package org.wso2.carbon.identity.authenticator.smsotp;

import com.google.gson.Gson;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import javax.net.ssl.HttpsURLConnection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.owasp.encoder.Encode;
import org.slf4j.MDC;
import org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil;
import org.wso2.carbon.extension.identity.helper.util.IdentityHelperUtil;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.LocalApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorParamMetadata;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.authenticator.smsotp.SMSOTPConstants;
import org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException;
import org.wso2.carbon.identity.authenticator.smsotp.internal.SMSOTPServiceDataHolder;
import org.wso2.carbon.identity.captcha.connector.recaptcha.SMSOTPCaptchaConnector;
import org.wso2.carbon.identity.captcha.exception.CaptchaException;
import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
import org.wso2.carbon.identity.core.ServiceURLBuilder;
import org.wso2.carbon.identity.core.URLBuilderException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
import org.wso2.carbon.identity.recovery.util.Utils;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.UserStoreClientException;
import org.wso2.carbon.user.core.common.User;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.DiagnosticLog;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.class */
public class SMSOTPAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final Log log = LogFactory.getLog(SMSOTPAuthenticator.class);
    private static final String TRIGGER_SMS_NOTIFICATION = "TRIGGER_SMS_NOTIFICATION";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        if (log.isDebugEnabled()) {
            log.debug("Inside SMSOTPAuthenticator canHandle method and check the existence of mobile number and otp code");
        }
        return (StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.RESEND)) && StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) || StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE)) || StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER));
    }

    public boolean canHandleRequestFromMultiOptionStep(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        boolean z = canHandle(httpServletRequest) || (StringUtils.isNotBlank(httpServletRequest.getParameter(SMSOTPConstants.USER_NAME)) && getName().equalsIgnoreCase(authenticationContext.getCurrentAuthenticator()));
        if (z) {
            log.debug("SMSOTPAuthenticator can handle the request from multi-option step.");
        } else {
            log.debug("SMSOTPAuthenticator cannot handle the request from multi-option step.");
        }
        return z;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (StringUtils.isNotEmpty(httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER))) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        if (!StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) {
            if (Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
                AuthenticatorFlowStatus process = super.process(httpServletRequest, httpServletResponse, authenticationContext);
                publishPostSMSOTPGeneratedEvent(httpServletRequest, authenticationContext);
                return process;
            }
            AuthenticatorFlowStatus process2 = super.process(httpServletRequest, httpServletResponse, authenticationContext);
            publishPostSMSOTPValidatedEvent(httpServletRequest, authenticationContext);
            return process2;
        }
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
        if (authenticatedUser == null) {
            if (StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.USER_NAME))) {
                redirectUserToIDF(httpServletResponse, authenticationContext);
                authenticationContext.setProperty(SMSOTPConstants.IS_IDF_INITIATED_FROM_AUTHENTICATOR, true);
                return AuthenticatorFlowStatus.INCOMPLETE;
            }
            authenticatedUser = resolveUserFromUserStore(resolveUserFromRequest(httpServletRequest, authenticationContext));
            setResolvedUserInContext(authenticationContext, authenticatedUser);
        } else if (isPreviousIdPAuthenticationFlowHandler(authenticationContext)) {
            authenticatedUser = resolveUserFromUserStore(authenticatedUser);
            setResolvedUserInContext(authenticationContext, authenticatedUser);
        }
        if (authenticatedUser != null) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            publishPostSMSOTPGeneratedEvent(httpServletRequest, authenticationContext);
            return authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATION).equals("SMSOTP") ? AuthenticatorFlowStatus.INCOMPLETE : AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        log.debug("The user does not exist in the user stores.");
        redirectToErrorPage(httpServletResponse, authenticationContext, FrameworkUtils.getQueryStringWithFrameworkContextId(authenticationContext.getQueryParams(), authenticationContext.getCallerSessionKey(), authenticationContext.getContextIdentifier()), SMSOTPConstants.ERROR_USER_NOT_FOUND);
        return AuthenticatorFlowStatus.INCOMPLETE;
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        try {
            Map stepMap = authenticationContext.getSequenceConfig().getStepMap();
            String str = null;
            Object obj = null;
            AuthenticatedUser authenticatedUser = null;
            Map parameterMap = getAuthenticatorConfig().getParameterMap();
            String tenantDomain = authenticationContext.getTenantDomain();
            authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, "SMSOTP");
            if (!tenantDomain.equals(SMSOTPConstants.SUPER_TENANT)) {
                IdentityHelperUtil.loadApplicationAuthenticationXMLFromRegistry(authenticationContext, getName(), tenantDomain);
                obj = authenticationContext.getProperty("getPropertiesFromLocal");
            }
            String str2 = (obj != null || tenantDomain.equals(SMSOTPConstants.SUPER_TENANT)) ? (String) parameterMap.get(SMSOTPConstants.USE_CASE) : (String) authenticationContext.getProperty(SMSOTPConstants.USE_CASE);
            String queryStringWithFrameworkContextId = FrameworkUtils.getQueryStringWithFrameworkContextId(authenticationContext.getQueryParams(), authenticationContext.getCallerSessionKey(), authenticationContext.getContextIdentifier());
            String multiOptionURIQueryParam = getMultiOptionURIQueryParam(httpServletRequest);
            if (StringUtils.isNotEmpty(multiOptionURIQueryParam)) {
                queryStringWithFrameworkContextId = queryStringWithFrameworkContextId + multiOptionURIQueryParam;
            }
            if (StringUtils.isEmpty(str2)) {
                Iterator it = stepMap.values().iterator();
                do {
                    if (it.hasNext()) {
                        StepConfig stepConfig = (StepConfig) it.next();
                        authenticatedUser = stepConfig.getAuthenticatedUser();
                        if (authenticatedUser != null && isPreviousIdPAuthenticationFlowHandler(authenticationContext)) {
                            authenticatedUser = resolveUserFromUserStore(authenticatedUser);
                            if (authenticatedUser != null) {
                                str = authenticatedUser.toFullQualifiedUsername();
                            }
                        }
                        if (authenticatedUser != null && stepConfig.isSubjectAttributeStep()) {
                            str = authenticatedUser.toFullQualifiedUsername();
                        } else if (str == null && isSMSOTPAsFirstFactor(authenticationContext)) {
                            if (!authenticationContext.isRetrying() || !Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
                                authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
                            }
                            redirectToSMSOTPLoginPage(httpServletResponse, httpServletRequest, authenticationContext, queryStringWithFrameworkContextId);
                            return;
                        }
                    }
                    authenticationContext.setProperty(SMSOTPConstants.USER_NAME, str);
                    authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATED_USER, authenticatedUser);
                } while (str != null);
                log.debug("Cannot find the subject attributed step with authenticated user.");
                throw new AuthenticationFailedException("Authentication failed. Cannot find the subject attributed step with authenticated user.");
            }
            FederatedAuthenticatorUtil.setUsernameFromFirstStep(authenticationContext);
            str = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME));
            authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
            if (authenticatedUser == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Authentication failed: Could not find the authenticated user. ");
                }
                throw new AuthenticationFailedException("Authentication failed: Cannot proceed further without identifying the user. ");
            }
            boolean isSMSOTPMandatory = SMSOTPUtils.isSMSOTPMandatory(authenticationContext);
            boolean isUserExistInUserStore = FederatedAuthenticatorUtil.isUserExistInUserStore(str);
            String errorPage = getErrorPage(authenticationContext);
            if (isSMSOTPMandatory) {
                if (log.isDebugEnabled()) {
                    log.debug("SMS OTP is mandatory. Hence processing in mandatory path");
                }
                processSMSOTPMandatoryCase(authenticationContext, httpServletRequest, httpServletResponse, queryStringWithFrameworkContextId, str, isUserExistInUserStore);
            } else if (!isUserExistInUserStore || SMSOTPUtils.isSMSOTPDisableForLocalUser(str, authenticationContext)) {
                processFirstStepOnly(authenticatedUser, authenticationContext);
            } else if ((!authenticationContext.isRetrying() || Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND)) || isMobileNumberUpdateFailed(authenticationContext)) && !(SMSOTPUtils.isLocalUser(authenticationContext) && SMSOTPUtils.isAccountLocked(authenticatedUser))) {
                String mobileNumber = getMobileNumber(httpServletRequest, httpServletResponse, authenticationContext, str, queryStringWithFrameworkContextId);
                if (StringUtils.isNotEmpty(mobileNumber)) {
                    proceedWithOTP(httpServletRequest, httpServletResponse, authenticationContext, errorPage, mobileNumber, queryStringWithFrameworkContextId, str);
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Triggering SMS OTP retry flow");
                }
                checkStatusCode(httpServletResponse, authenticationContext, queryStringWithFrameworkContextId, errorPage);
            }
        } catch (SMSOTPException e) {
            throw new AuthenticationFailedException("Failed to get the parameters from authentication xml file. ", e);
        } catch (UserStoreException e2) {
            throw new AuthenticationFailedException("Failed to get the user from User Store. ", e2);
        }
    }

    private String getMultiOptionURIQueryParam(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return "";
        }
        String parameter = httpServletRequest.getParameter(SMSOTPConstants.MULTI_OPTION_URI);
        return StringUtils.isNotEmpty(parameter) ? "&multiOptionURI=" + Encode.forUriComponent(parameter) : "";
    }

    private String getMobileNumber(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws AuthenticationFailedException, SMSOTPException {
        String mobileNumberForUsername = SMSOTPUtils.getMobileNumberForUsername(str);
        if (StringUtils.isEmpty(mobileNumberForUsername)) {
            String parameter = httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER);
            if (StringUtils.isBlank(parameter) && !isMobileNumberUpdateFailed(authenticationContext) && isCodeMismatch(authenticationContext)) {
                mobileNumberForUsername = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.REQUESTED_USER_MOBILE));
            } else if (StringUtils.isBlank(parameter)) {
                if (log.isDebugEnabled()) {
                    log.debug("User has not registered a mobile number: " + str);
                }
                redirectToMobileNoReqPage(httpServletResponse, authenticationContext, str2);
            } else {
                authenticationContext.setProperty(SMSOTPConstants.REQUESTED_USER_MOBILE, parameter);
                mobileNumberForUsername = parameter;
            }
        }
        return mobileNumberForUsername;
    }

    private String getLoginPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String loginPageFromXMLFile = SMSOTPUtils.getLoginPageFromXMLFile(authenticationContext);
        if (StringUtils.isEmpty(loginPageFromXMLFile)) {
            loginPageFromXMLFile = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.SMS_LOGIN_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default authentication endpoint context is used");
            }
        }
        try {
            return buildURL(loginPageFromXMLFile, SMSOTPConstants.SMS_LOGIN_PAGE);
        } catch (URLBuilderException e) {
            throw new AuthenticationFailedException("Error building SMS OTP login page URL.", e);
        }
    }

    private String getErrorPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String errorPageFromXMLFile = SMSOTPUtils.getErrorPageFromXMLFile(authenticationContext);
        if (StringUtils.isEmpty(errorPageFromXMLFile)) {
            errorPageFromXMLFile = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.ERROR_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default authentication endpoint context is used");
            }
        }
        try {
            return buildURL(errorPageFromXMLFile, SMSOTPConstants.ERROR_PAGE);
        } catch (URLBuilderException e) {
            throw new AuthenticationFailedException("Error building SMS OTP error page URL.", e);
        }
    }

    private String getMobileNumberRequestPage(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (LoggerUtils.isDiagnosticLogsEnabled()) {
            DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(SMSOTPConstants.LogConstants.OUTBOUND_AUTH_SMSOTP_SERVICE, SMSOTPConstants.LogConstants.ActionIDs.SEND_SMS_OTP);
            diagnosticLogBuilder.logDetailLevel(DiagnosticLog.LogDetailLevel.APPLICATION).resultStatus(DiagnosticLog.ResultStatus.SUCCESS).inputParam("step", Integer.valueOf(authenticationContext.getCurrentStep())).inputParams(getApplicationDetails(authenticationContext)).resultMessage("Requesting mobile number for SMS OTP.");
            LoggerUtils.triggerDiagnosticLogEvent(diagnosticLogBuilder);
        }
        String mobileNumberRequestPage = SMSOTPUtils.getMobileNumberRequestPage(authenticationContext);
        if (StringUtils.isEmpty(mobileNumberRequestPage)) {
            mobileNumberRequestPage = ConfigurationFacade.getInstance().getAuthenticationEndpointURL().replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.MOBILE_NO_REQ_PAGE);
            if (log.isDebugEnabled()) {
                log.debug("Default authentication endpoint context is used");
            }
        }
        try {
            return buildURL(mobileNumberRequestPage, SMSOTPConstants.MOBILE_NO_REQ_PAGE);
        } catch (URLBuilderException e) {
            throw new AuthenticationFailedException("Error building mobile number request page URL.", e);
        }
    }

    private String getURL(String str, String str2) {
        return StringUtils.isNotEmpty(str2) ? str + "?" + str2 + "&" + SMSOTPConstants.NAME_OF_AUTHENTICATORS + getName() : str + "?" + SMSOTPConstants.NAME_OF_AUTHENTICATORS + getName();
    }

    private void redirectToErrorPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws AuthenticationFailedException {
        try {
            httpServletResponse.sendRedirect(getURL(getErrorPage(authenticationContext), str) + str2);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Exception occurred while redirecting to errorPage. ", e);
        }
    }

    private void processFirstStepOnly(AuthenticatedUser authenticatedUser, AuthenticationContext authenticationContext) {
        if (log.isDebugEnabled()) {
            log.debug("Processing First step only. Skipping SMSOTP");
        }
        if (((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getApplicationAuthenticator() instanceof LocalApplicationAuthenticator) {
            if (log.isDebugEnabled()) {
                log.debug("Found local authenticator in previous step. Hence setting a local user");
            }
            FederatedAuthenticatorUtil.updateLocalAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
            authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.BASIC);
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Found federated authenticator in previous step. Hence setting a local user");
        }
        FederatedAuthenticatorUtil.updateAuthenticatedUserInStepConfig(authenticationContext, authenticatedUser);
        authenticationContext.setProperty(SMSOTPConstants.AUTHENTICATION, SMSOTPConstants.FEDERETOR);
    }

    private void updateMobileNumberForUsername(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, String str, String str2) throws SMSOTPException, UserStoreException {
        if (log.isDebugEnabled()) {
            log.debug("Updating mobile number for user : " + str);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(SMSOTPConstants.MOBILE_CLAIM, String.valueOf(authenticationContext.getProperty(SMSOTPConstants.REQUESTED_USER_MOBILE)));
        SMSOTPUtils.updateUserAttribute(MultitenantUtils.getTenantAwareUsername(str), hashMap, str2);
    }

    private void processSMSOTPMandatoryCase(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticationFailedException, SMSOTPException {
        String tenantDomain = authenticationContext.getTenantDomain();
        String errorPage = getErrorPage(authenticationContext);
        if (!authenticationContext.isRetrying() || Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND)) || isMobileNumberUpdateFailed(authenticationContext)) {
            processSMSOTPFlow(authenticationContext, httpServletRequest, httpServletResponse, z, str2, str, tenantDomain, errorPage);
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Trigger retry flow when it is not request for resending OTP or it is not mobile number update failure");
        }
        checkStatusCode(httpServletResponse, authenticationContext, str, errorPage);
    }

    private void proceedOTPWithFederatedMobileNumber(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, boolean z) throws AuthenticationFailedException {
        try {
            String str3 = null;
            String name = ((StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep() - 1))).getAuthenticatedAutenticator().getName();
            if (z) {
                String federatedMobileAttributeKey = getFederatedMobileAttributeKey(authenticationContext, name);
                if (StringUtils.isEmpty(federatedMobileAttributeKey)) {
                    federatedMobileAttributeKey = getFederatedMobileAttributeKey(authenticationContext, getName());
                }
                Iterator it = ((AuthenticatedIdPData) authenticationContext.getCurrentAuthenticatedIdPs().values().iterator().next()).getUser().getUserAttributes().entrySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Map.Entry entry = (Map.Entry) it.next();
                    String valueOf = String.valueOf(((ClaimMapping) entry.getKey()).getLocalClaim().getClaimUri());
                    String str4 = (String) entry.getValue();
                    if (valueOf.equals(federatedMobileAttributeKey)) {
                        str3 = String.valueOf(str4);
                        proceedWithOTP(httpServletRequest, httpServletResponse, authenticationContext, getErrorPage(authenticationContext), str3, str2, str);
                        break;
                    }
                }
                if (StringUtils.isEmpty(str3)) {
                    if (log.isDebugEnabled()) {
                        log.debug("There is no mobile claim to send otp ");
                    }
                    throw new AuthenticationFailedException("There is no mobile claim to send otp");
                }
            } else {
                redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.SEND_OTP_DIRECTLY_DISABLE);
            }
        } catch (AuthenticationFailedException e) {
            throw new AuthenticationFailedException(" Failed to process SMSOTP flow ", e);
        }
    }

    private String getFederatedMobileAttributeKey(AuthenticationContext authenticationContext, String str) {
        String str2 = null;
        String tenantDomain = authenticationContext.getTenantDomain();
        if (authenticationContext.getProperty("getPropertiesFromLocal") != null || tenantDomain.equals(SMSOTPConstants.SUPER_TENANT)) {
            Map authenticatorConfig = FederatedAuthenticatorUtil.getAuthenticatorConfig(str);
            if (authenticatorConfig != null) {
                str2 = (String) authenticatorConfig.get(SMSOTPConstants.FEDERATED_MOBILE_ATTRIBUTE_KEY);
            }
        } else {
            str2 = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.FEDERATED_MOBILE_ATTRIBUTE_KEY));
        }
        return str2;
    }

    private void processSMSOTPFlow(AuthenticationContext authenticationContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, String str, String str2, String str3, String str4) throws AuthenticationFailedException, SMSOTPException {
        String str5 = null;
        if (z) {
            boolean isSMSOTPDisableForLocalUser = SMSOTPUtils.isSMSOTPDisableForLocalUser(str, authenticationContext);
            if (log.isDebugEnabled()) {
                log.debug("Has user enabled SMS OTP : " + isSMSOTPDisableForLocalUser);
            }
            if (isSMSOTPDisableForLocalUser) {
                redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.ERROR_SMSOTP_DISABLE);
            } else {
                str5 = getMobileNumber(httpServletRequest, httpServletResponse, authenticationContext, str, str2);
            }
        } else if (SMSOTPUtils.isSendOTPDirectlyToMobile(authenticationContext)) {
            if (log.isDebugEnabled()) {
                log.debug("User :" + str + " doesn't exist");
            }
            if (httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER) == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Couldn't find the mobile number in request. Hence redirecting to mobile number input page");
                }
                try {
                    String url = getURL(getMobileNumberRequestPage(authenticationContext), str2);
                    String str6 = SMSOTPConstants.MOBILE_NUMBER_PATTERN_POLICY_VIOLATED;
                    if (StringUtils.isNotEmpty((String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_REGEX))) {
                        if (StringUtils.isNotEmpty((String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_PATTERN_FAILURE_ERROR_MESSAGE))) {
                            str6 = (String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_PATTERN_FAILURE_ERROR_MESSAGE);
                        }
                        httpServletResponse.sendRedirect(FrameworkUtils.appendQueryParamsStringToUrl(url, SMSOTPConstants.MOBILE_NUMBER_REGEX_PATTERN_QUERY + Base64.getEncoder().encodeToString(((String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_REGEX)).getBytes()) + SMSOTPConstants.MOBILE_NUMBER_PATTERN_POLICY_FAILURE_ERROR_MESSAGE_QUERY + Base64.getEncoder().encodeToString(str6.getBytes())));
                    } else {
                        httpServletResponse.sendRedirect(url);
                    }
                } catch (IOException e) {
                    throw new AuthenticationFailedException("Authentication failed!. An IOException occurred ", e);
                }
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Mobile number found in request : " + httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER));
                }
                str5 = httpServletRequest.getParameter(SMSOTPConstants.MOBILE_NUMBER);
            }
        } else if (SMSOTPUtils.sendOtpToFederatedMobile(authenticationContext)) {
            if (log.isDebugEnabled()) {
                log.debug("SMS OTP is mandatory. But user is not there in active directory. Hence send the otp to the federated mobile claim");
            }
            proceedOTPWithFederatedMobileNumber(authenticationContext, httpServletRequest, httpServletResponse, str, str2, SMSOTPUtils.sendOtpToFederatedMobile(authenticationContext));
        } else {
            if (log.isDebugEnabled()) {
                log.debug("SMS OTP is mandatory. But couldn't find a mobile number.");
            }
            redirectToErrorPage(httpServletResponse, authenticationContext, str2, SMSOTPConstants.SEND_OTP_DIRECTLY_DISABLE);
        }
        if (StringUtils.isNotEmpty(str5)) {
            proceedWithOTP(httpServletRequest, httpServletResponse, authenticationContext, str4, str5, str2, str);
        }
    }

    private void proceedWithOTP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4) throws AuthenticationFailedException {
        String screenAttribute;
        String str5;
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        boolean isEnableResendCode = SMSOTPUtils.isEnableResendCode(authenticationContext);
        String loginPage = getLoginPage(authenticationContext);
        String tenantDomain = MultitenantUtils.getTenantDomain(str4);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str4);
        UserRealm userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        try {
            authenticationContext.setProperty(SMSOTPConstants.IS_CHAR_IN_OTP, Boolean.valueOf(isAlphaNumericOTPEnabled(authenticatorProperties, authenticationContext)));
            int sMSOTPExpiryTime = getSMSOTPExpiryTime(authenticatorProperties, authenticationContext);
            authenticationContext.setProperty(SMSOTPConstants.TOKEN_VALIDITY_TIME, Integer.toString(sMSOTPExpiryTime));
            authenticationContext.setProperty(SMSOTPConstants.SMS_OTP_LENGTH, Integer.valueOf(getSMSOTPLength(authenticatorProperties, authenticationContext)));
            String generateOTP = generateOTP(authenticationContext);
            authenticationContext.setProperty(SMSOTPConstants.OTP_TOKEN, generateOTP);
            if (log.isDebugEnabled()) {
                log.debug("Generated OTP successfully and set to the context.");
            }
            String str6 = authenticatorProperties.get(SMSOTPConstants.SMS_URL);
            String str7 = authenticatorProperties.get(SMSOTPConstants.HTTP_METHOD);
            String str8 = authenticatorProperties.get(SMSOTPConstants.HEADERS);
            String str9 = authenticatorProperties.get(SMSOTPConstants.PAYLOAD);
            String str10 = authenticatorProperties.get(SMSOTPConstants.HTTP_RESPONSE);
            boolean z = true;
            if (StringUtils.isNotEmpty(str6)) {
                z = sendRESTCall(authenticationContext, str6, str7, str8, str9, str10, str2, generateOTP);
            } else {
                AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
                triggerNotification(authenticatedUser.getUserName(), authenticatedUser.getTenantDomain(), authenticatedUser.getUserStoreDomain(), str2, generateOTP, authenticationContext.getServiceProviderName(), sMSOTPExpiryTime);
            }
            if (z) {
                authenticationContext.setProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME, Long.valueOf(System.currentTimeMillis()));
                String url = getURL(loginPage, str3);
                if (FederatedAuthenticatorUtil.isUserExistInUserStore(str4) && (screenAttribute = getScreenAttribute(authenticationContext, userRealm, tenantAwareUsername)) != null) {
                    url = url + SMSOTPConstants.SCREEN_VALUE + screenAttribute;
                }
                String str11 = url + getCaptchaParams(httpServletRequest, authenticationContext);
                authenticationContext.setProperty(SMSOTPConstants.IS_REDIRECT_TO_SMS_OTP, "true");
                httpServletResponse.sendRedirect(str11);
            } else {
                if (authenticationContext.getProperty(SMSOTPConstants.ERROR_CODE) != null) {
                    String obj = authenticationContext.getProperty(SMSOTPConstants.ERROR_CODE).toString();
                    if (SMSOTPUtils.useInternalErrorCodes(authenticationContext)) {
                        String httpErrorResponseCode = getHttpErrorResponseCode(obj);
                        if (StringUtils.isNotEmpty(httpErrorResponseCode)) {
                            obj = URLEncoder.encode(SMSOTPConstants.ErrorMessage.getMappedInternalErrorCode(httpErrorResponseCode).getCode(), SMSOTPConstants.CHAR_SET_UTF_8);
                        }
                    }
                    str5 = SMSOTPConstants.ERROR_MESSAGE + obj;
                    String obj2 = authenticationContext.getProperty(SMSOTPConstants.ERROR_INFO).toString();
                    if (Boolean.parseBoolean(authenticatorProperties.get(SMSOTPConstants.SHOW_ERROR_INFO)) && obj2 != null) {
                        str5 = str5 + SMSOTPConstants.ERROR_MESSAGE_DETAILS + Base64.getEncoder().encodeToString(obj2.getBytes());
                    }
                } else {
                    str5 = "&authFailure=true&authFailureMsg=unable.send.code";
                }
                httpServletResponse.sendRedirect(getURL(str, str3) + SMSOTPConstants.RESEND_CODE + isEnableResendCode + str5);
            }
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Failed to get the user from user store. ", e);
        } catch (IOException e2) {
            throw new AuthenticationFailedException("Error while sending the HTTP request. ", e2);
        }
    }

    private void redirectToSMSOTPLoginPage(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext, String str) throws AuthenticationFailedException {
        try {
            String loginPage = getLoginPage(authenticationContext);
            if (log.isDebugEnabled()) {
                log.debug("The SMSOTP login page url is " + loginPage);
            }
            if (StringUtils.isEmpty(loginPage)) {
                String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
                loginPage = authenticationEndpointURL.replace(SMSOTPConstants.LOGIN_PAGE, SMSOTPConstants.SMS_LOGIN_PAGE);
                if (log.isDebugEnabled()) {
                    log.debug("The default authentication endpoint URL " + authenticationEndpointURL + "is replaced by default sms otp login page " + loginPage);
                }
                if (!loginPage.contains(SMSOTPConstants.SMS_LOGIN_PAGE)) {
                    throw new AuthenticationFailedException("The default authentication page is not replaced by default sms otp page");
                }
            }
            String url = getURL(loginPage, str);
            if (authenticationContext.isRetrying() && !Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
                url = url + SMSOTPConstants.RETRY_PARAMS;
            }
            String str2 = url + getCaptchaParams(httpServletRequest, authenticationContext);
            authenticationContext.setProperty(SMSOTPConstants.IS_REDIRECT_TO_SMS_OTP, "true");
            httpServletResponse.sendRedirect(str2);
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed: An IOException was caught while redirecting to login page. ", e);
        }
    }

    private boolean isAlphaNumericOTPEnabled(Map<String, String> map, AuthenticationContext authenticationContext) {
        String str = map.get(SMSOTPConstants.SMS_OTP_NUMERIC_OTP);
        return StringUtils.isNotEmpty(str) ? !Boolean.parseBoolean(str) : SMSOTPUtils.isEnableAlphanumericToken(authenticationContext);
    }

    private int getSMSOTPLength(Map<String, String> map, AuthenticationContext authenticationContext) {
        int i = 6;
        if (StringUtils.isNotEmpty(map.get(SMSOTPConstants.SMS_OTP_LENGTH))) {
            int parseInt = Integer.parseInt(map.get(SMSOTPConstants.SMS_OTP_LENGTH));
            if (parseInt >= 4 && parseInt <= 10) {
                i = parseInt;
            }
        } else if (SMSOTPUtils.getTokenLength(authenticationContext) != null) {
            String tokenLength = SMSOTPUtils.getTokenLength(authenticationContext);
            if (StringUtils.isNumeric(tokenLength)) {
                i = Integer.parseInt(tokenLength);
            }
        }
        return i;
    }

    private int getSMSOTPExpiryTime(Map<String, String> map, AuthenticationContext authenticationContext) {
        int parseInt = Integer.parseInt(SMSOTPConstants.OTP_EXPIRE_TIME_DEFAULT);
        if (StringUtils.isNotEmpty(map.get(SMSOTPConstants.SMS_OTP_EXPIRY_TIME))) {
            int parseInt2 = Integer.parseInt(map.get(SMSOTPConstants.SMS_OTP_EXPIRY_TIME));
            if (parseInt2 <= 1440 && parseInt2 >= 1) {
                parseInt = parseInt2 * 60 * 1000;
            }
        } else if (SMSOTPUtils.getTokenExpiryTime(authenticationContext) != null) {
            String tokenExpiryTime = SMSOTPUtils.getTokenExpiryTime(authenticationContext);
            if (StringUtils.isNumeric(tokenExpiryTime)) {
                parseInt = Integer.parseInt(tokenExpiryTime);
            }
        }
        return parseInt;
    }

    private void checkStatusCode(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str, String str2) throws AuthenticationFailedException {
        String str3;
        boolean isRetryEnabled = SMSOTPUtils.isRetryEnabled(authenticationContext);
        String loginPage = getLoginPage(authenticationContext);
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
        String url = getURL(loginPage, str);
        if (StringUtils.isNotEmpty(getScreenValue(authenticationContext))) {
            url = url + SMSOTPConstants.SCREEN_VALUE + getScreenValue(authenticationContext);
        }
        try {
            if (SMSOTPUtils.isLocalUser(authenticationContext) && SMSOTPUtils.isAccountLocked(authenticatedUser)) {
                if (SMSOTPUtils.isShowAuthFailureReason(authenticationContext)) {
                    long unlockTimeInMilliSeconds = getUnlockTimeInMilliSeconds(authenticatedUser) - System.currentTimeMillis();
                    if (unlockTimeInMilliSeconds > 0) {
                        str = str + "&unlockTime=" + Math.round((unlockTimeInMilliSeconds / 1000.0d) / 60.0d);
                    }
                    str3 = SMSOTPConstants.ERROR_USER_ACCOUNT_LOCKED;
                } else {
                    str3 = SMSOTPConstants.RETRY_PARAMS;
                }
                redirectToErrorPage(httpServletResponse, authenticationContext, str, str3);
            } else if (authenticationContext.getProperty("UserTenantDomainMismatch") != null && ((Boolean) authenticationContext.getProperty("UserTenantDomainMismatch")).booleanValue()) {
                authenticationContext.setProperty("UserTenantDomainMismatch", false);
                redirectToErrorPage(httpServletResponse, authenticationContext, str, SMSOTPConstants.ERROR_TENANT_MISMATCH);
            } else if (!isRetryEnabled) {
                String url2 = getURL(str2, str);
                if (Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.CODE_MISMATCH)))) {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.ERROR_CODE_MISMATCH);
                } else if (StringUtils.isNotEmpty((String) authenticationContext.getProperty(SMSOTPConstants.TOKEN_EXPIRED))) {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.TOKEN_EXPIRED_VALUE);
                } else {
                    httpServletResponse.sendRedirect(url2 + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.RETRY_PARAMS);
                }
            } else if (StringUtils.isNotEmpty((String) authenticationContext.getProperty(SMSOTPConstants.TOKEN_EXPIRED))) {
                httpServletResponse.sendRedirect(url + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.ERROR_MESSAGE + SMSOTPConstants.TOKEN_EXPIRED_VALUE);
            } else {
                httpServletResponse.sendRedirect(url + SMSOTPConstants.RESEND_CODE + SMSOTPUtils.isEnableResendCode(authenticationContext) + SMSOTPConstants.RETRY_PARAMS);
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication Failed: An IOException was caught. ", e);
        }
    }

    private String getScreenValue(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String valueOf = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME));
        String tenantDomain = MultitenantUtils.getTenantDomain(valueOf);
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(valueOf);
        try {
            return getScreenAttribute(authenticationContext, SMSOTPUtils.getUserRealm(tenantDomain), tenantAwareUsername);
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Failed to get the screen attribute for the user " + tenantAwareUsername + " from user store. ", e);
        }
    }

    private void redirectToMobileNoReqPage(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext, String str) throws AuthenticationFailedException {
        if (!SMSOTPUtils.isEnableMobileNoUpdate(authenticationContext)) {
            throw new AuthenticationFailedException("Authentication failed!. Update mobile no in your profile.");
        }
        try {
            String url = getURL(getMobileNumberRequestPage(authenticationContext), str);
            if (log.isDebugEnabled()) {
                log.debug("Redirecting to mobile number request page : " + url);
            }
            String str2 = SMSOTPConstants.MOBILE_NUMBER_PATTERN_POLICY_VIOLATED;
            String str3 = (String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_REGEX);
            if (isMobileNumberUpdateFailed(authenticationContext)) {
                url = FrameworkUtils.appendQueryParamsStringToUrl(url, SMSOTPConstants.RETRY_PARAMS);
                if (authenticationContext.getProperty(SMSOTPConstants.PROFILE_UPDATE_FAILURE_REASON) != null) {
                    url = FrameworkUtils.appendQueryParamsStringToUrl(url, SMSOTPConstants.ERROR_MESSAGE_DETAILS + URLEncoder.encode(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.PROFILE_UPDATE_FAILURE_REASON)), SMSOTPConstants.CHAR_SET_UTF_8));
                }
            }
            if (StringUtils.isNotEmpty(str3)) {
                if (StringUtils.isNotEmpty((String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_PATTERN_FAILURE_ERROR_MESSAGE))) {
                    str2 = (String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_PATTERN_FAILURE_ERROR_MESSAGE);
                }
                httpServletResponse.sendRedirect(FrameworkUtils.appendQueryParamsStringToUrl(url, SMSOTPConstants.MOBILE_NUMBER_REGEX_PATTERN_QUERY + Base64.getEncoder().encodeToString(((String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.MOBILE_NUMBER_REGEX)).getBytes()) + SMSOTPConstants.MOBILE_NUMBER_PATTERN_POLICY_FAILURE_ERROR_MESSAGE_QUERY + Base64.getEncoder().encodeToString(str2.getBytes())));
            } else {
                httpServletResponse.sendRedirect(url);
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException("Authentication failed!. An IOException was caught. ", e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        AuthenticatedUser authenticatedUser = getAuthenticatedUser(authenticationContext);
        boolean isLocalUser = SMSOTPUtils.isLocalUser(authenticationContext);
        if (authenticatedUser == null) {
            throw new AuthenticationFailedException("Could not find an Authenticated user in the context.");
        }
        if (isPreviousIdPAuthenticationFlowHandler(authenticationContext)) {
            authenticatedUser = resolveUserFromUserStore(authenticatedUser);
        }
        SequenceConfig sequenceConfig = authenticationContext.getSequenceConfig();
        if (isLocalUser && !sequenceConfig.getApplicationConfig().isSaaSApp()) {
            String tenantDomain = authenticationContext.getTenantDomain();
            String tenantDomain2 = authenticatedUser.getTenantDomain();
            if (StringUtils.isNotEmpty(tenantDomain2) && StringUtils.isNotEmpty(tenantDomain) && !tenantDomain.equals(tenantDomain2)) {
                authenticationContext.setProperty("UserTenantDomainMismatch", true);
                throw new AuthenticationFailedException("Service Provider tenant domain must be equal to user tenant domain for non-SaaS applications", authenticationContext.getSubject());
            }
        }
        if (isLocalUser && SMSOTPUtils.isAccountLocked(authenticatedUser)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Authentication failed since authenticated user: %s,  account is locked.", authenticatedUser));
            }
            authenticationContext.setProperty(SMSOTPConstants.ACCOUNT_LOCKED, true);
            throw new AuthenticationFailedException("User account is locked.");
        }
        String parameter = httpServletRequest.getParameter(SMSOTPConstants.CODE);
        String str = (String) authenticationContext.getProperty(SMSOTPConstants.OTP_TOKEN);
        if (StringUtils.isEmpty(httpServletRequest.getParameter(SMSOTPConstants.CODE))) {
            throw new InvalidCredentialsException("Code cannot not be null");
        }
        if (Boolean.parseBoolean(httpServletRequest.getParameter(SMSOTPConstants.RESEND))) {
            if (log.isDebugEnabled()) {
                log.debug("Retrying to resend the OTP");
            }
            throw new InvalidCredentialsException("Retrying to resend the OTP");
        }
        if (authenticationContext.getProperty(SMSOTPConstants.MOBILE_NUMBER_UPDATE_FAILURE) != null) {
            authenticationContext.setProperty(SMSOTPConstants.MOBILE_NUMBER_UPDATE_FAILURE, "false");
        }
        boolean z = false;
        if (parameter.equals(str)) {
            authenticationContext.removeProperty(SMSOTPConstants.CODE_MISMATCH);
            processValidUserToken(authenticationContext, authenticatedUser);
            z = true;
        } else if (isLocalUser && "true".equals(SMSOTPUtils.getBackupCode(authenticationContext))) {
            z = checkWithBackUpCodes(authenticationContext, parameter, authenticatedUser);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Given otp code is a mismatch.");
            }
            authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
        }
        if (z && isLocalUser) {
            String valueOf = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME));
            try {
                if (StringUtils.isBlank(SMSOTPUtils.getMobileNumberForUsername(valueOf))) {
                    String tenantDomain3 = MultitenantUtils.getTenantDomain(valueOf);
                    try {
                        if (authenticationContext.getProperty(SMSOTPConstants.REQUESTED_USER_MOBILE) != null) {
                            try {
                                try {
                                    try {
                                        Utils.setThreadLocalToSkipSendingSmsOtpVerificationOnUpdate(IdentityRecoveryConstants.SkipMobileNumberVerificationOnUpdateStates.SKIP_ON_SMS_OTP_FLOW.toString());
                                        updateMobileNumberForUsername(authenticationContext, httpServletRequest, valueOf, tenantDomain3);
                                        Utils.unsetThreadLocalToSkipSendingSmsOtpVerificationOnUpdate();
                                    } catch (SMSOTPException e) {
                                        throw new AuthenticationFailedException("Failed accessing the userstore for user: " + valueOf, e.getCause());
                                    }
                                } catch (UserStoreException e2) {
                                    Throwable cause = e2.getCause();
                                    if (cause instanceof UserStoreClientException) {
                                        authenticationContext.setProperty(SMSOTPConstants.MOBILE_NUMBER_UPDATE_FAILURE, "true");
                                        authenticationContext.setProperty(SMSOTPConstants.PROFILE_UPDATE_FAILURE_REASON, cause.getMessage());
                                    }
                                    throw new AuthenticationFailedException("Mobile claim update failed for user " + valueOf, e2);
                                }
                            } catch (UserStoreClientException e3) {
                                authenticationContext.setProperty(SMSOTPConstants.MOBILE_NUMBER_UPDATE_FAILURE, "true");
                                throw new AuthenticationFailedException("Mobile claim update failed for user :" + valueOf, e3);
                            }
                        }
                    } catch (Throwable th) {
                        Utils.unsetThreadLocalToSkipSendingSmsOtpVerificationOnUpdate();
                        throw th;
                    }
                }
            } catch (SMSOTPException e4) {
                throw new AuthenticationFailedException("Failed to get the parameters from authentication xml file for user:  " + valueOf + " for tenant: " + authenticationContext.getTenantDomain(), e4);
            }
        }
        if (z) {
            resetSmsOtpFailedAttempts(authenticationContext);
        } else {
            handleSmsOtpVerificationFail(authenticationContext);
            authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
            throw new AuthenticationFailedException("Invalid code. Verification failed.");
        }
    }

    private void processValidUserToken(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        Optional ofNullable = Optional.ofNullable(authenticationContext.getProperty(SMSOTPConstants.TOKEN_VALIDITY_TIME));
        if (!ofNullable.isPresent() || !NumberUtils.isNumber(ofNullable.get().toString())) {
            log.error("TokenExpiryTime property is not configured in application-authentication.xml or SMS OTP Authenticator UI");
            authenticationContext.setSubject(authenticatedUser);
            return;
        }
        Optional ofNullable2 = Optional.ofNullable(authenticationContext.getProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME));
        if (!ofNullable2.isPresent() || !NumberUtils.isNumber(ofNullable2.get().toString())) {
            if (log.isDebugEnabled()) {
                log.debug("Could not find OTP sent time");
            }
            throw new AuthenticationFailedException("Internal Error Occurred");
        }
        if (System.currentTimeMillis() - Long.parseLong(ofNullable2.get().toString()) <= Long.parseLong(ofNullable.get().toString()) * 1000) {
            authenticationContext.removeProperty(SMSOTPConstants.TOKEN_EXPIRED);
            authenticationContext.setSubject(authenticatedUser);
        } else {
            authenticationContext.setProperty(SMSOTPConstants.TOKEN_EXPIRED, SMSOTPConstants.TOKEN_EXPIRED_VALUE);
            handleSmsOtpVerificationFail(authenticationContext);
            throw new AuthenticationFailedException("OTP code has expired");
        }
    }

    private boolean checkWithBackUpCodes(AuthenticationContext authenticationContext, String str, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        boolean z = false;
        String[] strArr = null;
        String obj = authenticationContext.getProperty(SMSOTPConstants.USER_NAME).toString();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(obj);
        UserRealm userRealm = getUserRealm(obj);
        String str2 = null;
        if (userRealm != null) {
            try {
                UserStoreManager userStoreManager = userRealm.getUserStoreManager();
                if (Boolean.parseBoolean(IdentityUtil.getProperty(SMSOTPConstants.HANDLE_BACKUP_CODES_AS_IDENTITY_CLAIM))) {
                    if (log.isDebugEnabled()) {
                        log.debug("OTPBackupCodes.UseIdentityClaims property is enabled, hence treating OTP backup code claim as http://wso2.org/claims/identity/otpbackupcodes");
                    }
                    str2 = SMSOTPConstants.OTP_BACKUP_CODES_IDENTITY_CLAIM;
                } else {
                    str2 = SMSOTPConstants.SAVED_OTP_LIST;
                }
                if (userStoreManager != null) {
                    Map userClaimValues = userStoreManager.getUserClaimValues(tenantAwareUsername, new String[]{str2}, (String) null);
                    if (!userClaimValues.isEmpty()) {
                        String str3 = (String) userClaimValues.get(str2);
                        if (StringUtils.isNotEmpty(str3)) {
                            strArr = str3.split(",");
                        }
                    }
                }
            } catch (UserStoreException e) {
                log.error("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
            }
        }
        if (ArrayUtils.isEmpty(strArr)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("The claim " + str2 + " does not contain any values.");
            return false;
        }
        if (isBackUpCodeValid(strArr, str)) {
            if (log.isDebugEnabled()) {
                log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
            }
            z = true;
            authenticationContext.setSubject(authenticatedUser);
            String[] strArr2 = (String[]) ArrayUtils.removeElement(strArr, str);
            if (log.isDebugEnabled()) {
                log.debug("Removing backup code from saved backup codes list.");
            }
            HashMap hashMap = new HashMap();
            hashMap.put(str2, String.join(",", strArr2));
            userRealm.getUserStoreManager().setUserClaimValues(tenantAwareUsername, hashMap, (String) null);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + str + " does not match with any of the saved backup codes");
            }
            authenticationContext.setProperty(SMSOTPConstants.CODE_MISMATCH, true);
        }
        return z;
    }

    private boolean isBackUpCodeValid(String[] strArr, String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        for (String str2 : strArr) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    public AuthenticatedUser getAuthenticatedUser(AuthenticationContext authenticationContext) {
        AuthenticatedUser authenticatedUser = null;
        Iterator it = authenticationContext.getSequenceConfig().getStepMap().values().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            StepConfig stepConfig = (StepConfig) it.next();
            AuthenticatedUser authenticatedUser2 = stepConfig.getAuthenticatedUser();
            if (stepConfig.isSubjectAttributeStep() && authenticatedUser2 != null) {
                authenticatedUser = new AuthenticatedUser(authenticatedUser2);
                break;
            }
        }
        if (authenticationContext.getLastAuthenticatedUser() != null && authenticationContext.getLastAuthenticatedUser().getUserName() != null) {
            authenticatedUser = authenticationContext.getLastAuthenticatedUser();
        }
        return authenticatedUser;
    }

    private UserRealm getUserRealm(String str) throws AuthenticationFailedException {
        UserRealm userRealm = null;
        try {
            if (StringUtils.isNotEmpty(str)) {
                userRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(MultitenantUtils.getTenantDomain(str)));
            }
            return userRealm;
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Cannot find the user realm. ", e);
        }
    }

    private UserRealm getUserRealm(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        UserRealm userRealm = null;
        if (authenticatedUser != null) {
            try {
                userRealm = IdentityTenantUtil.getRealmService().getTenantUserRealm(IdentityTenantUtil.getTenantId(authenticatedUser.getTenantDomain()));
            } catch (UserStoreException e) {
                throw new AuthenticationFailedException("Cannot find the user realm.", e);
            }
        }
        return userRealm;
    }

    public String getFriendlyName() {
        return SMSOTPConstants.AUTHENTICATOR_FRIENDLY_NAME;
    }

    public String getName() {
        return "SMSOTP";
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(SMSOTPConstants.SMS_URL);
        property.setDisplayName("SMS URL");
        property.setRequired(false);
        property.setDescription("Enter client sms url value. If the phone number and text message are in URL, specify them as $ctx.num and $ctx.msg or $ctx.otp");
        property.setDisplayOrder(0);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(SMSOTPConstants.HTTP_METHOD);
        property2.setDisplayName("HTTP Method");
        property2.setRequired(false);
        property2.setDescription("Enter the HTTP Method used by the SMS API");
        property2.setDisplayOrder(1);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setName(SMSOTPConstants.HEADERS);
        property3.setDisplayName("HTTP Headers");
        property3.setRequired(false);
        property3.setDescription("Enter the headers used by the API separated by comma, with the Header name and value separated by \":\". If the phone number and text message are in Headers, specify them as $ctx.num and $ctx.msg or $ctx.otp");
        property3.setDisplayOrder(2);
        arrayList.add(property3);
        Property property4 = new Property();
        property4.setName(SMSOTPConstants.PAYLOAD);
        property4.setDisplayName("HTTP Payload");
        property4.setRequired(false);
        property4.setDescription("Enter the HTTP Payload used by the SMS API. If the phone number and text message are in Payload, specify them as $ctx.num and $ctx.msg or $ctx.otp");
        property4.setDisplayOrder(3);
        arrayList.add(property4);
        Property property5 = new Property();
        property5.setName(SMSOTPConstants.HTTP_RESPONSE);
        property5.setDisplayName("HTTP Response Code");
        property5.setRequired(false);
        property5.setDescription("Enter the HTTP response code the API sends upon successful call. Leave empty if unknown");
        property5.setDisplayOrder(4);
        arrayList.add(property5);
        Property property6 = new Property();
        property6.setName(SMSOTPConstants.SHOW_ERROR_INFO);
        property6.setDisplayName("Show Detailed Error Information");
        property6.setRequired(false);
        property6.setDescription("Enter \"true\" if detailed error information from SMS provider needs to be displayed in the UI");
        property6.setDisplayOrder(5);
        arrayList.add(property6);
        Property property7 = new Property();
        property7.setName(SMSOTPConstants.VALUES_TO_BE_MASKED_IN_ERROR_INFO);
        property7.setDisplayName("Mask values in Error Info");
        property7.setRequired(false);
        property7.setDescription("Enter comma separated Values to be masked by * in the detailed error messages");
        property7.setDisplayOrder(6);
        arrayList.add(property7);
        Property property8 = new Property();
        property8.setName(SMSOTPConstants.MOBILE_NUMBER_REGEX);
        property8.setDisplayName("Mobile Number Regex Pattern");
        property8.setRequired(false);
        property8.setDescription("Enter regex format to validate mobile number while capture and update mobile number.");
        property8.setDisplayOrder(7);
        arrayList.add(property8);
        Property property9 = new Property();
        property9.setName(SMSOTPConstants.MOBILE_NUMBER_PATTERN_FAILURE_ERROR_MESSAGE);
        property9.setDisplayName("Regex Violation Error Message");
        property9.setRequired(false);
        property9.setDescription("Enter error message for invalid mobile number patterns.");
        property9.setDisplayOrder(8);
        arrayList.add(property9);
        Property property10 = new Property();
        property10.setName(SMSOTPConstants.SMS_OTP_LENGTH);
        property10.setDisplayName("SMS OTP length");
        property10.setRequired(false);
        property10.setDescription("The number of allowed characters in the OTP. Please pick a value between 4-10.");
        property10.setType("string");
        property10.setDefaultValue(Integer.toString(6));
        property10.setDisplayOrder(9);
        arrayList.add(property10);
        Property property11 = new Property();
        property11.setName(SMSOTPConstants.SMS_OTP_EXPIRY_TIME);
        property11.setDisplayName("SMS OTP expiry time (Minutes)");
        property11.setRequired(false);
        property11.setDescription("Please pick a value between 1 minute and 1440 minutes (1 day).");
        property11.setType("string");
        property11.setDefaultValue(SMSOTPConstants.OTP_EXPIRE_TIME_DEFAULT_IN_MINS);
        property11.setDisplayOrder(10);
        arrayList.add(property11);
        Property property12 = new Property();
        property12.setName(SMSOTPConstants.SMS_OTP_NUMERIC_OTP);
        property12.setDisplayName("Use only numeric characters for OTP");
        property12.setRequired(false);
        property12.setDescription("Please enter either 'true' or 'false' to use only numeric characters or enable alphanumeric characters respectively.");
        property12.setType("string");
        property12.setDefaultValue("true");
        property12.setDisplayOrder(11);
        arrayList.add(property12);
        return arrayList;
    }

    private boolean getConnection(HttpURLConnection httpURLConnection, AuthenticationContext authenticationContext, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws AuthenticationFailedException {
        String str8;
        try {
            try {
                httpURLConnection.setDoInput(true);
                httpURLConnection.setDoOutput(true);
                String encode = URLEncoder.encode(str4, SMSOTPConstants.CHAR_SET_UTF_8);
                HashMap hashMap = new HashMap();
                if (StringUtils.isNotEmpty(str)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Processing HTTP headers since header string is available");
                    }
                    for (String str9 : replacePlaceholders(str.trim(), str6, str4, str5).split(",")) {
                        String[] split = str9.split(":", 2);
                        if (split.length > 1) {
                            httpURLConnection.setRequestProperty(split[0], split[1]);
                            hashMap.put(split[0], split[1]);
                        } else {
                            log.info("Either header name or value not found. Hence not adding header which contains " + split[0]);
                        }
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("No configured headers found. Header string is empty");
                }
                if (log.isDebugEnabled()) {
                    log.debug("Configured http method is " + str7);
                }
                if (SMSOTPConstants.GET_METHOD.equalsIgnoreCase(str7)) {
                    httpURLConnection.setRequestMethod(SMSOTPConstants.GET_METHOD);
                } else if (SMSOTPConstants.POST_METHOD.equalsIgnoreCase(str7)) {
                    httpURLConnection.setRequestMethod(SMSOTPConstants.POST_METHOD);
                    if (StringUtils.isNotEmpty(str2)) {
                        String trimToEmpty = StringUtils.trimToEmpty((String) hashMap.get(SMSOTPConstants.CONTENT_TYPE));
                        if (SMSOTPUtils.isPayloadEncodingForSMSOTPEnabled(authenticationContext)) {
                            encode = getEncodedValue(trimToEmpty, str4);
                            str8 = getEncodedValue(trimToEmpty, str5);
                        } else {
                            str8 = str5;
                            if (StringUtils.isNotBlank(trimToEmpty) && SMSOTPConstants.POST_METHOD.equals(str7) && SMSOTPConstants.JSON_CONTENT_TYPE.equals(trimToEmpty)) {
                                encode = str4;
                            }
                        }
                        String replacePlaceholders = replacePlaceholders(str2, str6, encode, str8);
                        OutputStreamWriter outputStreamWriter = null;
                        try {
                            try {
                                outputStreamWriter = new OutputStreamWriter(httpURLConnection.getOutputStream(), SMSOTPConstants.CHAR_SET_UTF_8);
                                outputStreamWriter.write(replacePlaceholders);
                                if (outputStreamWriter != null) {
                                    outputStreamWriter.close();
                                }
                            } catch (IOException e) {
                                throw new AuthenticationFailedException("Error while posting payload message ", e);
                            }
                        } catch (Throwable th) {
                            if (outputStreamWriter != null) {
                                outputStreamWriter.close();
                            }
                            throw th;
                        }
                    }
                }
                if (StringUtils.isNotEmpty(str3)) {
                    if (str3.trim().equals(String.valueOf(httpURLConnection.getResponseCode()))) {
                        if (log.isDebugEnabled()) {
                            log.debug("Code is successfully sent to the mobile and received expected response code : " + str3);
                        }
                        return true;
                    }
                    log.error("Error while sending SMS: error code is " + httpURLConnection.getResponseCode() + " and error message is " + httpURLConnection.getResponseMessage());
                    if (httpURLConnection == null) {
                        return false;
                    }
                    httpURLConnection.disconnect();
                    return false;
                }
                if (httpURLConnection.getResponseCode() == 200 || httpURLConnection.getResponseCode() == 201 || httpURLConnection.getResponseCode() == 202) {
                    if (log.isDebugEnabled()) {
                        log.debug("Code is successfully sent to the mobile. Relieved HTTP response code is : " + httpURLConnection.getResponseCode());
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return true;
                }
                authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, httpURLConnection.getResponseCode() + " : " + httpURLConnection.getResponseMessage());
                if (httpURLConnection.getErrorStream() != null) {
                    String sanitizedErrorInfo = getSanitizedErrorInfo(httpURLConnection.getErrorStream(), authenticationContext, encode);
                    log.error("Error while sending SMS: error code is " + httpURLConnection.getResponseCode() + " and error message is " + httpURLConnection.getResponseMessage());
                    authenticationContext.setProperty(SMSOTPConstants.ERROR_INFO, sanitizedErrorInfo);
                }
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return false;
            } catch (MalformedURLException e2) {
                throw new AuthenticationFailedException("Invalid URL ", e2);
            } catch (ProtocolException e3) {
                throw new AuthenticationFailedException("Error while setting the HTTP method ", e3);
            } catch (IOException e4) {
                throw new AuthenticationFailedException("Error while setting the HTTP response ", e4);
            }
        } finally {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
        }
    }

    private String getSanitizedErrorInfo(InputStream inputStream, AuthenticationContext authenticationContext, String str) throws IOException, AuthenticationFailedException {
        String readContent = readContent(inputStream);
        String screenValue = getScreenValue(authenticationContext);
        if (StringUtils.isEmpty(screenValue)) {
            int i = 0;
            if (SMSOTPUtils.getNoOfDigits(authenticationContext) != null) {
                i = Integer.parseInt(SMSOTPUtils.getNoOfDigits(authenticationContext));
            }
            screenValue = getMaskedValue(authenticationContext, str, i);
        }
        String maskConfiguredValues = maskConfiguredValues(authenticationContext, readContent.replace(str, screenValue).replace(URLDecoder.decode(str), screenValue));
        authenticationContext.setProperty(SMSOTPConstants.ERROR_INFO, maskConfiguredValues);
        String str2 = maskConfiguredValues;
        if (log.isDebugEnabled()) {
            str2 = readContent;
        }
        log.error(String.format("Following Error occurred while sending SMS for user: %s, %s", String.valueOf(authenticationContext.getProperty(SMSOTPConstants.USER_NAME)), str2));
        return maskConfiguredValues;
    }

    private String maskConfiguredValues(AuthenticationContext authenticationContext, String str) {
        String str2 = (String) authenticationContext.getAuthenticatorProperties().get(SMSOTPConstants.VALUES_TO_BE_MASKED_IN_ERROR_INFO);
        if (StringUtils.isNotEmpty(str2)) {
            for (String str3 : str2.split(",")) {
                str = str.replaceAll(str3, getMaskedValue(authenticationContext, str3, 0));
            }
        }
        return str;
    }

    private String readContent(InputStream inputStream) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    public boolean sendRESTCall(AuthenticationContext authenticationContext, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws IOException, AuthenticationFailedException {
        if (log.isDebugEnabled()) {
            log.debug("Preparing message for sending out");
        }
        String replacePlaceholders = replacePlaceholders(str, str7, URLEncoder.encode(str6, SMSOTPConstants.CHAR_SET_UTF_8), SMSOTPConstants.SMS_MESSAGE.replaceAll("\\s", "+"));
        try {
            URL url = new URL(replacePlaceholders);
            return getConnection(url.getProtocol().equals(SMSOTPConstants.HTTPS) ? (HttpsURLConnection) url.openConnection() : (HttpURLConnection) url.openConnection(), authenticationContext, str3, str4, str5, str6, SMSOTPConstants.SMS_MESSAGE, str7, str2);
        } catch (MalformedURLException e) {
            log.error("Error while parsing SMS provider URL: " + replacePlaceholders, e);
            if (SMSOTPUtils.useInternalErrorCodes(authenticationContext)) {
                authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, SMSOTPConstants.ErrorMessage.MALFORMED_URL.getCode());
                return false;
            }
            authenticationContext.setProperty(SMSOTPConstants.ERROR_CODE, "The SMS URL does not conform to URL specification");
            return false;
        }
    }

    private String replacePlaceholders(String str, String str2, String str3, String str4) {
        return str.replaceAll("\\$ctx.num", str3).replaceAll("\\$ctx.msg", str4 + str2).replaceAll("\\$ctx.otp", str2);
    }

    private String getEncodedValue(String str, String str2) throws IOException {
        String encode;
        boolean z = -1;
        switch (str.hashCode()) {
            case -43840953:
                if (str.equals(SMSOTPConstants.JSON_CONTENT_TYPE)) {
                    z = true;
                    break;
                }
                break;
            case 641428155:
                if (str.equals(SMSOTPConstants.XML_CONTENT_TYPE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                encode = Encode.forXml(str2);
                break;
            case SMSOTPConstants.SMS_OTP_MIN_EXPIRY_TIME /* 1 */:
                encode = new Gson().toJson(str2);
                break;
            default:
                encode = URLEncoder.encode(str2, SMSOTPConstants.CHAR_SET_UTF_8);
                break;
        }
        return encode;
    }

    public String getScreenAttribute(AuthenticationContext authenticationContext, UserRealm userRealm, String str) throws UserStoreException {
        String str2 = null;
        String str3 = null;
        int i = 0;
        String screenUserAttribute = SMSOTPUtils.getScreenUserAttribute(authenticationContext);
        if (screenUserAttribute != null) {
            str2 = userRealm.getUserStoreManager().getUserClaimValue(str, screenUserAttribute, (String) null);
            if (StringUtils.isBlank(str2)) {
                str2 = String.valueOf(authenticationContext.getProperty(SMSOTPConstants.REQUESTED_USER_MOBILE));
            }
        }
        if (StringUtils.isNotBlank(str2)) {
            if (SMSOTPUtils.getNoOfDigits(authenticationContext) != null) {
                i = Integer.parseInt(SMSOTPUtils.getNoOfDigits(authenticationContext));
            }
            str3 = getMaskedValue(authenticationContext, str2, i);
        }
        return str3;
    }

    private String getMaskedValue(AuthenticationContext authenticationContext, String str, int i) {
        String substring;
        int length = str.length();
        int min = Math.min(i, length);
        if (length <= min && log.isDebugEnabled()) {
            log.debug("Mobile number length is less than or equal to noOfDigits: " + min);
        }
        if (SMSOTPConstants.BACKWARD.equals(SMSOTPUtils.getDigitsOrder(authenticationContext))) {
            substring = str.substring(length - min, length);
            String substring2 = str.substring(0, length - min);
            for (int i2 = 0; i2 < substring2.length(); i2++) {
                substring = "*".concat(substring);
            }
        } else {
            substring = str.substring(0, min);
            String substring3 = str.substring(min, length);
            for (int i3 = 0; i3 < substring3.length(); i3++) {
                substring = substring.concat("*");
            }
        }
        return substring;
    }

    protected void triggerNotification(String str, String str2, String str3, String str4, String str5, String str6, long j) {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("userstore-domain", str3);
        hashMap.put("tenant-domain", str2);
        hashMap.put("notification-channel", NotificationChannels.SMS_CHANNEL.getChannelType());
        hashMap.put(SMSOTPConstants.ATTRIBUTE_SMS_SENT_TO, str4);
        hashMap.put(SMSOTPConstants.OTP_TOKEN, str5);
        hashMap.put(SMSOTPConstants.CORRELATION_ID, getCorrelationId());
        hashMap.put(SMSOTPConstants.TEMPLATE_TYPE, "SMSOTP");
        hashMap.put("application-name", str6);
        hashMap.put("otp-expiry-time", String.valueOf(j / 60));
        try {
            SMSOTPServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event(TRIGGER_SMS_NOTIFICATION, hashMap));
        } catch (Exception e) {
            String str7 = "Error occurred while calling triggerNotification, detail : " + e.getMessage();
            log.warn(str7);
            if (log.isDebugEnabled()) {
                log.debug(str7, e);
            }
        }
    }

    public static String getCorrelationId() {
        return StringUtils.isBlank(MDC.get(SMSOTPConstants.CORRELATION_ID_MDC)) ? UUID.randomUUID().toString() : MDC.get(SMSOTPConstants.CORRELATION_ID_MDC);
    }

    private String getHttpErrorResponseCode(String str) {
        String str2 = str;
        if (StringUtils.contains(str2, ":")) {
            str2 = str2.split(":")[0];
        }
        return StringUtils.trim(str2);
    }

    private void resetSmsOtpFailedAttempts(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        if (SMSOTPUtils.isLocalUser(authenticationContext) && SMSOTPUtils.isAccountLockingEnabledForSmsOtp(authenticationContext)) {
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
            for (Property property : SMSOTPUtils.getAccountLockConnectorConfigs(authenticatedUser.getTenantDomain())) {
                if (SMSOTPConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE.equals(property.getName()) && !Boolean.parseBoolean(property.getValue())) {
                    return;
                }
            }
            String addDomainToName = IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain());
            try {
                UserStoreManager userStoreManager = getUserRealm(authenticatedUser).getUserStoreManager();
                String str = (String) userStoreManager.getUserClaimValues(addDomainToName, new String[]{SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM}, "default").get(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM);
                if (NumberUtils.isNumber(str) && Integer.parseInt(str) > 0) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, "0");
                    userStoreManager.setUserClaimValues(addDomainToName, hashMap, "default");
                }
            } catch (UserStoreException e) {
                log.error("Error while resetting failed SMS OTP attempts", e);
                throw new AuthenticationFailedException(String.format("Failed to reset failed attempts count for user : %s.", authenticatedUser), e);
            }
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x005a. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:25:0x00c7. Please report as an issue. */
    private void handleSmsOtpVerificationFail(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
        if (SMSOTPUtils.isLocalUser(authenticationContext) && SMSOTPUtils.isAccountLockingEnabledForSmsOtp(authenticationContext) && !SMSOTPUtils.isAccountLocked(authenticatedUser)) {
            int i = 0;
            long j = 0;
            double d = 1.0d;
            for (Property property : SMSOTPUtils.getAccountLockConnectorConfigs(authenticatedUser.getTenantDomain())) {
                String name = property.getName();
                boolean z = -1;
                switch (name.hashCode()) {
                    case 410630793:
                        if (name.equals(SMSOTPConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE)) {
                            z = false;
                            break;
                        }
                        break;
                    case 437904755:
                        if (name.equals(SMSOTPConstants.PROPERTY_ACCOUNT_LOCK_TIME)) {
                            z = 2;
                            break;
                        }
                        break;
                    case 497142557:
                        if (name.equals(SMSOTPConstants.PROPERTY_ACCOUNT_LOCK_ON_FAILURE_MAX)) {
                            z = true;
                            break;
                        }
                        break;
                    case 1825656985:
                        if (name.equals(SMSOTPConstants.PROPERTY_LOGIN_FAIL_TIMEOUT_RATIO)) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!Boolean.parseBoolean(property.getValue())) {
                            return;
                        }
                    case SMSOTPConstants.SMS_OTP_MIN_EXPIRY_TIME /* 1 */:
                        if (NumberUtils.isNumber(property.getValue())) {
                            i = Integer.parseInt(property.getValue());
                        }
                    case SMSOTPConstants.NUMBER_BASE /* 2 */:
                        if (NumberUtils.isNumber(property.getValue())) {
                            j = Integer.parseInt(property.getValue());
                        }
                    case true:
                        if (NumberUtils.isNumber(property.getValue())) {
                            double parseDouble = Double.parseDouble(property.getValue());
                            if (parseDouble > 0.0d) {
                                d = parseDouble;
                            }
                        }
                    default:
                }
            }
            Map<String, String> userClaimValues = getUserClaimValues(authenticatedUser);
            if (userClaimValues == null) {
                userClaimValues = new HashMap();
            }
            int parseInt = NumberUtils.isNumber(userClaimValues.get(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM)) ? Integer.parseInt(userClaimValues.get(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM)) : 0;
            int parseInt2 = NumberUtils.isNumber(userClaimValues.get(SMSOTPConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) ? Integer.parseInt(userClaimValues.get(SMSOTPConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM)) : 0;
            HashMap hashMap = new HashMap();
            if (parseInt + 1 < i) {
                hashMap.put(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, String.valueOf(parseInt + 1));
                setUserClaimValues(authenticatedUser, hashMap);
                return;
            }
            long currentTimeMillis = System.currentTimeMillis() + ((long) (j * 1000 * 60 * Math.pow(d, parseInt2)));
            hashMap.put(SMSOTPConstants.ACCOUNT_LOCKED_CLAIM, Boolean.TRUE.toString());
            hashMap.put(SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, "0");
            hashMap.put(SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM, String.valueOf(currentTimeMillis));
            hashMap.put(SMSOTPConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM, String.valueOf(parseInt2 + 1));
            hashMap.put(SMSOTPConstants.ACCOUNT_LOCKED_REASON_CLAIM_URI, SMSOTPConstants.MAX_SMS_OTP_ATTEMPTS_EXCEEDED);
            ((Map) IdentityUtil.threadLocalProperties.get()).put(SMSOTPConstants.ADMIN_INITIATED, false);
            setUserClaimValues(authenticatedUser, hashMap);
            throw new AuthenticationFailedException(String.format("User account: %s is locked.", authenticatedUser.getUserName()));
        }
    }

    private Map<String, String> getUserClaimValues(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        try {
            return getUserRealm(authenticatedUser).getUserStoreManager().getUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), new String[]{SMSOTPConstants.SMS_OTP_FAILED_ATTEMPTS_CLAIM, SMSOTPConstants.FAILED_LOGIN_LOCKOUT_COUNT_CLAIM}, "default");
        } catch (UserStoreException e) {
            log.error("Error while reading user claims", e);
            throw new AuthenticationFailedException(String.format("Failed to read user claims for user : %s.", authenticatedUser), e);
        }
    }

    private void setUserClaimValues(AuthenticatedUser authenticatedUser, Map<String, String> map) throws AuthenticationFailedException {
        try {
            getUserRealm(authenticatedUser).getUserStoreManager().setUserClaimValues(IdentityUtil.addDomainToName(authenticatedUser.getUserName(), authenticatedUser.getUserStoreDomain()), map, "default");
        } catch (UserStoreException e) {
            log.error("Error while updating user claims", e);
            throw new AuthenticationFailedException(String.format("Failed to update user claims for user : %s.", authenticatedUser), e);
        }
    }

    private long getUnlockTimeInMilliSeconds(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        String fullQualifiedUsername = authenticatedUser.toFullQualifiedUsername();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(fullQualifiedUsername);
        try {
            UserRealm userRealm = getUserRealm(fullQualifiedUsername);
            if (userRealm == null) {
                throw new AuthenticationFailedException("UserRealm is null for user : " + fullQualifiedUsername);
            }
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            if (userStoreManager == null) {
                if (log.isDebugEnabled()) {
                    log.debug("userStoreManager is null for user: " + fullQualifiedUsername);
                }
                throw new AuthenticationFailedException("userStoreManager is null for user: " + fullQualifiedUsername);
            }
            Map userClaimValues = userStoreManager.getUserClaimValues(tenantAwareUsername, new String[]{SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM}, (String) null);
            if (userClaimValues.get(SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM) != null) {
                return Long.parseLong((String) userClaimValues.get(SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM));
            }
            if (!log.isDebugEnabled()) {
                return 0L;
            }
            log.debug(String.format("No value configured for claim: %s, of user: %s", SMSOTPConstants.ACCOUNT_UNLOCK_TIME_CLAIM, fullQualifiedUsername));
            return 0L;
        } catch (UserStoreException e) {
            throw new AuthenticationFailedException("Cannot find the user claim for unlock time for user : " + fullQualifiedUsername, e);
        }
    }

    private void publishPostSMSOTPGeneratedEvent(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        HashMap hashMap = new HashMap();
        hashMap.put(SMSOTPConstants.CORRELATION_ID, authenticationContext.getCallerSessionKey());
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
        hashMap.put("user-name", authenticatedUser.getUserName());
        hashMap.put("tenant-domain", authenticationContext.getTenantDomain());
        hashMap.put("userstore-domain", authenticatedUser.getUserStoreDomain());
        hashMap.put("application-name", authenticationContext.getServiceProviderName());
        hashMap.put(SMSOTPConstants.USER_AGENT, httpServletRequest.getHeader(SMSOTPConstants.USER_AGENT));
        if (httpServletRequest.getParameter(SMSOTPConstants.RESEND) != null) {
            if (log.isDebugEnabled()) {
                log.debug("Setting true resend-code property in event since http request has resendCode parameter.");
            }
            hashMap.put("resend-code", httpServletRequest.getParameter(SMSOTPConstants.RESEND));
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Setting false resend-code property in event since http request has not resendCode parameter.");
            }
            hashMap.put("resend-code", false);
        }
        hashMap.put("generated-otp", authenticationContext.getProperty(SMSOTPConstants.OTP_TOKEN));
        Object property = authenticationContext.getProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME);
        if (property != null) {
            long longValue = ((Long) property).longValue();
            hashMap.put(SMSOTPConstants.OTP_GENERATED_TIME, Long.valueOf(longValue));
            String tokenExpiryTime = SMSOTPUtils.getTokenExpiryTime(authenticationContext);
            hashMap.put("otp-expiry-time", Long.valueOf(longValue + (StringUtils.isEmpty(tokenExpiryTime) ? 900L : Long.parseLong(tokenExpiryTime))));
        }
        hashMap.put("client-ip", IdentityUtil.getClientIpAddress(httpServletRequest));
        try {
            SMSOTPServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("POST_GENERATE_SMS_OTP", hashMap));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("An error occurred while triggering post event in SMS OTP generation flow. " + e.getMessage(), e);
        }
    }

    private void publishPostSMSOTPValidatedEvent(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        HashMap hashMap = new HashMap();
        AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(SMSOTPConstants.AUTHENTICATED_USER);
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        hashMap.put(SMSOTPConstants.CORRELATION_ID, authenticationContext.getCallerSessionKey());
        hashMap.put("user-name", authenticatedUser.getUserName());
        hashMap.put("tenant-domain", authenticationContext.getTenantDomain());
        hashMap.put("userstore-domain", authenticatedUser.getUserStoreDomain());
        hashMap.put("application-name", authenticationContext.getServiceProviderName());
        hashMap.put(SMSOTPConstants.USER_AGENT, httpServletRequest.getHeader(SMSOTPConstants.USER_AGENT));
        hashMap.put("client-ip", IdentityUtil.getClientIpAddress(httpServletRequest));
        hashMap.put("generated-otp", authenticationContext.getProperty(SMSOTPConstants.OTP_TOKEN));
        hashMap.put("user-input-otp", httpServletRequest.getParameter(SMSOTPConstants.CODE));
        hashMap.put("otp-used-time", Long.valueOf(System.currentTimeMillis()));
        long longValue = ((Long) authenticationContext.getProperty(SMSOTPConstants.SENT_OTP_TOKEN_TIME)).longValue();
        hashMap.put(SMSOTPConstants.OTP_GENERATED_TIME, Long.valueOf(longValue));
        hashMap.put("otp-expiry-time", Long.valueOf(longValue + getSMSOTPExpiryTime(authenticatorProperties, authenticationContext)));
        hashMap.put("otp-status", SMSOTPConstants.TOKEN_EXPIRED_VALUE.equals(authenticationContext.getProperty(SMSOTPConstants.TOKEN_EXPIRED)) ? SMSOTPConstants.STATUS_OTP_EXPIRED : (authenticationContext.getProperty(SMSOTPConstants.CODE_MISMATCH) == null || !((Boolean) authenticationContext.getProperty(SMSOTPConstants.CODE_MISMATCH)).booleanValue()) ? SMSOTPConstants.STATUS_SUCCESS : SMSOTPConstants.STATUS_CODE_MISMATCH);
        try {
            SMSOTPServiceDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("POST_VALIDATE_SMS_OTP", hashMap));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("An error occurred while triggering post event in SMS OTP validation flow. " + e.getMessage(), e);
        }
    }

    private boolean isMobileNumberUpdateFailed(AuthenticationContext authenticationContext) {
        return Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.MOBILE_NUMBER_UPDATE_FAILURE)));
    }

    private boolean isCodeMismatch(AuthenticationContext authenticationContext) {
        return Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.CODE_MISMATCH)));
    }

    private static String buildURL(String str, String str2) throws URLBuilderException {
        String str3 = str2;
        if (StringUtils.isNotBlank(str)) {
            str3 = str;
        }
        try {
            return isURLRelative(str3) ? ServiceURLBuilder.create().addPath(new String[]{str3}).build().getAbsolutePublicURL() : str3;
        } catch (URISyntaxException e) {
            throw new URLBuilderException("Error while building public absolute URL for context: " + str2, e);
        }
    }

    private static boolean isURLRelative(String str) throws URISyntaxException {
        return !new URI(str).isAbsolute();
    }

    private Map<String, String> getApplicationDetails(AuthenticationContext authenticationContext) {
        HashMap hashMap = new HashMap();
        FrameworkUtils.getApplicationResourceId(authenticationContext).ifPresent(str -> {
            hashMap.put("app id", str);
        });
        FrameworkUtils.getApplicationName(authenticationContext).ifPresent(str2 -> {
            hashMap.put("application name", str2);
        });
        return hashMap;
    }

    private void redirectUserToIDF(HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        StringBuilder sb = new StringBuilder();
        sb.append(ConfigurationFacade.getInstance().getAuthenticationEndpointURL());
        sb.append("?");
        String contextIdIncludedQueryParams = authenticationContext.getContextIdIncludedQueryParams();
        try {
            if (log.isDebugEnabled()) {
                log.debug(String.format("Redirecting to identifier first flow since last authenticated user is null in SP: %s", authenticationContext.getServiceProviderName()));
            }
            sb.append(contextIdIncludedQueryParams + "&authenticators=IdentifierExecutor:LOCAL");
            httpServletResponse.sendRedirect(sb.toString());
        } catch (IOException e) {
            throw new AuthenticationFailedException("Error while redirecting to the login page.", e);
        }
    }

    private String resolveUsernameFromRequest(HttpServletRequest httpServletRequest) throws AuthenticationFailedException {
        String parameter = httpServletRequest.getParameter(SMSOTPConstants.USER_NAME);
        if (StringUtils.isBlank(parameter)) {
            throw new AuthenticationFailedException("Username cannot be null or empty");
        }
        return parameter;
    }

    private AuthenticatedUser resolveUserFromRequest(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String preprocessUsername = FrameworkUtils.preprocessUsername(resolveUsernameFromRequest(httpServletRequest), authenticationContext);
        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(preprocessUsername);
        String extractDomainFromName = UserCoreUtil.extractDomainFromName(preprocessUsername);
        String tenantDomain = MultitenantUtils.getTenantDomain(preprocessUsername);
        authenticatedUser.setAuthenticatedSubjectIdentifier(tenantAwareUsername);
        authenticatedUser.setUserName(tenantAwareUsername);
        authenticatedUser.setUserStoreDomain(extractDomainFromName);
        authenticatedUser.setTenantDomain(tenantDomain);
        return authenticatedUser;
    }

    private AuthenticatedUser resolveUserFromUserStore(AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
        User user = getUser(authenticatedUser);
        if (user == null) {
            return null;
        }
        AuthenticatedUser authenticatedUser2 = new AuthenticatedUser(user);
        authenticatedUser2.setAuthenticatedSubjectIdentifier(user.getUsername());
        return authenticatedUser2;
    }

    private void setResolvedUserInContext(AuthenticationContext authenticationContext, AuthenticatedUser authenticatedUser) {
        if (authenticatedUser != null) {
            authenticatedUser.setAuthenticatedSubjectIdentifier(authenticatedUser.getUserName());
            authenticationContext.setSubject(authenticatedUser);
            StepConfig stepConfig = (StepConfig) authenticationContext.getSequenceConfig().getStepMap().get(Integer.valueOf(authenticationContext.getCurrentStep()));
            stepConfig.setAuthenticatedUser(authenticatedUser);
            stepConfig.setAuthenticatedIdP(SMSOTPConstants.LOCAL_AUTHENTICATOR);
        }
    }

    private String generateOTP(AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String oTPCharset = getOTPCharset(authenticationContext);
        int intValue = ((Integer) authenticationContext.getProperty(SMSOTPConstants.SMS_OTP_LENGTH)).intValue();
        char[] charArray = oTPCharset.toCharArray();
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < intValue; i++) {
            sb.append(charArray[secureRandom.nextInt(charArray.length)]);
        }
        return sb.toString();
    }

    private String getOTPCharset(AuthenticationContext authenticationContext) {
        return !Boolean.parseBoolean(String.valueOf(authenticationContext.getProperty(SMSOTPConstants.IS_CHAR_IN_OTP))) ? SMSOTPConstants.SMS_OTP_NUMERIC_CHAR_SET : "KIGXHOYSPRWCEFMVUQLZDNABJT9245378016";
    }

    private String getCaptchaParams(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        String str = "";
        SMSOTPCaptchaConnector sMSOTPCaptchaConnector = new SMSOTPCaptchaConnector();
        sMSOTPCaptchaConnector.init(SMSOTPServiceDataHolder.getInstance().getIdentityGovernanceService());
        try {
            if (sMSOTPCaptchaConnector.isSmsRecaptchaEnabled(httpServletRequest)) {
                if (isSMSOTPAsFirstFactor(authenticationContext)) {
                    str = "&reCaptcha=true";
                }
            }
        } catch (CaptchaException e) {
            log.error("Failed to determine if recaptcha for SMS OTP is enabled", e);
        }
        return str;
    }

    private boolean isPreviousIdPAuthenticationFlowHandler(AuthenticationContext authenticationContext) {
        Map currentAuthenticatedIdPs = authenticationContext.getCurrentAuthenticatedIdPs();
        return (currentAuthenticatedIdPs == null || currentAuthenticatedIdPs.isEmpty() || !currentAuthenticatedIdPs.values().stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.getAuthenticators();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).allMatch(authenticatorConfig -> {
            return authenticatorConfig.getApplicationAuthenticator() instanceof AuthenticationFlowHandler;
        })) ? false : true;
    }

    private boolean isSMSOTPAsFirstFactor(AuthenticationContext authenticationContext) {
        return authenticationContext.getCurrentStep() == 1 || isPreviousIdPAuthenticationFlowHandler(authenticationContext);
    }

    public boolean isAPIBasedAuthenticationSupported() {
        return true;
    }

    public Optional<AuthenticatorData> getAuthInitiationData(AuthenticationContext authenticationContext) {
        AuthenticatorData authenticatorData = new AuthenticatorData();
        authenticatorData.setName(getName());
        authenticatorData.setDisplayName(getFriendlyName());
        String str = null;
        AuthenticatedUser authenticatedUser = null;
        if (authenticationContext != null && authenticationContext.getExternalIdP() != null) {
            str = authenticationContext.getExternalIdP().getIdPName();
            authenticatedUser = getAuthenticatedUser(authenticationContext);
        }
        authenticatorData.setIdp(str);
        authenticatorData.setI18nKey(SMSOTPConstants.AUTHENTICATOR_SMS_OTP);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (authenticatedUser == null) {
            arrayList.add(new AuthenticatorParamMetadata(SMSOTPConstants.USER_NAME, FrameworkConstants.AuthenticatorParamType.STRING, 0, Boolean.FALSE.booleanValue(), SMSOTPConstants.USERNAME_PARAM));
            arrayList2.add(SMSOTPConstants.USER_NAME);
        } else {
            arrayList.add(new AuthenticatorParamMetadata(SMSOTPConstants.CODE, FrameworkConstants.AuthenticatorParamType.STRING, 1, Boolean.TRUE.booleanValue(), SMSOTPConstants.CODE_PARAM));
            arrayList2.add(SMSOTPConstants.CODE);
        }
        authenticatorData.setPromptType(FrameworkConstants.AuthenticatorPromptType.USER_PROMPT);
        authenticatorData.setRequiredParams(arrayList2);
        authenticatorData.setAuthParams(arrayList);
        return Optional.of(authenticatorData);
    }
}
