package com.ibm.ws.security.common.claims;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.AccessIdUtil;
import com.ibm.ws.security.authentication.cache.AuthCacheService;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.registry.UserRegistry;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.security.oauth20_1.1.11.cl50820160125-1634.jar:com/ibm/ws/security/common/claims/UserClaimsRetriever.class */
public class UserClaimsRetriever {
    private static final TraceComponent tc = Tr.register(UserClaimsRetriever.class);
    private AuthCacheService authCacheService;
    private UserRegistry userRegistry;
    static final long serialVersionUID = -632745498680047452L;

    public UserClaimsRetriever(AuthCacheService authCacheService, UserRegistry userRegistry) {
        this.authCacheService = authCacheService;
        this.userRegistry = userRegistry;
    }

    public UserClaims getUserClaims(String str, String str2) {
        UserClaims userClaims = new UserClaims(str2);
        String realm = this.userRegistry.getRealm();
        Subject subject = this.authCacheService.getSubject(getCacheKey(realm, str));
        if (subject != null) {
            populateClaimsFromCachedSubject(userClaims, subject);
        } else {
            populateClaimsFromRegistry(userClaims, realm, str);
        }
        userClaims.setRealmName(realm);
        return userClaims;
    }

    private String getCacheKey(String str, String str2) {
        return str + ":" + str2;
    }

    @FFDCIgnore({Exception.class})
    private void populateClaimsFromCachedSubject(UserClaims userClaims, Subject subject) {
        WSCredential wSCredential = new SubjectHelper().getWSCredential(subject);
        try {
            setClaims(userClaims, wSCredential.getUniqueSecurityName(), extractGroups(wSCredential.getGroupIds()));
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was an exception populating the user claims from the cached subject.", e.getMessage());
            }
        }
    }

    private List<String> extractGroups(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String uniqueId = AccessIdUtil.getUniqueId(it.next());
            if (uniqueId != null) {
                arrayList.add(uniqueId);
            }
        }
        return arrayList;
    }

    @FFDCIgnore({Exception.class})
    private void populateClaimsFromRegistry(UserClaims userClaims, String str, String str2) {
        try {
            setClaims(userClaims, this.userRegistry.getUniqueUserId(str2), this.userRegistry.getGroupsForUser(str2));
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "There was an exception populating the user claims from the user registry.", e.getMessage());
            }
        }
    }

    private void setClaims(UserClaims userClaims, String str, List<String> list) {
        userClaims.setUniqueSecurityName(str);
        if (list.isEmpty()) {
            return;
        }
        userClaims.setGroups(list);
    }
}
