package org.wso2.carbon.identity.application.authentication.framework;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringJoiner;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.exception.auth.service.AuthServiceClientException;
import org.wso2.carbon.identity.application.authentication.framework.exception.auth.service.AuthServiceException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceErrorInfo;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceRequest;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceRequestWrapper;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceResponse;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceResponseData;
import org.wso2.carbon.identity.application.authentication.framework.model.auth.service.AuthServiceResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.util.auth.service.AuthServiceConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.auth.service.AuthServiceUtils;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/AuthenticationService.class */
public class AuthenticationService {
    private static final Log LOG = LogFactory.getLog(AuthenticationService.class);
    private final CommonAuthenticationHandler commonAuthenticationHandler = new CommonAuthenticationHandler();

    public AuthServiceResponse handleAuthentication(AuthServiceRequest authServiceRequest) throws AuthServiceException {
        if (isInitialAuthRequest(authServiceRequest)) {
            validateRequest(authServiceRequest);
        }
        HttpServletRequest wrappedRequest = getWrappedRequest(authServiceRequest.getRequest(), authServiceRequest.getParameters());
        HttpServletResponse wrappedResponse = getWrappedResponse(authServiceRequest.getResponse());
        try {
            this.commonAuthenticationHandler.doPost(wrappedRequest, wrappedResponse);
            return processCommonAuthResponse(wrappedRequest, wrappedResponse);
        } catch (ServletException | IOException e) {
            throw new AuthServiceException(AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_PROCEED.code(), AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_PROCEED.description(), e);
        }
    }

    private AuthServiceRequestWrapper getWrappedRequest(HttpServletRequest httpServletRequest, Map<String, String[]> map) {
        return new AuthServiceRequestWrapper(httpServletRequest, map);
    }

    private AuthServiceResponseWrapper getWrappedResponse(HttpServletResponse httpServletResponse) {
        return new AuthServiceResponseWrapper(httpServletResponse);
    }

    private AuthServiceResponse processCommonAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        AuthServiceResponse authServiceResponse = new AuthServiceResponse();
        if (isAuthFlowSuccessful(authServiceRequestWrapper)) {
            handleSuccessAuthResponse(authServiceRequestWrapper, authServiceResponseWrapper, authServiceResponse);
        } else if (isAuthFlowFailed(authServiceRequestWrapper, authServiceResponseWrapper)) {
            handleFailedAuthResponse(authServiceRequestWrapper, authServiceResponseWrapper, authServiceResponse);
        } else {
            if (!isAuthFlowIncomplete(authServiceRequestWrapper)) {
                throw new AuthServiceException(AuthServiceConstants.ErrorMessage.ERROR_UNKNOWN_AUTH_FLOW_STATUS.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_UNKNOWN_AUTH_FLOW_STATUS.description(), authServiceRequestWrapper.getAuthFlowStatus()));
            }
            handleIntermediateAuthResponse(authServiceRequestWrapper, authServiceResponseWrapper, authServiceResponse);
        }
        return authServiceResponse;
    }

    private void handleIntermediateAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper, AuthServiceResponse authServiceResponse) throws AuthServiceException {
        List<AuthenticatorData> authInitiationData;
        authServiceResponse.setSessionDataKey(authServiceRequestWrapper.getSessionDataKey());
        authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.INCOMPLETE);
        AuthServiceResponseData authServiceResponseData = new AuthServiceResponseData();
        if (authServiceRequestWrapper.isMultiOptionsResponse()) {
            authServiceResponseData.setAuthenticatorSelectionRequired(true);
            authInitiationData = getAuthenticatorBasicData(authServiceResponseWrapper.getAuthenticators(), authServiceRequestWrapper.getAuthInitiationData());
        } else {
            authInitiationData = authServiceRequestWrapper.getAuthInitiationData();
        }
        authServiceResponseData.setAuthenticatorOptions(authInitiationData);
        authServiceResponse.setData(authServiceResponseData);
    }

    private void handleSuccessAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper, AuthServiceResponse authServiceResponse) throws AuthServiceException {
        authServiceResponse.setSessionDataKey(getFlowCompletionSessionDataKey(authServiceRequestWrapper, authServiceResponseWrapper));
        authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.SUCCESS_COMPLETED);
    }

    private void handleFailedAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper, AuthServiceResponse authServiceResponse) throws AuthServiceException {
        if (authServiceRequestWrapper.isAuthFlowConcluded()) {
            handleFailedConcludedAuthResponse(authServiceRequestWrapper, authServiceResponse);
        } else {
            handleFailedIncompleteAuthResponse(authServiceRequestWrapper, authServiceResponseWrapper, authServiceResponse);
        }
    }

    private void handleFailedConcludedAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponse authServiceResponse) {
        String code = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.code();
        String message = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.message();
        String description = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE.description();
        String str = null;
        String str2 = null;
        authServiceResponse.setSessionDataKey(authServiceRequestWrapper.getSessionDataKey());
        authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_COMPLETED);
        AuthenticationResult authenticationResult = getAuthenticationResult(authServiceRequestWrapper);
        if (authenticationResult != null) {
            str = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_CODE);
            str2 = (String) authenticationResult.getProperty(FrameworkConstants.AUTH_ERROR_MSG);
        }
        String str3 = StringUtils.isNotBlank(str) ? str : "";
        if (StringUtils.isNotBlank(str2)) {
            if (StringUtils.isNotBlank(str3)) {
                str3 = new StringJoiner(" ").add(str3).add(AuthServiceConstants.INTERNAL_ERROR_MSG_SEPARATOR).add(str2).toString();
            } else if (StringUtils.isBlank(str3)) {
                str3 = str2;
            }
        }
        if (StringUtils.isNotBlank(str3)) {
            message = str3;
        }
        authServiceResponse.setErrorInfo(new AuthServiceErrorInfo(code, message, description));
    }

    private void handleFailedIncompleteAuthResponse(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper, AuthServiceResponse authServiceResponse) throws AuthServiceException {
        String description = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.description();
        authServiceResponse.setSessionDataKey(authServiceRequestWrapper.getSessionDataKey());
        authServiceResponse.setFlowStatus(AuthServiceConstants.FlowStatus.FAIL_INCOMPLETE);
        authServiceResponse.setData(new AuthServiceResponseData(authServiceRequestWrapper.getAuthInitiationData()));
        String errorCode = getErrorCode(authServiceResponseWrapper);
        String errorMessage = getErrorMessage(authServiceResponseWrapper);
        if (StringUtils.isBlank(errorCode)) {
            errorCode = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.code();
        }
        if (StringUtils.isBlank(errorMessage)) {
            errorMessage = AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATION_FAILURE_RETRY_AVAILABLE.message();
        }
        authServiceResponse.setErrorInfo(new AuthServiceErrorInfo(errorCode, errorMessage, description));
    }

    private String getErrorCode(AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        return AuthServiceUtils.extractQueryParams(authServiceResponseWrapper.getRedirectURL()).get("errorCode");
    }

    private String getErrorMessage(AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        return AuthServiceUtils.extractQueryParams(authServiceResponseWrapper.getRedirectURL()).get(AuthServiceConstants.AUTH_FAILURE_MSG_PARAM);
    }

    private List<AuthenticatorData> getAuthenticatorBasicData(String str, List<AuthenticatorData> list) throws AuthServiceException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : StringUtils.split(str, AuthServiceConstants.AUTHENTICATOR_SEPARATOR)) {
            String[] split = StringUtils.split(str2, ":");
            String str3 = split[0];
            AuthenticatorData authenticatorData = getAuthenticatorData(str3, list);
            if (authenticatorData != null) {
                arrayList.add(authenticatorData);
            } else {
                ApplicationAuthenticator appAuthenticatorByName = FrameworkUtils.getAppAuthenticatorByName(str3);
                if (appAuthenticatorByName == null) {
                    throw new AuthServiceException(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_FOUND.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_FOUND.description(), str3));
                }
                if (appAuthenticatorByName.isAPIBasedAuthenticationSupported()) {
                    for (int i = 1; i < split.length; i++) {
                        String str4 = split[i];
                        AuthenticatorData authenticatorData2 = new AuthenticatorData();
                        authenticatorData2.setName(str3);
                        authenticatorData2.setIdp(str4);
                        authenticatorData2.setDisplayName(appAuthenticatorByName.getFriendlyName());
                        authenticatorData2.setI18nKey(appAuthenticatorByName.getI18nKey());
                        arrayList.add(authenticatorData2);
                    }
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("Authenticator: " + str3 + " does not support API based authentication.");
                }
            }
        }
        return arrayList;
    }

    private AuthenticatorData getAuthenticatorData(String str, List<AuthenticatorData> list) {
        for (AuthenticatorData authenticatorData : list) {
            if (StringUtils.equals(authenticatorData.getName(), str)) {
                return authenticatorData;
            }
        }
        return null;
    }

    private boolean isAuthFlowSuccessful(AuthServiceRequestWrapper authServiceRequestWrapper) {
        return AuthenticatorFlowStatus.SUCCESS_COMPLETED == authServiceRequestWrapper.getAuthFlowStatus();
    }

    private boolean isAuthFlowFailed(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        return AuthenticatorFlowStatus.FAIL_COMPLETED == authServiceRequestWrapper.getAuthFlowStatus() || authServiceResponseWrapper.isErrorResponse() || isSentToRetryPageOnMissingContext(authServiceRequestWrapper, authServiceResponseWrapper);
    }

    private boolean isAuthFlowIncomplete(AuthServiceRequestWrapper authServiceRequestWrapper) {
        return AuthenticatorFlowStatus.INCOMPLETE == authServiceRequestWrapper.getAuthFlowStatus();
    }

    private AuthenticationResult getAuthenticationResult(AuthServiceRequestWrapper authServiceRequestWrapper) {
        AuthenticationResultCacheEntry authenticationResultFromCache;
        AuthenticationResult authenticationResult = (AuthenticationResult) authServiceRequestWrapper.getAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT);
        if (authenticationResult == null && (authenticationResultFromCache = FrameworkUtils.getAuthenticationResultFromCache(authServiceRequestWrapper.getSessionDataKey())) != null) {
            authenticationResult = authenticationResultFromCache.getResult();
        }
        return authenticationResult;
    }

    private boolean isSentToRetryPageOnMissingContext(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        if (AuthenticatorFlowStatus.INCOMPLETE == authServiceRequestWrapper.getAuthFlowStatus() && Boolean.TRUE.equals(authServiceRequestWrapper.getAttribute(FrameworkConstants.IS_SENT_TO_RETRY))) {
            return StringUtils.equals(AuthServiceUtils.extractQueryParams(authServiceResponseWrapper.getRedirectURL()).get(FrameworkConstants.STATUS_PARAM), FrameworkConstants.ERROR_STATUS_AUTH_CONTEXT_NULL);
        }
        return false;
    }

    private String getFlowCompletionSessionDataKey(AuthServiceRequestWrapper authServiceRequestWrapper, AuthServiceResponseWrapper authServiceResponseWrapper) throws AuthServiceException {
        String str = (String) authServiceRequestWrapper.getAttribute("sessionDataKey");
        if (StringUtils.isBlank(str)) {
            str = authServiceResponseWrapper.getSessionDataKey();
        }
        return str;
    }

    private void validateRequest(AuthServiceRequest authServiceRequest) throws AuthServiceException {
        String clientId = getClientId(authServiceRequest.getRequest());
        String tenantDomain = getTenantDomain(authServiceRequest.getRequest());
        ServiceProvider serviceProvider = getServiceProvider(clientId, tenantDomain);
        if (serviceProvider == null) {
            throw new AuthServiceClientException(AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_FIND_APPLICATION.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_FIND_APPLICATION.description(), clientId, tenantDomain));
        }
        if (!serviceProvider.isAPIBasedAuthenticationEnabled()) {
            throw new AuthServiceClientException(AuthServiceConstants.ErrorMessage.ERROR_API_BASED_AUTH_NOT_ENABLED.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_API_BASED_AUTH_NOT_ENABLED.description(), serviceProvider.getApplicationResourceId()));
        }
        for (ApplicationAuthenticator applicationAuthenticator : getConfiguredAuthenticators(serviceProvider)) {
            if (!applicationAuthenticator.isAPIBasedAuthenticationSupported()) {
                throw new AuthServiceClientException(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_SUPPORTED.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_AUTHENTICATOR_NOT_SUPPORTED.description(), applicationAuthenticator.getName()));
            }
        }
    }

    private Set<ApplicationAuthenticator> getConfiguredAuthenticators(ServiceProvider serviceProvider) {
        LocalAndOutboundAuthenticationConfig localAndOutBoundAuthenticationConfig = serviceProvider.getLocalAndOutBoundAuthenticationConfig();
        if (localAndOutBoundAuthenticationConfig == null || localAndOutBoundAuthenticationConfig.getAuthenticationSteps() == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        for (AuthenticationStep authenticationStep : localAndOutBoundAuthenticationConfig.getAuthenticationSteps()) {
            processLocalAuthenticators(authenticationStep, hashSet);
            processFederatedAuthenticators(authenticationStep, hashSet);
        }
        return hashSet;
    }

    private void processLocalAuthenticators(AuthenticationStep authenticationStep, Set<ApplicationAuthenticator> set) {
        if (authenticationStep.getLocalAuthenticatorConfigs() != null) {
            for (LocalAuthenticatorConfig localAuthenticatorConfig : authenticationStep.getLocalAuthenticatorConfigs()) {
                addAuthenticator(set, localAuthenticatorConfig.getName());
            }
        }
    }

    private void processFederatedAuthenticators(AuthenticationStep authenticationStep, Set<ApplicationAuthenticator> set) {
        if (authenticationStep.getFederatedIdentityProviders() != null) {
            for (IdentityProvider identityProvider : authenticationStep.getFederatedIdentityProviders()) {
                FederatedAuthenticatorConfig defaultAuthenticatorConfig = identityProvider.getDefaultAuthenticatorConfig();
                if (defaultAuthenticatorConfig != null) {
                    addAuthenticator(set, defaultAuthenticatorConfig.getName());
                }
            }
        }
    }

    private void addAuthenticator(Set<ApplicationAuthenticator> set, String str) {
        ApplicationAuthenticator appAuthenticatorByName = FrameworkUtils.getAppAuthenticatorByName(str);
        if (appAuthenticatorByName != null) {
            set.add(appAuthenticatorByName);
        }
    }

    private ServiceProvider getServiceProvider(String str, String str2) throws AuthServiceException {
        try {
            return ApplicationManagementService.getInstance().getServiceProviderByClientId(str, "oauth2", str2);
        } catch (IdentityApplicationManagementException e) {
            throw new AuthServiceException(AuthServiceConstants.ErrorMessage.ERROR_RETRIEVING_APPLICATION.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_RETRIEVING_APPLICATION.description(), str, str2, e));
        } catch (IdentityApplicationManagementClientException e2) {
            throw new AuthServiceClientException(AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_FIND_APPLICATION.code(), String.format(AuthServiceConstants.ErrorMessage.ERROR_UNABLE_TO_FIND_APPLICATION.description(), str, str2, e2));
        }
    }

    private String getTenantDomain(HttpServletRequest httpServletRequest) {
        String parameter;
        if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Tenant Qualified URL mode enabled. Retrieving tenantDomain from thread local context.");
            }
            parameter = IdentityTenantUtil.getTenantDomainFromContext();
        } else {
            parameter = httpServletRequest.getParameter("tenantDomain");
        }
        if (StringUtils.isEmpty(parameter)) {
            parameter = "carbon.super";
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Resolved tenant domain: " + parameter);
        }
        return parameter;
    }

    private String getClientId(HttpServletRequest httpServletRequest) {
        return (String) httpServletRequest.getAttribute("relyingParty");
    }

    private boolean isInitialAuthRequest(AuthServiceRequest authServiceRequest) {
        return Boolean.TRUE.equals(authServiceRequest.getRequest().getAttribute(AuthServiceConstants.REQ_ATTR_IS_INITIAL_API_BASED_AUTH_REQUEST));
    }
}
