package org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.sequence.StepBasedSequenceHandler;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileAdmin;
import org.wso2.carbon.identity.user.profile.mgt.UserProfileException;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/DefaultStepBasedSequenceHandler.class */
public class DefaultStepBasedSequenceHandler implements StepBasedSequenceHandler {
    public static final String USER_TENANT_DOMAIN = "user-tenant-domain";
    private static final Log log = LogFactory.getLog(DefaultStepBasedSequenceHandler.class);
    private static volatile DefaultStepBasedSequenceHandler instance;

    public static DefaultStepBasedSequenceHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultStepBasedSequenceHandler.class) {
                if (instance == null) {
                    instance = new DefaultStepBasedSequenceHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.sequence.SequenceHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Executing the Step Based Authentication...");
        }
        while (!authenticationContext.getSequenceConfig().isCompleted()) {
            int currentStep = authenticationContext.getCurrentStep();
            if (currentStep == 0) {
                currentStep++;
                authenticationContext.setCurrentStep(currentStep);
            }
            StepConfig stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(currentStep));
            if (stepConfig != null && stepConfig.isCompleted()) {
                stepConfig.setCompleted(false);
                stepConfig.setRetrying(false);
                if (authenticationContext.isRequestAuthenticated()) {
                    if (log.isDebugEnabled()) {
                        log.debug("Step " + stepConfig.getOrder() + " is completed. Going to get the next one.");
                    }
                    int currentStep2 = authenticationContext.getCurrentStep() + 1;
                    authenticationContext.setCurrentStep(currentStep2);
                    stepConfig = authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(currentStep2));
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Authentication has failed in the Step " + authenticationContext.getCurrentStep());
                    }
                    if (!stepConfig.isMultiOption() || authenticationContext.isPassiveAuthenticate()) {
                        authenticationContext.getSequenceConfig().setCompleted(true);
                        resetAuthenticationContext(authenticationContext);
                    } else {
                        stepConfig.setRetrying(true);
                        authenticationContext.setRequestAuthenticated(true);
                    }
                }
                resetAuthenticationContext(authenticationContext);
            }
            if (stepConfig == null) {
                if (log.isDebugEnabled()) {
                    log.debug("There are no more steps to execute");
                }
                if (authenticationContext.isRequestAuthenticated()) {
                    if (log.isDebugEnabled()) {
                        log.debug("Request is successfully authenticated");
                    }
                    authenticationContext.getSequenceConfig().setCompleted(true);
                    handlePostAuthentication(httpServletRequest, httpServletResponse, authenticationContext);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Step processing is completed");
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Starting Step: " + stepConfig.getOrder());
                }
                FrameworkUtils.getStepHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
                if (!stepConfig.isCompleted()) {
                    if (log.isDebugEnabled()) {
                        log.debug("Step is not complete yet. Redirecting to outside.");
                        return;
                    }
                    return;
                }
                authenticationContext.setReturning(false);
            }
        }
    }

    protected void handlePostAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Handling Post Authentication tasks");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        boolean z2 = false;
        int i = 1;
        Map<String, String> hashMap = new HashMap();
        Map<ClaimMapping, String> hashMap2 = new HashMap();
        Iterator<Map.Entry<Integer, StepConfig>> it = sequenceConfig.getStepMap().entrySet().iterator();
        while (it.hasNext()) {
            StepConfig value = it.next().getValue();
            ApplicationAuthenticator applicationAuthenticator = value.getAuthenticatedAutenticator().getApplicationAuthenticator();
            if (i == 1) {
                sb.append("\"idps\":");
                sb.append("[");
            }
            sb.append("{");
            sb.append("\"idp\":\"").append(value.getAuthenticatedIdP()).append("\",");
            sb.append("\"authenticator\":\"").append(applicationAuthenticator.getName()).append("\"");
            if (i != sequenceConfig.getStepMap().size()) {
                sb.append("},");
            } else {
                sb.append("}");
                sb.append("]");
                sequenceConfig.setAuthenticatedIdPs(IdentityApplicationManagementUtil.getSignedJWT(sb.toString(), sequenceConfig.getApplicationConfig().getServiceProvider()));
                value.setSubjectIdentifierStep(!z);
                value.setSubjectAttributeStep(!z2);
            }
            i++;
            if (applicationAuthenticator instanceof FederatedApplicationAuthenticator) {
                ExternalIdPConfig externalIdPConfig = null;
                try {
                    externalIdPConfig = ConfigurationFacade.getInstance().getIdPConfigByName(value.getAuthenticatedIdP(), authenticationContext.getTenantDomain());
                } catch (IdentityProviderManagementException e) {
                    log.error("Exception while getting IdP by name", e);
                }
                authenticationContext.setExternalIdP(externalIdPConfig);
                String authenticatedSubjectIdentifier = value.getAuthenticatedUser().getAuthenticatedSubjectIdentifier();
                if (externalIdPConfig == null) {
                    log.error("An External IdP cannot be null for a FederatedApplicationAuthenticator");
                    throw new FrameworkException("An External IdP cannot be null for a FederatedApplicationAuthenticator");
                }
                Map<String, String> map = null;
                Map<String, String> map2 = null;
                List<String> list = null;
                Map<String, String> claimMappings = FrameworkUtils.getClaimMappings(value.getAuthenticatedUser().getUserAttributes(), false);
                if (value.isSubjectIdentifierStep()) {
                    z = true;
                    String str = null;
                    if (sequenceConfig.getApplicationConfig().isAlwaysSendMappedLocalSubjectId()) {
                        UserProfileAdmin userProfileAdmin = UserProfileAdmin.getInstance();
                        try {
                            try {
                                FrameworkUtils.startTenantFlow(authenticationContext.getTenantDomain());
                                str = userProfileAdmin.getNameAssociatedWith(value.getAuthenticatedIdP(), authenticatedSubjectIdentifier);
                                if (StringUtils.isNotBlank(str)) {
                                    if (log.isDebugEnabled()) {
                                        log.debug("User " + value.getAuthenticatedUser() + " has an associated account as " + str + ". Hence continuing as " + str);
                                    }
                                    value.getAuthenticatedUser().setUserName(str);
                                    value.getAuthenticatedUser().setTenantDomain(authenticationContext.getTenantDomain());
                                    value.setAuthenticatedUser(value.getAuthenticatedUser());
                                } else if (log.isDebugEnabled()) {
                                    log.debug("User " + value.getAuthenticatedUser() + " doesn't have an associated account. Hence continuing as the same user.");
                                }
                                FrameworkUtils.endTenantFlow();
                            } catch (Throwable th) {
                                FrameworkUtils.endTenantFlow();
                                throw th;
                            }
                        } catch (UserProfileException e2) {
                            throw new FrameworkException("Error while getting associated local user ID for " + authenticatedSubjectIdentifier, e2);
                        }
                    }
                    if (str == null || str.trim().length() <= 0) {
                        sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(value.getAuthenticatedUser()));
                    } else {
                        handleClaimMappings(value, authenticationContext, claimMappings, true);
                        map = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
                        map2 = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
                        sequenceConfig.setAuthenticatedUser(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(FrameworkUtils.prependUserStoreDomainToName(str + "@" + authenticationContext.getTenantDomain())));
                        sequenceConfig.getApplicationConfig().setMappedSubjectIDSelected(true);
                        hashMap = handleClaimMappings(value, authenticationContext, null, false);
                        if (authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings() == null || authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings().isEmpty()) {
                            if (MapUtils.isNotEmpty(map)) {
                                hashMap = map;
                            } else if (MapUtils.isNotEmpty(map2)) {
                                hashMap = map2;
                            }
                        }
                        hashMap2 = FrameworkUtils.buildClaimMappings(hashMap);
                        String tenantDomain = MultitenantUtils.getTenantDomain(str);
                        Map<String, Object> properties = authenticationContext.getProperties();
                        if (properties == null) {
                            properties = new HashMap();
                            authenticationContext.setProperties(properties);
                        }
                        properties.put(USER_TENANT_DOMAIN, tenantDomain);
                        if (log.isDebugEnabled()) {
                            log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
                            log.debug("Authenticated User Tenant Domain: " + tenantDomain);
                        }
                    }
                }
                if (value.isSubjectAttributeStep()) {
                    z2 = true;
                    String idpRoleClaimUri = getIdpRoleClaimUri(externalIdPConfig);
                    list = getLocallyMappedUserRoles(sequenceConfig, externalIdPConfig, claimMappings, idpRoleClaimUri);
                    if (idpRoleClaimUri != null && getServiceProviderMappedUserRoles(sequenceConfig, list) != null) {
                        claimMappings.put(idpRoleClaimUri, getServiceProviderMappedUserRoles(sequenceConfig, list));
                    }
                    if (hashMap == null || hashMap.isEmpty()) {
                        hashMap = handleClaimMappings(value, authenticationContext, claimMappings, true);
                        map = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
                        map2 = (Map) authenticationContext.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
                    }
                    if (!sequenceConfig.getApplicationConfig().isMappedSubjectIDSelected()) {
                        if (authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings() == null || authenticationContext.getSequenceConfig().getApplicationConfig().getRequestedClaimMappings().isEmpty()) {
                            if (MapUtils.isNotEmpty(map)) {
                                hashMap = map;
                            } else if (MapUtils.isNotEmpty(map2)) {
                                hashMap = map2;
                            }
                        }
                        hashMap2 = FrameworkUtils.buildClaimMappings(hashMap);
                    }
                }
                if (externalIdPConfig.isProvisioningEnabled()) {
                    if (map == null) {
                        map = new HashMap();
                    }
                    handleJitProvisioning(authenticatedSubjectIdentifier, authenticationContext, list, map);
                }
            } else {
                if (value.isSubjectIdentifierStep()) {
                    z = true;
                    sequenceConfig.setAuthenticatedUser(new AuthenticatedUser(value.getAuthenticatedUser()));
                    if (log.isDebugEnabled()) {
                        log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getUserName());
                        log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
                    }
                }
                if (value.isSubjectAttributeStep()) {
                    z2 = true;
                    hashMap = handleClaimMappings(value, authenticationContext, null, false);
                    String spRoleClaimUri = getSpRoleClaimUri(sequenceConfig.getApplicationConfig());
                    String str2 = hashMap.get(spRoleClaimUri);
                    if (StringUtils.isNotBlank(str2)) {
                        hashMap.put(spRoleClaimUri, getServiceProviderMappedUserRoles(sequenceConfig, Arrays.asList(str2.split(","))));
                    }
                    hashMap2 = FrameworkUtils.buildClaimMappings(hashMap);
                }
            }
        }
        String subjectClaimUri = sequenceConfig.getApplicationConfig().getSubjectClaimUri();
        String str3 = (String) authenticationContext.getProperty(DefaultClaimHandler.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE);
        if (StringUtils.isNotBlank(subjectClaimUri)) {
            if (str3 != null) {
                sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(str3);
                if (log.isDebugEnabled()) {
                    log.debug("Authenticated User: " + sequenceConfig.getAuthenticatedUser().getAuthenticatedSubjectIdentifier());
                    log.debug("Authenticated User Tenant Domain: " + sequenceConfig.getAuthenticatedUser().getTenantDomain());
                }
            } else {
                log.warn("Subject claim could not be found. Defaulting to Name Identifier.");
                if (StringUtils.isNotBlank(sequenceConfig.getAuthenticatedUser().getUserName())) {
                    sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(sequenceConfig.getAuthenticatedUser().getUsernameAsSubjectIdentifier(sequenceConfig.getApplicationConfig().isUseUserstoreDomainInLocalSubjectIdentifier(), sequenceConfig.getApplicationConfig().isUseTenantDomainInLocalSubjectIdentifier()));
                }
            }
        } else if (StringUtils.isNotBlank(sequenceConfig.getAuthenticatedUser().getUserName())) {
            sequenceConfig.getAuthenticatedUser().setAuthenticatedSubjectIdentifier(sequenceConfig.getAuthenticatedUser().getUsernameAsSubjectIdentifier(sequenceConfig.getApplicationConfig().isUseUserstoreDomainInLocalSubjectIdentifier(), sequenceConfig.getApplicationConfig().isUseTenantDomainInLocalSubjectIdentifier()));
        }
        sequenceConfig.getAuthenticatedUser().setUserAttributes(hashMap2);
        httpServletRequest.setAttribute(FrameworkConstants.MAPPED_ATTRIBUTES, hashMap);
    }

    protected String getServiceProviderMappedUserRoles(SequenceConfig sequenceConfig, List<String> list) throws FrameworkException {
        if (list == null || list.isEmpty()) {
            return null;
        }
        Map<String, String> roleMappings = sequenceConfig.getApplicationConfig().getRoleMappings();
        boolean z = false;
        if (roleMappings != null && !roleMappings.isEmpty()) {
            z = true;
        }
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            if (!z) {
                sb.append(str + ",");
            } else if (roleMappings.containsKey(str)) {
                sb.append(roleMappings.get(str) + ",");
            } else {
                sb.append(str + ",");
            }
        }
        if (sb.length() > 0) {
            return sb.toString().substring(0, sb.length() - 1);
        }
        return null;
    }

    protected String getSpRoleClaimUri(ApplicationConfig applicationConfig) throws FrameworkException {
        Map<String, String> claimMappings;
        String roleClaim = applicationConfig.getRoleClaim();
        if ((roleClaim == null || roleClaim.isEmpty()) && (claimMappings = applicationConfig.getClaimMappings()) != null && !claimMappings.isEmpty()) {
            for (Map.Entry<String, String> entry : claimMappings.entrySet()) {
                if (FrameworkConstants.LOCAL_ROLE_CLAIM_URI.equals(entry.getValue())) {
                    return entry.getKey();
                }
            }
        }
        return roleClaim;
    }

    protected String getIdpRoleClaimUri(ExternalIdPConfig externalIdPConfig) throws FrameworkException {
        ClaimMapping[] claimMappings;
        String roleClaimUri = externalIdPConfig.getRoleClaimUri();
        if ((roleClaimUri == null || roleClaimUri.isEmpty()) && (claimMappings = externalIdPConfig.getClaimMappings()) != null && claimMappings.length > 0) {
            for (ClaimMapping claimMapping : claimMappings) {
                if (FrameworkConstants.LOCAL_ROLE_CLAIM_URI.equals(claimMapping.getLocalClaim().getClaimUri()) && claimMapping.getRemoteClaim() != null) {
                    return claimMapping.getRemoteClaim().getClaimUri();
                }
            }
        }
        return roleClaimUri;
    }

    protected List<String> getLocallyMappedUserRoles(SequenceConfig sequenceConfig, ExternalIdPConfig externalIdPConfig, Map<String, String> map, String str) throws FrameworkException {
        if (str == null) {
            log.debug("Role claim uri not found for the identity provider");
            return new ArrayList();
        }
        String str2 = map.get(str);
        if (str2 == null) {
            return new ArrayList();
        }
        String[] split = str2.split(",");
        Map<String, String> roleMappings = externalIdPConfig.getRoleMappings();
        boolean z = false;
        if (roleMappings != null && !roleMappings.isEmpty()) {
            z = true;
        }
        ArrayList arrayList = new ArrayList();
        if (split.length > 0) {
            for (String str3 : split) {
                if (!z) {
                    arrayList.add(str3);
                } else if (roleMappings.containsKey(str3)) {
                    arrayList.add(roleMappings.get(str3));
                } else {
                    arrayList.add(str3);
                }
            }
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected Map<String, String> handleClaimMappings(StepConfig stepConfig, AuthenticationContext authenticationContext, Map<String, String> map, boolean z) throws FrameworkException {
        Map hashMap = new HashMap();
        try {
            hashMap = FrameworkUtils.getClaimHandler().handleClaimMappings(stepConfig, authenticationContext, map, z);
        } catch (FrameworkException e) {
            log.error("Claim handling failed!", e);
        }
        if (hashMap == null) {
            hashMap = new HashMap();
        }
        return hashMap;
    }

    protected void handleJitProvisioning(String str, AuthenticationContext authenticationContext, List<String> list, Map<String, String> map) throws FrameworkException {
        try {
            String str2 = null;
            String provisioningUserStoreClaimURI = authenticationContext.getExternalIdP().getProvisioningUserStoreClaimURI();
            String provisioningUserStoreId = authenticationContext.getExternalIdP().getProvisioningUserStoreId();
            if (provisioningUserStoreId != null) {
                str2 = provisioningUserStoreId;
            } else if (provisioningUserStoreClaimURI != null) {
                str2 = map.get(provisioningUserStoreClaimURI);
            }
            ThreadLocalProvisioningServiceProvider threadLocalProvisioningServiceProvider = new ThreadLocalProvisioningServiceProvider();
            threadLocalProvisioningServiceProvider.setServiceProviderName(authenticationContext.getSequenceConfig().getApplicationConfig().getApplicationName());
            threadLocalProvisioningServiceProvider.setJustInTimeProvisioning(true);
            threadLocalProvisioningServiceProvider.setClaimDialect("http://wso2.org/claims");
            threadLocalProvisioningServiceProvider.setTenantDomain(authenticationContext.getTenantDomain());
            IdentityApplicationManagementUtil.setThreadLocalProvisioningServiceProvider(threadLocalProvisioningServiceProvider);
            FrameworkUtils.getProvisioningHandler().handle(list, str, map, str2, authenticationContext.getTenantDomain());
        } catch (FrameworkException e) {
            log.error("User provisioning failed!", e);
        } finally {
            IdentityApplicationManagementUtil.resetThreadLocalProvisioningServiceProvider();
        }
    }

    protected void resetAuthenticationContext(AuthenticationContext authenticationContext) throws FrameworkException {
        authenticationContext.setSubject(null);
        authenticationContext.setStateInfo(null);
        authenticationContext.setExternalIdP(null);
        authenticationContext.setAuthenticatorProperties(new HashMap());
        authenticationContext.setRetryCount(0);
        authenticationContext.setRetrying(false);
        authenticationContext.setCurrentAuthenticator(null);
    }
}
