package com.wso2.openbanking.accelerator.consent.extensions.ciba.authenticator.weblink;

import com.nimbusds.jwt.SignedJWT;
import com.wso2.openbanking.accelerator.common.config.OpenBankingConfigParser;
import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.common.util.CarbonUtils;
import com.wso2.openbanking.accelerator.consent.extensions.authservlet.impl.util.Constants;
import com.wso2.openbanking.accelerator.consent.extensions.ciba.authenticator.CIBAPushAuthenticatorConstants;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionConstants;
import com.wso2.openbanking.accelerator.consent.extensions.internal.ConsentExtensionsDataHolder;
import com.wso2.openbanking.accelerator.consent.mgt.dao.models.AuthorizationResource;
import com.wso2.openbanking.accelerator.consent.mgt.service.ConsentCoreService;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.minidev.json.JSONObject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:com/wso2/openbanking/accelerator/consent/extensions/ciba/authenticator/weblink/CIBAWebLinkAuthenticator.class */
public class CIBAWebLinkAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(CIBAWebLinkAuthenticator.class);
    private static final ConsentCoreService consentCoreService = ConsentExtensionsDataHolder.getInstance().getConsentCoreService();
    private static final String AUTHORIZE_URL_PATH = "/oauth2/authorize?";

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        List<AuthenticatedUser> authenticatedUsers = getAuthenticatedUsers(httpServletRequest);
        for (AuthenticatedUser authenticatedUser : authenticatedUsers) {
            try {
                if (!FederatedAuthenticatorUtil.isUserExistInUserStore(authenticatedUser.getUserName())) {
                    log.error(String.format("User does not exist in the User store : %s", authenticatedUser.getUserName()));
                    throw new AuthenticationFailedException("User does not exist in the User store");
                }
            } catch (UserStoreException e) {
                log.error(String.format("Cannot find the user in User store : %s", authenticatedUser.getUserName()));
                throw new AuthenticationFailedException("Cannot find the user in User store", e);
            }
        }
        createAuthResourcesForUsers(authenticatedUsers, authenticationContext);
        HashMap hashMap = new HashMap();
        for (AuthenticatedUser authenticatedUser2 : authenticatedUsers) {
            hashMap.put(authenticatedUser2.getUserName(), generateWebAuthLink(authenticationContext, authenticatedUser2));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s no. of users has been resolved for web auth links", Integer.valueOf(authenticatedUsers.size())));
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            triggerNotificationEvent((String) entry.getKey(), (String) hashMap.get(entry.getKey()));
        }
    }

    protected void createAuthResourcesForUsers(List<AuthenticatedUser> list, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Optional map = Arrays.stream(authenticationContext.getQueryParams().split("&")).filter(str -> {
                return str.startsWith("request_object");
            }).findFirst().map(str2 -> {
                return str2.split("=")[1];
            });
            if (!map.isPresent()) {
                throw new AuthenticationFailedException("Could not extract request object from the request.");
            }
            String str3 = (String) ((JSONObject) ((JSONObject) ((JSONObject) SignedJWT.parse((String) map.get()).getJWTClaimsSet().getClaim("claims")).get(CIBAWebLinkAuthenticatorConstants.USER_INFO)).get("openbanking_intent_id")).get("value");
            List list2 = (List) list.stream().map((v0) -> {
                return v0.getUserName();
            }).map(str4 -> {
                return str4.endsWith("@carbon.super") ? str4 : str4 + "@carbon.super";
            }).collect(Collectors.toList());
            ArrayList searchAuthorizations = consentCoreService.searchAuthorizations(str3);
            if (searchAuthorizations.size() == 1 && ((AuthorizationResource) searchAuthorizations.get(0)).getAuthorizationStatus().equals(ConsentExtensionConstants.CREATED_STATUS)) {
                consentCoreService.updateAuthorizationUser(((AuthorizationResource) searchAuthorizations.get(0)).getAuthorizationID(), (String) list2.get(0));
                for (int i = 1; i < list2.size(); i++) {
                    consentCoreService.createConsentAuthorization(new AuthorizationResource(str3, (String) list2.get(i), ConsentExtensionConstants.CREATED_STATUS, "multi-authorization", System.currentTimeMillis()));
                }
            } else {
                if (searchAuthorizations.size() != list.size()) {
                    log.error("Authorisation resources partially exists for the given consent.");
                    throw new AuthenticationFailedException("Authorisation resources partially exists for the given consent.");
                }
                Iterator it = searchAuthorizations.iterator();
                while (it.hasNext()) {
                    if (!list2.contains(((AuthorizationResource) it.next()).getUserID())) {
                        log.error("No matching authorisation resources found for the given consent.");
                        throw new AuthenticationFailedException("No matching authorisation resources found for the given consent.");
                    }
                }
            }
        } catch (ConsentManagementException | ParseException e) {
            log.error("Error occurred while persisting authorisation resources", e);
            throw new AuthenticationFailedException("Error occurred while persisting authorisation resources", e);
        }
    }

    protected void triggerNotificationEvent(String str, String str2) throws AuthenticationFailedException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("ciba_web_auth_link", str2);
        try {
            ConsentExtensionsDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(CIBAWebLinkAuthenticatorConstants.NOTIFICATION_TRIGGER_EVENT, hashMap));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while calling triggerNotificationEvent", e);
        }
    }

    protected List<AuthenticatedUser> getAuthenticatedUsers(HttpServletRequest httpServletRequest) {
        return (List) Arrays.stream(httpServletRequest.getParameter(CIBAPushAuthenticatorConstants.LOGIN_HINT).split(Constants.CLAIM_SEPARATOR)).map((v0) -> {
            return v0.trim();
        }).map(AuthenticatedUser::createLocalAuthenticatedUserFromSubjectIdentifier).collect(Collectors.toList());
    }

    protected String generateWebAuthLink(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        List cibaWebLinkAllowedParams = OpenBankingConfigParser.getInstance().getCibaWebLinkAllowedParams();
        List list = (List) Arrays.stream(authenticationContext.getQueryParams().split("&")).filter(str -> {
            Iterator it = cibaWebLinkAllowedParams.iterator();
            while (it.hasNext()) {
                if (str.startsWith((String) it.next())) {
                    return true;
                }
            }
            return false;
        }).collect(Collectors.toList());
        list.add("request=" + ((String) ((List) Arrays.stream(authenticationContext.getQueryParams().split("&")).filter(str2 -> {
            return str2.startsWith("request_object");
        }).collect(Collectors.toList())).get(0)).split("=")[1]);
        list.add("ciba_web_auth_link=true");
        list.add("login_hint=" + authenticatedUser.getUserName());
        StringBuilder sb = new StringBuilder();
        sb.append(CarbonUtils.getCarbonServerUrl()).append(AUTHORIZE_URL_PATH);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next()).append("&");
        }
        if (log.isDebugEnabled()) {
            log.debug(sb.toString());
        }
        return sb.toString();
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return false;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getName() {
        return CIBAWebLinkAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public String getFriendlyName() {
        return CIBAWebLinkAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }
}
