package com.liferay.saml.opensaml.integration.internal.resolver;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.UserEmailAddressException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ListUtil;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.exportimport.UserImporter;
import com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler;
import com.liferay.saml.opensaml.integration.field.expression.handler.registry.UserFieldExpressionHandlerRegistry;
import com.liferay.saml.opensaml.integration.field.expression.resolver.UserFieldExpressionResolver;
import com.liferay.saml.opensaml.integration.field.expression.resolver.registry.UserFieldExpressionResolverRegistry;
import com.liferay.saml.opensaml.integration.internal.metadata.MetadataManager;
import com.liferay.saml.opensaml.integration.processor.UserProcessor;
import com.liferay.saml.opensaml.integration.processor.factory.UserProcessorFactory;
import com.liferay.saml.opensaml.integration.resolver.UserResolver;
import com.liferay.saml.persistence.model.SamlPeerBinding;
import com.liferay.saml.persistence.model.SamlSpIdpConnection;
import com.liferay.saml.persistence.service.SamlPeerBindingLocalService;
import com.liferay.saml.persistence.service.SamlSpIdpConnectionLocalService;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.exception.SubjectException;
import java.io.Serializable;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"service.ranking:Integer=-2147483648"}, service = {UserResolver.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/resolver/DefaultUserResolver.class */
public class DefaultUserResolver implements UserResolver {
    private static final Log _log = LogFactoryUtil.getLog(DefaultUserResolver.class);

    @Reference
    private CompanyLocalService _companyLocalService;

    @Reference
    private MetadataManager _metadataManager;

    @Reference
    private SamlPeerBindingLocalService _samlPeerBindingLocalService;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    @Reference
    private SamlSpIdpConnectionLocalService _samlSpIdpConnectionLocalService;

    @Reference
    private UserFieldExpressionHandlerRegistry _userFieldExpressionHandlerRegistry;

    @Reference
    private UserFieldExpressionResolverRegistry _userFieldExpressionResolverRegistry;

    @Reference
    private UserImporter _userImporter;

    @Reference
    private UserLocalService _userLocalService;

    @Reference
    private UserProcessorFactory _userProcessorFactory;

    @Override // com.liferay.saml.opensaml.integration.resolver.UserResolver
    public User resolveUser(UserResolver.UserResolverSAMLContext userResolverSAMLContext, ServiceContext serviceContext) throws Exception {
        String resolveSubjectNameFormat = userResolverSAMLContext.resolveSubjectNameFormat();
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Resolving user with name ID format ", resolveSubjectNameFormat, " and value ", userResolverSAMLContext.resolveSubjectNameIdentifier()}));
        }
        long longValue = CompanyThreadLocal.getCompanyId().longValue();
        SamlSpIdpConnection samlSpIdpConnection = this._samlSpIdpConnectionLocalService.getSamlSpIdpConnection(longValue, userResolverSAMLContext.resolvePeerEntityId());
        return _importUser(longValue, samlSpIdpConnection, userResolverSAMLContext.resolveSubjectNameIdentifier(), _getNameIdFormat(userResolverSAMLContext, samlSpIdpConnection.getNameIdFormat()), userResolverSAMLContext, serviceContext);
    }

    private User _addUser(long j, SamlSpIdpConnection samlSpIdpConnection, Map<String, List<Serializable>> map, ServiceContext serviceContext) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug("Adding user with attributes map " + MapUtil.toString(map));
        }
        Company company = this._companyLocalService.getCompany(j);
        String _getValueAsString = _getValueAsString("emailAddress", map);
        if (samlSpIdpConnection.isUnknownUsersAreStrangers()) {
            if (!company.isStrangers()) {
                throw new SubjectException("User is a stranger and company " + j + " does not allow strangers to create accounts");
            }
            if (Validator.isNotNull(_getValueAsString) && !company.isStrangersWithMx() && company.hasCompanyMx(_getValueAsString)) {
                throw new UserEmailAddressException.MustNotUseCompanyMx(_getValueAsString);
            }
        }
        User createUser = this._userLocalService.createUser(0L);
        createUser.setCompanyId(j);
        User _processUser = _processUser(createUser, map, serviceContext);
        if (_log.isDebugEnabled()) {
            _log.debug("Added user " + _processUser.toString());
        }
        return _processUser;
    }

    private Map<String, List<Serializable>> _getAttributesMap(SamlSpIdpConnection samlSpIdpConnection, UserResolver.UserResolverSAMLContext userResolverSAMLContext) {
        try {
            return userResolverSAMLContext.resolveBearerAssertionAttributesWithMapping(samlSpIdpConnection.getNormalizedUserAttributeMappings());
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e.getMessage(), e);
            } else if (_log.isWarnEnabled()) {
                _log.warn(e.getMessage());
            }
            return Collections.emptyMap();
        }
    }

    private String _getNameIdFormat(UserResolver.UserResolverSAMLContext userResolverSAMLContext, String str) {
        String resolveSubjectNameFormat = userResolverSAMLContext.resolveSubjectNameFormat();
        if (Validator.isNull(resolveSubjectNameFormat)) {
            resolveSubjectNameFormat = str;
        }
        return resolveSubjectNameFormat;
    }

    private String _getPrefix(String str) {
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(58);
        return indexOf == -1 ? "" : str.substring(0, indexOf);
    }

    private UserFieldExpressionResolver _getUserFieldExpressionResolver(String str) {
        String _getPrefix = _getPrefix(str);
        if (Validator.isBlank(_getPrefix)) {
            _getPrefix = str;
        }
        return this._userFieldExpressionResolverRegistry.getUserFieldExpressionResolver(_getPrefix);
    }

    private String _getValueAsString(String str, Map<String, List<Serializable>> map) {
        List<Serializable> list = map.get(str);
        if (ListUtil.isEmpty(list)) {
            return null;
        }
        return String.valueOf(list.get(0));
    }

    private User _importUser(long j, SamlSpIdpConnection samlSpIdpConnection, String str, String str2, UserResolver.UserResolverSAMLContext userResolverSAMLContext, ServiceContext serviceContext) throws Exception {
        User ldapUser;
        UserFieldExpressionResolver _getUserFieldExpressionResolver = _getUserFieldExpressionResolver(samlSpIdpConnection.getUserIdentifierExpression());
        Map<String, List<Serializable>> _getAttributesMap = _getAttributesMap(samlSpIdpConnection, userResolverSAMLContext);
        String _removePrefix = _removePrefix("", GetterUtil.getString(_getUserFieldExpressionResolver.resolveUserFieldExpression(_getAttributesMap, userResolverSAMLContext)));
        if (Validator.isBlank(_removePrefix)) {
            if (_log.isDebugEnabled()) {
                _log.debug("User field expression is null");
            }
            User _resolveByNameId = _resolveByNameId(j, str2, userResolverSAMLContext.resolveSubjectNameQualifier(), str, userResolverSAMLContext.resolvePeerEntityId());
            if (_resolveByNameId != null) {
                return _updateUser(_resolveByNameId, _getAttributesMap, serviceContext);
            }
            return null;
        }
        String str3 = str;
        if (_getAttributesMap.containsKey(_removePrefix)) {
            str3 = _getValueAsString(_removePrefix, _getAttributesMap);
            if (_log.isDebugEnabled()) {
                _log.debug(StringBundler.concat(new String[]{"User identifier expression is mapped to SAML ", "attribute value \"", str3, "\""}));
            }
        } else if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Resolving user using subject naming identifier ", str, " and name ID format ", str2}));
        }
        String _getPrefix = _getPrefix(_removePrefix);
        UserFieldExpressionHandler fieldExpressionHandler = this._userFieldExpressionHandlerRegistry.getFieldExpressionHandler(_getPrefix);
        if (Validator.isNotNull(_removePrefix) && this._samlProviderConfigurationHelper.isLDAPImportEnabled() && (ldapUser = fieldExpressionHandler.getLdapUser(j, str3, _removePrefix(_getPrefix, _removePrefix))) != null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Matched and imported LDAP user " + ldapUser.toString());
            }
            return ldapUser;
        }
        User _resolveByNameId2 = _resolveByNameId(j, str2, userResolverSAMLContext.resolveSubjectNameQualifier(), str, userResolverSAMLContext.resolvePeerEntityId());
        if (_resolveByNameId2 == null) {
            _resolveByNameId2 = fieldExpressionHandler.getUser(j, str3, _removePrefix(_getPrefix, _removePrefix));
        }
        return _resolveByNameId2 == null ? _addUser(j, samlSpIdpConnection, _getAttributesMap, serviceContext) : _updateUser(_resolveByNameId2, _getAttributesMap, serviceContext);
    }

    private User _processUser(User user, Map<String, List<Serializable>> map, ServiceContext serviceContext) throws Exception {
        UserProcessor create = this._userProcessorFactory.create(user, this._userFieldExpressionHandlerRegistry);
        for (String str : map.keySet()) {
            create.setValueArray(str, new String[]{_getValueAsString(str, map)});
        }
        return create.process(serviceContext);
    }

    private String _removePrefix(String str, String str2) {
        return (str2.length() > str.length() && str2.charAt(str.length()) == ':' && str2.startsWith(str)) ? str2.substring(str.length() + 1) : str2;
    }

    private User _resolveByNameId(long j, String str, String str2, String str3, String str4) {
        SamlPeerBinding fetchSamlPeerBinding = this._samlPeerBindingLocalService.fetchSamlPeerBinding(j, str, str2, str3, str4);
        if (fetchSamlPeerBinding == null) {
            return null;
        }
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new String[]{"Matched known subject name identifier ", str3, " of subject name format ", str, " with subject name qualifier \"", str2, "\" for SAML IDP entity ID ", str4}));
        }
        return this._userLocalService.fetchUserById(fetchSamlPeerBinding.getUserId());
    }

    private User _updateUser(User user, Map<String, List<Serializable>> map, ServiceContext serviceContext) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new Object[]{"Updating user ", Long.valueOf(user.getUserId()), " with attributes map ", MapUtil.toString(map)}));
        }
        return _processUser(user, map, serviceContext);
    }
}
