package com.liferay.saml.opensaml.integration.internal.resolver;

import com.liferay.portal.kernel.bean.BeanPropertiesUtil;
import com.liferay.portal.kernel.configuration.Filter;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.Organization;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserGroup;
import com.liferay.portal.kernel.model.UserGroupGroupRole;
import com.liferay.portal.kernel.model.UserGroupRole;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.RoleLocalService;
import com.liferay.portal.kernel.service.UserGroupGroupRoleLocalService;
import com.liferay.portal.kernel.service.UserGroupRoleLocalService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PropsUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.saml.opensaml.integration.internal.util.OpenSamlUtil;
import com.liferay.saml.opensaml.integration.internal.util.SamlUtil;
import com.liferay.saml.opensaml.integration.metadata.MetadataManager;
import com.liferay.saml.opensaml.integration.resolver.AttributeResolver;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"service.ranking:Integer=-2147483648"}, service = {AttributeResolver.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/resolver/DefaultAttributeResolver.class */
public class DefaultAttributeResolver implements AttributeResolver {
    private static final String _SALESFORCE_ENTITY_ID = "https://saml.salesforce.com";
    private static final Log _log = LogFactoryUtil.getLog(DefaultAttributeResolver.class);
    private GroupLocalService _groupLocalService;
    private MetadataManager _metadataManager;
    private RoleLocalService _roleLocalService;
    private UserGroupGroupRoleLocalService _userGroupGroupRoleLocalService;
    private UserGroupRoleLocalService _userGroupRoleLocalService;

    @Override // com.liferay.saml.opensaml.integration.resolver.AttributeResolver
    public List<Attribute> resolve(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext) {
        List<Attribute> arrayList = new ArrayList<>();
        String peerEntityId = sAMLMessageContext.getPeerEntityId();
        boolean isAttributesNamespaceEnabled = this._metadataManager.isAttributesNamespaceEnabled(sAMLMessageContext.getPeerEntityId());
        for (String str : getAttributeNames(peerEntityId)) {
            if (str.startsWith("expando:")) {
                addExpandoAttribute(user, sAMLMessageContext, arrayList, str.substring(8), isAttributesNamespaceEnabled);
            } else if (str.equals("groups")) {
                addGroupsAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else if (str.equals("organizations")) {
                addOrganizationsAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else if (str.equals("organizationRoles")) {
                addOrganizationRolesAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else if (str.equals("roles")) {
                addRolesAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else if (str.startsWith("static:")) {
                addStaticAttribute(user, sAMLMessageContext, arrayList, str.substring(7), isAttributesNamespaceEnabled);
            } else if (str.equals("siteRoles") || str.equals("userGroupRoles")) {
                addSiteRolesAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else if (str.equals("userGroups")) {
                addUserGroupsAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            } else {
                addUserAttribute(user, sAMLMessageContext, arrayList, str, isAttributesNamespaceEnabled);
            }
        }
        if (isPeerSalesForce(peerEntityId)) {
            List<Attribute> salesForceAttributes = getSalesForceAttributes(sAMLMessageContext);
            if (!salesForceAttributes.isEmpty()) {
                arrayList.addAll(salesForceAttributes);
            }
        }
        return arrayList;
    }

    @Reference(unbind = "-")
    public void setGroupLocalService(GroupLocalService groupLocalService) {
        this._groupLocalService = groupLocalService;
    }

    @Reference(unbind = "-")
    public void setMetadataManager(MetadataManager metadataManager) {
        this._metadataManager = metadataManager;
    }

    @Reference(unbind = "-")
    public void setRoleLocalService(RoleLocalService roleLocalService) {
        this._roleLocalService = roleLocalService;
    }

    @Reference(unbind = "-")
    public void setUserGroupGroupRoleLocalService(UserGroupGroupRoleLocalService userGroupGroupRoleLocalService) {
        this._userGroupGroupRoleLocalService = userGroupGroupRoleLocalService;
    }

    @Reference(unbind = "-")
    public void setUserGroupRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
        this._userGroupRoleLocalService = userGroupRoleLocalService;
    }

    protected void addExpandoAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        Serializable attribute = user.getExpandoBridge().getAttribute(str, false);
        list.add(!z ? OpenSamlUtil.buildAttribute(str, attribute) : OpenSamlUtil.buildAttribute("urn:liferay:user:expando:" + str, Attribute.URI_REFERENCE, attribute));
    }

    protected void addGroupsAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List groups = user.getGroups();
            if (groups.isEmpty()) {
                return;
            }
            Attribute buildAttribute = OpenSamlUtil.buildAttribute();
            if (z) {
                buildAttribute.setName("urn:liferay:groups");
                buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
            } else {
                buildAttribute.setName("groups");
                buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
            }
            List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
            Iterator it = groups.iterator();
            while (it.hasNext()) {
                attributeValues.add(OpenSamlUtil.buildAttributeValue(((Group) it.next()).getName()));
            }
            list.add(buildAttribute);
        } catch (Exception e) {
            _log.error("Unable to get groups for user " + user.getUserId(), e);
        }
    }

    protected void addOrganizationRolesAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List<UserGroupRole> userGroupRoles = this._userGroupRoleLocalService.getUserGroupRoles(user.getUserId());
            HashMap hashMap = new HashMap();
            for (UserGroupRole userGroupRole : userGroupRoles) {
                Group group = userGroupRole.getGroup();
                if (userGroupRole.getRole().getType() == 3) {
                    Set set = (Set) hashMap.get(group.getName());
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(group.getName(), set);
                    }
                    set.add(userGroupRole.getRole());
                }
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                String str2 = (String) entry.getKey();
                Set set2 = (Set) entry.getValue();
                Attribute buildAttribute = OpenSamlUtil.buildAttribute();
                if (z) {
                    buildAttribute.setName("urn:liferay:organizationRole:" + str2);
                    buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
                } else {
                    buildAttribute.setName("organizationRole:" + str2);
                    buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
                }
                List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
                Iterator it = set2.iterator();
                while (it.hasNext()) {
                    attributeValues.add(OpenSamlUtil.buildAttributeValue(((Role) it.next()).getName()));
                }
                list.add(buildAttribute);
            }
        } catch (Exception e) {
            _log.error("Unable to get organization roles for user " + user.getUserId(), e);
        }
    }

    protected void addOrganizationsAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List organizations = user.getOrganizations();
            if (organizations.isEmpty()) {
                return;
            }
            Attribute buildAttribute = OpenSamlUtil.buildAttribute();
            if (z) {
                buildAttribute.setName("urn:liferay:organizations");
                buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
            } else {
                buildAttribute.setName("organizations");
                buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
            }
            List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
            Iterator it = organizations.iterator();
            while (it.hasNext()) {
                attributeValues.add(OpenSamlUtil.buildAttributeValue(((Organization) it.next()).getName()));
            }
            list.add(buildAttribute);
        } catch (Exception e) {
            _log.error("Unable to get organizations for user " + user.getUserId(), e);
        }
    }

    protected void addRolesAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List roles = user.getRoles();
            List groups = user.getGroups();
            List organizations = user.getOrganizations();
            List userGroups = user.getUserGroups();
            List userGroupsRelatedGroups = this._groupLocalService.getUserGroupsRelatedGroups(userGroups);
            List<Group> emptyList = Collections.emptyList();
            if (!organizations.isEmpty()) {
                emptyList = this._groupLocalService.getOrganizationsRelatedGroups(organizations);
                for (Group group : emptyList) {
                    if (!userGroupsRelatedGroups.contains(group)) {
                        userGroupsRelatedGroups.add(group);
                    }
                }
            }
            ArrayList<Group> arrayList = new ArrayList();
            arrayList.addAll(groups);
            arrayList.addAll(userGroupsRelatedGroups);
            arrayList.addAll(emptyList);
            arrayList.addAll(this._groupLocalService.getOrganizationsGroups(organizations));
            arrayList.addAll(this._groupLocalService.getUserGroupsGroups(userGroups));
            HashSet hashSet = new HashSet();
            hashSet.addAll(roles);
            for (Group group2 : arrayList) {
                if (this._roleLocalService.hasGroupRoles(group2.getGroupId())) {
                    hashSet.addAll(this._roleLocalService.getGroupRoles(group2.getGroupId()));
                }
            }
            if (hashSet.isEmpty()) {
                return;
            }
            Attribute buildAttribute = OpenSamlUtil.buildAttribute();
            if (z) {
                buildAttribute.setName("urn:liferay:roles");
                buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
            } else {
                buildAttribute.setName("roles");
                buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
            }
            List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                attributeValues.add(OpenSamlUtil.buildAttributeValue(((Role) it.next()).getName()));
            }
            list.add(buildAttribute);
        } catch (Exception e) {
            _log.error("Unable to get roles for user " + user.getUserId(), e);
        }
    }

    protected void addSiteRolesAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List<UserGroupRole> userGroupRoles = this._userGroupRoleLocalService.getUserGroupRoles(user.getUserId());
            HashMap hashMap = new HashMap();
            for (UserGroupRole userGroupRole : userGroupRoles) {
                Group group = userGroupRole.getGroup();
                if (userGroupRole.getRole().getType() != 3 || str.equals("userGroupRoles")) {
                    Set set = (Set) hashMap.get(group.getName());
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(group.getName(), set);
                    }
                    set.add(userGroupRole.getRole());
                }
            }
            for (UserGroupGroupRole userGroupGroupRole : this._userGroupGroupRoleLocalService.getUserGroupGroupRolesByUser(user.getUserId())) {
                Group group2 = userGroupGroupRole.getGroup();
                Role role = userGroupGroupRole.getRole();
                Set set2 = (Set) hashMap.get(group2.getName());
                if (set2 == null) {
                    set2 = new HashSet();
                    hashMap.put(group2.getName(), set2);
                }
                set2.add(role);
            }
            for (Map.Entry entry : hashMap.entrySet()) {
                String str2 = (String) entry.getKey();
                Set set3 = (Set) entry.getValue();
                Attribute buildAttribute = OpenSamlUtil.buildAttribute();
                if (z) {
                    if (str.equals("siteRoles")) {
                        buildAttribute.setName("urn:liferay:siteRole:" + str2);
                    } else {
                        buildAttribute.setName("urn:liferay:userGroupRole:" + str2);
                    }
                    buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
                } else {
                    if (str.equals("siteRoles")) {
                        buildAttribute.setName("siteRole:" + str2);
                    } else {
                        buildAttribute.setName("userGroupRole:" + str2);
                    }
                    buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
                }
                List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
                Iterator it = set3.iterator();
                while (it.hasNext()) {
                    attributeValues.add(OpenSamlUtil.buildAttributeValue(((Role) it.next()).getName()));
                }
                list.add(buildAttribute);
            }
        } catch (Exception e) {
            _log.error("Unable to get user group roles for user " + user.getUserId(), e);
        }
    }

    protected void addStaticAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        String str2 = "";
        if (str.indexOf(61) > 0) {
            String[] split = StringUtil.split(str, "=");
            str = split[0];
            str2 = split[1];
            if (split.length > 2) {
                for (int i = 2; i < split.length; i++) {
                    str2 = str2.concat("=").concat(split[i]);
                }
            }
        }
        Attribute buildAttribute = OpenSamlUtil.buildAttribute(str, str2);
        if (z) {
            buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
        } else {
            buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
        }
        list.add(buildAttribute);
    }

    protected void addUserAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        Serializable serializable = (Serializable) BeanPropertiesUtil.getObject(user, str);
        list.add(!z ? OpenSamlUtil.buildAttribute(str, serializable) : OpenSamlUtil.buildAttribute("urn:liferay:user:" + str, Attribute.URI_REFERENCE, serializable));
    }

    protected void addUserGroupsAttribute(User user, SAMLMessageContext<?, ?, ?> sAMLMessageContext, List<Attribute> list, String str, boolean z) {
        try {
            List userGroups = user.getUserGroups();
            if (userGroups.isEmpty()) {
                return;
            }
            Attribute buildAttribute = OpenSamlUtil.buildAttribute();
            if (z) {
                buildAttribute.setName("urn:liferay:userGroups");
                buildAttribute.setNameFormat(Attribute.URI_REFERENCE);
            } else {
                buildAttribute.setName("userGroups");
                buildAttribute.setNameFormat(Attribute.UNSPECIFIED);
            }
            List<XMLObject> attributeValues = buildAttribute.getAttributeValues();
            Iterator it = userGroups.iterator();
            while (it.hasNext()) {
                attributeValues.add(OpenSamlUtil.buildAttributeValue(((UserGroup) it.next()).getName()));
            }
            list.add(buildAttribute);
        } catch (Exception e) {
            _log.error("Unable to get user groups for user " + user.getUserId(), e);
        }
    }

    protected String[] getAttributeNames(String str) {
        return this._metadataManager.getAttributeNames(str);
    }

    protected List<Attribute> getSalesForceAttributes(SAMLMessageContext<?, ?, ?> sAMLMessageContext) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(OpenSamlUtil.buildAttribute("logoutURL", GetterUtil.getString(PropsUtil.get("saml.idp.metadata.salesforce.logout.url"))));
        String string = GetterUtil.getString(PropsUtil.get("saml.idp.metadata.salesforce.sso.start.page"));
        try {
            string = SamlUtil.getSingleSignOnServiceForBinding((IDPSSODescriptor) sAMLMessageContext.getLocalEntityRoleMetadata(), SAMLConstants.SAML2_POST_BINDING_URI).getLocation();
        } catch (MetadataProviderException e) {
        }
        arrayList.add(OpenSamlUtil.buildAttribute("ssoStartPage", string));
        return arrayList;
    }

    protected boolean isPeerSalesForce(String str) {
        if (str.equals(_SALESFORCE_ENTITY_ID)) {
            return true;
        }
        return GetterUtil.getBoolean(PropsUtil.get("saml.idp.metadata.salesforce.attributes.enabled", new Filter(str)));
    }
}
