package com.wso2.openbanking.accelerator.consent.extensions.ciba.authenticator;

import com.wso2.openbanking.accelerator.common.exception.ConsentManagementException;
import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.Generated;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.builder.ConsentStepsBuilder;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentData;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentPersistStep;
import com.wso2.openbanking.accelerator.consent.extensions.authorize.model.ConsentRetrievalStep;
import com.wso2.openbanking.accelerator.consent.extensions.ciba.model.CIBAAuthenticationEndpointErrorResponse;
import com.wso2.openbanking.accelerator.consent.extensions.common.AuthErrorCode;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentCache;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentException;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionExporter;
import com.wso2.openbanking.accelerator.consent.extensions.common.ConsentExtensionUtils;
import com.wso2.openbanking.accelerator.consent.extensions.common.ResponseStatus;
import com.wso2.openbanking.accelerator.identity.util.IdentityCommonUtil;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.minidev.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCacheKey;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.push.PushAuthenticator;
import org.wso2.carbon.identity.application.authenticator.push.common.impl.PushAuthContextManagerImpl;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.oauth.cache.SessionDataCache;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.oauth.cache.SessionDataCacheKey;
import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;

/* loaded from: input_file:com/wso2/openbanking/accelerator/consent/extensions/ciba/authenticator/CIBAPushAuthenticator.class */
public class CIBAPushAuthenticator extends PushAuthenticator {
    private static final long serialVersionUID = 6106269076155338045L;
    private static final Log log = LogFactory.getLog(CIBAPushAuthenticator.class);
    private static List<ConsentRetrievalStep> consentRetrievalSteps = null;
    private static List<ConsentPersistStep> consentPersistSteps = null;

    public CIBAPushAuthenticator() {
        initializeConsentSteps();
    }

    public String getFriendlyName() {
        return CIBAPushAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return CIBAPushAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public static synchronized void initializeConsentSteps() {
        if (consentRetrievalSteps != null && consentPersistSteps != null) {
            log.debug("Retrieval and persist steps are available");
            return;
        }
        ConsentStepsBuilder consentStepsBuilder = ConsentExtensionExporter.getConsentStepsBuilder();
        if (consentStepsBuilder != null) {
            consentRetrievalSteps = consentStepsBuilder.getConsentRetrievalSteps();
            consentPersistSteps = consentStepsBuilder.getConsentPersistSteps();
        }
        if (consentRetrievalSteps == null || consentRetrievalSteps.isEmpty()) {
            log.warn("Consent retrieval steps are null or empty");
        } else {
            log.info("Consent retrieval steps are not null or empty");
        }
        if (consentPersistSteps == null || consentPersistSteps.isEmpty()) {
            log.warn("Consent persist steps are null or empty");
        } else {
            log.info("Consent persist steps are not null or empty");
        }
    }

    protected void executeRetrieval(ConsentData consentData, JSONObject jSONObject) throws ConsentException {
        for (ConsentRetrievalStep consentRetrievalStep : consentRetrievalSteps) {
            if (log.isDebugEnabled()) {
                log.debug("Executing retrieval step " + consentRetrievalStep.getClass().toString());
            }
            consentRetrievalStep.execute(consentData, jSONObject);
        }
    }

    protected JSONObject retrieveConsent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ConsentException {
        OAuth2Parameters oAuth2Parameters = ConsentCache.getCacheEntryFromSessionDataKey(str).getoAuth2Parameters();
        try {
            URI uri = new URI(oAuth2Parameters.getRedirectURI());
            String clientId = oAuth2Parameters.getClientId();
            String state = oAuth2Parameters.getState();
            Map<String, Serializable> sensitiveDataWithConsentKey = ConsentExtensionUtils.getSensitiveDataWithConsentKey(str);
            if (!"false".equals(sensitiveDataWithConsentKey.get("isError"))) {
                log.error("Error while getting endpoint parameters. " + ((String) sensitiveDataWithConsentKey.get("isError")));
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, CIBAPushAuthenticatorConstants.ERROR_SERVER_ERROR, state);
            }
            String str2 = (String) sensitiveDataWithConsentKey.get("loggedInUser");
            String str3 = (String) sensitiveDataWithConsentKey.get("application");
            String str4 = (String) sensitiveDataWithConsentKey.get("spQueryParams");
            String str5 = (String) sensitiveDataWithConsentKey.get(CIBAPushAuthenticatorConstants.SCOPE);
            JSONObject jSONObject = new JSONObject();
            ConsentData createConsentData = createConsentData(str, str2, str4, str5, str3, httpServletRequest);
            createConsentData.setSensitiveDataMap(sensitiveDataWithConsentKey);
            createConsentData.setRedirectURI(uri);
            if (clientId == null) {
                log.error("Client Id not available");
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, CIBAPushAuthenticatorConstants.ERROR_SERVER_ERROR, state);
            }
            createConsentData.setClientId(clientId);
            createConsentData.setState(state);
            try {
                createConsentData.setRegulatory(Boolean.valueOf(IdentityCommonUtil.getRegulatoryFromSPMetaData(clientId)));
                executeRetrieval(createConsentData, jSONObject);
                if (createConsentData.getType() == null || createConsentData.getApplication() == null) {
                    log.error(CIBAPushAuthenticatorConstants.ERROR_NO_TYPE_AND_APP_DATA);
                    throw new ConsentException(createConsentData.getRedirectURI(), AuthErrorCode.SERVER_ERROR, CIBAPushAuthenticatorConstants.ERROR_SERVER_ERROR, state);
                }
                ConsentExtensionUtils.setCommonDataToResponse(createConsentData, jSONObject);
                try {
                    ConsentCache.addConsentDataToCache(str, createConsentData);
                    return jSONObject;
                } catch (ConsentManagementException e) {
                    log.error("Error while adding consent data to cache", e);
                    throw new ConsentException(createConsentData.getRedirectURI(), AuthErrorCode.SERVER_ERROR, CIBAPushAuthenticatorConstants.ERROR_SERVER_ERROR, state);
                }
            } catch (OpenBankingException e2) {
                log.error("Error while getting regulatory data", e2);
                throw new ConsentException(uri, AuthErrorCode.SERVER_ERROR, "Error while obtaining regulatory data", state);
            }
        } catch (URISyntaxException e3) {
            throw new ConsentException(ResponseStatus.INTERNAL_SERVER_ERROR, "Invalid redirect URI");
        }
    }

    @Generated(message = "This method is separated for unit testing purposes")
    protected ConsentData createConsentData(String str, String str2, String str3, String str4, String str5, HttpServletRequest httpServletRequest) {
        return new ConsentData(str, str2, str3, str4, str5, ConsentExtensionUtils.getHeaders(httpServletRequest));
    }

    protected AuthenticatedUser getAuthenticatedUser(HttpServletRequest httpServletRequest) {
        return AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(httpServletRequest.getParameter(CIBAPushAuthenticatorConstants.LOGIN_HINT));
    }

    @Generated(message = "This method is separated for unit testing purposes")
    protected AuthenticationContext getAutenticationContext(String str) {
        return new PushAuthContextManagerImpl().getContext(str);
    }

    protected Optional<String> getAdditionalInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AuthenticationFailedException {
        AuthenticationContext autenticationContext = getAutenticationContext(str);
        try {
            handlePreConsent(autenticationContext, splitQuery(FrameworkUtils.getQueryStringWithFrameworkContextId(autenticationContext.getQueryParams(), autenticationContext.getCallerSessionKey(), autenticationContext.getContextIdentifier())));
            SessionDataCacheKey cacheKey = ConsentCache.getCacheKey(str);
            SessionDataCacheEntry cacheEntryFromCacheKey = ConsentCache.getCacheEntryFromCacheKey(cacheKey);
            cacheEntryFromCacheKey.setLoggedInUser(autenticationContext.getSubject());
            SessionDataCache.getInstance().addToCache(cacheKey, cacheEntryFromCacheKey);
            AuthenticationContextCache.getInstance().addToCache(new AuthenticationContextCacheKey(str), new AuthenticationContextCacheEntry(autenticationContext));
            JSONObject retrieveConsent = retrieveConsent(httpServletRequest, httpServletResponse, str);
            String parameter = httpServletRequest.getParameter(CIBAPushAuthenticatorConstants.BINDING_MESSAGE);
            if (StringUtils.isNotEmpty(parameter)) {
                retrieveConsent.put(CIBAPushAuthenticatorConstants.BINDING_MESSAGE, parameter);
            }
            return Optional.ofNullable(retrieveConsent.toJSONString());
        } catch (UnsupportedEncodingException e) {
            throw new AuthenticationFailedException("Error occurred when processing the request object", e);
        }
    }

    protected void handlePreConsent(AuthenticationContext authenticationContext, Map<String, String> map) {
        ServiceProvider serviceProvider = authenticationContext.getSequenceConfig().getApplicationConfig().getServiceProvider();
        authenticationContext.addEndpointParam("loggedInUser", map.get(CIBAPushAuthenticatorConstants.LOGIN_HINT));
        authenticationContext.addEndpointParam(CIBAPushAuthenticatorConstants.USER_TENANT_DOMAIN, "@carbon.super");
        authenticationContext.addEndpointParam(CIBAPushAuthenticatorConstants.REQUEST, map.get(CIBAPushAuthenticatorConstants.REQUEST_OBJECT));
        authenticationContext.addEndpointParam(CIBAPushAuthenticatorConstants.SCOPE, map.get(CIBAPushAuthenticatorConstants.SCOPE));
        authenticationContext.addEndpointParam("application", serviceProvider.getApplicationName());
        authenticationContext.addEndpointParam(CIBAPushAuthenticatorConstants.CONSENT_PROMPTED, true);
        authenticationContext.addEndpointParam(CIBAPushAuthenticatorConstants.AUTH_REQ_ID, ((String[]) authenticationContext.getAuthenticationRequest().getRequestQueryParams().get(CIBAPushAuthenticatorConstants.NONCE))[0]);
    }

    protected Map<String, String> splitQuery(String str) throws UnsupportedEncodingException {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            int indexOf = str2.indexOf("=");
            hashMap.put(indexOf > 0 ? URLDecoder.decode(str2.substring(0, indexOf), "UTF-8") : str2, (indexOf <= 0 || str2.length() <= indexOf + 1) ? null : URLDecoder.decode(str2.substring(indexOf + 1), "UTF-8"));
        }
        return hashMap;
    }

    public static CIBAAuthenticationEndpointErrorResponse createErrorResponse(int i, String str, String str2) {
        CIBAAuthenticationEndpointErrorResponse cIBAAuthenticationEndpointErrorResponse = new CIBAAuthenticationEndpointErrorResponse();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(CIBAPushAuthenticatorConstants.ERROR_DESCRIPTION, str2);
        jSONObject.put(CIBAPushAuthenticatorConstants.ERROR, str);
        cIBAAuthenticationEndpointErrorResponse.setPayload(jSONObject);
        cIBAAuthenticationEndpointErrorResponse.setHttpStatusCode(i);
        return cIBAAuthenticationEndpointErrorResponse;
    }
}
