package org.wso2.carbon.identity.application.authentication.handler.identifier;

import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticationFlowHandler;
import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorFlowStatus;
import org.wso2.carbon.identity.application.authentication.framework.config.ConfigurationFacade;
import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.exception.InvalidCredentialsException;
import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authentication.handler.identifier.internal.IdentifierAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticator;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityRuntimeException;
import org.wso2.carbon.identity.core.model.IdentityErrorMsgContext;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/handler/identifier/IdentifierHandler.class */
public class IdentifierHandler extends AbstractApplicationAuthenticator implements AuthenticationFlowHandler {
    private static final long serialVersionUID = 1819664539416029785L;
    private static final String PROMPT_CONFIRMATION_WINDOW = "promptConfirmationWindow";
    private static final String CONTINUE = "continue";
    private static final String RESET = "reset";
    private static final Log log = LogFactory.getLog(IdentifierHandler.class);
    private static String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";

    public boolean canHandle(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) == null && httpServletRequest.getParameter("identifier_consent") == null) ? false : true;
    }

    public AuthenticatorFlowStatus process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException, LogoutFailedException {
        if (authenticationContext.isLogoutRequest()) {
            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
        }
        if (authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL) != null) {
            AuthenticatedIdPData authenticatedIdPData = (AuthenticatedIdPData) authenticationContext.getPreviousAuthenticatedIdPs().get(IdentifierHandlerConstants.LOCAL);
            if (authenticatedIdPData.getAuthenticators().size() > 0) {
                Iterator it = authenticatedIdPData.getAuthenticators().iterator();
                while (it.hasNext()) {
                    if (((AuthenticatorConfig) it.next()).getApplicationAuthenticator() instanceof BasicAuthenticator) {
                        if (!Boolean.parseBoolean((String) authenticationContext.getAuthenticatorParams(getName()).get(PROMPT_CONFIRMATION_WINDOW))) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        String parameter = httpServletRequest.getParameter("identifier_consent");
                        if (parameter != null && CONTINUE.equals(parameter)) {
                            authenticationContext.setSubject(authenticatedIdPData.getUser());
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        if (parameter != null && RESET.equals(parameter)) {
                            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        }
                        if (httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME) != null) {
                            processAuthenticationResponse(httpServletRequest, httpServletResponse, authenticationContext);
                            return AuthenticatorFlowStatus.SUCCESS_COMPLETED;
                        }
                        try {
                            httpServletResponse.sendRedirect(ConfigurationFacade.getInstance().getIdentifierFirstConfirmationURL() + "?" + (authenticationContext.getContextIdIncludedQueryParams() + "&username=" + authenticatedIdPData.getUser().toFullQualifiedUsername()));
                            return AuthenticatorFlowStatus.INCOMPLETE;
                        } catch (IOException e) {
                            throw new AuthenticationFailedException(e.getMessage(), e);
                        }
                    }
                }
            }
        } else if (httpServletRequest.getParameter("identifier_consent") != null) {
            initiateAuthenticationRequest(httpServletRequest, httpServletResponse, authenticationContext);
            return AuthenticatorFlowStatus.INCOMPLETE;
        }
        return super.process(httpServletRequest, httpServletResponse, authenticationContext);
    }

    protected void initiateAuthenticationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        Map parameterMap = getAuthenticatorConfig().getParameterMap();
        String str = null;
        if (parameterMap != null) {
            str = (String) parameterMap.get("showAuthFailureReason");
            if (log.isDebugEnabled()) {
                log.debug("showAuthFailureReason has been set as : " + str);
            }
        }
        String authenticationEndpointURL = ConfigurationFacade.getInstance().getAuthenticationEndpointURL();
        String authenticationEndpointRetryURL = ConfigurationFacade.getInstance().getAuthenticationEndpointRetryURL();
        String contextIdIncludedQueryParams = authenticationContext.getContextIdIncludedQueryParams();
        try {
            String str2 = authenticationContext.isRetrying() ? "&authFailure=true&authFailureMsg=username.fail.message" : "";
            if (authenticationContext.getProperty("UserTenantDomainMismatch") != null && ((Boolean) authenticationContext.getProperty("UserTenantDomainMismatch")).booleanValue()) {
                str2 = "&authFailure=true&authFailureMsg=user.tenant.domain.mismatch.message";
                authenticationContext.setProperty("UserTenantDomainMismatch", false);
            }
            IdentityErrorMsgContext identityErrorMsg = IdentityUtil.getIdentityErrorMsg();
            IdentityUtil.clearIdentityErrorMsg();
            if (identityErrorMsg == null || identityErrorMsg.getErrorCode() == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Identity error message context is null");
                }
                httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str2);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Identity error message context is not null");
                }
                String errorCode = identityErrorMsg.getErrorCode();
                if (errorCode.equals("17005")) {
                    String parameter = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
                    Object obj = ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN);
                    if (obj != null) {
                        parameter = IdentityUtil.addDomainToName(parameter, obj.toString());
                    }
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(parameter, IdentifierHandlerConstants.UTF_8) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + "&authFailure=true&authFailureMsg=account.confirmation.pending");
                } else if (str == null || !"true".equals(str)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Unknown identity error code.");
                    }
                    httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + str2);
                } else {
                    String str3 = null;
                    if (errorCode.contains(":")) {
                        String[] split = errorCode.split(":");
                        errorCode = split[0];
                        if (split.length > 1) {
                            str3 = split[1];
                        }
                    }
                    int maximumLoginAttempts = identityErrorMsg.getMaximumLoginAttempts() - identityErrorMsg.getFailedLoginAttempts();
                    if (log.isDebugEnabled()) {
                        log.debug("errorCode : " + errorCode);
                        log.debug("username : " + httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME));
                        log.debug("remainingAttempts : " + maximumLoginAttempts);
                    }
                    if (errorCode.equals("17002")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=" + maximumLoginAttempts));
                    } else if (errorCode.equals("17003")) {
                        httpServletResponse.sendRedirect(maximumLoginAttempts == 0 ? StringUtils.isBlank(str3) ? httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0" : httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str3 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) + "&remainingAttempts=0" : StringUtils.isBlank(str3) ? httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8) : httpServletResponse.encodeRedirectURL(authenticationEndpointRetryURL + "?" + contextIdIncludedQueryParams) + IdentifierHandlerConstants.ERROR_CODE + errorCode + "&lockedReason=" + str3 + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8));
                    } else if (errorCode.equals("17001")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                    } else if (errorCode.equals("17004")) {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                    } else {
                        httpServletResponse.sendRedirect(authenticationEndpointURL + "?" + contextIdIncludedQueryParams + IdentifierHandlerConstants.AUTHENTICATORS + getName() + ":" + IdentifierHandlerConstants.LOCAL + (str2 + IdentifierHandlerConstants.ERROR_CODE + errorCode + IdentifierHandlerConstants.FAILED_USERNAME + URLEncoder.encode(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME), IdentifierHandlerConstants.UTF_8)));
                    }
                }
            }
        } catch (IOException e) {
            throw new AuthenticationFailedException(e.getMessage(), User.getUserFromUserName(httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME)), e);
        }
    }

    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        String parameter = httpServletRequest.getParameter(IdentifierHandlerConstants.USER_NAME);
        Map properties = authenticationContext.getProperties();
        if (properties == null) {
            properties = new HashMap();
            authenticationContext.setProperties(properties);
        }
        if (getAuthenticatorConfig().getParameterMap() != null && Boolean.valueOf((String) getAuthenticatorConfig().getParameterMap().get("ValidateUsername")).booleanValue()) {
            try {
                int tenantIdOfUser = IdentityTenantUtil.getTenantIdOfUser(parameter);
                UserRealm tenantUserRealm = IdentifierAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantIdOfUser);
                if (tenantUserRealm == null) {
                    throw new AuthenticationFailedException("Cannot find the user realm for the given tenant: " + tenantIdOfUser, User.getUserFromUserName(parameter));
                }
                if (!tenantUserRealm.getUserStoreManager().isExistingUser(MultitenantUtils.getTenantAwareUsername(parameter))) {
                    if (log.isDebugEnabled()) {
                        log.debug("User does not exists");
                    }
                    if (((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN) != null) {
                        parameter = IdentityUtil.addDomainToName(parameter, ((Map) IdentityUtil.threadLocalProperties.get()).get(RE_CAPTCHA_USER_DOMAIN).toString());
                    }
                    ((Map) IdentityUtil.threadLocalProperties.get()).remove(RE_CAPTCHA_USER_DOMAIN);
                    throw new InvalidCredentialsException("User  does not exists", User.getUserFromUserName(parameter));
                }
                properties.put("user-tenant-domain", MultitenantUtils.getTenantDomain(parameter));
            } catch (UserStoreException e) {
                if (log.isDebugEnabled()) {
                    log.debug("IdentifierHandler failed while trying to authenticate", e);
                }
                throw new AuthenticationFailedException(e.getMessage(), User.getUserFromUserName(parameter), e);
            } catch (IdentityRuntimeException e2) {
                if (log.isDebugEnabled()) {
                    log.debug("IdentifierHandler failed while trying to get the tenant ID of the user " + parameter, e2);
                }
                throw new AuthenticationFailedException(e2.getMessage(), User.getUserFromUserName(parameter), e2);
            }
        }
        String prependUserStoreDomainToName = FrameworkUtils.prependUserStoreDomainToName(parameter);
        properties.put(IdentifierHandlerConstants.USER_NAME, prependUserStoreDomainToName);
        HashMap hashMap = new HashMap();
        hashMap.put(IdentifierHandlerConstants.USER_NAME, prependUserStoreDomainToName);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("common", hashMap);
        authenticationContext.getPreviousAuthenticatedIdPs().clear();
        authenticationContext.addAuthenticatorParams(hashMap2);
        authenticationContext.setSubject(AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(prependUserStoreDomainToName));
    }

    protected boolean retryAuthenticationEnabled() {
        return true;
    }

    public String getContextIdentifier(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("sessionDataKey");
    }

    public String getFriendlyName() {
        return IdentifierHandlerConstants.HANDLER_FRIENDLY_NAME;
    }

    public String getName() {
        return IdentifierHandlerConstants.HANDLER_NAME;
    }
}
