package org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.AuthGraphNode;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.AuthenticationGraph;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.DynamicDecisionNode;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.EndStep;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.FailNode;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsGraphBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.StepConfigGraphNode;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.sequence.SequenceHandler;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandler.class */
public class GraphBasedSequenceHandler extends DefaultStepBasedSequenceHandler implements SequenceHandler {
    private static final Log log = LogFactory.getLog(GraphBasedSequenceHandler.class);

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler, org.wso2.carbon.identity.application.authentication.framework.handler.sequence.SequenceHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Executing the Step Based Authentication...");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        AuthenticationGraph authenticationGraph = sequenceConfig.getAuthenticationGraph();
        if (authenticationGraph == null || !authenticationGraph.isEnabled()) {
            if (log.isDebugEnabled()) {
                log.debug("Authentication Graph not defined for the application. Performing Step based authentication. Service Provider :" + sequenceConfig.getApplicationId());
            }
            DefaultStepBasedSequenceHandler.getInstance().handle(httpServletRequest, httpServletResponse, authenticationContext);
        } else {
            if (!authenticationGraph.isBuildSuccessful()) {
                throw new FrameworkException("Error while building graph from Javascript. Nested exception is: " + authenticationGraph.getErrorReason());
            }
            boolean z = false;
            while (!z && !authenticationContext.getSequenceConfig().isCompleted()) {
                AuthGraphNode authGraphNode = (AuthGraphNode) authenticationContext.getProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE);
                z = authGraphNode == null ? handleInitialize(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, authenticationGraph) : handleNode(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, authGraphNode);
            }
        }
    }

    private boolean handleNode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, AuthGraphNode authGraphNode) throws FrameworkException {
        authenticationContext.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, authGraphNode);
        boolean z = false;
        if (authGraphNode instanceof DynamicDecisionNode) {
            handleDecisionPoint(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, (DynamicDecisionNode) authGraphNode);
        } else if (authGraphNode instanceof StepConfigGraphNode) {
            z = handleAuthenticationStep(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, (StepConfigGraphNode) authGraphNode);
            if (!z) {
                gotoToNextNode(authenticationContext, sequenceConfig, authGraphNode);
            }
        } else if (authGraphNode instanceof EndStep) {
            handleEndOfSequence(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig);
        } else if (authGraphNode instanceof FailNode) {
            handleAuthFail(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, (FailNode) authGraphNode);
        }
        return z;
    }

    private void gotoToNextNode(AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, AuthGraphNode authGraphNode) {
        AuthGraphNode authGraphNode2 = null;
        if (authGraphNode instanceof StepConfigGraphNode) {
            authGraphNode2 = ((StepConfigGraphNode) authGraphNode).getNext();
        }
        if (authGraphNode2 == null) {
            log.error("No Next node found for the current graph node : " + authGraphNode.getName() + ", Service Provider: " + authenticationContext.getServiceProviderName() + " . Ending the authentication flow.");
            authGraphNode2 = new EndStep();
        }
        authenticationContext.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, authGraphNode2);
    }

    private void handleEndOfSequence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("There are no more steps to execute");
        }
        authenticationContext.getSequenceConfig().setCompleted(true);
        authenticationContext.setRequestAuthenticated(true);
        if (log.isDebugEnabled()) {
            log.debug("Request is successfully authenticated");
        }
        handlePostAuthentication(httpServletRequest, httpServletResponse, authenticationContext);
        if (log.isDebugEnabled()) {
            log.debug("Step processing is completed");
        }
    }

    private void handleAuthFail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, FailNode failNode) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Found a Fail Node in conditional authentication");
        }
        authenticationContext.setRequestAuthenticated(false);
        authenticationContext.getSequenceConfig().setCompleted(true);
    }

    private boolean handleAuthenticationStep(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, StepConfigGraphNode stepConfigGraphNode) throws FrameworkException {
        StepConfig stepConfig = stepConfigGraphNode.getStepConfig();
        if (stepConfig == null) {
            throw new FrameworkException("StepConfig not found while handling the step. Service Provider : " + authenticationContext.getServiceProviderName());
        }
        if (stepConfig.isCompleted()) {
            stepConfig.setCompleted(false);
            stepConfig.setRetrying(false);
            if (!authenticationContext.isRequestAuthenticated()) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication has failed in the Step " + authenticationContext.getCurrentStep());
                }
                if (!stepConfig.isMultiOption() || authenticationContext.isPassiveAuthenticate()) {
                    resetAuthenticationContext(authenticationContext);
                } else {
                    stepConfig.setRetrying(true);
                    authenticationContext.setRequestAuthenticated(true);
                }
            } else if (log.isDebugEnabled()) {
                log.debug("Step " + stepConfig.getOrder() + " is completed. Going to get the next one.");
            }
            resetAuthenticationContext(authenticationContext);
        }
        if (log.isDebugEnabled()) {
            log.debug("Starting Step: " + stepConfig.getOrder());
        }
        int currentStep = authenticationContext.getCurrentStep();
        if (!authenticationContext.isReturning()) {
            int i = currentStep <= 0 ? 1 : currentStep + 1;
            authenticationContext.setCurrentStep(i);
            authenticationContext.getSequenceConfig().getStepMap().put(Integer.valueOf(i), stepConfig);
        }
        FrameworkUtils.getStepHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
        AuthenticatorFlowStatus authenticatorFlowStatus = (AuthenticatorFlowStatus) httpServletRequest.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
        if (authenticatorFlowStatus != AuthenticatorFlowStatus.SUCCESS_COMPLETED && authenticatorFlowStatus != AuthenticatorFlowStatus.INCOMPLETE) {
            stepConfig.setSubjectAttributeStep(false);
            stepConfig.setSubjectIdentifierStep(false);
        }
        if (authenticatorFlowStatus == AuthenticatorFlowStatus.FAIL_COMPLETED && (stepConfigGraphNode.getNext() instanceof EndStep)) {
            stepConfigGraphNode.setNext(new FailNode());
        }
        if (stepConfig.isCompleted()) {
            authenticationContext.setReturning(false);
            return false;
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("Step is not complete yet. Redirecting to outside.");
        return true;
    }

    private void handleDecisionPoint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, DynamicDecisionNode dynamicDecisionNode) throws FrameworkException {
        if (dynamicDecisionNode == null) {
            log.error("Dynamic decision node is null");
            return;
        }
        AuthenticatorFlowStatus authenticatorFlowStatus = (AuthenticatorFlowStatus) httpServletRequest.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS);
        if (authenticatorFlowStatus != null) {
            switch (authenticatorFlowStatus) {
                case SUCCESS_COMPLETED:
                    executeFunction("success", dynamicDecisionNode, authenticationContext);
                    break;
                case FAIL_COMPLETED:
                    executeFunction("fail", dynamicDecisionNode, authenticationContext);
                    if (dynamicDecisionNode.getDefaultEdge() instanceof EndStep) {
                        dynamicDecisionNode.setDefaultEdge(new FailNode());
                        break;
                    }
                    break;
                case FALLBACK:
                    executeFunction("fallback", dynamicDecisionNode, authenticationContext);
                    break;
            }
        }
        authenticationContext.setProperty(FrameworkConstants.JSAttributes.PROP_CURRENT_NODE, dynamicDecisionNode.getDefaultEdge());
    }

    private void executeFunction(String str, DynamicDecisionNode dynamicDecisionNode, AuthenticationContext authenticationContext) {
        new JsGraphBuilder.JsBasedEvaluator(dynamicDecisionNode.getFunctionMap().get(str)).evaluate(authenticationContext);
    }

    private boolean handleInitialize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, SequenceConfig sequenceConfig, AuthenticationGraph authenticationGraph) throws FrameworkException {
        AuthGraphNode startNode = authenticationGraph.getStartNode();
        if (startNode == null) {
            throw new FrameworkException("Start node is not set for authentication graph:" + authenticationGraph.getName());
        }
        authenticationContext.setCurrentStep(0);
        return handleNode(httpServletRequest, httpServletResponse, authenticationContext, sequenceConfig, startNode);
    }
}
