package org.wso2.carbon.identity.handler.step;

import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.handler.step.utils.CustomStepHandlerConstants;
import org.wso2.carbon.identity.handler.step.utils.CustomStepHandlerUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;

/* loaded from: input_file:org/wso2/carbon/identity/handler/step/CustomStepHandler.class */
public class CustomStepHandler extends DefaultStepHandler {
    private static final Log log = LogFactory.getLog(CustomStepHandler.class);

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        try {
            int currentStep = authenticationContext.getCurrentStep();
            StepConfig stepConfig = (StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(currentStep));
            String serviceProviderName = authenticationContext.getServiceProviderName();
            if (stepConfig != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Updating AuthConfigList of StepConfig in the step: " + currentStep + " of service provider: " + serviceProviderName);
                }
                updateStepConfig(httpServletRequest, authenticationContext, stepConfig);
            } else if (log.isDebugEnabled()) {
                log.debug("stepConfig is null in step: " + currentStep + " of service provider: " + serviceProviderName);
            }
        } catch (Exception e) {
            log.error("Error occurred during executing custom step handler.", e);
        }
        super.handle(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void updateStepConfig(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, StepConfig stepConfig) {
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        ArrayList arrayList = new ArrayList();
        AuthenticatorConfig authenticatorConfig = null;
        AuthenticatorConfig authenticatorConfig2 = null;
        if (authenticatorList != null) {
            for (AuthenticatorConfig authenticatorConfig3 : authenticatorList) {
                if (log.isDebugEnabled()) {
                    log.debug("Authenticator name : " + authenticatorConfig3.getName());
                }
                if (CustomStepHandlerConstants.IWA_KERBEROS_AUTHENTICATOR_NAME.equals(authenticatorConfig3.getName())) {
                    authenticatorConfig = authenticatorConfig3;
                } else if (CustomStepHandlerConstants.BASIC_AUTHENTICATOR_NAME.equals(authenticatorConfig3.getName())) {
                    authenticatorConfig2 = authenticatorConfig3;
                }
            }
        } else if (log.isDebugEnabled()) {
            log.debug("'AuthConfigList' is empty in the step : " + authenticationContext.getCurrentStep() + " of service provider : " + authenticationContext.getServiceProviderName());
        }
        String clientIpAddress = IdentityUtil.getClientIpAddress(httpServletRequest);
        if (log.isDebugEnabled()) {
            log.debug("client IP Address : " + clientIpAddress);
        }
        boolean isInternalIP = CustomStepHandlerUtil.isInternalIP(clientIpAddress);
        if (isInternalIP) {
            if (authenticatorConfig != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Client IP address is from internal range. Hence modifying the authConfigList to include IWA Kerberos Authenticator for internal network users.");
                }
                arrayList.add(authenticatorConfig);
            } else if (log.isDebugEnabled()) {
                log.debug("Client IP address is from internal range but IWA is not configured in Auth Config list.");
            }
        } else if (authenticatorConfig2 != null) {
            if (log.isDebugEnabled()) {
                log.debug("Client IP address is from external range. Hence modifying the authConfigList to include Basic Authenticator for external network users.");
            }
            arrayList.add(authenticatorConfig2);
        } else if (log.isDebugEnabled()) {
            log.debug("Client IP address is from external range but Basic-auth not available in Auth Config list.");
        }
        if (CustomStepHandlerUtil.isFireFox(httpServletRequest) && authenticatorConfig != null) {
            if (authenticatorConfig2 != null) {
                log.info("Defaulting to Basic Authentication for FireFox Browsers..");
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(authenticatorConfig2);
                updateAuthConfigList(authenticationContext, stepConfig, arrayList2, false);
                return;
            }
            log.info("Defaulting to Basic Authentication for FireFox Browsers..");
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(getBasicAuthenticatorConfig(authenticationContext));
            updateAuthConfigList(authenticationContext, stepConfig, arrayList3, false);
            return;
        }
        if (!hasIWAAuthenticationFailed(authenticationContext) && authenticatorConfig != null && authenticatorConfig2 != null) {
            if (isInternalIP) {
                log.info("Defaulting to IWA for internal network users..");
            } else {
                log.info("Defaulting to basic authentication for external users..");
            }
            updateAuthConfigList(authenticationContext, stepConfig, arrayList, arrayList.size() > 1);
            return;
        }
        if (!hasIWAAuthenticationFailed(authenticationContext) || authenticatorConfig == null || authenticatorConfig2 == null) {
            return;
        }
        log.info("IWA Authentication Failed in previous attempt. Fallback to Basic Authentication..");
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(authenticatorConfig2);
        updateAuthConfigList(authenticationContext, stepConfig, arrayList4, false);
    }

    private void updateAuthConfigList(AuthenticationContext authenticationContext, StepConfig stepConfig, List<AuthenticatorConfig> list, boolean z) {
        stepConfig.setAuthenticatorList(list);
        stepConfig.setMultiOption(z);
        authenticationContext.getSequenceConfig().getStepMap().put(Integer.valueOf(authenticationContext.getCurrentStep()), stepConfig);
    }

    protected void doAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig) throws FrameworkException {
        super.doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
        try {
            if (CustomStepHandlerConstants.IWA_KERBEROS_AUTHENTICATOR_NAME.equals(authenticatorConfig.getApplicationAuthenticator().getName()) && !authenticationContext.isRequestAuthenticated()) {
                if (log.isDebugEnabled()) {
                    log.debug("IWA authenticator failed in this attempt. Adding context property 'IWAAuthenticatorStatus' to detect IWA authentication failure during handle method.");
                }
                authenticationContext.getProperties().put(CustomStepHandlerConstants.IWA_AUTHENTICATION_STATUS, CustomStepHandlerConstants.IWA_AUTHENTICATION_STATUS_FAILED);
                SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
                int currentStep = authenticationContext.getCurrentStep();
                String serviceProviderName = authenticationContext.getServiceProviderName();
                if (log.isDebugEnabled()) {
                    log.debug("Updating AuthConfigList of StepConfig in the step: " + currentStep + " of service provider: " + serviceProviderName + " with basic authenticator config.");
                }
                StepConfig stepConfig = (StepConfig) sequenceConfig.getStepMap().get(Integer.valueOf(currentStep));
                AuthenticatorConfig basicAuthenticatorConfig = getBasicAuthenticatorConfig(authenticationContext);
                ArrayList arrayList = new ArrayList();
                arrayList.add(basicAuthenticatorConfig);
                arrayList.add(authenticatorConfig);
                updateAuthConfigList(authenticationContext, stepConfig, arrayList, arrayList.size() > 1);
                stepConfig.setRetrying(true);
                authenticationContext.getSequenceConfig().getStepMap().put(Integer.valueOf(authenticationContext.getCurrentStep()), stepConfig);
            }
        } catch (Exception e) {
            log.error("Error occurred during CustomStepHandler doAuthentication method.", e);
            authenticationContext.setRequestAuthenticated(false);
        }
    }

    private boolean hasIWAAuthenticationFailed(AuthenticationContext authenticationContext) {
        return CustomStepHandlerConstants.IWA_AUTHENTICATION_STATUS_FAILED.equals((String) authenticationContext.getProperty(CustomStepHandlerConstants.IWA_AUTHENTICATION_STATUS));
    }

    private AuthenticatorConfig getBasicAuthenticatorConfig(AuthenticationContext authenticationContext) {
        try {
            AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(CustomStepHandlerConstants.BASIC_AUTHENTICATOR_NAME);
            authenticatorBean.getIdps().put(CustomStepHandlerConstants.LOCAL_IDP_NAME, IdentityProviderManager.getInstance().getIdPByName(CustomStepHandlerConstants.LOCAL_IDP_NAME, authenticationContext.getTenantDomain()));
            authenticatorBean.setEnabled(true);
            return authenticatorBean;
        } catch (IdentityProviderManagementException e) {
            log.error("Error occurred while retrieving local IDP.", e);
            return null;
        }
    }
}
