package com.wso2.openbanking.accelerator.identity.app2app;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.util.JWTUtils;
import com.wso2.openbanking.accelerator.identity.app2app.exception.JWTValidationException;
import com.wso2.openbanking.accelerator.identity.app2app.model.DeviceVerificationToken;
import com.wso2.openbanking.accelerator.identity.app2app.utils.App2AppAuthUtils;
import java.text.ParseException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.DeviceHandler;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.exception.PushDeviceHandlerClientException;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.exception.PushDeviceHandlerServerException;
import org.wso2.carbon.identity.application.authenticator.push.device.handler.impl.DeviceHandlerImpl;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:com/wso2/openbanking/accelerator/identity/app2app/App2AppAuthenticator.class */
public class App2AppAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(App2AppAuthenticator.class);
    private static final long serialVersionUID = -5439464372188473141L;
    private static DeviceHandler deviceHandler;

    public App2AppAuthenticator() {
        if (deviceHandler == null) {
            deviceHandler = new DeviceHandlerImpl();
        }
    }

    public String getName() {
        return App2AppAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public String getFriendlyName() {
        return App2AppAuthenticatorConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    /* JADX WARN: Type inference failed for: r13v4, types: [java.lang.Throwable, com.wso2.openbanking.accelerator.identity.app2app.exception.JWTValidationException] */
    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        authenticationContext.setCurrentAuthenticator(App2AppAuthenticatorConstants.AUTHENTICATOR_NAME);
        String parameter = httpServletRequest.getParameter(App2AppAuthenticatorConstants.DEVICE_VERIFICATION_TOKEN_IDENTIFIER);
        String parameter2 = httpServletRequest.getParameter("request");
        try {
            DeviceVerificationToken deviceVerificationToken = new DeviceVerificationToken(JWTUtils.getSignedJWT(parameter));
            String loginHint = deviceVerificationToken.getLoginHint();
            String deviceId = deviceVerificationToken.getDeviceId();
            if (StringUtils.isBlank(loginHint) || StringUtils.isBlank(deviceId)) {
                if (log.isDebugEnabled()) {
                    log.debug(App2AppAuthenticatorConstants.REQUIRED_PARAMS_MISSING_MESSAGE);
                }
                throw new AuthenticationFailedException(App2AppAuthenticatorConstants.REQUIRED_PARAMS_MISSING_MESSAGE);
            }
            AuthenticatedUser authenticatedUserFromSubjectIdentifier = App2AppAuthUtils.getAuthenticatedUserFromSubjectIdentifier(loginHint);
            deviceVerificationToken.setPublicKey(getPublicKeyByDeviceID(deviceId, authenticatedUserFromSubjectIdentifier));
            deviceVerificationToken.setRequestObject(parameter2);
            authenticationContext.setSubject(authenticatedUserFromSubjectIdentifier);
            App2AppAuthUtils.validateToken(deviceVerificationToken);
            if (log.isDebugEnabled()) {
                log.debug(String.format(App2AppAuthenticatorConstants.USER_AUTHENTICATED_MSG, authenticatedUserFromSubjectIdentifier.getUserName()));
            }
        } catch (PushDeviceHandlerClientException e) {
            log.error(e.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.PUSH_DEVICE_HANDLER_CLIENT_EXCEPTION_MESSAGE, e);
        } catch (UserStoreException e2) {
            log.error(e2.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.USER_STORE_EXCEPTION_MESSAGE, e2);
        } catch (JWTValidationException e3) {
            log.error(e3.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.APP_AUTH_IDENTIFIER_VALIDATION_EXCEPTION_MESSAGE, (Throwable) e3);
        } catch (OpenBankingException e4) {
            log.error(e4.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.OPEN_BANKING_EXCEPTION_MESSAGE, e4);
        } catch (IllegalArgumentException e5) {
            log.error(e5.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.ILLEGAL_ARGUMENT_EXCEPTION_MESSAGE, e5);
        } catch (PushDeviceHandlerServerException e6) {
            log.error(e6.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.PUSH_DEVICE_HANDLER_SERVER_EXCEPTION_MESSAGE, e6);
        } catch (ParseException e7) {
            log.error(e7.getMessage());
            throw new AuthenticationFailedException(App2AppAuthenticatorConstants.PARSE_EXCEPTION_MESSAGE, e7);
        }
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotBlank(httpServletRequest.getParameter(App2AppAuthenticatorConstants.DEVICE_VERIFICATION_TOKEN_IDENTIFIER));
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(App2AppAuthenticatorConstants.SESSION_DATA_KEY);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        log.error(App2AppAuthenticatorConstants.INITIALIZATION_ERROR_MESSAGE);
        throw new AuthenticationFailedException(App2AppAuthenticatorConstants.DEVICE_VERIFICATION_TOKEN_MISSING_ERROR_MESSAGE);
    }

    private String getPublicKeyByDeviceID(String str, AuthenticatedUser authenticatedUser) throws UserStoreException, PushDeviceHandlerServerException, PushDeviceHandlerClientException, OpenBankingException {
        return App2AppAuthUtils.getPublicKey(str, App2AppAuthUtils.getUserIdFromUsername(authenticatedUser.getUserName(), App2AppAuthUtils.getUserRealm(authenticatedUser)), deviceHandler);
    }
}
