package org.wso2.carbon.identity.authenticator.twitter;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.utils.URIBuilder;
import org.apache.oltu.oauth2.common.utils.JSONUtils;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.ApplicationAuthenticatorException;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import twitter4j.JSONException;
import twitter4j.Twitter;
import twitter4j.TwitterException;
import twitter4j.TwitterFactory;
import twitter4j.TwitterObjectFactory;
import twitter4j.auth.AccessToken;
import twitter4j.auth.RequestToken;
import twitter4j.conf.ConfigurationBuilder;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/twitter/TwitterAuthenticator.class */
public class TwitterAuthenticator extends AbstractApplicationAuthenticator implements FederatedApplicationAuthenticator {
    private static final long serialVersionUID = -4844100162196896194L;
    private static final Log log = LogFactory.getLog(TwitterAuthenticator.class);

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(TwitterAuthenticatorConstants.STATE_PARAM);
    }

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return (isOauthParamExists(httpServletRequest) && "twitter".equals(httpServletRequest.getParameter(TwitterAuthenticatorConstants.LOGIN_TYPE_PARAM))) || isErrorParamExists(httpServletRequest);
    }

    private boolean isErrorParamExists(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(TwitterAuthenticatorConstants.OAUTH2_PARAM_ERROR) != null;
    }

    private boolean isOauthParamExists(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter(TwitterAuthenticatorConstants.TWITTER_OAUTH_TOKEN) == null || httpServletRequest.getParameter(TwitterAuthenticatorConstants.TWITTER_OAUTH_VERIFIER) == null) ? false : true;
    }

    private void handleErrorResponse(HttpServletRequest httpServletRequest) throws InvalidCredentialsException {
        if (isErrorParamExists(httpServletRequest)) {
            String parameter = httpServletRequest.getParameter(TwitterAuthenticatorConstants.OAUTH2_PARAM_ERROR);
            if (log.isDebugEnabled()) {
                log.debug("Failed to authenticate via Twitter when click on cancel without providing credentials" + parameter);
            }
            throw new InvalidCredentialsException(parameter);
        }
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        Map<String, String> authenticatorProperties = authenticationContext.getAuthenticatorProperties();
        String str = authenticatorProperties.get(TwitterAuthenticatorConstants.TWITTER_API_KEY);
        String str2 = authenticatorProperties.get(TwitterAuthenticatorConstants.TWITTER_API_SECRET);
        configurationBuilder.setDebugEnabled(true).setIncludeEmailEnabled(true).setJSONStoreEnabled(true);
        Twitter twitterFactory = new TwitterFactory(configurationBuilder.build()).getInstance();
        twitterFactory.setOAuthConsumer(str, str2);
        try {
            String queryStringWithFrameworkContextId = FrameworkUtils.getQueryStringWithFrameworkContextId(authenticationContext.getQueryParams(), authenticationContext.getCallerSessionKey(), authenticationContext.getContextIdentifier());
            RequestToken oAuthRequestToken = twitterFactory.getOAuthRequestToken(URLEncoder.encode(new URIBuilder(getCallbackUrl(authenticatorProperties)).addParameter(TwitterAuthenticatorConstants.STATE_PARAM, authenticationContext.getContextIdentifier()).addParameter(TwitterAuthenticatorConstants.LOGIN_TYPE_PARAM, "twitter").build().toString(), "UTF-8"));
            String substring = queryStringWithFrameworkContextId.substring(queryStringWithFrameworkContextId.indexOf("sessionDataKey="));
            authenticationContext.setProperty(TwitterAuthenticatorConstants.TWITTER_SESSION_DATA_KEY, substring.substring(substring.indexOf("sessionDataKey="), substring.indexOf("&")).replace("sessionDataKey=", ""));
            authenticationContext.setProperty(TwitterAuthenticatorConstants.TWITTER_REQUEST_TOKEN, oAuthRequestToken);
            authenticationContext.setProperty(TwitterAuthenticatorConstants.AUTHENTICATOR_NAME.toLowerCase(), twitterFactory);
            httpServletResponse.sendRedirect(oAuthRequestToken.getAuthenticationURL());
        } catch (IOException e) {
            log.error("Exception while sending to the Twitter login page.", e);
            throw new AuthenticationFailedException(e.getMessage(), e);
        } catch (URISyntaxException e2) {
            throw new AuthenticationFailedException("Invalid Callback URL provided.", e2);
        } catch (TwitterException e3) {
            log.error("Exception while sending to the Twitter login page.", e3);
            throw new AuthenticationFailedException(e3.getMessage(), e3);
        }
    }

    protected String getCallbackUrl(Map<String, String> map) {
        return StringUtils.isNotEmpty(map.get("callbackUrl")) ? map.get("callbackUrl") : IdentityUtil.getServerURL("commonauth", true, true);
    }

    public String getClaimDialectURI() {
        String str = null;
        AuthenticatorConfig authenticatorBean = FileBasedConfigurationBuilder.getInstance().getAuthenticatorBean(getName());
        if (authenticatorBean != null) {
            Map parameterMap = authenticatorBean.getParameterMap();
            if (parameterMap != null && parameterMap.containsKey(TwitterAuthenticatorConstants.CLAIM_DIALECT_URI_PARAMETER)) {
                str = (String) parameterMap.get(TwitterAuthenticatorConstants.CLAIM_DIALECT_URI_PARAMETER);
            } else if (log.isDebugEnabled()) {
                log.debug("Found no Parameter map for connector " + getName());
            }
        } else if (log.isDebugEnabled()) {
            log.debug("FileBasedConfigBuilder returned null AuthenticatorConfigs for the connector " + getName());
        }
        if (log.isDebugEnabled()) {
            log.debug("Authenticator " + getName() + " is using the claim dialect uri " + str);
        }
        return str;
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        handleErrorResponse(httpServletRequest);
        Twitter twitter = (Twitter) authenticationContext.getProperty(TwitterAuthenticatorConstants.AUTHENTICATOR_NAME.toLowerCase());
        try {
            AccessToken oAuthAccessToken = twitter.getOAuthAccessToken((RequestToken) authenticationContext.getProperties().get(TwitterAuthenticatorConstants.TWITTER_REQUEST_TOKEN), httpServletRequest.getParameter(TwitterAuthenticatorConstants.TWITTER_OAUTH_VERIFIER));
            httpServletRequest.getSession().removeAttribute(TwitterAuthenticatorConstants.TWITTER_REQUEST_TOKEN);
            String rawJSON = TwitterObjectFactory.getRawJSON(twitter.verifyCredentials());
            if (oAuthAccessToken != null) {
                try {
                    buildClaims(authenticationContext, rawJSON);
                } catch (ApplicationAuthenticatorException e) {
                    log.error("Error while building the claim");
                } catch (JSONException e2) {
                    log.error("Error while parsing the json");
                }
            }
        } catch (TwitterException e3) {
            log.error("Exception while obtaining OAuth token form Twitter", e3);
            throw new AuthenticationFailedException("Exception while obtaining OAuth token form Twitter", e3);
        }
    }

    public void buildClaims(AuthenticationContext authenticationContext, String str) throws ApplicationAuthenticatorException, JSONException {
        Map<String, Object> parseJSON = JSONUtils.parseJSON(str);
        if (parseJSON == null) {
            if (log.isDebugEnabled()) {
                log.debug("Decoded json object is null");
            }
            throw new ApplicationAuthenticatorException("Decoded json object is null");
        }
        HashMap hashMap = new HashMap();
        String claimDialectURI = getClaimDialectURI();
        String str2 = claimDialectURI == null ? "" : claimDialectURI + "/";
        for (Map.Entry<String, Object> entry : parseJSON.entrySet()) {
            String str3 = str2 + entry.getKey();
            hashMap.put(ClaimMapping.build(str3, str3, (String) null, false), entry.getValue().toString());
            if (log.isDebugEnabled() && IdentityUtil.isTokenLoggable("UserClaims")) {
                log.debug("Adding claim mapping : " + str3 + " <> " + str3 + " : " + entry.getValue());
            }
        }
        if (StringUtils.isBlank(authenticationContext.getExternalIdP().getIdentityProvider().getClaimConfig().getUserClaimURI())) {
            authenticationContext.getExternalIdP().getIdentityProvider().getClaimConfig().setUserClaimURI("id");
        }
        String federatedSubjectFromClaims = FrameworkUtils.getFederatedSubjectFromClaims(authenticationContext.getExternalIdP().getIdentityProvider(), hashMap);
        if (federatedSubjectFromClaims == null || federatedSubjectFromClaims.isEmpty()) {
            setSubject(authenticationContext, parseJSON);
        } else {
            authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(federatedSubjectFromClaims));
        }
        authenticationContext.getSubject().setUserAttributes(hashMap);
    }

    private void setSubject(AuthenticationContext authenticationContext, Map<String, Object> map) throws ApplicationAuthenticatorException {
        String valueOf = String.valueOf(map.get("id"));
        if (log.isDebugEnabled()) {
            log.debug("The subject claim that you have selected is null. The default subject claim " + valueOf + " has been set");
        }
        if (StringUtils.isEmpty(valueOf)) {
            throw new ApplicationAuthenticatorException("Authenticated user identifier is empty");
        }
        authenticationContext.setSubject(AuthenticatedUser.createFederateAuthenticatedUserFromSubjectIdentifier(valueOf));
    }

    public String getFriendlyName() {
        return "twitter";
    }

    public String getName() {
        return TwitterAuthenticatorConstants.AUTHENTICATOR_NAME;
    }

    public List<Property> getConfigurationProperties() {
        ArrayList arrayList = new ArrayList();
        Property property = new Property();
        property.setName(TwitterAuthenticatorConstants.TWITTER_API_KEY);
        property.setDisplayName("API Key");
        property.setRequired(true);
        property.setDescription("Enter the API Key of the twitter account");
        property.setDisplayOrder(0);
        arrayList.add(property);
        Property property2 = new Property();
        property2.setName(TwitterAuthenticatorConstants.TWITTER_API_SECRET);
        property2.setDisplayName("API Secret");
        property2.setRequired(true);
        property2.setConfidential(true);
        property2.setDescription("Enter the API Secret");
        property2.setDisplayOrder(1);
        arrayList.add(property2);
        Property property3 = new Property();
        property3.setDisplayName("Callback URL");
        property3.setName("callbackUrl");
        property3.setDescription("Enter the Callback URL");
        property3.setDisplayOrder(2);
        arrayList.add(property3);
        return arrayList;
    }
}
