package org.wso2.carbon.identity.application.authentication.framework.handler.step.impl;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URIBuilder;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/DefaultStepHandler.class */
public class DefaultStepHandler implements StepHandler {
    private static final Log LOG = LogFactory.getLog(DefaultStepHandler.class);
    private static volatile DefaultStepHandler instance;
    private static final String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
    Log audit = CarbonConstants.AUDIT_LOG;
    private static final String AUDIT_MESSAGE = "Initiator : %s | Action : %s | Target : %s | Data : { %s } | Result : %s ";
    private static final String SUCCESS = "Success";
    private static final String FAILURE = "Failure";
    private static final String USERNAME = "username";

    public static DefaultStepHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultStepHandler.class) {
                if (instance == null) {
                    instance = new DefaultStepHandler();
                }
            }
        }
        return instance;
    }

    /* JADX WARN: Type inference failed for: r25v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException] */
    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.step.StepHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (authenticationContext.getAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME) == null) {
            authenticationContext.setAnalyticsData(FrameworkConstants.AnalyticsData.CURRENT_AUTHENTICATOR_START_TIME, Long.valueOf(System.currentTimeMillis()));
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        Map<String, AuthenticatedIdPData> currentAuthenticatedIdPs = authenticationContext.getCurrentAuthenticatedIdPs();
        if (MapUtils.isEmpty(currentAuthenticatedIdPs)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No current authenticated IDPs in the authentication context. Continuing with the previous authenticated IDPs");
            }
            currentAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
        }
        if (LOG.isDebugEnabled()) {
            if (MapUtils.isEmpty(currentAuthenticatedIdPs)) {
                LOG.debug("No previous authenticated IDPs found in the authentication context.");
            } else {
                LOG.debug(String.format("Found authenticated IdPs. Count: %d", Integer.valueOf(currentAuthenticatedIdPs.size())));
                if (LoggerUtils.isDiagnosticLogsEnabled()) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
                    hashMap.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
                    hashMap.put(FrameworkConstants.LogConstants.COUNT, Integer.valueOf(currentAuthenticatedIdPs.size()));
                    HashMap hashMap2 = new HashMap();
                    currentAuthenticatedIdPs.forEach((str, authenticatedIdPData) -> {
                        hashMap2.put(str, authenticatedIdPData.getAuthenticators().stream().map((v0) -> {
                            return v0.getName();
                        }).collect(Collectors.toList()));
                    });
                    hashMap.put(FrameworkConstants.LogConstants.AUTHENTICATED_IDPS, hashMap2);
                    LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap, "SUCCESS", "Authenticated IDPs found", FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST, (Map) null);
                }
            }
        }
        if (authenticationContext.isPassiveAuthenticate() && MapUtils.isNotEmpty(authenticationContext.getAuthenticatedIdPsOfApp())) {
            currentAuthenticatedIdPs = authenticationContext.getAuthenticatedIdPsOfApp();
        }
        Map<String, AuthenticatorConfig> authenticatedStepIdPs = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, currentAuthenticatedIdPs);
        if (authenticationContext.isPassiveAuthenticate()) {
            if (authenticatedStepIdPs.isEmpty()) {
                authenticationContext.setRequestAuthenticated(false);
            } else {
                String key = authenticatedStepIdPs.entrySet().iterator().next().getKey();
                populateStepConfigWithAuthenticationDetails(stepConfig, currentAuthenticatedIdPs.get(key), authenticatedStepIdPs.get(key));
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
            }
            stepConfig.setCompleted(true);
            return;
        }
        String parameter2 = httpServletRequest.getParameter(FrameworkConstants.RequestParams.MAX_AGE);
        if (StringUtils.isNotBlank(parameter2) && StringUtils.isNotBlank(authenticationContext.getSessionIdentifier())) {
            String loginTenantDomain = authenticationContext.getLoginTenantDomain();
            if (Long.parseLong(parameter2) < (System.currentTimeMillis() - (FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP) != null ? Long.parseLong(FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.UPDATED_TIMESTAMP).toString()) : Long.parseLong(FrameworkUtils.getSessionContextFromCache(authenticationContext.getSessionIdentifier(), loginTenantDomain).getProperty(FrameworkConstants.CREATED_TIMESTAMP).toString()))) / 1000) {
                authenticationContext.setForceAuthenticate(true);
            } else {
                authenticationContext.setPreviousAuthTime(true);
            }
        }
        if (httpServletRequest.getParameter(FrameworkConstants.RequestParams.USER_ABORT) != null && Boolean.parseBoolean(httpServletRequest.getParameter(FrameworkConstants.RequestParams.USER_ABORT))) {
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.USER_ABORT);
            stepConfig.setCompleted(true);
            return;
        }
        if (parameter != null && stepConfig.getOrder() == 1) {
            handleHomeRealmDiscovery(httpServletRequest, httpServletResponse, authenticationContext);
            return;
        }
        if (authenticationContext.isReturning()) {
            if (httpServletRequest.getParameter("authenticator") == null || httpServletRequest.getParameter("authenticator").isEmpty()) {
                handleResponse(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            } else {
                handleRequestFromLoginPage(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
        }
        if (ConfigurationFacade.getInstance().isDumbMode() && currentAuthenticatedIdPs.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Executing in Dumb mode");
            }
            try {
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&hrd=true");
                return;
            } catch (IOException e) {
                throw new FrameworkException(e.getMessage(), e);
            }
        }
        if (!authenticationContext.isForceAuthenticate() && !stepConfig.isForced() && !authenticatedStepIdPs.isEmpty()) {
            Map.Entry<String, AuthenticatorConfig> next = authenticatedStepIdPs.entrySet().iterator().next();
            String key2 = next.getKey();
            AuthenticatorConfig value = next.getValue();
            if (authenticationContext.isReAuthenticate()) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Re-authenticating with " + key2 + " IdP");
                }
                try {
                    authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(key2, authenticationContext.getTenantDomain()));
                } catch (IdentityProviderManagementException e2) {
                    LOG.error("Exception while getting IdP by name", e2);
                }
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, value);
                return;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Already authenticated. Skipping the step");
            }
            if (LoggerUtils.isDiagnosticLogsEnabled()) {
                HashMap hashMap3 = new HashMap();
                hashMap3.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
                hashMap3.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
                hashMap3.put("step", Integer.valueOf(stepConfig.getOrder()));
                HashMap hashMap4 = new HashMap();
                authenticatedStepIdPs.forEach((str2, authenticatorConfig) -> {
                    Optional.ofNullable(authenticatorConfig.getApplicationAuthenticator()).ifPresent(applicationAuthenticator -> {
                        hashMap4.put(str2, applicationAuthenticator.getName());
                    });
                });
                hashMap3.put(FrameworkConstants.LogConstants.AUTHENTICATED_IDPS, hashMap4);
                LoggerUtils.triggerDiagnosticLogEvent(FrameworkConstants.LogConstants.AUTHENTICATION_FRAMEWORK, hashMap3, "SUCCESS", "Already authenticated. Skipping the step", FrameworkConstants.LogConstants.ActionIDs.HANDLE_AUTH_REQUEST, (Map) null);
            }
            AuthenticatedIdPData authenticatedIdPData2 = currentAuthenticatedIdPs.get(key2);
            populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData2, authenticatedStepIdPs.get(key2));
            authenticationContext.getCurrentAuthenticatedIdPs().put(key2, authenticatedIdPData2);
            stepConfig.setCompleted(true);
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.SUCCESS_COMPLETED);
            return;
        }
        boolean z = false;
        boolean z2 = false;
        AuthenticatorConfig authenticatorConfig2 = null;
        ArrayList<AuthenticatorConfig> arrayList = new ArrayList();
        for (AuthenticatorConfig authenticatorConfig3 : authenticatorList) {
            ApplicationAuthenticator applicationAuthenticator = authenticatorConfig3.getApplicationAuthenticator();
            if (applicationAuthenticator != null) {
                try {
                    if (applicationAuthenticator.isSatisfyAuthenticatorPrerequisites(httpServletRequest, authenticationContext)) {
                        arrayList.add(authenticatorConfig3);
                    }
                } catch (AuthenticationFailedException e3) {
                    throw new FrameworkException(e3.getErrorCode(), e3.getMessage(), e3);
                }
            }
        }
        if (arrayList.isEmpty() && (!authenticatorList.isEmpty())) {
            try {
                URIBuilder uRIBuilder = new URIBuilder(ConfigurationFacade.getInstance().getAuthenticationEndpointErrorURL());
                if (IdentityTenantUtil.isTenantedSessionsEnabled()) {
                    uRIBuilder.addParameter(FrameworkConstants.RequestParams.USER_TENANT_DOMAIN_HINT, authenticationContext.getUserTenantDomain());
                }
                uRIBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_SP, authenticationContext.getServiceProviderName());
                uRIBuilder.addParameter(FrameworkConstants.REQUEST_PARAM_AUTH_FLOW_ID, authenticationContext.getContextIdentifier());
                httpServletResponse.sendRedirect(uRIBuilder.build().toString());
                return;
            } catch (IOException | URISyntaxException e4) {
                throw new FrameworkException(e4.getMessage(), e4);
            }
        }
        if (arrayList.size() > 1) {
            z = true;
            for (AuthenticatorConfig authenticatorConfig4 : arrayList) {
                if ((authenticatorConfig4.getApplicationAuthenticator() instanceof AuthenticationFlowHandler) || ((authenticatorConfig4.getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) && FrameworkConstants.BASIC_AUTH_MECHANISM.equalsIgnoreCase(authenticatorConfig4.getApplicationAuthenticator().getAuthMechanism()) && IdentityUtil.getIdentityErrorMsg() == null)) {
                    authenticatorConfig2 = authenticatorConfig4;
                    z2 = true;
                    z = false;
                    break;
                }
            }
        } else {
            authenticatorConfig2 = (AuthenticatorConfig) arrayList.get(0);
            if (authenticatorConfig2.getIdpNames().size() > 1) {
                z = true;
            }
        }
        if (z) {
            sendToMultiOptionPage(stepConfig, httpServletRequest, authenticationContext, httpServletResponse, authenticatorIdPMappingString);
            return;
        }
        if (!authenticatorConfig2.getIdpNames().isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Step contains only a single IdP. Going to call it directly");
            }
            try {
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(authenticatorConfig2.getIdpNames().get(0), authenticationContext.getTenantDomain()));
            } catch (IdentityProviderManagementException e5) {
                LOG.error("Exception while getting IdP by name", e5);
            }
        }
        doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig2);
        if (httpServletRequest.getAttribute(FrameworkConstants.RequestParams.FLOW_STATUS) == AuthenticatorFlowStatus.INCOMPLETE && z2) {
            sendToMultiOptionPage(stepConfig, httpServletRequest, authenticationContext, httpServletResponse, authenticatorIdPMappingString);
        }
    }

    private void sendToMultiOptionPage(StepConfig stepConfig, HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, HttpServletResponse httpServletResponse, String str) throws FrameworkException {
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Sending to the Multi Option page");
        }
        Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
        String str2 = null;
        if (MapUtils.isNotEmpty(parameterMap)) {
            str2 = parameterMap.get(FrameworkConstants.SHOW_AUTHFAILURE_RESON_CONFIG);
            if (LOG.isDebugEnabled()) {
                LOG.debug("showAuthFailureReason has been set as : " + str2);
            }
        }
        String str3 = "";
        if (stepConfig.isRetrying()) {
            authenticationContext.setCurrentAuthenticator(null);
            str3 = "&authFailure=true&authFailureMsg=login.fail.message";
        }
        try {
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
            httpServletResponse.sendRedirect(getRedirectUrl(httpServletRequest, httpServletResponse, authenticationContext, str, str2, str3, authenticationEndpointURL));
        } catch (IOException | URISyntaxException e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    protected void handleHomeRealmDiscovery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Request contains fidp parameter. Initiating Home Realm Discovery");
        }
        String parameter = httpServletRequest.getParameter(FrameworkConstants.RequestParams.FEDERATED_IDP);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Received domain: " + parameter);
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        List<AuthenticatorConfig> authenticatorList = stepConfig.getAuthenticatorList();
        String authenticatorIdPMappingString = FrameworkUtils.getAuthenticatorIdPMappingString(authenticatorList);
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        if (parameter.trim().length() == 0) {
            try {
                httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&hrd=true");
                return;
            } catch (IOException e) {
                throw new FrameworkException(e.getMessage(), e);
            }
        }
        String discover = FrameworkUtils.getHomeRealmDiscoverer().discover(parameter);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Home realm discovered: " + discover);
        }
        ExternalIdPConfig externalIdPConfig = null;
        try {
            externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByRealm(discover, authenticationContext.getTenantDomain());
        } catch (IdentityProviderManagementException e2) {
            LOG.error("Exception while getting IdP by realm", e2);
        }
        if (externalIdPConfig != null) {
            String idPName = externalIdPConfig.getIdPName();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Found IdP of the realm: " + idPName);
            }
            Map<String, AuthenticatedIdPData> previousAuthenticatedIdPs = authenticationContext.getPreviousAuthenticatedIdPs();
            Map<String, AuthenticatorConfig> authenticatedStepIdPs = FrameworkUtils.getAuthenticatedStepIdPs(stepConfig, previousAuthenticatedIdPs);
            if (authenticatedStepIdPs.containsKey(idPName) && !authenticationContext.isForceAuthenticate() && !stepConfig.isForced() && !authenticationContext.isReAuthenticate()) {
                AuthenticatedIdPData authenticatedIdPData = previousAuthenticatedIdPs.get(idPName);
                populateStepConfigWithAuthenticationDetails(stepConfig, authenticatedIdPData, authenticatedStepIdPs.get(idPName));
                stepConfig.setCompleted(true);
                authenticationContext.getCurrentAuthenticatedIdPs().put(idPName, authenticatedIdPData);
                return;
            }
            for (AuthenticatorConfig authenticatorConfig : authenticatorList) {
                if (authenticatorConfig.getIdpNames().contains(idPName)) {
                    authenticationContext.setExternalIdP(externalIdPConfig);
                    doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                    return;
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("An IdP was not found for the sent domain. Sending to the domain page");
        }
        try {
            httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.INCOMPLETE);
            httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + URLEncoder.encode(authenticatorIdPMappingString, FrameworkUtils.UTF_8) + "&authFailure=true&authFailureMsg=domain.unknown&hrd=true");
        } catch (IOException e3) {
            throw new FrameworkException(e3.getMessage(), e3);
        }
    }

    protected void handleRequestFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Relieved a request from the multi option page");
        }
        StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
        String parameter = httpServletRequest.getParameter("idp");
        if (parameter != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("User has selected IdP: " + parameter);
            }
            try {
                authenticationContext.setExternalIdP(ConfigurationFacade.getInstance().getIdPConfigByName(parameter, authenticationContext.getTenantDomain()));
            } catch (IdentityProviderManagementException e) {
                LOG.error("Exception while getting IdP by name", e);
            }
        }
        for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
            ApplicationAuthenticator applicationAuthenticator = authenticatorConfig.getApplicationAuthenticator();
            if (applicationAuthenticator != null && applicationAuthenticator.getName().equalsIgnoreCase(httpServletRequest.getParameter("authenticator"))) {
                if (StringUtils.isNotBlank(parameter) && authenticatorConfig.getIdps().get(parameter) == null) {
                    throw new FrameworkException("Authenticators configured for application and user selected idp does not match. Possible tampering of parameters in login page.");
                }
                doAuthentication(httpServletRequest, httpServletResponse, authenticationContext, authenticatorConfig);
                return;
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:27:0x0125  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0141 A[RETURN] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void handleResponse(javax.servlet.http.HttpServletRequest r8, javax.servlet.http.HttpServletResponse r9, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext r10) throws org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException {
        /*
            Method dump skipped, instructions count: 322
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handleResponse(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext):void");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0337 A[Catch: InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, TryCatch #5 {InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, blocks: (B:12:0x0068, B:14:0x009b, B:15:0x00c4, B:17:0x00cc, B:19:0x00e2, B:22:0x0104, B:24:0x010c, B:26:0x0116, B:27:0x0128, B:29:0x0132, B:31:0x0139, B:32:0x0142, B:34:0x014c, B:36:0x015b, B:38:0x016f, B:42:0x0190, B:44:0x01b2, B:51:0x01d1, B:48:0x0245, B:54:0x01ec, B:56:0x022b, B:57:0x0237, B:59:0x0253, B:60:0x0260, B:62:0x02e3, B:64:0x02f1, B:66:0x02fe, B:67:0x0305, B:69:0x030f, B:71:0x0317, B:72:0x0327, B:74:0x0337, B:75:0x0348, B:77:0x035f, B:79:0x036f, B:80:0x0376, B:82:0x03b5, B:83:0x03e4, B:85:0x03ea), top: B:11:0x0068 }] */
    /* JADX WARN: Removed duplicated region for block: B:77:0x035f A[Catch: InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, TryCatch #5 {InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, blocks: (B:12:0x0068, B:14:0x009b, B:15:0x00c4, B:17:0x00cc, B:19:0x00e2, B:22:0x0104, B:24:0x010c, B:26:0x0116, B:27:0x0128, B:29:0x0132, B:31:0x0139, B:32:0x0142, B:34:0x014c, B:36:0x015b, B:38:0x016f, B:42:0x0190, B:44:0x01b2, B:51:0x01d1, B:48:0x0245, B:54:0x01ec, B:56:0x022b, B:57:0x0237, B:59:0x0253, B:60:0x0260, B:62:0x02e3, B:64:0x02f1, B:66:0x02fe, B:67:0x0305, B:69:0x030f, B:71:0x0317, B:72:0x0327, B:74:0x0337, B:75:0x0348, B:77:0x035f, B:79:0x036f, B:80:0x0376, B:82:0x03b5, B:83:0x03e4, B:85:0x03ea), top: B:11:0x0068 }] */
    /* JADX WARN: Removed duplicated region for block: B:82:0x03b5 A[Catch: InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, TryCatch #5 {InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, blocks: (B:12:0x0068, B:14:0x009b, B:15:0x00c4, B:17:0x00cc, B:19:0x00e2, B:22:0x0104, B:24:0x010c, B:26:0x0116, B:27:0x0128, B:29:0x0132, B:31:0x0139, B:32:0x0142, B:34:0x014c, B:36:0x015b, B:38:0x016f, B:42:0x0190, B:44:0x01b2, B:51:0x01d1, B:48:0x0245, B:54:0x01ec, B:56:0x022b, B:57:0x0237, B:59:0x0253, B:60:0x0260, B:62:0x02e3, B:64:0x02f1, B:66:0x02fe, B:67:0x0305, B:69:0x030f, B:71:0x0317, B:72:0x0327, B:74:0x0337, B:75:0x0348, B:77:0x035f, B:79:0x036f, B:80:0x0376, B:82:0x03b5, B:83:0x03e4, B:85:0x03ea), top: B:11:0x0068 }] */
    /* JADX WARN: Removed duplicated region for block: B:85:0x03ea A[Catch: InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, TryCatch #5 {InvalidCredentialsException -> 0x0469, AuthenticationFailedException -> 0x0594, LogoutFailedException -> 0x0759, blocks: (B:12:0x0068, B:14:0x009b, B:15:0x00c4, B:17:0x00cc, B:19:0x00e2, B:22:0x0104, B:24:0x010c, B:26:0x0116, B:27:0x0128, B:29:0x0132, B:31:0x0139, B:32:0x0142, B:34:0x014c, B:36:0x015b, B:38:0x016f, B:42:0x0190, B:44:0x01b2, B:51:0x01d1, B:48:0x0245, B:54:0x01ec, B:56:0x022b, B:57:0x0237, B:59:0x0253, B:60:0x0260, B:62:0x02e3, B:64:0x02f1, B:66:0x02fe, B:67:0x0305, B:69:0x030f, B:71:0x0317, B:72:0x0327, B:74:0x0337, B:75:0x0348, B:77:0x035f, B:79:0x036f, B:80:0x0376, B:82:0x03b5, B:83:0x03e4, B:85:0x03ea), top: B:11:0x0068 }] */
    /* JADX WARN: Type inference failed for: r17v0, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException] */
    /* JADX WARN: Type inference failed for: r17v1, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException] */
    /* JADX WARN: Type inference failed for: r17v2, types: [java.lang.Throwable, org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void doAuthentication(javax.servlet.http.HttpServletRequest r8, javax.servlet.http.HttpServletResponse r9, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext r10, org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig r11) throws org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException {
        /*
            Method dump skipped, instructions count: 1905
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext, org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig):void");
    }

    private Map<String, Object> getContextParamsForDiagnosticLogs(AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig, StepConfig stepConfig) {
        HashMap hashMap = new HashMap();
        hashMap.put("step", Integer.valueOf(stepConfig.getOrder()));
        hashMap.put(FrameworkConstants.LogConstants.SERVICE_PROVIDER, authenticationContext.getServiceProviderName());
        hashMap.put(FrameworkConstants.LogConstants.TENANT_DOMAIN, authenticationContext.getTenantDomain());
        hashMap.put(FrameworkConstants.LogConstants.AUTHENTICATOR_NAME, authenticatorConfig.getName());
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleFailedAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, AuthenticatorConfig authenticatorConfig, User user) {
        authenticationContext.setRequestAuthenticated(false);
        httpServletRequest.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.FAIL_COMPLETED);
    }

    @Deprecated
    protected void populateStepConfigWithAuthenticationDetails(StepConfig stepConfig, AuthenticatedIdPData authenticatedIdPData) {
        stepConfig.setAuthenticatedUser(authenticatedIdPData.getUser());
        stepConfig.setAuthenticatedIdP(authenticatedIdPData.getIdpName());
        stepConfig.setAuthenticatedAutenticator(authenticatedIdPData.getAuthenticator());
    }

    protected void populateStepConfigWithAuthenticationDetails(StepConfig stepConfig, AuthenticatedIdPData authenticatedIdPData, AuthenticatorConfig authenticatorConfig) {
        stepConfig.setAuthenticatedUser(authenticatedIdPData.getUser());
        stepConfig.setAuthenticatedIdP(authenticatedIdPData.getIdpName());
        stepConfig.setAuthenticatedAutenticator(authenticatorConfig);
    }

    private AuthenticatedIdPData getAuthenticatedIdPData(AuthenticationContext authenticationContext, String str) {
        AuthenticatedIdPData authenticatedIdPData;
        if (authenticationContext.getCurrentAuthenticatedIdPs() == null || authenticationContext.getCurrentAuthenticatedIdPs().get(str) == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("Authenticated IDP data of the IDP '%s' couldn't be found in current authenticate IDPs. Trying previous authenticated IDPs", str));
            }
            if (authenticationContext.getPreviousAuthenticatedIdPs() == null || authenticationContext.getPreviousAuthenticatedIdPs().get(str) == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Authenticated IDP data for the IDP '%s' couldn't be found in previous authenticate IDPs as well. Using a fresh AuthenticatedIdPData object", str));
                }
                authenticatedIdPData = new AuthenticatedIdPData();
            } else {
                authenticatedIdPData = authenticationContext.getPreviousAuthenticatedIdPs().get(str);
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Authenticated IDP data of the IDP '%s' could be found in previous authenticated IDPs", str));
                }
            }
        } else {
            authenticatedIdPData = authenticationContext.getCurrentAuthenticatedIdPs().get(str);
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("Authenticated IDP data of the IDP '%s' could be found in current authenticated IDPs", str));
            }
        }
        return authenticatedIdPData;
    }

    protected String getRedirectUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws IOException, URISyntaxException {
        IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
        IdentityUtil.clearIdentityErrorMsg();
        String handleIdentifierFirstLogin = handleIdentifierFirstLogin(authenticationContext, str3);
        String str5 = (String) authenticationContext.getProperty(FrameworkConstants.PASSWORD_PROPERTY);
        authenticationContext.getProperties().remove(FrameworkConstants.PASSWORD_PROPERTY);
        String parameter = httpServletRequest.getParameter("username");
        StringBuilder sb = new StringBuilder("");
        StringBuilder sb2 = new StringBuilder("");
        ArrayList<NameValuePair> arrayList = new ArrayList();
        String redirectURL = ((CommonAuthResponseWrapper) httpServletResponse).getRedirectURL();
        if (StringUtils.isNotBlank(redirectURL)) {
            List queryParams = new URIBuilder(redirectURL).getQueryParams();
            for (NameValuePair nameValuePair : (List) queryParams.stream().filter(nameValuePair2 -> {
                return FrameworkConstants.RECAPTCHA_API_PARAM.equals(nameValuePair2.getName()) || FrameworkConstants.RECAPTCHA_KEY_PARAM.equals(nameValuePair2.getName()) || FrameworkConstants.RECAPTCHA_PARAM.equals(nameValuePair2.getName()) || FrameworkConstants.RECAPTCHA_RESEND_CONFIRMATION_PARAM.equals(nameValuePair2.getName());
            }).collect(Collectors.toList())) {
                sb.append(FrameworkUtils.QUERY_SEPARATOR).append(nameValuePair.getName()).append("=").append(nameValuePair.getValue());
            }
            if (identityErrorMsg == null) {
                arrayList.addAll((Collection) queryParams.stream().filter(nameValuePair3 -> {
                    return FrameworkConstants.ERROR_CODE.equals(nameValuePair3.getName()) || FrameworkConstants.LOCK_REASON.equals(nameValuePair3.getName()) || FrameworkConstants.REMAINING_ATTEMPTS.equals(nameValuePair3.getName()) || FrameworkConstants.FAILED_USERNAME.equals(nameValuePair3.getName());
                }).collect(Collectors.toList()));
                if (!arrayList.isEmpty()) {
                    for (NameValuePair nameValuePair4 : arrayList) {
                        sb2.append(FrameworkUtils.QUERY_SEPARATOR).append(nameValuePair4.getName()).append("=").append(nameValuePair4.getValue());
                    }
                }
            }
        }
        if (StringUtils.isBlank(sb.toString())) {
            String str6 = (String) authenticationContext.getProperty(FrameworkConstants.CAPTCHA_PARAM_STRING);
            if (StringUtils.isNotBlank(str6)) {
                sb.append(str6);
                authenticationContext.removeProperty(FrameworkConstants.CAPTCHA_PARAM_STRING);
            }
        }
        Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
        String str7 = null;
        if (MapUtils.isNotEmpty(parameterMap) && Boolean.parseBoolean(str2)) {
            str7 = parameterMap.get(FrameworkConstants.MASK_USER_NOT_EXISTS_ERROR_CODE_CONFIG);
        }
        if (str2 == null || !"true".equals(str2)) {
            String errorCode = identityErrorMsg != null ? identityErrorMsg.getErrorCode() : null;
            if (!"17003".equals(errorCode)) {
                return "17007".equals(errorCode) ? getRedirectURLForcedPasswordResetOTP(httpServletRequest, httpServletResponse, authenticationContext, str, str4, str5, sb) : httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin + sb.toString();
            }
            String str8 = httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin + sb.toString();
            if (parameter != null) {
                str8 = String.format("%s&failedUsername=%s", str8, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
            }
            return str8;
        }
        if (identityErrorMsg == null) {
            return (arrayList.stream().anyMatch(nameValuePair5 -> {
                return FrameworkConstants.ERROR_CODE.equals(nameValuePair5.getName()) && "17003".equals(nameValuePair5.getValue());
            }) && isRedirectionToRetryPageOnAccountLock(authenticationContext)) ? httpServletResponse.encodeRedirectURL(ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL() + "?" + authenticationContext.getContextIdIncludedQueryParams()) + ((Object) sb2) : httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + handleIdentifierFirstLogin + sb.toString() + ((Object) sb2);
        }
        String errorCode2 = identityErrorMsg.getErrorCode();
        if (Boolean.parseBoolean(str7) && StringUtils.contains(errorCode2, "17001")) {
            errorCode2 = "17002";
            if (LOG.isDebugEnabled()) {
                LOG.debug("Masking user not found error code: 17001 with error code: " + errorCode2);
            }
        }
        String str9 = null;
        if (errorCode2.contains(":")) {
            String[] split = errorCode2.split(":", 2);
            if (split.length > 1) {
                errorCode2 = split[0];
                str9 = split[1];
            }
        }
        int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Identity error message context is not null. Error details are as follows.errorCode : " + errorCode2 + "\nusername : " + parameter + "\nremainingAttempts : " + maximumLoginAttempts);
        }
        if ("17002".equals(errorCode2)) {
            String format = String.format("%s&errorCode=%s&remainingAttempts=%d", handleIdentifierFirstLogin, errorCode2, Integer.valueOf(maximumLoginAttempts));
            if (parameter != null) {
                format = String.format("%s&failedUsername=%s", format, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
            }
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + format + sb.toString();
        }
        if ("17003".equals(errorCode2)) {
            String str10 = httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + String.format("&errorCode=%s&authenticators=%s", errorCode2, URLEncoder.encode(str, FrameworkUtils.UTF_8)) + handleIdentifierFirstLogin + ((Object) sb);
            if (maximumLoginAttempts == 0) {
                str10 = String.format("%s&remainingAttempts=0", str10);
            }
            if (!StringUtils.isBlank(str9)) {
                str10 = String.format("%s&lockedReason=%s", str10, str9);
            }
            if (parameter != null) {
                str10 = String.format("%s&failedUsername=%s", str10, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
            }
            return str10;
        }
        if ("17005".equals(errorCode2)) {
            Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
            if (obj != null) {
                parameter = IdentityUtil.addDomainToName(parameter, obj.toString());
            }
            String format2 = String.format("%s&errorCode=%s", "&authFailure=true&authFailureMsg=account.confirmation.pending", errorCode2);
            if (parameter != null) {
                format2 = String.format("%s&failedUsername=%s", format2, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
            }
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + format2 + sb.toString();
        }
        if ("17010".equals(errorCode2)) {
            Object obj2 = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
            if (obj2 != null) {
                parameter = IdentityUtil.addDomainToName(parameter, obj2.toString());
            }
            String str11 = "&authFailure=true&authFailureMsg=login.fail.message&errorCode=" + errorCode2;
            if (parameter != null) {
                str11 = String.format("%s&failedUsername=%s", str11, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
            }
            return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + str11 + sb.toString();
        }
        if ("17007".equals(errorCode2)) {
            return getRedirectURLForcedPasswordResetOTP(httpServletRequest, httpServletResponse, authenticationContext, str, str4, str5, sb);
        }
        if (StringUtils.isNotBlank(handleIdentifierFirstLogin) && StringUtils.isNotBlank(str9)) {
            handleIdentifierFirstLogin = "&authFailure=true&authFailureMsg=" + URLEncoder.encode(str9, FrameworkUtils.UTF_8);
        }
        String str12 = handleIdentifierFirstLogin + "&errorCode=" + errorCode2;
        if (parameter != null) {
            str12 = String.format("%s&failedUsername=%s", str12, URLEncoder.encode(parameter, FrameworkUtils.UTF_8));
        }
        return httpServletResponse.encodeRedirectURL(str4 + "?" + authenticationContext.getContextIdIncludedQueryParams()) + "&authenticators=" + URLEncoder.encode(str, FrameworkUtils.UTF_8) + str12 + sb.toString();
    }

    protected String handleIdentifierFirstLogin(AuthenticationContext authenticationContext, String str) {
        Map<String, String> authenticatorParams = authenticationContext.getAuthenticatorParams(FrameworkConstants.JSAttributes.JS_COMMON_OPTIONS);
        String str2 = null;
        String str3 = null;
        if (authenticatorParams != null) {
            str3 = authenticatorParams.get("username");
            if (str3 != null) {
                str2 = "idf";
            }
        }
        if (str2 != null) {
            str = str + "&inputType=" + str2;
            authenticationContext.addEndpointParam("username", str3);
        }
        return str;
    }

    protected AuthenticatorConfig getAuthenticatorConfig() {
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(FrameworkConstants.BASIC_AUTHENTICATOR_CLASS);
        if (authenticatorBean == null) {
            authenticatorBean = new AuthenticatorConfig();
            authenticatorBean.setParameterMap(new HashMap());
        }
        return authenticatorBean;
    }

    protected boolean isRedirectionToRetryPageOnAccountLock(AuthenticationContext authenticationContext) {
        if (authenticationContext.isSendToMultiOptionPage()) {
            return false;
        }
        Map<String, String> parameterMap = getAuthenticatorConfig().getParameterMap();
        if (!MapUtils.isNotEmpty(parameterMap) || Boolean.parseBoolean(parameterMap.get(FrameworkConstants.SHOW_AUTH_FAILURE_REASON_ON_LOGIN_PAGE_CONF))) {
            return false;
        }
        return Boolean.parseBoolean(parameterMap.get(FrameworkConstants.REDIRECT_TO_RETRY_PAGE_ON_ACCOUNT_LOCK_CONF));
    }

    private String getRedirectURLForcedPasswordResetOTP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3, StringBuilder sb) throws IOException {
        String parameter = httpServletRequest.getParameter("username");
        try {
            String str4 = ServiceURLBuilder.create().addPath(new String[]{str2}).build().getAbsolutePublicURL() + "?" + authenticationContext.getContextIdIncludedQueryParams() + "&authenticators=" + str;
            return parameter == null ? httpServletResponse.encodeRedirectURL("accountrecoveryendpoint/confirmrecovery.do?" + authenticationContext.getContextIdIncludedQueryParams()) + "&confirmation=" + str3 + "&callback=" + URLEncoder.encode(str4, FrameworkUtils.UTF_8) + sb.toString() : httpServletResponse.encodeRedirectURL("accountrecoveryendpoint/confirmrecovery.do?" + authenticationContext.getContextIdIncludedQueryParams()) + "&username=" + URLEncoder.encode(parameter, FrameworkUtils.UTF_8) + "&confirmation=" + str3 + "&callback=" + URLEncoder.encode(str4, FrameworkUtils.UTF_8) + sb.toString();
        } catch (URLBuilderException e) {
            throw new IdentityRuntimeException("Error while building callback url for context: " + str2, e);
        }
    }
}
