package org.wso2.carbon.identity.application.authentication.framework.handler.request.impl;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationDataPublisher;
import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.context.SessionContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.ApplicationAuthorizationException;
import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
import org.wso2.carbon.identity.application.authentication.framework.handler.authz.AuthorizationHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.request.AuthenticationRequestHandler;
import org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.DefaultStepBasedSequenceHandler;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.model.CommonAuthResponseWrapper;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.idp.mgt.util.IdPManagementUtil;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/DefaultAuthenticationRequestHandler.class */
public class DefaultAuthenticationRequestHandler implements AuthenticationRequestHandler {
    private static final Log log = LogFactory.getLog(DefaultAuthenticationRequestHandler.class);
    private static final Log AUDIT_LOG = CarbonConstants.AUDIT_LOG;
    private static volatile DefaultAuthenticationRequestHandler instance;

    public static DefaultAuthenticationRequestHandler getInstance() {
        if (instance == null) {
            synchronized (DefaultAuthenticationRequestHandler.class) {
                if (instance == null) {
                    instance = new DefaultAuthenticationRequestHandler();
                }
            }
        }
        return instance;
    }

    @Override // org.wso2.carbon.identity.application.authentication.framework.handler.request.AuthenticationRequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("In authentication flow");
        }
        if (authenticationContext.isReturning()) {
            if (httpServletRequest.getParameter(FrameworkConstants.RequestParams.DENY) != null) {
                handleDenyFromLoginPage(httpServletRequest, httpServletResponse, authenticationContext);
                return;
            }
            handleRememberMeOptionFromLoginPage(httpServletRequest, authenticationContext);
        }
        int currentStep = authenticationContext.getCurrentStep();
        if (currentStep == 0) {
            handleSequenceStart(httpServletRequest, httpServletResponse, authenticationContext);
        }
        List<AuthenticatorConfig> reqPathAuthenticators = authenticationContext.getSequenceConfig().getReqPathAuthenticators();
        if (reqPathAuthenticators != null && !reqPathAuthenticators.isEmpty() && currentStep == 0) {
            FrameworkUtils.getRequestPathBasedSequenceHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
        }
        if (!authenticationContext.getSequenceConfig().isCompleted() || reqPathAuthenticators == null || reqPathAuthenticators.isEmpty()) {
            FrameworkUtils.getStepBasedSequenceHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
        }
        if (authenticationContext.getSequenceConfig().isCompleted() && !isPostAuthenticationExtensionCompleted(authenticationContext)) {
            FrameworkUtils.getPostAuthenticationHandler().handle(httpServletRequest, httpServletResponse, authenticationContext);
        }
        if (isPostAuthenticationExtensionCompleted(authenticationContext)) {
            concludeFlow(httpServletRequest, httpServletResponse, authenticationContext);
        } else {
            FrameworkUtils.addAuthenticationContextToCache(authenticationContext.getContextIdentifier(), authenticationContext);
        }
    }

    private void handleDenyFromLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("User has pressed Deny or Cancel in the login page. Terminating the authentication flow");
        }
        authenticationContext.getSequenceConfig().setCompleted(true);
        authenticationContext.setRequestAuthenticated(false);
        concludeFlow(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void handleRememberMeOptionFromLoginPage(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        String parameter = httpServletRequest.getParameter("chkRemember");
        if (parameter == null || !"on".equalsIgnoreCase(parameter)) {
            authenticationContext.setRememberMe(false);
        } else {
            authenticationContext.setRememberMe(true);
        }
    }

    protected boolean handleSequenceStart(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            log.debug("Starting the sequence");
        }
        boolean booleanValue = httpServletRequest.getParameter("forceAuth") != null ? Boolean.valueOf(httpServletRequest.getParameter("forceAuth")).booleanValue() : false;
        authenticationContext.setForceAuthenticate(booleanValue);
        if (log.isDebugEnabled()) {
            log.debug("Force Authenticate : " + booleanValue);
        }
        boolean booleanValue2 = httpServletRequest.getParameter(FrameworkConstants.RequestParams.RE_AUTHENTICATE) != null ? Boolean.valueOf(httpServletRequest.getParameter(FrameworkConstants.RequestParams.RE_AUTHENTICATE)).booleanValue() : false;
        if (log.isDebugEnabled()) {
            log.debug("Re-Authenticate : " + booleanValue2);
        }
        authenticationContext.setReAuthenticate(booleanValue2);
        boolean booleanValue3 = httpServletRequest.getParameter("passiveAuth") != null ? Boolean.valueOf(httpServletRequest.getParameter("passiveAuth")).booleanValue() : false;
        if (log.isDebugEnabled()) {
            log.debug("Passive Authenticate : " + booleanValue3);
        }
        authenticationContext.setPassiveAuthenticate(booleanValue3);
        return false;
    }

    protected void concludeFlow(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        String value;
        if (log.isDebugEnabled()) {
            log.debug("Concluding the Authentication Flow");
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        sequenceConfig.setCompleted(false);
        AuthenticationResult authenticationResult = new AuthenticationResult();
        boolean isRequestAuthenticated = authenticationContext.isRequestAuthenticated();
        authenticationResult.setAuthenticated(isRequestAuthenticated);
        String authenticatedUserTenantDomain = getAuthenticatedUserTenantDomain(authenticationContext, authenticationResult);
        authenticationResult.setSaaSApp(sequenceConfig.getApplicationConfig().isSaaSApp());
        if (isRequestAuthenticated) {
            if (!sequenceConfig.getApplicationConfig().isSaaSApp()) {
                String tenantDomain = authenticationContext.getTenantDomain();
                String tenantDomain2 = sequenceConfig.getAuthenticatedUser().getTenantDomain();
                if (StringUtils.isNotEmpty(tenantDomain2) && StringUtils.isNotEmpty(tenantDomain) && !tenantDomain.equals(tenantDomain2)) {
                    throw new FrameworkException("Service Provider tenant domain must be equal to user tenant domain for non-SaaS applications");
                }
            }
            authenticationResult.setSubject(new AuthenticatedUser(sequenceConfig.getAuthenticatedUser()));
            ApplicationConfig applicationConfig = sequenceConfig.getApplicationConfig();
            if (applicationConfig.getServiceProvider().getLocalAndOutBoundAuthenticationConfig().isAlwaysSendBackAuthenticatedListOfIdPs()) {
                authenticationResult.setAuthenticatedIdPs(sequenceConfig.getAuthenticatedIdPs());
            }
            SessionContext sessionContext = null;
            String str = null;
            if (FrameworkUtils.getAuthCookie(httpServletRequest) != null && (value = FrameworkUtils.getAuthCookie(httpServletRequest).getValue()) != null) {
                str = DigestUtils.sha256Hex(value);
                sessionContext = FrameworkUtils.getSessionContextFromCache(str);
            }
            if (sessionContext != null) {
                sessionContext.getAuthenticatedSequences().put(applicationConfig.getApplicationName(), sequenceConfig);
                sessionContext.getAuthenticatedIdPs().putAll(authenticationContext.getCurrentAuthenticatedIdPs());
                long currentTimeMillis = System.currentTimeMillis();
                if (!authenticationContext.isPreviousAuthTime()) {
                    sessionContext.addProperty(FrameworkConstants.UPDATED_TIMESTAMP, Long.valueOf(currentTimeMillis));
                }
                FrameworkUtils.addSessionContextToCache(str, sessionContext);
                FrameworkUtils.publishSessionEvent(str, httpServletRequest, authenticationContext, sessionContext, sequenceConfig.getAuthenticatedUser(), FrameworkConstants.AnalyticsAttributes.SESSION_UPDATE);
            } else {
                SessionContext sessionContext2 = new SessionContext();
                authenticationContext.setProperty(FrameworkConstants.AnalyticsAttributes.IS_INITIAL_LOGIN, true);
                sessionContext2.getAuthenticatedSequences().put(applicationConfig.getApplicationName(), sequenceConfig);
                sessionContext2.setAuthenticatedIdPs(authenticationContext.getCurrentAuthenticatedIdPs());
                sessionContext2.setRememberMe(authenticationContext.isRememberMe());
                String generateUUID = UUIDGenerator.generateUUID();
                String sha256Hex = DigestUtils.sha256Hex(generateUUID);
                sessionContext2.addProperty(FrameworkConstants.AUTHENTICATED_USER, authenticationResult.getSubject());
                sessionContext2.addProperty(FrameworkConstants.CREATED_TIMESTAMP, Long.valueOf(System.currentTimeMillis()));
                FrameworkUtils.addSessionContextToCache(sha256Hex, sessionContext2);
                String tenantDomain3 = authenticationContext.getTenantDomain();
                if (StringUtils.isEmpty(tenantDomain3)) {
                    tenantDomain3 = "carbon.super";
                }
                setAuthCookie(httpServletRequest, httpServletResponse, authenticationContext, generateUUID, tenantDomain3);
                FrameworkUtils.publishSessionEvent(sha256Hex, httpServletRequest, authenticationContext, sessionContext2, sequenceConfig.getAuthenticatedUser(), FrameworkConstants.AnalyticsAttributes.SESSION_CREATE);
            }
            if (authenticationContext.getSequenceConfig().getApplicationConfig().isEnableAuthorization()) {
                handleAuthorization(httpServletRequest, httpServletResponse, authenticationContext);
            }
            if (authenticatedUserTenantDomain == null) {
                PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            }
            publishAuthenticationSuccess(httpServletRequest, authenticationContext, sequenceConfig.getAuthenticatedUser());
        }
        if (FrameworkUtils.getCacheDisabledAuthenticators().contains(authenticationContext.getRequestType()) && (httpServletResponse instanceof CommonAuthResponseWrapper)) {
            httpServletRequest.setAttribute("sessionDataKey", authenticationContext.getCallerSessionKey());
            addAuthenticationResultToRequest(httpServletRequest, authenticationResult);
        } else {
            FrameworkUtils.addAuthenticationResultToCache(authenticationContext.getCallerSessionKey(), authenticationResult);
        }
        if (System.getProperty("retainCache") == null) {
            FrameworkUtils.removeAuthenticationContextFromCache(authenticationContext.getContextIdentifier());
        }
        sendResponse(httpServletRequest, httpServletResponse, authenticationContext);
    }

    private void publishAuthenticationSuccess(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        AuthenticationDataPublisher authnDataPublisherProxy = FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy();
        if (authnDataPublisherProxy == null || !authnDataPublisherProxy.isEnabled(authenticationContext)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(FrameworkConstants.AnalyticsAttributes.USER, authenticatedUser);
        authnDataPublisherProxy.publishAuthenticationSuccess(httpServletRequest, authenticationContext, Collections.unmodifiableMap(hashMap));
    }

    private void publishAuthenticationFailure(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        AuthenticationDataPublisher authnDataPublisherProxy = FrameworkServiceDataHolder.getInstance().getAuthnDataPublisherProxy();
        if (authnDataPublisherProxy == null || !authnDataPublisherProxy.isEnabled(authenticationContext)) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(FrameworkConstants.AnalyticsAttributes.USER, authenticatedUser);
        authnDataPublisherProxy.publishAuthenticationFailure(httpServletRequest, authenticationContext, Collections.unmodifiableMap(hashMap));
    }

    private void addAuthenticationResultToRequest(HttpServletRequest httpServletRequest, AuthenticationResult authenticationResult) {
        httpServletRequest.setAttribute(FrameworkConstants.RequestAttribute.AUTH_RESULT, authenticationResult);
    }

    private void setAuthCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws FrameworkException {
        Integer num = null;
        if (authenticationContext.isRememberMe()) {
            num = Integer.valueOf(IdPManagementUtil.getRememberMeTimeout(str2));
        }
        FrameworkUtils.storeAuthCookie(httpServletRequest, httpServletResponse, str, num);
    }

    private String getAuthenticatedUserTenantDomain(AuthenticationContext authenticationContext, AuthenticationResult authenticationResult) {
        String str = null;
        if (authenticationContext.getProperties() != null) {
            str = (String) authenticationContext.getProperties().get(DefaultStepBasedSequenceHandler.USER_TENANT_DOMAIN);
        }
        return str;
    }

    protected void sendResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws FrameworkException {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Sending response back to: ");
            sb.append(authenticationContext.getCallerPath()).append("...\n");
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED).append(": ");
            sb.append(String.valueOf(authenticationContext.isRequestAuthenticated())).append("\n");
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED_USER).append(": ");
            if (authenticationContext.getSequenceConfig().getAuthenticatedUser() != null) {
                sb.append(authenticationContext.getSequenceConfig().getAuthenticatedUser().getAuthenticatedSubjectIdentifier()).append("\n");
            } else {
                sb.append("No Authenticated User").append("\n");
            }
            sb.append(FrameworkConstants.ResponseParams.AUTHENTICATED_IDPS).append(": ");
            sb.append(authenticationContext.getSequenceConfig().getAuthenticatedIdPs()).append("\n");
            sb.append("sessionDataKey").append(": ");
            sb.append(authenticationContext.getCallerSessionKey());
            log.debug(sb);
        }
        String str = "";
        if (authenticationContext.isRequestAuthenticated() && authenticationContext.isRememberMe()) {
            str = str + "chkRemember=on";
        }
        String callerPath = authenticationContext.getCallerPath();
        try {
            String str2 = "sessionDataKey=" + URLEncoder.encode(authenticationContext.getCallerSessionKey(), FrameworkUtils.UTF_8);
            if (StringUtils.isNotEmpty(str)) {
                str2 = str2 + "&" + str;
            }
            httpServletResponse.sendRedirect(FrameworkUtils.appendQueryParamsStringToUrl(callerPath, str2));
        } catch (IOException e) {
            throw new FrameworkException(e.getMessage(), e);
        }
    }

    protected void handleAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws ApplicationAuthorizationException {
        AuthorizationHandler authorizationHandler = FrameworkUtils.getAuthorizationHandler();
        if (authorizationHandler == null) {
            log.warn("Authorization Handler is not set. Hence proceeding without authorization");
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Calling " + authorizationHandler.getClass().getName() + " to authorize the request");
        }
        if (authorizationHandler.isAuthorized(httpServletRequest, httpServletResponse, authenticationContext)) {
            return;
        }
        publishAuthenticationFailure(httpServletRequest, authenticationContext, authenticationContext.getSequenceConfig().getAuthenticatedUser());
        throw new ApplicationAuthorizationException("Authorization Failed");
    }

    protected boolean isPostAuthenticationExtensionCompleted(AuthenticationContext authenticationContext) {
        Object property = authenticationContext.getProperty(FrameworkConstants.POST_AUTHENTICATION_EXTENSION_COMPLETED);
        if (property == null || !(property instanceof Boolean)) {
            return false;
        }
        return ((Boolean) property).booleanValue();
    }
}
