor restletBodyAuditor2) {
        super(component, restlet, auditEventPublisher, auditEventFactory, restletBodyAuditor, restletBodyAuditor2);
        this.logger = LoggerFactory.getLogger("oauth2");
        this.requestFactory = oAuth2RequestFactory;
    }

    protected String getUserIdForAccessAttempt(Request request) {
        String userIdForAccessAttempt = super.getUserIdForAccessAttempt(request);
        if (StringUtils.isNotEmpty(userIdForAccessAttempt)) {
            return userIdForAccessAttempt;
        }
        putUserIdInAuditRequestContext(request);
        return super.getUserIdForAccessAttempt(request);
    }

    protected Set<String> getTrackingIdsForAccessAttempt(Request request) {
        putTrackingIdsIntoAuditRequestContext(request);
        return super.getTrackingIdsForAccessAttempt(request);
    }

    protected String getUserIdForAccessOutcome(Request request, Response response) {
        String userIdForAccessOutcome = super.getUserIdForAccessOutcome(request, response);
        if (StringUtils.isNotEmpty(userIdForAccessOutcome)) {
            return userIdForAccessOutcome;
        }
        putUserIdInAuditRequestContext(request);
        return super.getUserIdForAccessOutcome(request, response);
    }

    protected Set<String> getTrackingIdsForAccessOutcome(Request request, Response response) {
        putTrackingIdsIntoAuditRequestContext(request);
        return super.getTrackingIdsForAccessOutcome(request, response);
    }

    private void putUserIdInAuditRequestContext(Request request) {
        String userId = getUserId(request);
        if (userId != null) {
            AuditRequestContext.putProperty("userId", userId);
        }
    }

    private void putTrackingIdsIntoAuditRequestContext(Request request) {
        for (Token token : this.requestFactory.create(request).getTokens()) {
            AuditConstants.TrackingIdKey auditTrackingIdKey = token.getAuditTrackingIdKey();
            String auditTrackingId = token.getAuditTrackingId();
            if (auditTrackingIdKey != null && auditTrackingId != null) {
                AuditRequestContext.putProperty(auditTrackingIdKey.toString(), auditTrackingId);
            }
        }
        SSOToken sSOToken = getSSOToken(request);
        if (sSOToken != null) {
            try {
                AuditRequestContext.putProperty(AuditConstants.TrackingIdKey.SESSION.toString(), sSOToken.getProperty("AMCtxId"));
                return;
            } catch (SSOException e) {
                this.logger.debug("Could not get tracking ID for session", e);
                return;
            }
        }
        String str = (String) request.getAttributes().get("AMCtxId");
        if (str != null) {
            AuditRequestContext.putProperty(AuditConstants.TrackingIdKey.SESSION.toString(), str);
        }
    }

    private String getUserId(Request request) {
        for (Token token : this.requestFactory.create(request).getTokens()) {
            if (token instanceof IntrospectableToken) {
                return ((IntrospectableToken) token).getResourceOwnerId();
            }
            if (token instanceof OpenIdConnectToken) {
                return ((OpenIdConnectToken) token).get("sub").asString();
            }
        }
        SSOToken sSOToken = getSSOToken(request);
        if (sSOToken == null) {
            return null;
        }
        try {
            return sSOToken.getProperty("sun.am.UniversalIdentifier");
        } catch (SSOException e) {
            this.logger.debug("Could not get user ID for session", e);
            return null;
        }
    }

    private SSOToken getSSOToken(Request request) {
        try {
            return SSOTokenManager.getInstance().createSSOToken(ServletUtils.getRequest(request));
        } catch (Exception e) {
            this.logger.debug("Could not get session", e);
            return null;
        }
    }
}
