package org.forgerock.openam.oauth2;

import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.forgerock.oauth2.core.OAuth2ProviderSettingsFactory;
import org.forgerock.oauth2.core.OAuth2Request;
import org.forgerock.oauth2.core.exceptions.UnauthorizedClientException;
import org.forgerock.openam.utils.CrestQuery;

@Singleton
/* loaded from: input_file:org/forgerock/openam/oauth2/IdentityManager.class */
public class IdentityManager {
    private final Debug logger = Debug.getInstance("OAuth2Provider");
    private final OAuth2ProviderSettingsFactory providerSettingsFactory;

    @Inject
    public IdentityManager(OAuth2ProviderSettingsFactory oAuth2ProviderSettingsFactory) {
        this.providerSettingsFactory = oAuth2ProviderSettingsFactory;
    }

    public AMIdentity getResourceOwnerIdentity(String str, String str2) throws UnauthorizedClientException {
        try {
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str2);
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setAllReturnAttributes(true);
            HashSet hashSet = new HashSet();
            idSearchControl.setMaxResults(0);
            IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.USER, new CrestQuery(str), idSearchControl);
            if (searchIdentities == null || searchIdentities.getResultAttributes().isEmpty()) {
                idSearchControl.setSearchModifiers(IdSearchOpModifier.OR, toAvPairMap(this.providerSettingsFactory.get(OAuth2Request.forRealm(str2)).getResourceOwnerAuthenticatedAttributes(), str));
                IdSearchResults searchIdentities2 = aMIdentityRepository.searchIdentities(IdType.USER, "*", idSearchControl);
                if (searchIdentities2 != null) {
                    hashSet.addAll(searchIdentities2.getSearchResults());
                }
            } else {
                hashSet.addAll(searchIdentities.getSearchResults());
            }
            if (hashSet.size() != 1) {
                this.logger.error("No user profile or more than one profile found.");
                throw new UnauthorizedClientException("Not able to get user from OpenAM");
            }
            AMIdentity aMIdentity = (AMIdentity) hashSet.iterator().next();
            if (aMIdentity.isActive()) {
                return aMIdentity;
            }
            return null;
        } catch (Exception e) {
            this.logger.error("Unable to get client AMIdentity: ", e);
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
    }

    public AMIdentity getClientIdentity(String str, String str2) throws UnauthorizedClientException {
        try {
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository((SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()), str2);
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setAllReturnAttributes(true);
            idSearchControl.setMaxResults(0);
            Set searchResults = aMIdentityRepository.searchIdentities(IdType.AGENTONLY, str, idSearchControl).getSearchResults();
            if (searchResults == null || searchResults.size() != 1) {
                this.logger.error("No client profile or more than one profile found.");
                throw new UnauthorizedClientException("Not able to get client from OpenAM");
            }
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            if (aMIdentity.isActive()) {
                return aMIdentity;
            }
            return null;
        } catch (Exception e) {
            this.logger.error("Unable to get client AMIdentity: ", e);
            throw new UnauthorizedClientException("Not able to get client from OpenAM");
        }
    }

    private Map<String, Set<String>> toAvPairMap(Set<String> set, String str) {
        if (str == null) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        if (set == null || set.isEmpty()) {
            return hashMap;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), hashSet);
        }
        return hashMap;
    }
}
