package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;

import java.io.IOException;
import java.io.Serializable;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.context.SessionContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.DuplicatedAuthUserException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.AuthenticationRequestHandler;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationContextProperty;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.services.PostAuthenticationMgtService;
import org.wso2.carbon.identity.application.authentication.framework.store.UserSessionStore;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.framework.util.LoginContextManagementUtil;
import org.wso2.carbon.identity.application.authentication.framework.util.SessionMgtConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.SessionNonceCookieUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.util.IdPManagementUtil;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.user.core.config.UserStorePreferenceOrderSupplier;
import org.wso2.carbon.user.core.model.UserMgtContext;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultAuthenticationRequestHandler.class */
public class DefaultAuthenticationRequestHandler implements AuthenticationRequestHandler {
    public static final String AUTHZ_FAIL_REASON = "AUTHZ_FAIL_REASON";
    private static final Log log = LogFactory.getLog(DefaultAuthenticationRequestHandler.class);
    private static final Log AUDIT_LOG = CarbonConstants.AUDIT_LOG;
    private static volatile DefaultAuthenticationRequestHandler instance;

    public static DefaultAuthenticationRequestHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultAuthenticationRequestHandler.class) {
                if (instance == null) {
                    instance = new DefaultAuthenticationRequestHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.request.AuthenticationRequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("In authentication flow");
        }
        if (authenticationContext.isReturning()) {
            if (httpServletRequest.getParameter(FrameworkConstants.RequestParams.DENY) != null) {
                handleDenyFromLoginPage(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
            handleRememberMeOptionFromLoginPage(httpServletRequest, authenticationContext);
        }
        int currentStep = authenticationContext.getCurrentStep();
        if (currentStep == 0) {
            handleSequenceStart(httpServletRequest, httpServletResponse, authenticationContext);
        }
        List<AuthenticatorConfig> reqPathAuthenticators = authenticationContext.getSequenceConfig().getReqPathAuthenticators();
        boolean z = false;
        try {
            try {
                UserStorePreferenceOrderSupplier<List<String>> userStorePreferenceOrderSupplier = FrameworkUtils.getUserStorePreferenceOrderSupplier(authenticationContext, null);
                if (userStorePreferenceOrderSupplier != null) {
                    UserMgtContext userMgtContext = new UserMgtContext();
                    userMgtContext.setUserStorePreferenceOrderSupplier(userStorePreferenceOrderSupplier);
                    UserCoreUtil.setUserMgtContextInThreadLocal(userMgtContext);
                }
                if (reqPathAuthenticators != null && !reqPathAuthenticators.isEmpty() && currentStep == 0) {
                    FrameworkUtils.getRequestPathBasedSequenceHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
                }
                if (!authenticationContext.getSequenceConfig().isCompleted() || reqPathAuthenticators == null || reqPathAuthenticators.isEmpty()) {
                    authenticationContext.setProperty(FrameworkConstants.STEP_BASED_SEQUENCE_HANDLER_TRIGGERED, true);
                    if (SessionNonceCookieUtil.isNonceCookieEnabled()) {
                        String nonceCookieName = SessionNonceCookieUtil.getNonceCookieName(authenticationContext);
                        if (authenticationContext.isReturning()) {
                            if (!SessionNonceCookieUtil.validateNonceCookie(httpServletRequest, authenticationContext)) {
                                throw new FrameworkException(SessionNonceCookieUtil.NONCE_ERROR_CODE, "Session nonce cookie value is not matching for session with sessionDataKey: " + httpServletRequest.getParameter("sessionDataKey"));
                            }
                            z = true;
                        } else if (authenticationContext.getProperty(nonceCookieName) == null) {
                            z = true;
                        }
                    }
                    FrameworkUtils.getStepBasedSequenceHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
                }
                UserCoreUtil.removeUserMgtContextInThreadLocal();
                try {
                    handlePostAuthentication(httpServletRequest, httpServletResponse, authenticationContext);
                    if (canConcludeFlow(authenticationContext)) {
                        if (z) {
                            SessionNonceCookieUtil.removeNonceCookie(httpServletRequest, httpServletResponse, authenticationContext);
                        }
                        concludeFlow(httpServletRequest, httpServletResponse, authenticationContext);
                    } else if (z) {
                        SessionNonceCookieUtil.addNonceCookie(httpServletRequest, httpServletResponse, authenticationContext);
                    }
                } catch (FrameworkException e) {
                    SessionNonceCookieUtil.removeNonceCookie(httpServletRequest, httpServletResponse, authenticationContext);
                    throw e;
                }
            } catch (FrameworkException e2) {
                SessionNonceCookieUtil.removeNonceCookie(httpServletRequest, httpServletResponse, authenticationContext);
                throw e2;
            }
        } catch (Throwable th) {
            UserCoreUtil.removeUserMgtContextInThreadLocal();
            throw th;
        }
    }

    protected boolean canConcludeFlow(AuthenticationContext authenticationContext) {
        return LoginContextManagementUtil.isPostAuthenticationExtensionCompleted(authenticationContext);
    }

    protected void handlePostAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Handling post authentication");
        }
        PostAuthenticationMgtService postAuthenticationMgtService = FrameworkServiceDataHolder.getInstance().getPostAuthenticationMgtService();
        if (!authenticationContext.getSequenceConfig().isCompleted()) {
            log.debug("Sequence is not completed yet. Hence skipping post authentication");
        } else {
            if (postAuthenticationMgtService != null) {
                postAuthenticationMgtService.handlePostAuthentication(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("No post authentication service found. Hence not evaluating post authentication.");
            }
            LoginContextManagementUtil.markPostAuthenticationCompleted(authenticationContext);
        }
    }

    private void handleDenyFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("User has pressed Deny or Cancel in the login page. Terminating the authentication flow");
        }
        authenticationContext.getSequenceConfig().setCompleted(true);
        authenticationContext.setRequestAuthenticated(false);
        concludeFlow(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void handleRememberMeOptionFromLoginPage(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        if (authenticationContext.isRememberMe()) {
            return;
        }
        if (FrameworkConstants.REMEMBER_ME_OPT_ON.equalsIgnoreCase(httpServletRequest.getParameter(FrameworkConstants.RequestParams.REMEMBER_ME))) {
            authenticationContext.setRememberMe(true);
        } else {
            authenticationContext.setRememberMe(false);
        }
    }

    protected boolean handleSequenceStart(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Starting the sequence");
        }
        boolean booleanValue = httpServletRequest.getParameter("forceAuth") != null ? Boolean.valueOf(httpServletRequest.getParameter("forceAuth")).booleanValue() : false;
        authenticationContext.setForceAuthenticate(booleanValue);
        if (log.isDebugEnabled()) {
            log.debug("Force Authenticate : " + booleanValue);
        }
        boolean booleanValue2 = httpServletRequest.getParameter(FrameworkConstants.RequestParams.RE_AUTHENTICATE) != null ? Boolean.valueOf(httpServletRequest.getParameter(FrameworkConstants.RequestParams.RE_AUTHENTICATE)).booleanValue() : false;
        if (log.isDebugEnabled()) {
            log.debug("Re-Authenticate : " + booleanValue2);
        }
        authenticationContext.setReAuthenticate(booleanValue2);
        String parameter = httpServletRequest.getParameter("passiveAuth");
        boolean booleanValue3 = parameter != null ? Boolean.valueOf(parameter).booleanValue() : false;
        if (log.isDebugEnabled()) {
            log.debug("Passive Authenticate : " + booleanValue3);
        }
        authenticationContext.setPassiveAuthenticate(booleanValue3);
        return false;
    }

    protected void concludeFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        String str;
        if (log.isDebugEnabled()) {
            log.debug("Concluding the Authentication Flow");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        sequenceConfig.setCompleted(false);
        AuthenticationResult authenticationResult = new AuthenticationResult();
        boolean isRequestAuthenticated = authenticationContext.isRequestAuthenticated();
        authenticationResult.setAuthenticated(isRequestAuthenticated);
        String authenticatedUserTenantDomain = getAuthenticatedUserTenantDomain(authenticationContext, authenticationResult);
        authenticationResult.setSaaSApp(sequenceConfig.getApplicationConfig().isSaaSApp());
        if (isRequestAuthenticated) {
            if (!sequenceConfig.getApplicationConfig().isSaaSApp()) {
                String tenantDomain = authenticationContext.getTenantDomain();
                String tenantDomain2 = sequenceConfig.getAuthenticatedUser().getTenantDomain();
                if (StringUtils.isNotEmpty(tenantDomain2) && StringUtils.isNotEmpty(tenantDomain) && !tenantDomain.equals(tenantDomain2)) {
                    throw new FrameworkException("Service Provider tenant domain must be equal to user tenant domain for non-SaaS applications");
                }
            }
            authenticationResult.setSubject(new AuthenticatedUser(sequenceConfig.getAuthenticatedUser()));
            ApplicationConfig applicationConfig = sequenceConfig.getApplicationConfig();
            if (applicationConfig.getServiceProvider().getLocalAndOutBoundAuthenticationConfig().isAlwaysSendBackAuthenticatedListOfIdPs()) {
                authenticationResult.setAuthenticatedIdPs(sequenceConfig.getAuthenticatedIdPs());
            }
            SessionContext sessionContext = null;
            String str2 = null;
            String str3 = null;
            Cookie authCookie = FrameworkUtils.getAuthCookie(httpServletRequest);
            if (authCookie != null && !authenticationContext.isForceAuthenticate()) {
                str2 = authCookie.getValue();
                if (str2 != null) {
                    str3 = DigestUtils.sha256Hex(str2);
                    sessionContext = FrameworkUtils.getSessionContextFromCache(str3);
                }
            }
            String applicationTenantDomain = getApplicationTenantDomain(authenticationContext);
            if (sessionContext != null) {
                str = FrameworkConstants.AnalyticsAttributes.SESSION_UPDATE;
                sessionContext.getAuthenticatedSequences().put(applicationConfig.getApplicationName(), sequenceConfig);
                sessionContext.getAuthenticatedIdPs().putAll(authenticationContext.getCurrentAuthenticatedIdPs());
                sessionContext.getSessionAuthHistory().resetHistory(AuthHistory.merge(sessionContext.getSessionAuthHistory().getHistory(), authenticationContext.getAuthenticationStepHistory()));
                populateAuthenticationContextHistory(authenticationResult, authenticationContext, sessionContext);
                long currentTimeMillis = System.currentTimeMillis();
                if (!authenticationContext.isPreviousAuthTime()) {
                    sessionContext.addProperty(FrameworkConstants.UPDATED_TIMESTAMP, Long.valueOf(currentTimeMillis));
                }
                authenticationResult.addProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID, str3);
                ArrayList arrayList = new ArrayList();
                if (sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
                    for (AuthenticationContextProperty authenticationContextProperty : (List) sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES)) {
                        Iterator<StepConfig> it = authenticationContext.getSequenceConfig().getStepMap().values().iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (it.next().getAuthenticatedIdP().equals(authenticationContextProperty.getIdPName())) {
                                    arrayList.add(authenticationContextProperty);
                                    break;
                                }
                            } else {
                                break;
                            }
                        }
                    }
                }
                Object obj = (Long) sessionContext.getProperty(FrameworkConstants.CREATED_TIMESTAMP);
                if (obj != null) {
                    authenticationResult.addProperty(FrameworkConstants.CREATED_TIMESTAMP, obj);
                }
                if (authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
                    arrayList.addAll((List) authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
                    if (sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) == null) {
                        sessionContext.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, arrayList);
                    } else {
                        ((List) sessionContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES)).addAll((List) authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
                    }
                }
                if (!arrayList.isEmpty()) {
                    if (log.isDebugEnabled()) {
                        log.debug("AuthenticationContextProperties are available.");
                    }
                    authenticationResult.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, arrayList);
                }
                FrameworkUtils.updateSessionLastAccessTimeMetadata(str3, Long.valueOf(currentTimeMillis));
                if (sessionContext.isRememberMe() && Boolean.parseBoolean(IdentityUtil.getProperty("TimeConfig.ExtendRememberMeSessionTimeoutOnAuth"))) {
                    authenticationContext.setRememberMe(sessionContext.isRememberMe());
                    setAuthCookie(httpServletRequest, httpServletResponse, authenticationContext, str2, applicationTenantDomain);
                }
                if (authenticationContext.getRuntimeClaims().size() > 0) {
                    sessionContext.addProperty(FrameworkConstants.RUNTIME_CLAIMS, authenticationContext.getRuntimeClaims());
                }
                FrameworkUtils.addSessionContextToCache(str3, sessionContext, applicationTenantDomain);
            } else {
                str = FrameworkConstants.AnalyticsAttributes.SESSION_CREATE;
                sessionContext = new SessionContext();
                authenticationContext.setProperty(FrameworkConstants.AnalyticsAttributes.IS_INITIAL_LOGIN, true);
                sessionContext.getAuthenticatedSequences().put(applicationConfig.getApplicationName(), sequenceConfig);
                sessionContext.setAuthenticatedIdPs(authenticationContext.getCurrentAuthenticatedIdPs());
                sessionContext.setRememberMe(authenticationContext.isRememberMe());
                if (authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES) != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("AuthenticationContextProperties are available.");
                    }
                    authenticationResult.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
                    sessionContext.addProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES, authenticationContext.getProperty(FrameworkConstants.AUTHENTICATION_CONTEXT_PROPERTIES));
                }
                String generateUUID = UUIDGenerator.generateUUID();
                str3 = DigestUtils.sha256Hex(generateUUID);
                sessionContext.addProperty(FrameworkConstants.AUTHENTICATED_USER, authenticationResult.getSubject());
                Object valueOf = Long.valueOf(System.currentTimeMillis());
                sessionContext.addProperty(FrameworkConstants.CREATED_TIMESTAMP, valueOf);
                authenticationResult.addProperty(FrameworkConstants.CREATED_TIMESTAMP, valueOf);
                authenticationResult.addProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID, str3);
                sessionContext.getSessionAuthHistory().resetHistory(AuthHistory.merge(sessionContext.getSessionAuthHistory().getHistory(), authenticationContext.getAuthenticationStepHistory()));
                populateAuthenticationContextHistory(authenticationResult, authenticationContext, sessionContext);
                if (authenticationContext.getRuntimeClaims().size() > 0) {
                    sessionContext.addProperty(FrameworkConstants.RUNTIME_CLAIMS, authenticationContext.getRuntimeClaims());
                }
                FrameworkUtils.addSessionContextToCache(str3, sessionContext, applicationTenantDomain);
                setAuthCookie(httpServletRequest, httpServletResponse, authenticationContext, generateUUID, applicationTenantDomain);
                if (FrameworkServiceDataHolder.getInstance().isUserSessionMappingEnabled()) {
                    try {
                        storeSessionMetaData(str3, httpServletRequest);
                    } catch (UserSessionException e) {
                        log.error("Storing session meta data failed.", e);
                    }
                }
            }
            if (authenticatedUserTenantDomain == null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            }
            if (FrameworkServiceDataHolder.getInstance().isUserSessionMappingEnabled()) {
                try {
                    storeSessionData(authenticationContext, str3);
                } catch (UserSessionException e2) {
                    throw new FrameworkException("Error while storing session details of the authenticated user to the database", (Throwable) e2);
                }
            }
            if (authenticationContext.getAuthenticationStepHistory() != null) {
                for (AuthHistory authHistory : authenticationContext.getAuthenticationStepHistory()) {
                    if (StringUtils.isNotBlank(authHistory.getIdpSessionIndex()) && StringUtils.isNotBlank(authHistory.getIdpName())) {
                        try {
                            UserSessionStore.getInstance().storeFederatedAuthSessionInfo(str3, authHistory);
                        } catch (UserSessionException e3) {
                            throw new FrameworkException("Error while storing federated authentication session details of the authenticated user to the database", (Throwable) e3);
                        }
                    }
                }
            }
            FrameworkUtils.publishSessionEvent(str3, httpServletRequest, authenticationContext, sessionContext, sequenceConfig.getAuthenticatedUser(), str);
            publishAuthenticationSuccess(httpServletRequest, authenticationContext, sequenceConfig.getAuthenticatedUser());
        }
        if (FrameworkUtils.getCacheDisabledAuthenticators().contains(authenticationContext.getRequestType()) && (httpServletResponse instanceof CommonAuthResponseWrapper) && !((CommonAuthResponseWrapper) httpServletResponse).isWrappedByFramework()) {
            httpServletRequest.setAttribute("sessionDataKey", authenticationContext.getCallerSessionKey());
            addAuthenticationResultToRequest(httpServletRequest, authenticationResult);
        } else {
            FrameworkUtils.addAuthenticationResultToCache(authenticationContext.getCallerSessionKey(), authenticationResult);
        }
        if (System.getProperty("retainCache") == null) {
            FrameworkUtils.removeAuthenticationContextFromCache(authenticationContext.getContextIdentifier());
        }
        sendResponse(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void populateAuthenticationContextHistory(AuthenticationResult authenticationResult, AuthenticationContext authenticationContext, SessionContext sessionContext) {
        if (authenticationContext.getSelectedAcr() != null) {
            sessionContext.getSessionAuthHistory().setSelectedAcrValue(authenticationContext.getSelectedAcr());
            sessionContext.getSessionAuthHistory().setSessionCreatedTime(calculateCreatedTime(sessionContext));
        }
        authenticationResult.addProperty(FrameworkConstants.SESSION_AUTH_HISTORY, sessionContext.getSessionAuthHistory());
    }

    private DateTime calculateCreatedTime(SessionContext sessionContext) {
        Object property = sessionContext.getProperty(FrameworkConstants.CREATED_TIMESTAMP);
        return property != null ? new DateTime(Long.parseLong(property.toString())) : DateTime.now();
    }

    private void storeSessionData(AuthenticationContext authenticationContext, String str) throws UserSessionException {
        String resolveUserIdFromUsername;
        String authenticatedSubjectIdentifier = authenticationContext.getSequenceConfig().getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
        String serviceProviderName = authenticationContext.getServiceProviderName();
        int tenantId = IdentityTenantUtil.getTenantId(authenticationContext.getTenantDomain());
        String substring = authenticationContext.getCallerPath().substring(1);
        int appId = UserSessionStore.getInstance().getAppId(serviceProviderName, tenantId);
        for (AuthenticatedIdPData authenticatedIdPData : authenticationContext.getCurrentAuthenticatedIdPs().values()) {
            String userName = authenticatedIdPData.getUser().getUserName();
            String authenticatedUserTenantDomain = getAuthenticatedUserTenantDomain(authenticationContext, null);
            if (authenticatedUserTenantDomain == null) {
                authenticatedUserTenantDomain = authenticatedIdPData.getUser().getTenantDomain();
            }
            int tenantId2 = authenticatedUserTenantDomain == null ? -1 : IdentityTenantUtil.getTenantId(authenticatedUserTenantDomain);
            String userStoreDomain = authenticatedIdPData.getUser().getUserStoreDomain();
            String idpName = authenticatedIdPData.getIdpName();
            boolean z = true;
            try {
                int idPId = UserSessionStore.getInstance().getIdPId(idpName, tenantId);
                if (isFederatedUser(authenticatedIdPData.getUser())) {
                    resolveUserIdFromUsername = UserSessionStore.getInstance().getUserId(userName, tenantId2, userStoreDomain, idPId);
                    if (resolveUserIdFromUsername == null) {
                        try {
                            resolveUserIdFromUsername = UUID.randomUUID().toString();
                            UserSessionStore.getInstance().storeUserData(resolveUserIdFromUsername, userName, tenantId2, userStoreDomain, idPId);
                        } catch (DuplicatedAuthUserException e) {
                            z = false;
                            String str2 = "User authenticated is already persisted. Username: " + userName + " Tenant Domain:" + authenticatedUserTenantDomain + " User Store Domain: " + userStoreDomain + " IdP: " + idpName;
                            log.warn(str2);
                            if (log.isDebugEnabled()) {
                                log.debug(str2, e);
                            }
                        }
                    }
                } else {
                    resolveUserIdFromUsername = FrameworkUtils.resolveUserIdFromUsername(tenantId2, userStoreDomain, userName);
                }
                if (StringUtils.isNotEmpty(resolveUserIdFromUsername)) {
                    if (z && !UserSessionStore.getInstance().isExistingMapping(resolveUserIdFromUsername, str)) {
                        UserSessionStore.getInstance().storeUserSessionData(resolveUserIdFromUsername, str);
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("A unique user id is not set for the user," + userName + "of userstore domain, " + userStoreDomain + "in tenant, " + authenticatedUserTenantDomain + ". Hence the session information of the user is not stored.");
                }
            } catch (UserSessionException e2) {
                throw new UserSessionException("Error while storing session data for user: " + userName + " of user store domain: " + userStoreDomain + " in tenant domain: " + authenticatedUserTenantDomain, e2);
            }
        }
        if (appId > 0) {
            try {
                UserSessionStore.getInstance().storeAppSessionDataIfNotExist(str, authenticatedSubjectIdentifier, appId, substring);
            } catch (DataAccessException e3) {
                throw new UserSessionException("Error while storing Application session data in the database.", e3);
            }
        }
    }

    private boolean isFederatedUser(AuthenticatedUser authenticatedUser) {
        return authenticatedUser.isFederatedUser();
    }

    private void storeSessionMetaData(String str, HttpServletRequest httpServletRequest) throws UserSessionException {
        String header = httpServletRequest.getHeader("User-Agent");
        String clientIpAddress = IdentityUtil.getClientIpAddress(httpServletRequest);
        String l = Long.toString(System.currentTimeMillis());
        HashMap hashMap = new HashMap();
        hashMap.put(SessionMgtConstants.USER_AGENT, header);
        hashMap.put(SessionMgtConstants.IP_ADDRESS, clientIpAddress);
        hashMap.put(SessionMgtConstants.LOGIN_TIME, l);
        hashMap.put(SessionMgtConstants.LAST_ACCESS_TIME, l);
        UserSessionStore.getInstance().storeSessionMetaData(str, hashMap);
    }

    private String getApplicationTenantDomain(AuthenticationContext authenticationContext) {
        return StringUtils.isNotEmpty(authenticationContext.getTenantDomain()) ? authenticationContext.getTenantDomain() : "carbon.super";
    }

    private void publishAuthenticationSuccess(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        Serializable analyticsData = authenticationContext.getAnalyticsData(FrameworkConstants.AnalyticsData.AUTHENTICATION_START_TIME);
        if (analyticsData instanceof Long) {
            authenticationContext.setAnalyticsData(FrameworkConstants.AnalyticsData.AUTHENTICATION_DURATION, Long.valueOf(System.currentTimeMillis() - ((Long) analyticsData).longValue()));
        }
        AuthenticationDataPublisher authnDataPublisherProxy = FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy();
        if (authnDataPublisherProxy == null || !authnDataPublisherProxy.isEnabled(authenticationContext)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(FrameworkConstants.AnalyticsAttributes.USER, authenticatedUser);
        authnDataPublisherProxy.publishAuthenticationSuccess(httpServletRequest, authenticationContext, Collections.unmodifiableMap(hashMap));
    }

    private void addAuthenticationResultToRequest(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult) {
        httpServletRequest.setAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT, authenticationResult);
    }

    private void setAuthCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws FrameworkException {
        Integer num = null;
        if (authenticationContext.isRememberMe()) {
            num = Integer.valueOf(IdPManagementUtil.getRememberMeTimeout(str2));
        }
        String str3 = null;
        if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
            str3 = FrameworkConstants.TENANT_CONTEXT_PREFIX + authenticationContext.getLoginTenantDomain() + FrameworkUtils.ROOT_DOMAIN;
        }
        FrameworkUtils.storeAuthCookie(httpServletRequest, httpServletResponse, str, num, str3);
    }

    private String getAuthenticatedUserTenantDomain(AuthenticationContext authenticationContext, AuthenticationResult authenticationResult) {
        String str = null;
        if (authenticationContext.getProperties() != null) {
            str = (String) authenticationContext.getProperties().get(FrameworkConstants.USER_TENANT_DOMAIN);
        }
        return str;
    }

    protected void sendResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Sending response back to: ");
            sb.append(authenticationContext.getCallerPath()).append("...\n");
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED).append(": ");
            sb.append(String.valueOf(authenticationContext.isRequestAuthenticated())).append("\n");
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED_USER).append(": ");
            if (authenticationContext.getSequenceConfig().getAuthenticatedUser() != null) {
                sb.append(authenticationContext.getSequenceConfig().getAuthenticatedUser().getAuthenticatedSubjectIdentifier()).append("\n");
            } else {
                sb.append("No Authenticated User").append("\n");
            }
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED_IDPS).append(": ");
            sb.append(authenticationContext.getSequenceConfig().getAuthenticatedIdPs()).append("\n");
            sb.append("sessionDataKey").append(": ");
            sb.append(authenticationContext.getCallerSessionKey());
            log.debug(sb);
        }
        String str = "";
        if (authenticationContext.isRequestAuthenticated() && authenticationContext.isRememberMe()) {
            str = str + "chkRemember=on";
        }
        if (!authenticationContext.isRequestAuthenticated()) {
            populateErrorInformation(httpServletRequest, httpServletResponse, authenticationContext);
        }
        String callerPath = authenticationContext.getCallerPath();
        try {
            String str2 = authenticationContext.getCallerSessionKey() != null ? "sessionDataKey=" + URLEncoder.encode(authenticationContext.getCallerSessionKey(), FrameworkUtils.UTF_8) : "";
            if (StringUtils.isNotEmpty(str)) {
                str2 = str2 + FrameworkUtils.QUERY_SEPARATOR + str;
            }
            httpServletResponse.sendRedirect(FrameworkUtils.appendQueryParamsStringToUrl(callerPath, str2));
        } catch (IOException e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    protected void populateErrorInformation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        AuthenticationResult authenticationResult = getAuthenticationResult(httpServletRequest, httpServletResponse, authenticationContext);
        String valueOf = String.valueOf(authenticationContext.getProperty(FrameworkConstants.AUTH_ERROR_CODE));
        String valueOf2 = String.valueOf(authenticationContext.getProperty(FrameworkConstants.AUTH_ERROR_MSG));
        String valueOf3 = String.valueOf(authenticationContext.getProperty(FrameworkConstants.AUTH_ERROR_URI));
        if (authenticationResult != null) {
            if (IdentityUtil.isNotBlank(valueOf)) {
                authenticationResult.addProperty(FrameworkConstants.AUTH_ERROR_CODE, valueOf);
            }
            if (IdentityUtil.isNotBlank(valueOf2)) {
                authenticationResult.addProperty(FrameworkConstants.AUTH_ERROR_MSG, valueOf2);
            }
            if (IdentityUtil.isNotBlank(valueOf3)) {
                authenticationResult.addProperty(FrameworkConstants.AUTH_ERROR_URI, valueOf3);
            }
            if (log.isDebugEnabled()) {
                log.debug("Populated errorCode=" + valueOf + ", errorMessage=" + valueOf2 + ", errorUri=" + valueOf3 + " to the AuthenticationResult.");
            }
            httpServletRequest.setAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT, authenticationResult);
        }
    }

    private AuthenticationResult getAuthenticationResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        AuthenticationResult authenticationResult = null;
        if (FrameworkUtils.getCacheDisabledAuthenticators().contains(authenticationContext.getRequestType()) && (httpServletResponse instanceof CommonAuthResponseWrapper) && !((CommonAuthResponseWrapper) httpServletResponse).isWrappedByFramework()) {
            authenticationResult = (AuthenticationResult) httpServletRequest.getAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT);
        } else {
            AuthenticationResultCacheEntry authenticationResultFromCache = FrameworkUtils.getAuthenticationResultFromCache(authenticationContext.getCallerSessionKey());
            if (authenticationResultFromCache != null) {
                authenticationResult = authenticationResultFromCache.getResult();
            }
        }
        return authenticationResult;
    }
}
