package org.wso2.carbon.identity.application.authentication.framework;

import java.io.IOException;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.event.services.IdentityEventService;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/AbstractLocalApplicationAuthenticator.class */
public abstract class AbstractLocalApplicationAuthenticator extends AbstractApplicationAuthenticator implements ApplicationAuthenticator {
    private static final long serialVersionUID = -4406878411547612129L;
    private static final Log log = LogFactory.getLog(AbstractLocalApplicationAuthenticator.class);

    @Override // org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator, org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator
    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return processLogoutFlow(httpServletRequest, httpServletResponse, authenticationContext);
        }
        if (!canHandle(httpServletRequest) || Boolean.TRUE.equals(httpServletRequest.getAttribute(FrameworkConstants.REQ_ATTR_HANDLED))) {
            authenticationContext.setRetrying(false);
            return initiateAuthenticationFlow(httpServletRequest, httpServletResponse, authenticationContext);
        }
        try {
            fireEvent(authenticationContext, "PRE_AUTHENTICATION", false);
            processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
            if ((this instanceof LocalApplicationAuthenticator) && !authenticationContext.getSequenceConfig().getApplicationConfig().isSaaSApp()) {
                validateNonSaasAppLogin(authenticationContext);
            }
            httpServletRequest.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED, true);
            authenticationContext.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, null);
            fireEvent(authenticationContext, "POST_AUTHENTICATION", true);
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        } catch (AuthenticationFailedException e) {
            if (!isAccountLocked(authenticationContext)) {
                fireEvent(authenticationContext, "POST_AUTHENTICATION", false);
                httpServletRequest.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED, true);
                return handleRetryOnFailure(httpServletRequest, httpServletResponse, authenticationContext, e);
            }
            try {
                httpServletResponse.sendRedirect(getRedirectUrlOnAccountLock(authenticationContext, httpServletResponse));
                return AuthenticatorFlowStatus.INCOMPLETE;
            } catch (IOException e2) {
                throw new AuthenticationFailedException(" Error while redirecting to the retry page ", e2);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected AuthenticatorFlowStatus handleRetryOnFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticationFailedException authenticationFailedException) throws AuthenticationFailedException {
        boolean z = isStepHasMultiOption(authenticationContext) && isRedirectToMultiOptionPageOnFailure();
        if (!retryAuthenticationEnabled(authenticationContext) || z) {
            authenticationContext.setProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR, getName());
            throw authenticationFailedException;
        }
        authenticationContext.setRetrying(true);
        return initiateAuthenticationFlow(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void validateNonSaasAppLogin(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (StringUtils.equals(authenticationContext.getSubject().getTenantDomain(), authenticationContext.getTenantDomain())) {
            return;
        }
        authenticationContext.setProperty(FrameworkConstants.USER_TENANT_DOMAIN_MISMATCH, true);
        throw new AuthenticationFailedException("Service Provider tenant domain must be equal to user tenant domain for non-SaaS applications", authenticationContext.getSubject());
    }

    protected AuthenticatorFlowStatus initiateAuthenticationFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (getName().equals(authenticationContext.getProperty(FrameworkConstants.LAST_FAILED_AUTHENTICATOR))) {
            authenticationContext.setRetrying(true);
        }
        initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
        authenticationContext.setCurrentAuthenticator(getName());
        return AuthenticatorFlowStatus.INCOMPLETE;
    }

    protected boolean isAccountLocked(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String errorCode = getErrorCode();
        if (!StringUtils.isNotEmpty(errorCode) || !errorCode.equals("17003")) {
            return false;
        }
        authenticationContext.setRetrying(true);
        authenticationContext.setCurrentAuthenticator(getName());
        return true;
    }

    protected String getRedirectUrlOnAccountLock(AuthenticationContext authenticationContext, HttpServletResponse httpServletResponse) {
        return httpServletResponse.encodeRedirectURL(ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL() + "?" + authenticationContext.getContextIdIncludedQueryParams()) + FrameworkConstants.STATUS_MSG + FrameworkConstants.ERROR_MSG + FrameworkConstants.STATUS + FrameworkConstants.ACCOUNT_LOCKED_MSG;
    }

    protected AuthenticatorFlowStatus processLogoutFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws LogoutFailedException {
        try {
            if (canHandle(httpServletRequest)) {
                processLogoutResponse(httpServletRequest, httpServletResponse, authenticationContext);
                return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
            }
            authenticationContext.setCurrentAuthenticator(getName());
            initiateLogoutRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        } catch (UnsupportedOperationException e) {
            if (log.isDebugEnabled()) {
                log.debug("Ignoring UnsupportedOperationException.", e);
            }
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
    }

    private void fireEvent(AuthenticationContext authenticationContext, String str, boolean z) throws AuthenticationFailedException {
        if (eventFiringEnabledForAccountLocking()) {
            IdentityEventService identityEventService = FrameworkServiceDataHolder.getInstance().getIdentityEventService();
            try {
                HashMap hashMap = new HashMap();
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername((String) authenticationContext.getProperty("username"));
                String tenantDomain = authenticationContext.getTenantDomain();
                UserRealm tenantUserRealm = FrameworkServiceDataHolder.getInstance().getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(tenantDomain));
                hashMap.put("user-name", tenantAwareUsername);
                hashMap.put("userStoreManager", tenantUserRealm.getUserStoreManager());
                hashMap.put("tenant-domain", tenantDomain);
                hashMap.put("OPERATION_STATUS", Boolean.valueOf(z));
                identityEventService.handleEvent(new Event(str, hashMap));
            } catch (UserStoreException e) {
                throw new AuthenticationFailedException(" Error in accessing user store ", (Throwable) e);
            } catch (IdentityEventException e2) {
                throw new AuthenticationFailedException(" Error while firing the events ", (Throwable) e2);
            }
        }
    }

    private String getErrorCode() {
        String str = null;
        IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
        IdentityUtil.clearIdentityErrorMsg();
        if (identityErrorMsg != null && identityErrorMsg.getErrorCode() != null) {
            if (log.isDebugEnabled()) {
                log.debug("Retrieving error code " + identityErrorMsg.getErrorCode() + " from identity error message context ");
            }
            str = identityErrorMsg.getErrorCode();
        }
        return str;
    }

    protected boolean eventFiringEnabledForAccountLocking() {
        return false;
    }
}
