package org.wso2.carbon.identity.authenticator.smsotp;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.HttpsURLConnection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.extension.identity.helper.util.IdentityHelperUtil;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.authenticator.smsotp.SMSOTPConstants;
import org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException;
import org.wso2.carbon.identity.authenticator.smsotp.internal.SMSOTPServiceDataHolder;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.class */
public class SMSOTPAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(SMSOTPAuthenticator.class);
    private static final String TRIGGER_SMS_NOTIFICATION = "TRIGGER_SMS_NOTIFICATION";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isDebugEnabled()) {
            log.debug("Inside SMSOTPAuthenticator canHandle method and check the existence of mobile number and otp code");
        }
        return (StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.RESEND)) && StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) || StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE)) || StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER));
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER))) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (!StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) {
            return super.process(httpServletRequest, httpServletResponse, authenticationContext);
        }
        initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
        return authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATION).equals("SMSOTP") ? AuthenticatorFlowStatus.INCOMPLETE : AuthenticatorFlowStatus.SUCCESS_COMPLETED;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            String tenantDomain = authenticationContext.getTenantDomain();
            authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, "SMSOTP");
            if (!tenantDomain.equals(SMSOTPConstants.SUPER_TENANT)) {
                IdentityHelperUtil.loadApplicationAuthenticationXMLFromRegistry(authenticationContext, getName(), tenantDomain);
            }
            FederatedAuthenticatorUtil.setUsernameFromFirstStep(authenticationContext);
            String valueOf = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME));
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
            if (authenticatedUser == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed: Could not find the authenticated user. ");
                }
                throw new AuthenticationFailedException("Authentication failed: Cannot proceed further without identifying the user. ");
            }
            boolean isSMSOTPMandatory = SMSOTPUtils.isSMSOTPMandatory(authenticationContext);
            boolean isUserExistInUserStore = FederatedAuthenticatorUtil.isUserExistInUserStore(valueOf);
            String queryStringWithFrameworkContextId = FrameworkUtils.getQueryStringWithFrameworkContextId(authenticationContext.getQueryParams(), authenticationContext.getCallerSessionKey(), authenticationContext.getContextIdentifier());
            String errorPage = getErrorPage(authenticationContext);
            if (isSMSOTPMandatory) {
                if (log.isDebugEnabled()) {
                    log.debug("SMS OTP is mandatory. Hence processing in mandatory path");
                }
                processSMSOTPMandatoryCase(authenticationContext, httpServletRequest, httpServletResponse, queryStringWithFrameworkContextId, valueOf, isUserExistInUserStore);
            } else if (!isUserExistInUserStore || SMSOTPUtils.isSMSOTPDisableForLocalUser(valueOf, authenticationContext)) {
                processFirstStepOnly(authenticatedUser, authenticationContext);
            } else if (!authenticationContext.isRetrying() || Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
                String mobileNumber = getMobileNumber(httpServletRequest, httpServletResponse, authenticationContext, valueOf, tenantDomain, queryStringWithFrameworkContextId);
                if (StringUtils.isNotEmpty(mobileNumber)) {
                    proceedWithOTP(httpServletResponse, authenticationContext, errorPage, mobileNumber, queryStringWithFrameworkContextId, valueOf);
                }
            } else {
                checkStatusCode(httpServletResponse, authenticationContext, queryStringWithFrameworkContextId, errorPage);
            }
        } catch (SMSOTPException e) {
            throw new AuthenticationFailedException("Failed to get the parameters from authentication xml file. ", e);
        } catch (UserStoreException e2) {
            throw new AuthenticationFailedException("Failed to get the user from User Store. ", e2);
        }
    }

    private String getMobileNumber(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3) throws AuthenticationFailedException, SMSOTPException {
        String mobileNumberForUsername = SMSOTPUtils.getMobileNumberForUsername(str);
        if (StringUtils.isEmpty(mobileNumberForUsername)) {
            if (httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER) == null) {
                if (log.isDebugEnabled()) {
                    log.debug("User has not registered a mobile number: " + str);
                }
                redirectToMobileNoReqPage(httpServletResponse, authenticationContext, str3);
            } else {
                updateMobileNumberForUsername(authenticationContext, httpServletRequest, str, str2);
                mobileNumberForUsername = SMSOTPUtils.getMobileNumberForUsername(str);
            }
        }
        return mobileNumberForUsername;
    }

    private String getLoginPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String loginPageFromXMLFile = SMSOTPUtils.getLoginPageFromXMLFile(authenticationContext);
        if (StringUtils.isEmpty(loginPageFromXMLFile)) {
            loginPageFromXMLFile = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.SMS_LOGIN_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default authentication endpoint context is used");
            }
        }
        return loginPageFromXMLFile;
    }

    private String getErrorPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String errorPageFromXMLFile = SMSOTPUtils.getErrorPageFromXMLFile(authenticationContext);
        if (StringUtils.isEmpty(errorPageFromXMLFile)) {
            errorPageFromXMLFile = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.ERROR_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default authentication endpoint context is used");
            }
        }
        return errorPageFromXMLFile;
    }

    private String getURL(String str, String str2) {
        return StringUtils.isNotEmpty(str2) ? str + "?" + str2 + "&" + SMSOTPConstants.NAME_OF_AUTHENTICATORS + getName() : str + "?" + SMSOTPConstants.NAME_OF_AUTHENTICATORS + getName();
    }

    private void redirectToErrorPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws AuthenticationFailedException {
        try {
            httpServletResponse.sendRedirect(getURL(getErrorPage(authenticationContext), str) + str2);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Exception occurred while redirecting to errorPage. ", e);
        }
    }

    private void processFirstStepOnly(AuthenticatedUser authenticatedUser, AuthenticationContext authenticationContext) {
        if (log.isDebugEnabled()) {
            log.debug("Processing First step only. Skipping SMSOTP");
        }
        if (((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
            if (log.isDebugEnabled()) {
                log.debug("Found local authenticator in previous step. Hence setting a local user");
            }
            FederatedAuthenticatorUtil.updateLocalAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
            authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.BASIC);
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Found federated authenticator in previous step. Hence setting a local user");
        }
        FederatedAuthenticatorUtil.updateAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
        authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.FEDERETOR);
    }

    private void updateMobileNumberForUsername(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, String str, String str2) throws SMSOTPException, AuthenticationFailedException {
        if (str == null || authenticationContext.isRetrying()) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Updating mobile number for user : " + str);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(SMSOTPConstants.MOBILE_CLAIM, httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER));
        SMSOTPUtils.updateUserAttribute(MultitenantUtils.getTenantAwareUsername(str), hashMap, str2);
    }

    private void processSMSOTPMandatoryCase(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticationFailedException, SMSOTPException {
        String tenantDomain = authenticationContext.getTenantDomain();
        String errorPage = getErrorPage(authenticationContext);
        if (!authenticationContext.isRetrying() || Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
            processSMSOTPFlow(authenticationContext, httpServletRequest, httpServletResponse, z, str2, str, tenantDomain, errorPage);
        } else {
            checkStatusCode(httpServletResponse, authenticationContext, str, errorPage);
        }
    }

    private void proceedOTPWithFederatedMobileNumber(AuthenticationContext authenticationContext, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticationFailedException {
        try {
            String str3 = null;
            String name = ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getName();
            String name2 = ((AuthenticatorConfig) ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()))).getAuthenticatorList().iterator().next()).getName();
            if (z) {
                String federatedMobileAttributeKey = getFederatedMobileAttributeKey(authenticationContext, name);
                if (StringUtils.isEmpty(federatedMobileAttributeKey)) {
                    federatedMobileAttributeKey = getFederatedMobileAttributeKey(authenticationContext, name2);
                }
                Iterator it = ((AuthenticatedIdPData) authenticationContext.getCurrentAuthenticatedIdPs().values().iterator().next()).getUser().getUserAttributes().entrySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Map.Entry entry = (Map.Entry) it.next();
                    String valueOf = String.valueOf(((ClaimMapping) entry.getKey()).getLocalClaim().getClaimUri());
                    String str4 = (String) entry.getValue();
                    if (valueOf.equals(federatedMobileAttributeKey)) {
                        str3 = String.valueOf(str4);
                        proceedWithOTP(httpServletResponse, authenticationContext, getErrorPage(authenticationContext), str3, str2, str);
                        break;
                    }
                }
                if (StringUtils.isEmpty(str3)) {
                    if (log.isDebugEnabled()) {
                        log.debug("There is no mobile claim to send otp ");
                    }
                    throw new AuthenticationFailedException("There is no mobile claim to send otp");
                }
            } else {
                redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.SEND_OTP_DIRECTLY_DISABLE);
            }
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException(" Failed to process SMSOTP flow ", e);
        }
    }

    private String getFederatedMobileAttributeKey(AuthenticationContext authenticationContext, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if (authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(SMSOTPConstants.SUPER_TENANT)) {
            Map authenticatorConfig = FederatedAuthenticatorUtil.getAuthenticatorConfig(str);
            if (authenticatorConfig != null) {
                str2 = (String) authenticatorConfig.get(SMSOTPConstants.FEDERATED_MOBILE_ATTRIBUTE_KEY);
            }
        } else {
            str2 = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.FEDERATED_MOBILE_ATTRIBUTE_KEY));
        }
        return str2;
    }

    private void processSMSOTPFlow(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str, String str2, String str3, String str4) throws AuthenticationFailedException, SMSOTPException {
        String str5 = null;
        if (z) {
            boolean isSMSOTPDisableForLocalUser = SMSOTPUtils.isSMSOTPDisableForLocalUser(str, authenticationContext);
            if (log.isDebugEnabled()) {
                log.debug("Has user enabled SMS OTP : " + isSMSOTPDisableForLocalUser);
            }
            if (isSMSOTPDisableForLocalUser) {
                redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.ERROR_SMSOTP_DISABLE);
            } else {
                str5 = getMobileNumber(httpServletRequest, httpServletResponse, authenticationContext, str, str3, str2);
            }
        } else if (SMSOTPUtils.isSendOTPDirectlyToMobile(authenticationContext)) {
            if (log.isDebugEnabled()) {
                log.debug("User :" + str + " doesn't exist");
            }
            if (httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER) == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Couldn't find the mobile number in request. Hence redirecting to mobile number input page");
                }
                try {
                    httpServletResponse.sendRedirect(getURL(SMSOTPUtils.getMobileNumberRequestPage(authenticationContext), str2));
                } catch (IOException e) {
                    throw new AuthenticationFailedException("Authentication failed!. An IOException occurred ", e);
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Mobile number found in request : " + httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER));
                }
                str5 = httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER);
            }
        } else if (SMSOTPUtils.sendOtpToFederatedMobile(authenticationContext)) {
            if (log.isDebugEnabled()) {
                log.debug("SMS OTP is mandatory. But user is not there in active directory. Hence send the otp to the federated mobile claim");
            }
            proceedOTPWithFederatedMobileNumber(authenticationContext, httpServletResponse, str, str2, SMSOTPUtils.sendOtpToFederatedMobile(authenticationContext));
        } else {
            if (log.isDebugEnabled()) {
                log.debug("SMS OTP is mandatory. But couldn't find a mobile number.");
            }
            redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.SEND_OTP_DIRECTLY_DISABLE);
        }
        if (StringUtils.isNotEmpty(str5)) {
            proceedWithOTP(httpServletResponse, authenticationContext, str4, str5, str2, str);
        }
    }

    private void proceedWithOTP(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws AuthenticationFailedException {
        String screenAttribute;
        String str5;
        Map authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        boolean isEnableResendCode = SMSOTPUtils.isEnableResendCode(authenticationContext);
        String loginPage = getLoginPage(authenticationContext);
        String tenantDomain = MultitenantUtils.getTenantDomain(str4);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str4);
        UserRealm userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        int i = 6;
        boolean isEnableAlphanumericToken = SMSOTPUtils.isEnableAlphanumericToken(authenticationContext);
        try {
            OneTimePassword oneTimePassword = new OneTimePassword();
            String randomNumber = OneTimePassword.getRandomNumber(5);
            if (SMSOTPUtils.getTokenLength(authenticationContext) != null) {
                i = Integer.parseInt(SMSOTPUtils.getTokenLength(authenticationContext));
            }
            if (SMSOTPUtils.getTokenExpiryTime(authenticationContext) != null) {
                authenticationContext.setProperty(SMSOTPConstants.TOKEN_VALIDITY_TIME, Long.valueOf(Integer.parseInt(SMSOTPUtils.getTokenExpiryTime(authenticationContext))));
            }
            String generateToken = oneTimePassword.generateToken(randomNumber, String.valueOf(2), i, isEnableAlphanumericToken);
            authenticationContext.setProperty(SMSOTPConstants.OTP_TOKEN, generateToken);
            if (log.isDebugEnabled()) {
                log.debug("Generated OTP successfully and set to the context.");
            }
            String str6 = (String) authenticatorProperties.get(SMSOTPConstants.SMS_URL);
            String str7 = (String) authenticatorProperties.get(SMSOTPConstants.HTTP_METHOD);
            String str8 = (String) authenticatorProperties.get(SMSOTPConstants.HEADERS);
            String str9 = (String) authenticatorProperties.get(SMSOTPConstants.PAYLOAD);
            String str10 = (String) authenticatorProperties.get(SMSOTPConstants.HTTP_RESPONSE);
            boolean z = true;
            if (StringUtils.isNotEmpty(str6)) {
                z = sendRESTCall(authenticationContext, str6, str7, str8, str9, str10, str2, generateToken);
            } else {
                AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
                triggerNotification(authenticatedUser.getUserName(), authenticatedUser.getTenantDomain(), authenticatedUser.getUserStoreDomain(), str2, generateToken);
            }
            if (z) {
                authenticationContext.setProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME, Long.valueOf(System.currentTimeMillis()));
                String url = getURL(loginPage, str3);
                if (FederatedAuthenticatorUtil.isUserExistInUserStore(str4) && (screenAttribute = getScreenAttribute(authenticationContext, userRealm, tenantAwareUsername)) != null) {
                    url = url + SMSOTPConstants.SCREEN_VALUE + screenAttribute;
                }
                httpServletResponse.sendRedirect(url);
            } else {
                if (authenticationContext.getProperty(SMSOTPConstants.ERROR_CODE) != null) {
                    String obj = authenticationContext.getProperty(SMSOTPConstants.ERROR_CODE).toString();
                    if (SMSOTPUtils.useInternalErrorCodes(authenticationContext)) {
                        String httpErrorResponseCode = getHttpErrorResponseCode(obj);
                        if (StringUtils.isNotEmpty(httpErrorResponseCode)) {
                            obj = URLEncoder.encode(SMSOTPConstants.ErrorMessage.getMappedInternalErrorCode(httpErrorResponseCode).getCode(), SMSOTPConstants.CHAR_SET_UTF_8);
                        }
                    }
                    str5 = SMSOTPConstants.ERROR_MESSAGE + obj;
                    String obj2 = authenticationContext.getProperty(SMSOTPConstants.ERROR_INFO).toString();
                    if (Boolean.parseBoolean((String) authenticatorProperties.get(SMSOTPConstants.SHOW_ERROR_INFO)) && obj2 != null) {
                        str5 = str5 + SMSOTPConstants.ERROR_MESSAGE_DETAILS + Base64.getEncoder().encodeToString(obj2.getBytes());
                    }
                } else {
                    str5 = "&authFailure=true&authFailureMsg=unable.send.code";
                }
                httpServletResponse.sendRedirect(getURL(str, str3) + SMSOTPConstants.RESEND_CODE + isEnableResendCode + str5);
            }
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Failed to get the user from user store. ", e);
        } catch (IOException e2) {
            throw new AuthenticationFailedException("Error while sending the HTTP request. ", e2);
        }
    }

    private void checkStatusCode(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws AuthenticationFailedException {
        boolean isRetryEnabled = SMSOTPUtils.isRetryEnabled(authenticationContext);
        String url = getURL(getLoginPage(authenticationContext), str);
        if (StringUtils.isNotEmpty(getScreenValue(authenticationContext))) {
            url = url + SMSOTPConstants.SCREEN_VALUE + getScreenValue(authenticationContext);
        }
        try {
            if (!isRetryEnabled) {
                String url2 = getURL(str2, str);
                if (Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.CODE_MISMATCH)))) {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.ERROR_CODE_MISMATCH);
                } else if (StringUtils.isNotEmpty((String) authenticationContext.getProperty(SMSOTPConstants.TOKEN_EXPIRED))) {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.TOKEN_EXPIRED_VALUE);
                } else {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.RETRY_PARAMS);
                }
            } else if (StringUtils.isNotEmpty((String) authenticationContext.getProperty(SMSOTPConstants.TOKEN_EXPIRED))) {
                httpServletResponse.sendRedirect(url + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.TOKEN_EXPIRED_VALUE);
            } else {
                httpServletResponse.sendRedirect(url + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.RETRY_PARAMS);
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed: An IOException was caught. ", e);
        }
    }

    private String getScreenValue(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String valueOf = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME));
        String tenantDomain = MultitenantUtils.getTenantDomain(valueOf);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(valueOf);
        try {
            return getScreenAttribute(authenticationContext, SMSOTPUtils.getUserRealm(tenantDomain), tenantAwareUsername);
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Failed to get the screen attribute for the user " + tenantAwareUsername + " from user store. ", e);
        }
    }

    private void redirectToMobileNoReqPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str) throws AuthenticationFailedException {
        if (!SMSOTPUtils.isEnableMobileNoUpdate(authenticationContext)) {
            throw new AuthenticationFailedException("Authentication failed!. Update mobile no in your profile.");
        }
        try {
            String url = getURL(SMSOTPUtils.getMobileNumberRequestPage(authenticationContext), str);
            if (log.isDebugEnabled()) {
                log.debug("Redirecting to mobile number request page : " + url);
            }
            httpServletResponse.sendRedirect(url);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication failed!. An IOException was caught. ", e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String parameter = httpServletRequest.getParameter(SMSOTPConstants.CODE);
        String str = (String) authenticationContext.getProperty(SMSOTPConstants.OTP_TOKEN);
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
        if (StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) {
            throw new InvalidCredentialsException("Code cannot not be null");
        }
        if (Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
            if (log.isDebugEnabled()) {
                log.debug("Retrying to resend the OTP");
            }
            throw new InvalidCredentialsException("Retrying to resend the OTP");
        }
        if (parameter.equals(str)) {
            processValidUserToken(authenticationContext, authenticatedUser);
        } else if (SMSOTPUtils.getBackupCode(authenticationContext).equals("true")) {
            checkWithBackUpCodes(authenticationContext, parameter, authenticatedUser);
        } else {
            authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
            throw new AuthenticationFailedException("Code mismatch");
        }
    }

    private void processValidUserToken(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        Optional ofNullable = Optional.ofNullable(authenticationContext.getProperty(SMSOTPConstants.TOKEN_VALIDITY_TIME));
        if (!ofNullable.isPresent() || !NumberUtils.isNumber((String) ofNullable.get())) {
            log.error("TokenExpiryTime property is not configured in application-authentication.xml or SMS OTP Authenticator UI");
            authenticationContext.setSubject(authenticatedUser);
            return;
        }
        Optional ofNullable2 = Optional.ofNullable(authenticationContext.getProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME));
        if (!ofNullable2.isPresent() || !NumberUtils.isNumber((String) ofNullable2.get())) {
            if (log.isDebugEnabled()) {
                log.debug("Could not find OTP sent time");
            }
            throw new AuthenticationFailedException("Internal Error Occurred");
        }
        if (System.currentTimeMillis() - Long.parseLong((String) ofNullable2.get()) <= Long.parseLong((String) ofNullable.get()) * 1000) {
            authenticationContext.setSubject(authenticatedUser);
        } else {
            authenticationContext.setProperty(SMSOTPConstants.TOKEN_EXPIRED, SMSOTPConstants.TOKEN_EXPIRED_VALUE);
            throw new AuthenticationFailedException("OTP code has expired");
        }
    }

    private void checkWithBackUpCodes(AuthenticationContext authenticationContext, String str, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        String[] strArr = null;
        String obj = authenticationContext.getProperty(SMSOTPConstants.USER_NAME).toString();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(obj);
        UserRealm userRealm = getUserRealm(obj);
        if (userRealm != null) {
            try {
                UserStoreManager userStoreManager = userRealm.getUserStoreManager();
                if (userStoreManager != null) {
                    String userClaimValue = userStoreManager.getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, (String) null);
                    if (StringUtils.isNotEmpty(userClaimValue)) {
                        strArr = userClaimValue.split(SMSOTPConstants.MASKING_VALUE_SEPARATOR);
                    }
                }
            } catch (UserStoreException e) {
                throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
            }
        }
        if (ArrayUtils.isEmpty(strArr)) {
            if (log.isDebugEnabled()) {
                log.debug("The claim http://wso2.org/claims/otpbackupcodes does not contain any values");
            }
            throw new AuthenticationFailedException("The claim http://wso2.org/claims/otpbackupcodes does not contain any values");
        }
        if (!isBackUpCodeValid(strArr, str)) {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + str + " does not match with any of the saved backup codes");
            }
            authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
            throw new AuthenticationFailedException("Verification Error due to Code " + str + " mismatch.", authenticatedUser);
        }
        if (log.isDebugEnabled()) {
            log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
        }
        authenticationContext.setSubject(authenticatedUser);
        userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, String.join(SMSOTPConstants.MASKING_VALUE_SEPARATOR, (String[]) ArrayUtils.removeElement(strArr, str)), (String) null);
    }

    private boolean isBackUpCodeValid(String[] strArr, String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        for (String str2 : strArr) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private UserRealm getUserRealm(String str) throws AuthenticationFailedException {
        UserRealm userRealm = null;
        try {
            if (StringUtils.isNotEmpty(str)) {
                userRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(MultitenantUtils.getTenantDomain(str)));
            }
            return userRealm;
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Cannot find the user realm. ", e);
        }
    }

    public String getFriendlyName() {
        return SMSOTPConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return "SMSOTP";
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(SMSOTPConstants.SMS_URL);
        property.setDisplayName("SMS URL");
        property.setRequired(false);
        property.setDescription("Enter client sms url value. If the phone number and text message are in URL, specify them as $ctx.num and $ctx.msg");
        property.setDisplayOrder(0);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(SMSOTPConstants.HTTP_METHOD);
        property2.setDisplayName("HTTP Method");
        property2.setRequired(false);
        property2.setDescription("Enter the HTTP Method used by the SMS API");
        property2.setDisplayOrder(1);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName(SMSOTPConstants.HEADERS);
        property3.setDisplayName("HTTP Headers");
        property3.setRequired(false);
        property3.setDescription("Enter the headers used by the API separated by comma, with the Header name and value separated by \":\". If the phone number and text message are in Headers, specify them as $ctx.num and $ctx.msg");
        property3.setDisplayOrder(2);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setName(SMSOTPConstants.PAYLOAD);
        property4.setDisplayName("HTTP Payload");
        property4.setRequired(false);
        property4.setDescription("Enter the HTTP Payload used by the SMS API. If the phone number and text message are in Payload, specify them as $ctx.num and $ctx.msg");
        property4.setDisplayOrder(3);
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setName(SMSOTPConstants.HTTP_RESPONSE);
        property5.setDisplayName("HTTP Response Code");
        property5.setRequired(false);
        property5.setDescription("Enter the HTTP response code the API sends upon successful call. Leave empty if unknown");
        property5.setDisplayOrder(4);
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setName(SMSOTPConstants.SHOW_ERROR_INFO);
        property6.setDisplayName("Show Detailed Error Information");
        property6.setRequired(false);
        property6.setDescription("Enter \"true\" if detailed error information from SMS provider needs to be displayed in the UI");
        property6.setDisplayOrder(5);
        arrayList.add(property6);
        Property property7 = new Property();
        property7.setName(SMSOTPConstants.VALUES_TO_BE_MASKED_IN_ERROR_INFO);
        property7.setDisplayName("Mask values in Error Info");
        property7.setRequired(false);
        property7.setDescription("Enter comma separated Values to be masked by * in the detailed error messages");
        property7.setDisplayOrder(6);
        arrayList.add(property7);
        return arrayList;
    }

    private boolean getConnection(HttpURLConnection httpURLConnection, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws AuthenticationFailedException {
        try {
            try {
                try {
                    httpURLConnection.setDoInput(true);
                    httpURLConnection.setDoOutput(true);
                    if (StringUtils.isNotEmpty(str)) {
                        if (log.isDebugEnabled()) {
                            log.debug("Processing HTTP headers since header string is available");
                        }
                        for (String str8 : str.trim().replaceAll("\\$ctx.num", str4).replaceAll("\\$ctx.msg", str5 + str6).split(SMSOTPConstants.MASKING_VALUE_SEPARATOR)) {
                            String[] split = str8.split(":");
                            if (split.length > 1) {
                                httpURLConnection.setRequestProperty(split[0], split[1]);
                            } else {
                                log.info("Either header name or value not found. Hence not adding header which contains " + split[0]);
                            }
                        }
                    } else if (log.isDebugEnabled()) {
                        log.debug("No configured headers found. Header string is empty");
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Configured http method is " + str7);
                    }
                    if (SMSOTPConstants.GET_METHOD.equalsIgnoreCase(str7)) {
                        httpURLConnection.setRequestMethod(SMSOTPConstants.GET_METHOD);
                    } else if (SMSOTPConstants.POST_METHOD.equalsIgnoreCase(str7)) {
                        httpURLConnection.setRequestMethod(SMSOTPConstants.POST_METHOD);
                        if (StringUtils.isNotEmpty(str2)) {
                            String replaceAll = str2.replaceAll("\\$ctx.num", str4).replaceAll("\\$ctx.msg", str5 + str6);
                            OutputStreamWriter outputStreamWriter = null;
                            try {
                                try {
                                    OutputStreamWriter outputStreamWriter2 = new OutputStreamWriter(httpURLConnection.getOutputStream(), SMSOTPConstants.CHAR_SET_UTF_8);
                                    outputStreamWriter2.write(replaceAll);
                                    if (outputStreamWriter2 != null) {
                                        outputStreamWriter2.close();
                                    }
                                } catch (Throwable th) {
                                    if (0 != 0) {
                                        outputStreamWriter.close();
                                    }
                                    throw th;
                                }
                            } catch (IOException e) {
                                throw new AuthenticationFailedException("Error while posting payload message ", e);
                            }
                        }
                    }
                    if (StringUtils.isNotEmpty(str3)) {
                        if (str3.trim().equals(String.valueOf(httpURLConnection.getResponseCode()))) {
                            if (log.isDebugEnabled()) {
                                log.debug("Code is successfully sent to the mobile and recieved expected response code : " + str3);
                            }
                            return true;
                        }
                        if (httpURLConnection == null) {
                            return false;
                        }
                        httpURLConnection.disconnect();
                        return false;
                    }
                    if (httpURLConnection.getResponseCode() == 200 || httpURLConnection.getResponseCode() == 201 || httpURLConnection.getResponseCode() == 202) {
                        if (log.isDebugEnabled()) {
                            log.debug("Code is successfully sent to the mobile. Relieved HTTP response code is : " + httpURLConnection.getResponseCode());
                        }
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                        return true;
                    }
                    authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, httpURLConnection.getResponseCode() + " : " + httpURLConnection.getResponseMessage());
                    String sanitizedErrorInfo = getSanitizedErrorInfo(httpURLConnection, authenticationContext, str4);
                    log.error("Error while sending SMS: error code is " + httpURLConnection.getResponseCode() + " and error message is " + httpURLConnection.getResponseMessage());
                    authenticationContext.setProperty(SMSOTPConstants.ERROR_INFO, sanitizedErrorInfo);
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return false;
                } catch (ProtocolException e2) {
                    throw new AuthenticationFailedException("Error while setting the HTTP method ", e2);
                }
            } catch (MalformedURLException e3) {
                throw new AuthenticationFailedException("Invalid URL ", e3);
            } catch (IOException e4) {
                throw new AuthenticationFailedException("Error while setting the HTTP response ", e4);
            }
        } finally {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
        }
    }

    private String getSanitizedErrorInfo(HttpURLConnection httpURLConnection, AuthenticationContext authenticationContext, String str) throws IOException, AuthenticationFailedException {
        String readContent = readContent(httpURLConnection);
        String screenValue = getScreenValue(authenticationContext);
        if (StringUtils.isEmpty(screenValue)) {
            int i = 0;
            if (SMSOTPUtils.getNoOfDigits(authenticationContext) != null) {
                i = Integer.parseInt(SMSOTPUtils.getNoOfDigits(authenticationContext));
            }
            screenValue = getMaskedValue(authenticationContext, str, i);
        }
        String replace = readContent.replace(str, screenValue);
        new URLDecoder();
        String maskConfiguredValues = maskConfiguredValues(authenticationContext, replace.replace(URLDecoder.decode(str), screenValue));
        authenticationContext.setProperty(SMSOTPConstants.ERROR_INFO, maskConfiguredValues);
        String str2 = maskConfiguredValues;
        if (log.isDebugEnabled()) {
            str2 = readContent;
        }
        log.error(String.format("Following Error occurred while sending SMS for user: %s, %s", String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME)), str2));
        return maskConfiguredValues;
    }

    private String maskConfiguredValues(AuthenticationContext authenticationContext, String str) {
        String str2 = (String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.VALUES_TO_BE_MASKED_IN_ERROR_INFO);
        if (StringUtils.isNotEmpty(str2)) {
            for (String str3 : str2.split(SMSOTPConstants.MASKING_VALUE_SEPARATOR)) {
                str = str.replaceAll(str3, getMaskedValue(authenticationContext, str3, 0));
            }
        }
        return str;
    }

    private String readContent(HttpURLConnection httpURLConnection) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream()));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    public boolean sendRESTCall(AuthenticationContext authenticationContext, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IOException, AuthenticationFailedException {
        if (log.isDebugEnabled()) {
            log.debug("Preparing message for sending out");
        }
        String encode = URLEncoder.encode(str6, SMSOTPConstants.CHAR_SET_UTF_8);
        String replaceAll = str.replaceAll("\\$ctx.num", encode).replaceAll("\\$ctx.msg", SMSOTPConstants.SMS_MESSAGE.replaceAll("\\s", "+") + str7);
        try {
            URL url = new URL(replaceAll);
            return url.getProtocol().equals(SMSOTPConstants.HTTPS) ? getConnection((HttpsURLConnection) url.openConnection(), authenticationContext, str3, str4, str5, encode, SMSOTPConstants.SMS_MESSAGE, str7, str2) : getConnection((HttpURLConnection) url.openConnection(), authenticationContext, str3, str4, str5, encode, SMSOTPConstants.SMS_MESSAGE, str7, str2);
        } catch (MalformedURLException e) {
            log.error("Error while parsing SMS provider URL: " + replaceAll, e);
            if (SMSOTPUtils.useInternalErrorCodes(authenticationContext)) {
                authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, SMSOTPConstants.ErrorMessage.MALFORMED_URL.getCode());
                return false;
            }
            authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, "The SMS URL does not conform to URL specification");
            return false;
        }
    }

    public String getScreenAttribute(AuthenticationContext authenticationContext, UserRealm userRealm, String str) throws UserStoreException, AuthenticationFailedException {
        String str2 = null;
        String str3 = null;
        int i = 0;
        String screenUserAttribute = SMSOTPUtils.getScreenUserAttribute(authenticationContext);
        if (screenUserAttribute != null) {
            str2 = userRealm.getUserStoreManager().getUserClaimValue(str, screenUserAttribute, (String) null);
        }
        if (str2 != null) {
            if (SMSOTPUtils.getNoOfDigits(authenticationContext) != null) {
                i = Integer.parseInt(SMSOTPUtils.getNoOfDigits(authenticationContext));
            }
            str3 = getMaskedValue(authenticationContext, str2, i);
        }
        return str3;
    }

    private String getMaskedValue(AuthenticationContext authenticationContext, String str, int i) {
        String substring;
        int length = str.length();
        if (SMSOTPConstants.BACKWARD.equals(SMSOTPUtils.getDigitsOrder(authenticationContext))) {
            substring = str.substring(length - i, length);
            String substring2 = str.substring(0, length - i);
            for (int i2 = 0; i2 < substring2.length(); i2++) {
                substring = "*".concat(substring);
            }
        } else {
            substring = str.substring(0, i);
            String substring3 = str.substring(i, length);
            for (int i3 = 0; i3 < substring3.length(); i3++) {
                substring = substring.concat("*");
            }
        }
        return substring;
    }

    protected void triggerNotification(String str, String str2, String str3, String str4, String str5) {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("userstore-domain", str3);
        hashMap.put("tenant-domain", str2);
        hashMap.put(SMSOTPConstants.ATTRIBUTE_SMS_SENT_TO, str4);
        hashMap.put(SMSOTPConstants.OTP_TOKEN, str5);
        hashMap.put(SMSOTPConstants.TEMPLATE_TYPE, "SMSOTP");
        try {
            SMSOTPServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(TRIGGER_SMS_NOTIFICATION, hashMap));
        } catch (Exception e) {
            String str6 = "Error occurred while calling triggerNotification, detail : " + e.getMessage();
            log.warn(str6);
            if (log.isDebugEnabled()) {
                log.debug(str6, e);
            }
        }
    }

    private String getHttpErrorResponseCode(String str) {
        String str2 = str;
        if (StringUtils.contains(str2, ":")) {
            str2 = str2.split(":")[0];
        }
        return StringUtils.trim(str2);
    }
}
