package org.wso2.carbon.identity.application.authentication.framework.handler.step.impl;

import java.io.IOException;
import java.io.Serializable;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.DuplicatedAuthUserException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserSessionException;
import org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.store.UserSessionStore;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.user.core.UserStoreClientException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.class */
public class DefaultStepHandler implements StepHandler {
    private static volatile DefaultStepHandler instance;
    Log audit = CarbonConstants.AUDIT_LOG;
    private static final String SUCCESS = "Success";
    private static final String FAILURE = "Failure";
    private static final Log log = LogFactory.getLog(DefaultStepHandler.class);
    private static final Log diagnosticLog = LogFactory.getLog("diagnostics");
    private static String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
    private static String AUDIT_MESSAGE = FrameworkConstants.AUDIT_MESSAGE;

    public static DefaultStepHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultStepHandler.class) {
                if (instance == null) {
                    instance = new DefaultStepHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        String str;
        if (authenticationContext.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME) == null) {
            authenticationContext.setAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME, Long.valueOf(System.currentTimeMillis()));
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        Map<String, AuthenticatedIdPData> currentAuthenticatedIdPs = authenticationContext.getCurrentAuthenticatedIdPs();
        if (MapUtils.isEmpty(currentAuthenticatedIdPs)) {
            if (log.isDebugEnabled()) {
                log.debug("No current authenticated IDPs in the authentication context. Continuing with the previous authenticated IDPs");
            }
            diagnosticLog.info("No current authenticated IDPs in the authentication context. Continuing with the previous authenticated IDPs");
            currentAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
        }
        if (log.isDebugEnabled()) {
            if (MapUtils.isEmpty(currentAuthenticatedIdPs)) {
                log.debug("No previous authenticated IDPs found in the authentication context.");
            } else {
                log.debug(String.format("Found authenticated IdPs. Count: %d", Integer.valueOf(currentAuthenticatedIdPs.size())));
            }
        }
        if (authenticationContext.isPassiveAuthenticate() && MapUtils.isNotEmpty(authenticationContext.getAuthenticatedIdPsOfApp())) {
            currentAuthenticatedIdPs = authenticationContext.getAuthenticatedIdPsOfApp();
        }
        Map<String, AuthenticatorConfig> authenticatedStepIdPs = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, currentAuthenticatedIdPs);
        if (authenticationContext.isPassiveAuthenticate()) {
            diagnosticLog.info("Passive authentication set to: true");
            if (!authenticatedStepIdPs.isEmpty()) {
                String key = authenticatedStepIdPs.entrySet().iterator().next().getKey();
                diagnosticLog.info("Authenticated Step IDP is: " + key);
                populateStepConfigWithAuthenticationDetails(stepConfig, currentAuthenticatedIdPs.get(key), authenticatedStepIdPs.get(key));
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
            } else if (currentAuthenticatedIdPs.keySet().size() <= 0 || !isOnlyFlowHandlersInStep(stepConfig)) {
                authenticationContext.setRequestAuthenticated(false);
            } else {
                diagnosticLog.info("Authenticated Step IDPs are empty and only flow handlers configured in the step. Proceeding with Authenticated IDPs.");
                str = "LOCAL";
                str = currentAuthenticatedIdPs.get(str) == null ? currentAuthenticatedIdPs.keySet().iterator().next() : "LOCAL";
                diagnosticLog.info("Authenticated IDP is: " + str);
                populateStepConfigWithAuthenticationDetails(stepConfig, currentAuthenticatedIdPs.get(str), stepConfig.getAuthenticatorList().get(0));
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
            }
            stepConfig.setCompleted(true);
            return;
        }
        diagnosticLog.info("Passive authentication set to: false");
        String parameter2 = httpServletRequest.getParameter(FrameworkConstants.RequestParams.MAX_AGE);
        if (StringUtils.isNotBlank(parameter2) && StringUtils.isNotBlank(authenticationContext.getSessionIdentifier())) {
            if (Long.parseLong(parameter2) < (System.currentTimeMillis() - (FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier()).getProperty(FrameworkConstants.UPDATED_TIMESTAMP) != null ? Long.parseLong(FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier()).getProperty(FrameworkConstants.UPDATED_TIMESTAMP).toString()) : Long.parseLong(FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier()).getProperty(FrameworkConstants.CREATED_TIMESTAMP).toString()))) / 1000) {
                authenticationContext.setForceAuthenticate(true);
            } else {
                authenticationContext.setPreviousAuthTime(true);
            }
        }
        if (httpServletRequest.getParameter(FrameworkConstants.RequestParams.USER_ABORT) != null && Boolean.parseBoolean(httpServletRequest.getParameter(FrameworkConstants.RequestParams.USER_ABORT))) {
            diagnosticLog.info("User aborted the authentication flow.");
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.USER_ABORT);
            stepConfig.setCompleted(true);
            return;
        }
        if (parameter != null && stepConfig.getOrder() == 1) {
            diagnosticLog.info("Request has FIDP parameter set to: " + parameter);
            handleHomeRealmDiscovery(httpServletRequest, httpServletResponse, authenticationContext);
            return;
        }
        if (authenticationContext.isReturning()) {
            if (httpServletRequest.getParameter("authenticator") == null || httpServletRequest.getParameter("authenticator").isEmpty()) {
                handleResponse(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            } else {
                handleRequestFromLoginPage(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
        }
        if (ConfigurationFacade.getInstance().isDumbMode() && currentAuthenticatedIdPs.isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("Executing in Dumb mode");
            }
            diagnosticLog.info("Executing in dumb mode");
            try {
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&hrd=true");
                return;
            } catch (IOException e) {
                throw new FrameworkException(e.getMessage(), e);
            }
        }
        if (!authenticationContext.isForceAuthenticate() && !stepConfig.isForced() && !authenticatedStepIdPs.isEmpty()) {
            Map.Entry<String, AuthenticatorConfig> next = authenticatedStepIdPs.entrySet().iterator().next();
            String key2 = next.getKey();
            AuthenticatorConfig value = next.getValue();
            if (!authenticationContext.isReAuthenticate()) {
                if (log.isDebugEnabled()) {
                    log.debug("Already authenticated. Skipping the step");
                }
                populateStepConfigWithAuthenticationDetails(stepConfig, currentAuthenticatedIdPs.get(key2), authenticatedStepIdPs.get(key2));
                stepConfig.setCompleted(true);
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Re-authenticating with " + key2 + " IdP");
            }
            diagnosticLog.info("Re-authenticating with IDP: " + key2);
            try {
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(key2, authenticationContext.getTenantDomain()));
            } catch (IdentityProviderManagementException e2) {
                log.error("Exception while getting IdP by name", e2);
                diagnosticLog.error("Error occurred while getting IDP by name. Error message: " + e2.getMessage());
            }
            doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, value);
            return;
        }
        boolean z = false;
        boolean z2 = false;
        AuthenticatorConfig authenticatorConfig = null;
        if (authenticatorList.size() > 1) {
            z = true;
            Iterator<AuthenticatorConfig> it = authenticatorList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthenticatorConfig next2 = it.next();
                if (next2.getApplicationAuthenticator() instanceof AuthenticationFlowHandler) {
                    authenticatorConfig = next2;
                    z2 = true;
                    z = false;
                    break;
                }
            }
        } else {
            authenticatorConfig = authenticatorList.get(0);
            if (authenticatorConfig.getIdpNames().size() > 1) {
                z = true;
            }
        }
        if (z) {
            sendToMultiOptionPage(stepConfig, httpServletRequest, authenticationContext, httpServletResponse, authenticatorIdPMappingString);
            return;
        }
        if (!authenticatorConfig.getIdpNames().isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("Step contains only a single IdP. Going to call it directly");
            }
            try {
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(authenticatorConfig.getIdpNames().get(0), authenticationContext.getTenantDomain()));
            } catch (IdentityProviderManagementException e3) {
                log.error("Exception while getting IdP by name", e3);
            }
        }
        doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
        if (httpServletRequest.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS) == AuthenticatorFlowStatus.INCOMPLETE && z2) {
            sendToMultiOptionPage(stepConfig, httpServletRequest, authenticationContext, httpServletResponse, authenticatorIdPMappingString);
        }
    }

    private void sendToMultiOptionPage(StepConfig stepConfig, HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, HttpServletResponse httpServletResponse, String str) throws FrameworkException {
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        if (log.isDebugEnabled()) {
            log.debug("Sending to the Multi Option page");
        }
        diagnosticLog.info("Sending to the Multi Option page");
        Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
        String str2 = null;
        if (MapUtils.isNotEmpty(parameterMap)) {
            str2 = parameterMap.get(FrameworkConstants.SHOW_AUTHFAILURE_RESON_CONFIG);
            if (log.isDebugEnabled()) {
                log.debug("showAuthFailureReason has been set as : " + str2);
            }
        }
        diagnosticLog.info("showAuthFailureReason has been set as : " + str2);
        String str3 = "";
        if (stepConfig.isRetrying()) {
            authenticationContext.setCurrentAuthenticator(null);
            str3 = "&authFailure=true&authFailureMsg=login.fail.message";
        }
        try {
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
            httpServletResponse.sendRedirect(getRedirectUrl(httpServletRequest, httpServletResponse, authenticationContext, str, str2, str3, authenticationEndpointURL));
        } catch (IOException e) {
            diagnosticLog.error("Server error occurred. Error message: " + e.getMessage());
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    private boolean isOnlyFlowHandlersInStep(StepConfig stepConfig) {
        Iterator<AuthenticatorConfig> it = stepConfig.getAuthenticatorList().iterator();
        while (it.hasNext()) {
            if (!(it.next().getApplicationAuthenticator() instanceof AuthenticationFlowHandler)) {
                return false;
            }
        }
        return true;
    }

    protected void handleHomeRealmDiscovery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Request contains fidp parameter. Initiating Home Realm Discovery");
        }
        diagnosticLog.info("Request contains fidp parameter. Initiating Home Realm Discovery");
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        if (log.isDebugEnabled()) {
            log.debug("Received domain: " + parameter);
        }
        diagnosticLog.info("Received domain: " + parameter);
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        if (parameter.trim().length() == 0) {
            try {
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&hrd=true");
                return;
            } catch (IOException e) {
                throw new FrameworkException(e.getMessage(), e);
            }
        }
        String discover = FrameworkUtils.getHomeRealmDiscoverer().discover(parameter);
        if (log.isDebugEnabled()) {
            log.debug("Home realm discovered: " + discover);
        }
        diagnosticLog.info("Home realm discovered: " + discover);
        ExternalIdPConfig externalIdPConfig = null;
        try {
            externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByRealm(discover, authenticationContext.getTenantDomain());
        } catch (IdentityProviderManagementException e2) {
            log.error("Exception while getting IdP by realm", e2);
            diagnosticLog.error("Server error occurred while getting IDP by home-realm. Error message: " + e2.getMessage());
        }
        if (externalIdPConfig != null) {
            String idPName = externalIdPConfig.getIdPName();
            if (log.isDebugEnabled()) {
                log.debug("Found IdP of the realm: " + idPName);
            }
            diagnosticLog.info("Found IdP of the realm: " + idPName);
            Map<String, AuthenticatedIdPData> previousAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
            Map<String, AuthenticatorConfig> authenticatedStepIdPs = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, previousAuthenticatedIdPs);
            if (authenticatedStepIdPs.containsKey(idPName) && !authenticationContext.isForceAuthenticate() && !stepConfig.isForced() && !authenticationContext.isReAuthenticate()) {
                populateStepConfigWithAuthenticationDetails(stepConfig, previousAuthenticatedIdPs.get(idPName), authenticatedStepIdPs.get(idPName));
                stepConfig.setCompleted(true);
                return;
            }
            for (AuthenticatorConfig authenticatorConfig : authenticatorList) {
                if (authenticatorConfig.getIdpNames().contains(idPName)) {
                    authenticationContext.setExternalIdP(externalIdPConfig);
                    doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                    return;
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("An IdP was not found for the sent domain. Sending to the domain page");
        }
        diagnosticLog.info("An IdP was not found for the sent domain. Sending to the domain page");
        try {
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
            httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&authFailure=true&authFailureMsg=domain.unknown&hrd=true");
        } catch (IOException e3) {
            diagnosticLog.error("Server error occurred. Error message: " + e3.getMessage());
            throw new FrameworkException(e3.getMessage(), e3);
        }
    }

    protected void handleRequestFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Relieved a request from the multi option page");
        }
        diagnosticLog.info("Relieved a request from the multi option page");
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        String parameter = httpServletRequest.getParameter("idp");
        if (parameter != null) {
            if (log.isDebugEnabled()) {
                log.debug("User has selected IdP: " + parameter);
            }
            diagnosticLog.info("User has selected IdP: " + parameter);
            try {
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(parameter, authenticationContext.getTenantDomain()));
            } catch (IdentityProviderManagementException e) {
                log.error("Exception while getting IdP by name", e);
                diagnosticLog.error("Server error occurred while getting IDP by name. Error message: " + e.getMessage());
            }
        }
        for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
            ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
            if (applicationAuthenticator != null && applicationAuthenticator.getName().equalsIgnoreCase(httpServletRequest.getParameter("authenticator"))) {
                if (StringUtils.isNotBlank(parameter) && authenticatorConfig.getIdps().get(parameter) == null) {
                    diagnosticLog.error("Authenticators configured for application and user selected idp does not match. Possible tampering of parameters in login page.");
                    throw new FrameworkException("Authenticators configured for application and user selected idp does not match. Possible tampering of parameters in login page.");
                }
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                return;
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:24:0x00ed  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0125 A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void handleResponse(javax.servlet.http.HttpServletRequest r7, javax.servlet.http.HttpServletResponse r8, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext r9) throws org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException {
        /*
            Method dump skipped, instructions count: 294
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException] */
    /* JADX WARN: Type inference failed for: r17v1, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException] */
    /* JADX WARN: Type inference failed for: r17v2, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException] */
    protected void doAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig) throws FrameworkException {
        AuthenticatorFlowStatus process;
        Object parameter;
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
        if (applicationAuthenticator == null) {
            log.error("Authenticator is null for AuthenticatorConfig: " + authenticatorConfig.getName());
            return;
        }
        String str = "LOCAL";
        if (authenticationContext.getExternalIdP() != null && (applicationAuthenticator instanceof FederatedApplicationAuthenticator)) {
            str = authenticationContext.getExternalIdP().getIdPName();
        }
        try {
            authenticationContext.setAuthenticatorProperties(FrameworkUtils.getAuthenticatorPropertyMapFromIdP(authenticationContext.getExternalIdP(), applicationAuthenticator.getName()));
            process = applicationAuthenticator.process(httpServletRequest, httpServletResponse, authenticationContext);
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, process);
            if (log.isDebugEnabled()) {
                log.debug(applicationAuthenticator.getName() + " returned: " + process.toString());
            }
            diagnosticLog.info(applicationAuthenticator.getName() + " returned: " + process.toString());
        } catch (InvalidCredentialsException e) {
            if (log.isDebugEnabled()) {
                log.debug("A login attempt was failed due to invalid credentials", e);
            }
            String str2 = "Step: " + stepConfig.getOrder() + ", IDP: " + str + ", Authenticator:" + authenticatorConfig.getName();
            String str3 = null;
            if (e.getUser() != null) {
                str3 = e.getUser().toFullQualifiedUsername();
            } else if (authenticationContext.getSubject() != null) {
                str3 = authenticationContext.getSubject().toFullQualifiedUsername();
            }
            this.audit.warn(String.format(AUDIT_MESSAGE, str3, "Authenticate", "ApplicationAuthenticationFramework", str2, FAILURE));
            handleFailedAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig, e.getUser());
        } catch (AuthenticationFailedException e2) {
            IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
            if (identityErrorMsg != null) {
                Throwable rootCause = ExceptionUtils.getRootCause((Throwable) e2);
                if (!"17007".equals(identityErrorMsg.getErrorCode()) && !(rootCause instanceof UserStoreClientException)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Authentication failed exception!", e2);
                    }
                    log.error("Authentication failed exception! " + e2.getMessage());
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed exception!", e2);
                }
                log.error("Authentication failed exception! " + e2.getMessage());
            }
            String str4 = "Step: " + stepConfig.getOrder() + ", IDP: " + str + ", Authenticator:" + authenticatorConfig.getName();
            String str5 = null;
            if (e2.getUser() != null) {
                str5 = e2.getUser().toFullQualifiedUsername();
            } else if (authenticationContext.getSubject() != null) {
                str5 = authenticationContext.getSubject().toFullQualifiedUsername();
            }
            this.audit.warn(String.format(AUDIT_MESSAGE, str5, "Authenticate", "ApplicationAuthenticationFramework", str4, FAILURE));
            handleFailedAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig, e2.getUser());
        } catch (LogoutFailedException e3) {
            throw new FrameworkException(e3.getMessage(), (Throwable) e3);
        }
        if (process == AuthenticatorFlowStatus.INCOMPLETE) {
            authenticationContext.setCurrentAuthenticator(applicationAuthenticator.getName());
            if (log.isDebugEnabled()) {
                log.debug(applicationAuthenticator.getName() + " is redirecting");
                return;
            }
            return;
        }
        if (applicationAuthenticator instanceof FederatedApplicationAuthenticator) {
            if (authenticationContext.getSubject().getUserName() == null) {
                authenticationContext.getSubject().setUserName(authenticationContext.getSubject().getAuthenticatedSubjectIdentifier());
            }
            if (authenticationContext.getSubject().getFederatedIdPName() == null && authenticationContext.getExternalIdP() != null) {
                authenticationContext.getSubject().setFederatedIdPName(str);
            }
            if (authenticationContext.getSubject().getTenantDomain() == null) {
                authenticationContext.getSubject().setTenantDomain(authenticationContext.getTenantDomain());
            }
            if (authenticationContext.getSubject().getUserId() == null) {
                String tenantDomain = authenticationContext.getSubject().getTenantDomain();
                int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
                String authenticatedSubjectIdentifier = authenticationContext.getSubject().getAuthenticatedSubjectIdentifier();
                String federatedIdPName = authenticationContext.getSubject().getFederatedIdPName();
                try {
                    int idPId = UserSessionStore.getInstance().getIdPId(federatedIdPName, tenantId);
                    String federatedUserId = UserSessionStore.getInstance().getFederatedUserId(authenticatedSubjectIdentifier, tenantId, idPId);
                    if (federatedUserId == null) {
                        try {
                            federatedUserId = UUID.randomUUID().toString();
                            UserSessionStore.getInstance().storeUserData(federatedUserId, authenticatedSubjectIdentifier, tenantId, idPId);
                        } catch (DuplicatedAuthUserException e4) {
                            String str6 = "User authenticated is already persisted. Username: " + authenticatedSubjectIdentifier + " Tenant Domain:" + tenantDomain + " IdP: " + federatedIdPName;
                            log.warn(str6);
                            if (log.isDebugEnabled()) {
                                log.debug(str6, e4);
                            }
                        }
                    }
                    authenticationContext.getSubject().setUserId(federatedUserId);
                } catch (UserSessionException e5) {
                    log.error("Error while resolving the user id for federated user.", e5);
                }
            }
        }
        AuthenticatedIdPData authenticatedIdPData = getAuthenticatedIdPData(authenticationContext, str);
        AuthenticatedUser subject = authenticationContext.getSubject();
        stepConfig.setAuthenticatedUser(subject);
        authenticatedIdPData.setUser(subject);
        authenticatorConfig.setAuthenticatorStateInfo(authenticationContext.getStateInfo());
        stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
        stepConfig.setAuthenticatedIdP(str);
        authenticatedIdPData.setIdpName(str);
        authenticatedIdPData.addAuthenticator(authenticatorConfig);
        authenticationContext.getCurrentAuthenticatedIdPs().put(str, authenticatedIdPData);
        String str7 = null;
        String str8 = "FederatedIdPSessionIndex_" + str;
        AuthHistory authHistory = new AuthHistory(applicationAuthenticator.getName(), str);
        if (authenticationContext.getParameters().containsKey(str8) && (parameter = authenticationContext.getParameter(str8)) != null) {
            str7 = parameter.toString();
        }
        if (StringUtils.isNotBlank(authenticationContext.getCurrentAuthenticator()) && StringUtils.isNotBlank(str7)) {
            authHistory.setIdpSessionIndex(str7);
            authHistory.setRequestType(authenticationContext.getRequestType());
        }
        Serializable analyticsData = authenticationContext.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME);
        if (analyticsData instanceof Long) {
            authHistory.setDuration(((Long) analyticsData).longValue() - System.currentTimeMillis());
        }
        authHistory.setSuccess(true);
        authenticationContext.addAuthenticationStepHistory(authHistory);
        String str9 = null;
        if (stepConfig.getAuthenticatedUser() != null) {
            str9 = stepConfig.getAuthenticatedUser().toFullQualifiedUsername();
        }
        this.audit.info(String.format(AUDIT_MESSAGE, str9, "Authenticate", "ApplicationAuthenticationFramework", "Step: " + stepConfig.getOrder() + ", IDP: " + stepConfig.getAuthenticatedIdP() + ", Authenticator:" + stepConfig.getAuthenticatedAutenticator().getName(), "Success"));
        stepConfig.setCompleted(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleFailedAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig, User user) {
        authenticationContext.setRequestAuthenticated(false);
        httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.FAIL_COMPLETED);
    }

    @Deprecated
    protected void populateStepConfigWithAuthenticationDetails(StepConfig stepConfig, AuthenticatedIdPData authenticatedIdPData) {
        stepConfig.setAuthenticatedUser(authenticatedIdPData.getUser());
        stepConfig.setAuthenticatedIdP(authenticatedIdPData.getIdpName());
        stepConfig.setAuthenticatedAutenticator(authenticatedIdPData.getAuthenticator());
    }

    protected void populateStepConfigWithAuthenticationDetails(StepConfig stepConfig, AuthenticatedIdPData authenticatedIdPData, AuthenticatorConfig authenticatorConfig) {
        stepConfig.setAuthenticatedUser(authenticatedIdPData.getUser());
        stepConfig.setAuthenticatedIdP(authenticatedIdPData.getIdpName());
        stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
    }

    private AuthenticatedIdPData getAuthenticatedIdPData(AuthenticationContext authenticationContext, String str) {
        AuthenticatedIdPData authenticatedIdPData;
        if (authenticationContext.getCurrentAuthenticatedIdPs() == null || authenticationContext.getCurrentAuthenticatedIdPs().get(str) == null) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Authenticated IDP data of the IDP '%s' couldn't be found in current authenticate IDPs. Trying previous authenticated IDPs", str));
            }
            if (authenticationContext.getPreviousAuthenticatedIdPs() == null || authenticationContext.getPreviousAuthenticatedIdPs().get(str) == null) {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Authenticated IDP data for the IDP '%s' couldn't be found in previous authenticate IDPs as well. Using a fresh AuthenticatedIdPData object", str));
                }
                authenticatedIdPData = new AuthenticatedIdPData();
            } else {
                authenticatedIdPData = authenticationContext.getPreviousAuthenticatedIdPs().get(str);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Authenticated IDP data of the IDP '%s' could be found in previous authenticated IDPs", str));
                }
            }
        } else {
            authenticatedIdPData = authenticationContext.getCurrentAuthenticatedIdPs().get(str);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Authenticated IDP data of the IDP '%s' could be found in current authenticated IDPs", str));
            }
        }
        return authenticatedIdPData;
    }

    private String getRedirectUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws IOException {
        IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
        IdentityUtil.clearIdentityErrorMsg();
        String handleIdentifierFirstLogin = handleIdentifierFirstLogin(authenticationContext, str3);
        String str5 = (String) authenticationContext.getProperty(FrameworkConstants.PASSWORD_PROPERTY);
        authenticationContext.getProperties().remove(FrameworkConstants.PASSWORD_PROPERTY);
        if (str2 == null || !"true".equals(str2)) {
            String errorCode = identityErrorMsg != null ? identityErrorMsg.getErrorCode() : null;
            if ("17003".equals(errorCode)) {
                return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin;
            }
            if ("17007".equals(errorCode)) {
                return httpServletResponse.encodeRedirectURL("accountrecoveryendpoint/confirmrecovery.do?" + authenticationContext.getContextIdIncludedQueryParams()) + "&username=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&confirmation=" + str5;
            }
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin;
        }
        if (identityErrorMsg == null) {
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin;
        }
        String errorCode2 = identityErrorMsg.getErrorCode();
        String str6 = null;
        if (errorCode2.contains(":")) {
            String[] split = errorCode2.split(":", 2);
            if (split.length > 1) {
                errorCode2 = split[0];
                str6 = split[1];
            }
        }
        int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Identity error message context is not null. Error details are as follows.");
            sb.append("errorCode : " + errorCode2 + "\n");
            sb.append("username : " + httpServletRequest.getParameter("username") + "\n");
            sb.append("remainingAttempts : " + maximumLoginAttempts);
            log.debug(sb.toString());
        }
        if ("17002".equals(errorCode2)) {
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + (handleIdentifierFirstLogin + "&errorCode=" + errorCode2 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&remainingAttempts=" + maximumLoginAttempts);
        }
        if ("17003".equals(errorCode2)) {
            return maximumLoginAttempts == 0 ? StringUtils.isBlank(str6) ? httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&errorCode=" + errorCode2 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&remainingAttempts=0&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin : httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&errorCode=" + errorCode2 + "&lockedReason=" + str6 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&remainingAttempts=0&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin : StringUtils.isBlank(str6) ? httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&errorCode=" + errorCode2 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin : httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&errorCode=" + errorCode2 + "&lockedReason=" + str6 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin;
        }
        if ("17005".equals(errorCode2)) {
            String parameter = httpServletRequest.getParameter("username");
            Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
            if (obj != null) {
                parameter = IdentityUtil.addDomainToName(parameter, obj.toString());
            }
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + ("&authFailure=true&authFailureMsg=account.confirmation.pending&errorCode=" + errorCode2 + "&failedUsername=" + URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
        }
        if ("17007".equals(errorCode2)) {
            return httpServletResponse.encodeRedirectURL("accountrecoveryendpoint/confirmrecovery.do?" + authenticationContext.getContextIdIncludedQueryParams()) + "&username=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8) + "&confirmation=" + str5;
        }
        if (StringUtils.isNotBlank(handleIdentifierFirstLogin) && StringUtils.isNotBlank(str6)) {
            handleIdentifierFirstLogin = "&authFailure=true&authFailureMsg=" + URLEncoder.encode(str6, FrameworkUtils.UTF_8);
        }
        return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + (handleIdentifierFirstLogin + "&errorCode=" + errorCode2 + "&failedUsername=" + URLEncoder.encode(httpServletRequest.getParameter("username"), FrameworkUtils.UTF_8));
    }

    private String handleIdentifierFirstLogin(AuthenticationContext authenticationContext, String str) {
        Map<String, String> authenticatorParams = authenticationContext.getAuthenticatorParams(FrameworkConstants.JSAttributes.JS_COMMON_OPTIONS);
        String str2 = null;
        String str3 = null;
        if (authenticatorParams != null) {
            str3 = authenticatorParams.get("username");
            if (str3 != null) {
                str2 = "idf";
            }
        }
        if (str2 != null) {
            str = str + "&inputType=" + str2;
            authenticationContext.addEndpointParam("username", str3);
        }
        return str;
    }

    private AuthenticatorConfig getAuthenticatorConfig() {
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(FrameworkConstants.BASIC_AUTHENTICATOR_CLASS);
        if (authenticatorBean == null) {
            authenticatorBean = new AuthenticatorConfig();
            authenticatorBean.setParameterMap(new HashMap());
        }
        return authenticatorBean;
    }
}
