package com.wso2.openbanking.accelerator.ciba.authentication.endpoint.impl.api;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.wso2.openbanking.accelerator.ciba.authentication.endpoint.impl.api.CIBAAuthenticationEndpointConstants;
import com.wso2.openbanking.accelerator.ciba.authentication.endpoint.impl.exception.CIBAAuthenticationEndpointException;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.CarbonUtils;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.builder.ConsentStepsBuilder;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentData;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentPersistData;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentPersistStep;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentRetrievalStep;
import com.wso2.openbanking.accelerator.consent.extensions.ciba.authenticator.CIBAPushAuthenticator;
import com.wso2.openbanking.accelerator.consent.extensions.ciba.model.CIBAAuthenticationEndpointErrorResponse;
import com.wso2.openbanking.accelerator.consent.extensions.ciba.model.CIBAAuthenticationEndpointInterface;
import com.wso2.openbanking.accelerator.consent.extensions.common.AuthErrorCode;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentCache;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionExporter;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.identity.util.HTTPClientUtils;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import net.minidev.json.parser.ParseException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.util.EntityUtils;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.push.common.PushJWTValidator;
import org.wso2.carbon.identity.application.authenticator.push.common.exception.PushAuthTokenValidationException;
import org.wso2.carbon.identity.application.authenticator.push.common.impl.PushAuthContextManagerImpl;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.exception.PushDeviceHandlerClientException;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.exception.PushDeviceHandlerServerException;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.impl.DeviceHandlerImpl;
import org.wso2.carbon.identity.application.authenticator.push.dto.AuthDataDTO;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth.ciba.common.AuthReqStatus;
import org.wso2.carbon.identity.oauth.ciba.dao.CibaDAOFactory;
import org.wso2.carbon.identity.oauth.ciba.exceptions.CibaCoreException;

@Path("/")
/* loaded from: input_file:WEB-INF/classes/com/wso2/openbanking/accelerator/ciba/authentication/endpoint/impl/api/CIBAAuthenticationEndpoint.class */
public class CIBAAuthenticationEndpoint {
    private static CIBAAuthenticationEndpointInterface cibaAuthenticationEndpointInterfaceTK;
    private static final Log log = LogFactory.getLog(CIBAAuthenticationEndpoint.class);
    private static List<ConsentPersistStep> consentPersistSteps = null;
    private static List<ConsentRetrievalStep> consentRetrievalSteps = null;

    public CIBAAuthenticationEndpoint() {
        initializeConsentSteps();
    }

    @Path("/push-auth/authenticate")
    @SuppressFBWarnings({"JAXRS_ENDPOINT"})
    @Consumes({"application/json; charset=utf-8"})
    @POST
    @Produces({"application/json; charset=utf-8"})
    public Response handleCIBAAuthenticationRequest(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context UriInfo uriInfo) {
        try {
            log.info("CIBA authentication call received");
            handleMobileResponse(httpServletRequest, httpServletResponse);
            return Response.status(202).build();
        } catch (CIBAAuthenticationEndpointException e) {
            CIBAAuthenticationEndpointErrorResponse createErrorResponse = CIBAPushAuthenticator.createErrorResponse(e.getHttpStatusCode(), e.getErrorCode(), e.getErrorDescription());
            return Response.status(createErrorResponse.getHttpStatusCode() != 0 ? createErrorResponse.getHttpStatusCode() : e.getHttpStatusCode()).entity(createErrorResponse.getPayload()).build();
        }
    }

    @GET
    @Path("/push-auth/discovery-data")
    @SuppressFBWarnings({"JAXRS_ENDPOINT"})
    @Produces({"application/json; charset=utf-8"})
    public Response handleDiscoveryRequest(@Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @Context HttpHeaders httpHeaders) {
        try {
            log.info("CIBA discovery call received");
            return Response.status(202).entity(handleDiscovery(httpServletRequest, httpServletResponse, httpHeaders)).build();
        } catch (CIBAAuthenticationEndpointException e) {
            CIBAAuthenticationEndpointErrorResponse createErrorResponse = CIBAPushAuthenticator.createErrorResponse(e.getHttpStatusCode(), e.getErrorCode(), e.getErrorDescription());
            return Response.status(createErrorResponse.getHttpStatusCode() != 0 ? createErrorResponse.getHttpStatusCode() : e.getHttpStatusCode()).entity(createErrorResponse.getPayload()).build();
        }
    }

    @SuppressFBWarnings({"HTTP_PARAMETER_POLLUTION"})
    private JSONObject handleDiscovery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpHeaders httpHeaders) throws CIBAAuthenticationEndpointException {
        List requestHeader = httpHeaders.getRequestHeader(CIBAAuthenticationEndpointConstants.AUTH_HEADER_NAME);
        String str = null;
        if (requestHeader.size() != 0) {
            str = (String) requestHeader.get(0);
        }
        HttpGet httpGet = new HttpGet(CarbonUtils.getCarbonServerUrl() + CIBAAuthenticationEndpointConstants.DEVICE_REGISTRATION_URL);
        httpGet.setHeader(CIBAAuthenticationEndpointConstants.AUTH_HEADER_NAME, str);
        JSONObject sendRequest = sendRequest(httpGet);
        sendRequest.put(CIBAAuthenticationEndpointConstants.AUTHENTICATION_ENDPOINT, CIBAAuthenticationEndpointConstants.AUTHENTICATION_ENDPOINT_URL_PREFIX + sendRequest.getAsString(CIBAAuthenticationEndpointConstants.AUTHENTICATION_ENDPOINT));
        return sendRequest;
    }

    public JSONObject sendRequest(HttpUriRequest httpUriRequest) throws CIBAAuthenticationEndpointException {
        CloseableHttpResponse execute;
        String str = null;
        try {
            execute = HTTPClientUtils.getHttpsClient().execute(httpUriRequest);
            str = EntityUtils.toString(execute.getEntity());
        } catch (IOException e) {
            log.error("Exception occurred while reading request. Caused by, ", e);
        } catch (OpenBankingException e2) {
            log.error("Exception occurred while generating http client. Caused by, ", e2);
        }
        if (execute.getStatusLine().getStatusCode() / 100 != 2) {
            if (execute.getStatusLine().getStatusCode() == 401) {
                log.debug("Received unauthorized(401) response. body: " + str);
                throw new CIBAAuthenticationEndpointException(401, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_UNAUTHORIZED.getMessage(), "Received unauthorized Response: " + str);
            }
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SERVER_ERROR.getMessage(), "Unexpected response received for the request. path: " + httpUriRequest.getURI() + " response:" + str);
        }
        try {
            Object parse = new JSONParser(-1).parse(str);
            if (parse instanceof JSONObject) {
                return (JSONObject) parse;
            }
            log.error("Discovery call response is not a JSON object");
            throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST.getMessage(), "Discovery call response is not a JSON object");
        } catch (ParseException e3) {
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SERVER_ERROR.getMessage(), "Unable to parse the response", e3);
        }
    }

    private static synchronized void initializeConsentSteps() {
        if (consentRetrievalSteps != null && consentPersistSteps != null) {
            log.debug("Retrieval and persist steps are available");
            return;
        }
        ConsentStepsBuilder consentStepsBuilder = ConsentExtensionExporter.getConsentStepsBuilder();
        if (consentStepsBuilder != null) {
            consentRetrievalSteps = consentStepsBuilder.getConsentRetrievalSteps();
            consentPersistSteps = consentStepsBuilder.getConsentPersistSteps();
        }
        if (consentRetrievalSteps == null || consentRetrievalSteps.isEmpty()) {
            log.warn("Consent retrieval steps are null or empty");
        } else {
            log.info("Consent retrieval steps are not null or empty");
        }
        if (consentPersistSteps == null || consentPersistSteps.isEmpty()) {
            log.warn("Consent persist steps are null or empty");
        } else {
            log.info("Consent persist steps are not null or empty");
        }
    }

    private static void persistConsent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, JSONObject jSONObject) throws ConsentException {
        ConsentData consentDataFromCache = ConsentCache.getConsentDataFromCache(str);
        if (consentDataFromCache == null) {
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Unable to get consent data");
        }
        if (jSONObject == null) {
            throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, "Payload unavailable", consentDataFromCache.getState());
        }
        if (!jSONObject.containsKey(CIBAAuthenticationEndpointConstants.APPROVAL)) {
            throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.SERVER_ERROR, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_PERSIST_APPROVAL_MANDATORY.getMessage(), consentDataFromCache.getState());
        }
        try {
            boolean booleanValue = jSONObject.get(CIBAAuthenticationEndpointConstants.APPROVAL) instanceof Boolean ? ((Boolean) jSONObject.get(CIBAAuthenticationEndpointConstants.APPROVAL)).booleanValue() : Boolean.parseBoolean((String) jSONObject.get(CIBAAuthenticationEndpointConstants.APPROVAL));
            executePersistence(new ConsentPersistData(jSONObject, ConsentExtensionUtils.getHeaders(httpServletRequest), booleanValue, consentDataFromCache));
            if (!booleanValue) {
                throw new ConsentException(consentDataFromCache.getRedirectURI(), AuthErrorCode.ACCESS_DENIED, "User denied the consent", consentDataFromCache.getState());
            }
        } catch (ClassCastException e) {
            log.error("Error while processing consent persistence authorize", e);
            throw new ConsentException(ResponseStatus.BAD_REQUEST, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_PERSIST_INVALID_AUTHORIZE.getMessage());
        }
    }

    private static void executePersistence(ConsentPersistData consentPersistData) throws ConsentException {
        for (ConsentPersistStep consentPersistStep : consentPersistSteps) {
            if (log.isDebugEnabled()) {
                log.debug("Executing persistence step " + consentPersistStep.getClass().toString());
            }
            consentPersistStep.execute(consentPersistData);
        }
    }

    public static void handleMobileResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws CIBAAuthenticationEndpointException {
        setCIBAExtension();
        try {
            String iOUtils = IOUtils.toString(httpServletRequest.getInputStream());
            if (log.isDebugEnabled()) {
                log.debug("CIBA authenticate call from mobile received: " + iOUtils);
            }
            try {
                Object parse = new JSONParser(-1).parse(iOUtils);
                if (!(parse instanceof JSONObject)) {
                    log.error("response is not a JSON object");
                    throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST.getMessage(), "response is not a JSON object");
                }
                String asString = ((JSONObject) parse).getAsString(CIBAAuthenticationEndpointConstants.AUTH_RESPONSE);
                if (StringUtils.isEmpty(asString)) {
                    if (log.isDebugEnabled()) {
                        log.debug(CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_AUTH_RESPONSE_TOKEN_NOT_FOUND);
                    }
                    throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_AUTH_RESPONSE_TOKEN_NOT_FOUND.getCode(), CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_AUTH_RESPONSE_TOKEN_NOT_FOUND.getMessage());
                }
                String deviceIdFromToken = getDeviceIdFromToken(asString);
                String sessionDataKeyFromToken = getSessionDataKeyFromToken(asString, deviceIdFromToken);
                if (StringUtils.isEmpty(sessionDataKeyFromToken)) {
                    String str = CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SESSION_DATA_KEY_NOT_FOUND + deviceIdFromToken;
                    if (log.isDebugEnabled()) {
                        log.debug(str);
                    }
                    throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SESSION_DATA_KEY_NOT_FOUND.getCode(), str);
                }
                addToContext(sessionDataKeyFromToken, asString);
                try {
                    processAuthenticationRequest(httpServletRequest, httpServletResponse, sessionDataKeyFromToken);
                    httpServletResponse.setStatus(202);
                    log.info("Completed processing authentication request from mobile app for session data key " + sessionDataKeyFromToken);
                } catch (AuthenticationFailedException e) {
                    throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST.getMessage(), "Authentication Failed", e);
                }
            } catch (ParseException e2) {
                throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SERVER_ERROR.getMessage(), "Unable to parse the response", e2);
            }
        } catch (IOException e3) {
            throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST.getMessage(), "Error in reading the request", e3);
        }
    }

    private static void setCIBAExtension() {
        try {
            cibaAuthenticationEndpointInterfaceTK = (CIBAAuthenticationEndpointInterface) Class.forName(OpenBankingConfigParser.getInstance().getCibaServletExtension()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            log.error("CIBA Webapp extension not found", e);
        }
    }

    protected static void processAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticationFailedException, CIBAAuthenticationEndpointException {
        boolean z;
        AuthenticatedUser loggedInUser = ConsentCache.getCacheEntryFromSessionDataKey(str).getLoggedInUser();
        PushAuthContextManagerImpl pushAuthContextManagerImpl = new PushAuthContextManagerImpl();
        AuthDataDTO authDataDTO = (AuthDataDTO) pushAuthContextManagerImpl.getContext(str).getProperty(CIBAAuthenticationEndpointConstants.CONTEXT_AUTH_DATA);
        String authToken = authDataDTO.getAuthToken();
        String challenge = authDataDTO.getChallenge();
        String deviceIdFromToken = getDeviceIdFromToken(authToken);
        String publicKey = getPublicKey(deviceIdFromToken);
        PushJWTValidator pushJWTValidator = new PushJWTValidator();
        try {
            JWTClaimsSet validatedClaimSet = pushJWTValidator.getValidatedClaimSet(authToken, publicKey);
            if (validatedClaimSet == null) {
                throw new AuthenticationFailedException(String.format("Authentication failed! JWT signature is not valid for device: %s of user: %s.", deviceIdFromToken, loggedInUser));
            }
            if (!pushJWTValidator.validateChallenge(validatedClaimSet, challenge, deviceIdFromToken)) {
                throw new AuthenticationFailedException(String.format("Authentication failed! JWT challenge validation for device: %s of user: %s.", deviceIdFromToken, loggedInUser));
            }
            try {
                String claimFromClaimSet = pushJWTValidator.getClaimFromClaimSet(validatedClaimSet, CIBAAuthenticationEndpointConstants.TOKEN_RESPONSE, deviceIdFromToken);
                Object parse = new JSONParser(-1).parse(pushJWTValidator.getClaimFromClaimSet(validatedClaimSet, CIBAAuthenticationEndpointConstants.METADATA, deviceIdFromToken));
                if (!(parse instanceof JSONObject)) {
                    log.error("metadata is not a JSON object");
                    throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "metadata is not a JSON object");
                }
                JSONArray jSONArray = (JSONArray) ((JSONObject) parse).get(CIBAAuthenticationEndpointConstants.METADATA_ACCOUNT_IDS);
                if (claimFromClaimSet.equals(CIBAAuthenticationEndpointConstants.AUTH_REQUEST_STATUS_SUCCESS)) {
                    z = true;
                } else {
                    if (!claimFromClaimSet.equals(CIBAAuthenticationEndpointConstants.AUTH_REQUEST_STATUS_DENIED)) {
                        log.error("Invalid authorization status :" + claimFromClaimSet);
                        throw new AuthenticationFailedException("Authentication failed! Incorrect auth status " + claimFromClaimSet + " for user " + loggedInUser.toFullQualifiedUsername());
                    }
                    z = false;
                }
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(CIBAAuthenticationEndpointConstants.APPROVAL, Boolean.valueOf(z));
                jSONObject.put(CIBAAuthenticationEndpointConstants.AUTHORIZE, false);
                jSONObject.put(CIBAAuthenticationEndpointConstants.ACCOUNT_IDS, jSONArray);
                if (cibaAuthenticationEndpointInterfaceTK != null) {
                    jSONObject = cibaAuthenticationEndpointInterfaceTK.updateConsentData(jSONObject);
                }
                persistConsent(httpServletRequest, httpServletResponse, str, jSONObject);
                persistAuthorization(str, claimFromClaimSet);
                try {
                    pushAuthContextManagerImpl.clearContext(pushJWTValidator.getClaimFromClaimSet(validatedClaimSet, CIBAAuthenticationEndpointConstants.TOKEN_SESSION_DATA_KEY, deviceIdFromToken));
                } catch (PushAuthTokenValidationException e) {
                    throw new AuthenticationFailedException("Error in getting claim sid from the auth response token received from device: " + deviceIdFromToken, e);
                }
            } catch (PushAuthTokenValidationException | ParseException e2) {
                throw new AuthenticationFailedException("Error in getting claims from the auth response token received from device: " + deviceIdFromToken, e2);
            }
        } catch (PushAuthTokenValidationException e3) {
            throw new AuthenticationFailedException(String.format("Error occurred when trying to validate the JWT signature from device: %s of user: %s.", deviceIdFromToken, loggedInUser.toFullQualifiedUsername()), e3);
        }
    }

    public static void persistAuthorization(String str, String str2) throws CIBAAuthenticationEndpointException {
        SessionDataCacheEntry cacheEntryFromSessionDataKey = ConsentCache.getCacheEntryFromSessionDataKey(str);
        if (cacheEntryFromSessionDataKey != null) {
            AuthenticatedUser loggedInUser = cacheEntryFromSessionDataKey.getLoggedInUser();
            String nonce = cacheEntryFromSessionDataKey.getoAuth2Parameters().getNonce();
            try {
                if (CIBAAuthenticationEndpointConstants.AUTH_REQUEST_STATUS_SUCCESS.equals(str2)) {
                    CibaDAOFactory.getInstance().getCibaAuthMgtDAO().persistAuthenticationSuccess(CibaDAOFactory.getInstance().getCibaAuthMgtDAO().getCibaAuthCodeKey(nonce), loggedInUser);
                } else {
                    if (!CIBAAuthenticationEndpointConstants.AUTH_REQUEST_STATUS_DENIED.equals(str2)) {
                        throw new CIBAAuthenticationEndpointException(400, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_BAD_REQUEST.getMessage(), "Invalid authorization status: " + str2);
                    }
                    CibaDAOFactory.getInstance().getCibaAuthMgtDAO().updateStatus(CibaDAOFactory.getInstance().getCibaAuthMgtDAO().getCibaAuthCodeKey(nonce), AuthReqStatus.FAILED);
                }
            } catch (CibaCoreException e) {
                throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_SERVER_ERROR.getMessage(), "Error while persisting CIBA auth status for session data key " + str, e);
            }
        }
    }

    protected static String getDeviceIdFromToken(String str) throws CIBAAuthenticationEndpointException {
        try {
            return String.valueOf(JWTParser.parse(str).getHeader().getCustomParam(CIBAAuthenticationEndpointConstants.TOKEN_DEVICE_ID));
        } catch (java.text.ParseException e) {
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_GET_DEVICE_ID_FAILED.getCode(), CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_GET_DEVICE_ID_FAILED.getMessage(), e);
        }
    }

    private static String getSessionDataKeyFromToken(String str, String str2) throws CIBAAuthenticationEndpointException {
        try {
            return new PushJWTValidator().getValidatedClaimSet(str, new DeviceHandlerImpl().getPublicKey(str2)).getStringClaim(CIBAAuthenticationEndpointConstants.TOKEN_SESSION_DATA_KEY);
        } catch (PushDeviceHandlerServerException | PushDeviceHandlerClientException e) {
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_GET_PUBLIC_KEY_FAILED.getCode(), CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_GET_PUBLIC_KEY_FAILED.toString() + str2, e);
        } catch (PushAuthTokenValidationException e2) {
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_TOKEN_VALIDATION_FAILED.getCode(), CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_TOKEN_VALIDATION_FAILED.toString() + str2, e2);
        } catch (java.text.ParseException e3) {
            throw new CIBAAuthenticationEndpointException(500, CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_PARSE_JWT_FAILED.getCode(), CIBAAuthenticationEndpointConstants.ErrorMessages.ERROR_CODE_PARSE_JWT_FAILED.getMessage(), e3);
        }
    }

    private static void addToContext(String str, String str2) {
        PushAuthContextManagerImpl pushAuthContextManagerImpl = new PushAuthContextManagerImpl();
        AuthenticationContext context = pushAuthContextManagerImpl.getContext(str);
        AuthDataDTO authDataDTO = (AuthDataDTO) context.getProperty(CIBAAuthenticationEndpointConstants.CONTEXT_AUTH_DATA);
        authDataDTO.setAuthToken(str2);
        context.setProperty(CIBAAuthenticationEndpointConstants.CONTEXT_AUTH_DATA, authDataDTO);
        pushAuthContextManagerImpl.storeContext(str, context);
    }

    protected static String getPublicKey(String str) throws AuthenticationFailedException {
        try {
            return new DeviceHandlerImpl().getPublicKey(str);
        } catch (PushDeviceHandlerServerException | PushDeviceHandlerClientException e) {
            throw new AuthenticationFailedException("Error occurred when trying to get the public key for device: " + str + ".");
        }
    }
}
