package org.wso2.carbon.identity.application.authenticator.backupcode.util;

import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.backupcode.constants.BackupCodeAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.backupcode.exception.BackupCodeException;
import org.wso2.carbon.identity.application.authenticator.backupcode.internal.BackupCodeDataHolder;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.governance.IdentityGovernanceException;
import org.wso2.carbon.identity.handler.event.account.lock.exception.AccountLockServiceException;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/backupcode/util/BackupCodeUtil.class */
public class BackupCodeUtil {
    private static final Log log = LogFactory.getLog(BackupCodeUtil.class);
    private static final String TOKEN_HASH_METHOD = "SHA-256";

    public static AuthenticatedUser getAuthenticatedUser(AuthenticationContext authenticationContext) {
        AuthenticatedUser authenticatedUser = null;
        Map stepMap = authenticationContext.getSequenceConfig().getStepMap();
        if (stepMap != null) {
            Iterator it = stepMap.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                StepConfig stepConfig = (StepConfig) it.next();
                AuthenticatedUser authenticatedUser2 = stepConfig.getAuthenticatedUser();
                if (stepConfig.isSubjectAttributeStep() && authenticatedUser2 != null) {
                    authenticatedUser = new AuthenticatedUser(stepConfig.getAuthenticatedUser());
                    break;
                }
            }
        }
        return authenticatedUser;
    }

    public static RealmService getRealmService() {
        return BackupCodeDataHolder.getRealmService();
    }

    public static UserRealm getUserRealm(String str) throws BackupCodeException {
        if (str == null) {
            return null;
        }
        try {
            UserRealm tenantUserRealm = getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(MultitenantUtils.getTenantDomain(str)));
            if (tenantUserRealm == null) {
                throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_REALM.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_REALM.getMessage(), new Object[0]));
            }
            return tenantUserRealm;
        } catch (UserStoreException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_ACCESS_USER_REALM.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_ACCESS_USER_REALM.getMessage(), str, e));
        }
    }

    public static UserStoreManager getUserStoreManagerOfUser(String str) throws BackupCodeException {
        try {
            return getUserRealm(str).getUserStoreManager();
        } catch (UserStoreException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_STORE_MANAGER.getCode(), String.format(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_THE_USER_STORE_MANAGER.getMessage(), str, e));
        }
    }

    public static String getMultiOptionURIQueryParam(HttpServletRequest httpServletRequest) {
        String str = "";
        if (httpServletRequest != null) {
            String parameter = httpServletRequest.getParameter("multiOptionURI");
            str = parameter != null ? "&multiOptionURI=" + Encode.forUriComponent(parameter) : "";
        }
        return str;
    }

    public static String getBackupCodeLoginPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String loginPageFromXMLFile = getLoginPageFromXMLFile(authenticationContext);
        return IdentityTenantUtil.isTenantQualifiedUrlsEnabled() ? getTenantQualifiedURL(loginPageFromXMLFile, BackupCodeAuthenticatorConstants.BACKUP_CODE_LOGIN_PAGE) : loginPageFromXMLFile;
    }

    public static String getLoginPageFromXMLFile(AuthenticationContext authenticationContext) {
        String str;
        Object obj = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if (!BackupCodeAuthenticatorConstants.SUPER_TENANT_DOMAIN.equals(tenantDomain)) {
            obj = authenticationContext.getProperty(BackupCodeAuthenticatorConstants.GET_PROPERTY_FROM_IDENTITY_CONFIG);
        }
        if ((obj != null || BackupCodeAuthenticatorConstants.SUPER_TENANT_DOMAIN.equals(tenantDomain)) && getBackupCodeParameters().containsKey(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ENDPOINT_URL)) {
            str = getBackupCodeParameters().get(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ENDPOINT_URL);
        } else if (authenticationContext.getProperty(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ENDPOINT_URL) != null) {
            str = String.valueOf(authenticationContext.getProperty(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ENDPOINT_URL));
        } else {
            str = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(BackupCodeAuthenticatorConstants.LOGIN_PAGE, BackupCodeAuthenticatorConstants.BACKUP_CODE_LOGIN_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default backup code login page: " + str + " is used.");
            }
        }
        return str;
    }

    private static String getTenantQualifiedURL(String str, String str2) throws AuthenticationFailedException {
        try {
            return StringUtils.isNotBlank(str) ? isURLRelative(str) ? buildTenantQualifiedURL(str) : str : buildTenantQualifiedURL(str2);
        } catch (URLBuilderException | URISyntaxException e) {
            throw new AuthenticationFailedException("Error while building tenant qualified URL for context: " + ((String) null), e);
        }
    }

    private static String buildTenantQualifiedURL(String str) throws URLBuilderException {
        return ServiceURLBuilder.create().addPath(new String[]{str}).build().getAbsolutePublicURL();
    }

    private static boolean isURLRelative(String str) throws URISyntaxException {
        return !new URI(str).isAbsolute();
    }

    private static Map<String, String> getBackupCodeParameters() {
        return FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATOR_NAME).getParameterMap();
    }

    public static String getBackupCodeErrorPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String errorPageFromXMLFile = getErrorPageFromXMLFile(authenticationContext);
        return IdentityTenantUtil.isTenantQualifiedUrlsEnabled() ? getTenantQualifiedURL(errorPageFromXMLFile, BackupCodeAuthenticatorConstants.ERROR_PAGE) : errorPageFromXMLFile;
    }

    public static String getErrorPageFromXMLFile(AuthenticationContext authenticationContext) {
        String str;
        Object obj = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if (!BackupCodeAuthenticatorConstants.SUPER_TENANT_DOMAIN.equals(tenantDomain)) {
            obj = authenticationContext.getProperty(BackupCodeAuthenticatorConstants.GET_PROPERTY_FROM_IDENTITY_CONFIG);
        }
        if ((obj != null || BackupCodeAuthenticatorConstants.SUPER_TENANT_DOMAIN.equals(tenantDomain)) && getBackupCodeParameters().containsKey(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ERROR_PAGE_URL)) {
            str = getBackupCodeParameters().get(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ERROR_PAGE_URL);
        } else if (authenticationContext.getProperty(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ERROR_PAGE_URL) != null) {
            str = String.valueOf(authenticationContext.getProperty(BackupCodeAuthenticatorConstants.BACKUP_CODE_AUTHENTICATION_ERROR_PAGE_URL));
        } else {
            str = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(BackupCodeAuthenticatorConstants.LOGIN_PAGE, BackupCodeAuthenticatorConstants.ERROR_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default error page: " + str + " is used.");
            }
        }
        return str;
    }

    public static boolean isLocalUser(AuthenticationContext authenticationContext) {
        Map stepMap = authenticationContext.getSequenceConfig().getStepMap();
        if (stepMap == null) {
            return false;
        }
        for (StepConfig stepConfig : stepMap.values()) {
            if (stepConfig.getAuthenticatedUser() != null && stepConfig.isSubjectAttributeStep() && StringUtils.equals(BackupCodeAuthenticatorConstants.LOCAL_AUTHENTICATOR, stepConfig.getAuthenticatedIdP())) {
                return true;
            }
        }
        return false;
    }

    public static boolean isAccountLocked(String str, String str2, String str3) throws AuthenticationFailedException {
        try {
            return BackupCodeDataHolder.getAccountLockService().isAccountLocked(str, str2, str3);
        } catch (AccountLockServiceException e) {
            throw new AuthenticationFailedException(String.format("Error while validating account lock status of user: %s.", str), e);
        }
    }

    public static List<String> generateBackupCodes(String str) throws BackupCodeException {
        int lengthOfBackupCode = getLengthOfBackupCode(str);
        int requiredNoOfBackupCodes = getRequiredNoOfBackupCodes(str);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < requiredNoOfBackupCodes; i++) {
            arrayList.add(generateBackupCode(lengthOfBackupCode));
        }
        return arrayList;
    }

    private static String generateBackupCode(int i) {
        char[] charArray = BackupCodeAuthenticatorConstants.BACKUP_CODE_NUMERIC_CHAR_SET.toCharArray();
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(charArray[secureRandom.nextInt(charArray.length)]);
        }
        return sb.toString();
    }

    private static int getLengthOfBackupCode(String str) throws BackupCodeException {
        int i = 6;
        String backupCodeAuthenticatorConfig = getBackupCodeAuthenticatorConfig(BackupCodeAuthenticatorConstants.LENGTH_OF_BACKUP_CODE, str);
        if (NumberUtils.isNumber(backupCodeAuthenticatorConfig)) {
            i = Integer.parseInt(backupCodeAuthenticatorConfig);
        }
        return i;
    }

    private static int getRequiredNoOfBackupCodes(String str) throws BackupCodeException {
        int i = 10;
        String backupCodeAuthenticatorConfig = getBackupCodeAuthenticatorConfig(BackupCodeAuthenticatorConstants.REQUIRED_NO_OF_BACKUP_CODES, str);
        if (NumberUtils.isNumber(backupCodeAuthenticatorConfig)) {
            i = Integer.parseInt(backupCodeAuthenticatorConfig);
        }
        return i;
    }

    public static String getBackupCodeAuthenticatorConfig(String str, String str2) throws BackupCodeException {
        try {
            return BackupCodeDataHolder.getIdentityGovernanceService().getConfiguration(new String[]{str}, str2)[0].getValue();
        } catch (IdentityGovernanceException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_CONFIG.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_GETTING_CONFIG.getMessage(), e);
        }
    }

    public static String generateHashBackupCode(String str) throws BackupCodeException {
        try {
            byte[] digest = MessageDigest.getInstance(TOKEN_HASH_METHOD).digest(str.getBytes(StandardCharsets.UTF_8));
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                sb.append(String.format("%02x", Byte.valueOf(b)));
            }
            return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            throw new BackupCodeException(BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_HASH_BACKUP_CODE.getCode(), BackupCodeAuthenticatorConstants.ErrorMessages.ERROR_HASH_BACKUP_CODE.getMessage(), e);
        }
    }
}
